GHSA-GW2X-Q739-QHCR RustFS gRPC GetMetrics deserialization panic enables remote DoS

Summary A malformed gRPC GetMetrics request causes getmetrics to unwrap failed deserialization of metrictype/opts, panicking the handler thread and enabling remote denial of service of the metrics endpoint. Details - Vulnerable code: rustfs/src/storage/tonicservice.rs:1775-1782: - MetricType and...

CVE-2022-27536

Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic...

CVE-1999-0908

Denial of service in Solaris TCP streams driver via a malicious connection that causes the server to panic as a result of recursive calls to mutexenter...

CVE-2019-16141

An issue was discovered in the oncecell crate before 1.0.1 for Rust. There is a panic during initialization of Lazy...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000481)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000481 advisory. A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference...

PT-2026-1935

Name of the Vulnerable Software and Affected Versions RustFS versions 1.0.0-alpha.13 through 1.0.0-alpha.77 Description RustFS is a distributed object storage system built in Rust. A malformed gRPC GetMetrics request can cause the get metrics function to fail during deserialization of metric...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000238)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000238 advisory. A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bcsvcprocess use wrong...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000302)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000302 advisory. A flaw was found in the Linux kernel's handlerx function in the vhostnet driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds...

GHSA-9C48-W39G-HM26 rsa crate has potential panic on a prime being equal to 1

When creating a RSA private key from its components, the construction panics, instead of returning an error, when one of the primes is 1. Discovered by Christian Reitter from Radically Open Security during a security review for Proton AG...

PT-2026-2125

Name of the Vulnerable Software and Affected Versions rsa crate versions prior to 0.9.10 Description The rsa crate, an RSA implementation written in rust, experiences a panic instead of returning an error during the creation of an RSA private key from its components when one of the prime numbers ...

Linux Distros Unpatched Vulnerability : CVE-2023-54192

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - f2fs: fix null pointer panic in tracepoint in replaceatomicwriteblock We got a kernel panic if oldaddr is NULL. https://bugzilla.kernel.org/showbug.cgi?id=21726...

Linux Distros Unpatched Vulnerability : CVE-2023-54255

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sh: dma: Fix DMA channel offset calculation Various SoCs of the SH3, SH4 and SH4A family, which use this driver, feature a differing number of DMA channels, whi...

Amazon Linux 2 : containerd, --advisory ALAS2ECS-2025-091 (ALASECS-2025-091)

The version of containerd installed on the remote host is prior to 2.1.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2025-091 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the...

Linux Distros Unpatched Vulnerability : CVE-2022-50786

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: s5p-mfc: Clear workbit to handle error condition During error on CLOSEINSTANCE command, ctxworkbits was not getting cleared. During consequent mfc...

Medium: docker

Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...

Linux Distros Unpatched Vulnerability : CVE-2023-54199

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/msm/adreno: Fix null ptr access in adrenogpucleanup Fix the below kernel panic due to null pointer access: 18.504431 Unable to handle kernel NULL pointer...

Linux Distros Unpatched Vulnerability : CVE-2022-50864

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nilfs2: fix shift-out-of-bounds due to too large exponent of block size If field slogblocksize of superblock data is corrupted and too large, initnilfs and...

PT-2026-27742

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel’s ice driver related to XDP eXpress Data Path Receive Queue RxQ handling. The frag size field in XDP RxQ info incorrectly used the DMA write size...

PT-2026-4673

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the ipv4/ip gre module related to the ipgre header function. This issue can lead to kernel crashes when devices dynamically change their headroom or...

PT-2026-6130

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the authencesn component. The authencesn component assumes an ESP/ESN-formatted AAD Associated Authentication Data. If the assoclen is less than t...