Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000196)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000196 advisory. A memory leak in the predicateparse function in kernel/trace/traceeventsfilter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000286)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000286 advisory. In uvcparsestandardcontrol of uvcdriver.c, there is a possible out-of-bound read due to improper input validation. This could lead to local information disclosure wi...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000460)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000460 advisory. An issue was discovered in dlparparseccproperty in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000509)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000509 advisory. An issue was discovered in the Linux kernel through 5.6.2. mpolparsestr in mm/mempolicy.c has a stack- based out-of-bounds write because an empty nodelist is...

CVE-2026-21673

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have overflows and underflows in CIccXmlArrayType::ParseTextCountNum. This vulnerability affects users of the iccDEV library who process ICC color profiles. This issue is fixed in...

CVE-2026-21674 iccDEV has a Memory Leak in its CIccProfileXml::ParseTag() Error Path

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a memory leak vulnerability in its XML MPE Parsing Path iccFromXml. This issue is fixed in version 2.3.1.1...

EUVD-2026-1148

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have overflows and underflows in CIccXmlArrayType::ParseTextCountNum. This vulnerability affects users of the iccDEV library who process ICC color profiles. This issue is fixed in...

CVE-2026-21673 iccDEV has Integer Overflow/Underflow in CIccXmlArrayType::ParseTextCountNum()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have overflows and underflows in CIccXmlArrayType::ParseTextCountNum. This vulnerability affects users of the iccDEV library who process ICC color profiles. This issue is fixed in...

Security update for glib2

This update for glib2 fixes the following issues: CVE-2025-14512: integer overflow in the GIO escapebytestring function when processing malicious files or remote filesystem attribute values can lead to denial-of-service bsc1254878. CVE-2025-14087: buffer underflow in the GVariant parser...

Important: glib2

Issue Overview: Buffer underflow on Glib through glib/gvariant via bytestringparse or stringparse leads to OOB Write. CVE-2025-14087 Affected Packages: glib2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2...

Linux Distros Unpatched Vulnerability : CVE-2023-54183

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: v4l2-core: Fix a potential resource leak in v4l2fwnodeparselink If fwnodegraphgetremoteendpoint fails, 'fwnode' is known to be NULL, so fwnodehandleput i...

PT-2026-27702

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the pinconf generic parse dt config function within the pin control subsystem. If the parse dt cfg function fails, the cleanup logic is bypassed, resulting in a...

PT-2026-4468

Name of the Vulnerable Software and Affected Versions google.protobuf affected versions not specified Description A denial-of-service DoS issue exists in the ParseDict function within google.protobuf.json format in Python. The vulnerability occurs because the max recursion depth limit can be...

PT-2026-8209

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's Ceph implementation where an invalid pointer is passed to the kfree function within the parse longname function. This occurs when reading Ceph snapsho...

PT-2026-1034

Name of the Vulnerable Software and Affected Versions Open5GS versions prior to 2.7.7 Description A security issue exists in Open5GS. The ogs gtp2 parse bearer qos function within the Bearer QoS IE Length Handler component, located in lib/gtp/v2/types.c, is susceptible to manipulation, leading to...

PT-2026-5011

Name of the Vulnerable Software and Affected Versions GnuPG versions prior to 2.5.17 Description A long signature packet length can cause the parse signature function to return success while setting the sig-data pointer to a NULL value. This results in a denial of service, specifically an...

PT-2026-7041

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.22.0 Description FreeRDP, a Remote Desktop Protocol implementation, contains a flaw where the audin server recv formats function incorrectly calculates the number of audio formats to free upon parse failure...

CVE-2025-15284

A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation e.g., a=value. This bypasses the arrayLimit option, which is designed to limit the size of...

CVE-2023-54251

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: Limit TCATAPRIOATTRSCHEDCYCLETIME to INTMAX. syzkaller found zero division error 0 in divs64rem called from getcycletimeelapsed, where sched-cycletime is the divisor. We have tests in parsetaprioschedule so tha...

CVE-2023-54183

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-core: Fix a potential resource leak in v4l2fwnodeparselink If fwnodegraphgetremoteendpoint fails, 'fwnode' is known to be NULL, so fwnodehandleput is a no-op. Release the reference taken from a previous...