Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002307)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002307 advisory. The sctpsfdo524dupcook function in net/sctp/smstatefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during th...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003287)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003287 advisory. An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfsrootnode when mounting a crafted btrfs image, because of...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002134)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002134 advisory. fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 does not properly initialize memory for migration recovery operations, which allows remote NFS...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002241)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002241 advisory. The clie5attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service NULL...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001850)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001850 advisory. arch/arm/kvm/arm.c in the Linux kernel before 3.10 on the ARM platform, when KVM is used, allows host OS users to cause a denial of service NULL pointer dereference,...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002723)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002723 advisory. The imonprobe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service NULL pointer dereference and...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001875)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001875 advisory. The pingrecvmsg function in net/ipv4/ping.c in the Linux kernel before 3.12.4 does not properly interact with read system calls on ping sockets, which allows local...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003526)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003526 advisory. In the Linux kernel through 4.14.13, the rdscmsgatomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leadin...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003304)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003304 advisory. The assocarrayinsertintoterminalnode function in lib/assocarray.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002309)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002309 advisory. The rdsibladdrcheck function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service NULL pointer dereference and system...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001910)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001910 advisory. The sctpassocupdate function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a deni...

CVE-2025-68820

A NULL pointer dereference vulnerability was found in the Linux kernel's ext4 filesystem extended attribute handling. When ext4getinodeloc fails with an error such as -EFSCORRUPTED, the iloc.bh buffer head remains NULL. The ext4xattrinodedecrefall function lacks error checking and proceeds to cal...

CVE-2026-21300

Substance3D - Modeler versions 1.22.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2026-21288

Illustrator versions 29.8.3, 30.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user...

CVE-2026-20819

Untrusted pointer dereference in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to disclose information locally...

CVE-2026-20948

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally...

CVE-2026-20938

Untrusted pointer dereference in Windows Virtualization-Based Security VBS Enclave allows an authorized attacker to elevate privileges locally...

CVE-2026-20857

Untrusted pointer dereference in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally...

CVE-2026-20956

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

CLSA-2026-1768411712 php: Fix of 2 CVEs

CVE-2025-1220: fix null byte termination in hostnames - CVE-2025-6491: fix NULL pointer dereference in PHP SOAP extension via large XML namespace prefix...