Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003737)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003737 advisory. An issue was discovered in net/ipv4/sysctlnetipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcpinput.c signed integer overflow in tcpackupdatertt when...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004431)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004431 advisory. In the Linux kernel before 4.20.14, expanddownwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NU...

PT-2026-3026

Name of the Vulnerable Software and Affected Versions InvoicePlane versions through 1.6.3 Description An SQL injection issue exists in InvoicePlane. The problem is found in the maxQuantity and minQuantity parameters when generating a report. A user with valid credentials can exploit this by using...

EUVD-2026-2784

An SQL injection vulnerability in InvoicePlane through 1.6.3 has been identified in "maxQuantity" and "minQuantity" parameters when generating a report. An authenticated attacker can exploit this issue via error-based SQL injection, allowing for the extraction of arbitrary data from the database...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002083)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002083 advisory. The LISTPOISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003197)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003197 advisory. The kernelwait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a...

CVE-2025-71111

In the Linux kernel, the following vulnerability has been resolved: hwmon: w83791d Convert macros to functions to avoid TOCTOU The macro FANFROMREG evaluates its arguments multiple times. When used in lockless contexts involving shared driver data, this leads to Time-of-Check to Time-of-Use TOCTO...

CVE-2025-71137

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" This patch ensures that the RX ring size rxpending is not set below the permitted length. This avoids UBSAN shift-out-of-bounds errors when users passes small or zero ring size...

CVE-2025-71137

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" This patch ensures that the RX ring size rxpending is not set below the permitted length. This avoids UBSAN shift-out-of-bounds errors when users passes small or zero ring size...

CVE-2025-71137 octeontx2-pf: fix "UBSAN: shift-out-of-bounds error"

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" This patch ensures that the RX ring size rxpending is not set below the permitted length. This avoids UBSAN shift-out-of-bounds errors when users passes small or zero ring size...

CVE-2025-71137 octeontx2-pf: fix "UBSAN: shift-out-of-bounds error"

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" This patch ensures that the RX ring size rxpending is not set below the permitted length. This avoids UBSAN shift-out-of-bounds errors when users passes small or zero ring size...

CVE-2025-71137

CVE-2025-71137 relates to the Linux kernel, where the octeontx2-pf driver patch fixes a UBSAN shift-out-of-bounds error by ensuring the RX ring size (rx_pending) is not set below the permitted length. This prevents UBSAN faults when users pass small or zero ring sizes via ethtool -G. The fix is a...

CVE-2025-71111 hwmon: (w83791d) Convert macros to functions to avoid TOCTOU

In the Linux kernel, the following vulnerability has been resolved: hwmon: w83791d Convert macros to functions to avoid TOCTOU The macro FANFROMREG evaluates its arguments multiple times. When used in lockless contexts involving shared driver data, this leads to Time-of-Check to Time-of-Use TOCTO...

CVE-2025-71111 hwmon: (w83791d) Convert macros to functions to avoid TOCTOU

In the Linux kernel, the following vulnerability has been resolved: hwmon: w83791d Convert macros to functions to avoid TOCTOU The macro FANFROMREG evaluates its arguments multiple times. When used in lockless contexts involving shared driver data, this leads to Time-of-Check to Time-of-Use TOCTO...

Astra Linux - уязвимость в libraw

In LibRaw before 0.21.4, tag 0x412 processing in phaseonecorrect in decoders/loadmfbacks.cpp does not enforce minimum w0 and w1 values...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000244)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000244 advisory. In the Linux kernel before 4.20.14, expanddownwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NU...

SUSE-SU-2026:0039-1 Security update for qemu

This update for qemu fixes the following issues: - CVE-2024-6505: qemu-kvm: virtio-net: Fixed queue index out-of-bounds access in software RSS bsc1227397 - CVE-2025-12464: net: pad packets to minimum length in qemureceivepacket bsc1253002 - CVE-2025-11234: qemu-kvm: Fixed use-after-free in...

Pervasive Vulnerability Analysis and Defense for QKD-Based Quantum Private Query

Quantum Private Query QPQ based on Quantum Key Distribution QKD is among the most practically viable quantum communication protocols, with application value second only to QKD itself. However, prevalent security vulnerabilities in the post-processing stages of most existing QKD-based QPQ protocol...

PT-2026-6130

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the authencesn component. The authencesn component assumes an ESP/ESN-formatted AAD Associated Authentication Data. If the assoclen is less than t...

CVE-2025-68474

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the avrcvendormsg function of the ESP-IDF BlueDroid AVRCP stack, the allocated buffer size was validated using AVRCMINCMDLEN 20 bytes. However, the actual fixed...