CVE-2026-40943 Oxia: Server crash via race condition in session heartbeat handling

Oxia is a metadata store and coordination system. Prior to 0.16.2, a race condition between session heartbeat processing and session closure can cause the server to panic with send on closed channel. The heartbeat method uses a blocking channel send while holding a mutex, and under specific timin...

CVE-2026-40943 Oxia: Server crash via race condition in session heartbeat handling

Oxia is a metadata store and coordination system. Prior to 0.16.2, a race condition between session heartbeat processing and session closure can cause the server to panic with send on closed channel. The heartbeat method uses a blocking channel send while holding a mutex, and under specific timin...

EUVD-2026-24498

Oxia is a metadata store and coordination system. Prior to 0.16.2, a race condition between session heartbeat processing and session closure can cause the server to panic with send on closed channel. The heartbeat method uses a blocking channel send while holding a mutex, and under specific timin...

CVE-2026-40943

Oxia is a metadata store and coordination system. Prior to 0.16.2, a race condition between session heartbeat processing and session closure can cause the server to panic with send on closed channel. The heartbeat method uses a blocking channel send while holding a mutex, and under specific timin...

DEBIAN-CVE-2026-40890

The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Processing a malformed input containing a character anywhere in the remaining text with a SmartypantsRenderer will lead to Out of Bounds read or a panic. This vulnerability is fixed with...

CVE-2026-40890

The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Processing a malformed input containing a character anywhere in the remaining text with a SmartypantsRenderer will lead to Out of Bounds read or a panic. This vulnerability is fixed with...

CVE-2026-33813

Parsing a WEBP image with an invalid, large size panics on 32-bit platforms...

CVE-2026-33813

Parsing a WEBP image with an invalid, large size panics on 32-bit platforms...

CVE-2026-40890

The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Processing a malformed input containing a character anywhere in the remaining text with a SmartypantsRenderer will lead to Out of Bounds read or a panic. This vulnerability is fixed with...

CVE-2026-40890

The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Processing a malformed input containing a character anywhere in the remaining text with a SmartypantsRenderer will lead to Out of Bounds read or a panic. This vulnerability is fixed with...

CVE-2026-33813

Parsing a WEBP image with an invalid, large size panics on 32-bit platforms...

CVE-2026-33813

CVE-2026-33813 affects decoding of WEBP images in golang.org/x/image. The issue occurs when parsing a WEBP image with an invalid, large size on 32-bit platforms, causing a panic. Connected sources corroborate that this is a panic condition specific to large/invalid sizes on 32-bit architectures; ...

CVE-2026-33813 Panic when decoding large WEBP image on 32-bit platforms in golang.org/x/image

Parsing a WEBP image with an invalid, large size panics on 32-bit platforms...

CVE-2026-33813 Panic when decoding large WEBP image on 32-bit platforms in golang.org/x/image

Parsing a WEBP image with an invalid, large size panics on 32-bit platforms...

EUVD-2026-24247

Parsing a WEBP image with an invalid, large size panics on 32-bit platforms...

GO-2026-4961 Panic when decoding large WEBP image on 32-bit platforms in golang.org/x/image

Parsing a WEBP image with an invalid, large size panics on 32-bit platforms...

CVE-2026-6654

A flaw was found in the thinvec component of mozilla/thin-vec. This vulnerability involves a memory management error known as a Double-Free/Use-After-Free UAF, which occurs in the IntoIter::drop and ThinVec::clear functions. When a specific error condition a panic in ptr::dropinplace is triggered...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006951)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006951 advisory. In the Linux kernel, the following vulnerability has been resolved: ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy For some reason, the driver...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011232)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011232 advisory. In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: avoid device tree lookups in rtasosterm rtasosterm is called during panic. Its...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-010784)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010784 advisory. In the Linux kernel, the following vulnerability has been resolved: mm/swap: fix swapinfostruct race between swapoff and getswappages The si-lock must be held when...