Unity Linux 20.1050e / 20.1070e Security Update: sox (UTSA-2026-016770)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016770 advisory. An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h startread function, there is an integer overflow on the result of integer addition wraparound to 0 fe...

Unity Linux 20.1060e / 20.1070e Security Update: libupnp (UTSA-2026-016655)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016655 advisory. Portable UPnP SDK aka libupnp 1.12.1 and earlier allows remote attackers to cause a denial of service crash via a crafted SSDP message due to a NULL pointer...

CVE-2026-8968

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component...

rgui-3.4.4-seh-bof-exploit

Exploração de Buffer Overflow SEH Overwrite no RGui 3.4.4...

RXSA-2025:4341 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: kobjectuevent: Fix OOB access within zapmodaliasenv CVE-2024-42292 kernel: ipvs: properly dereference pe in ipvsaddservice CVE-2024-42322 kernel: bonding: fix null pointer deref in...

kernel security update

An update is available for kernel. This update affects Rocky Linux SIG Cloud 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details CVEID:CVE-2025-11187...

php: Fix of CVE-2026-7262

CVE-2026-7262: fix NULL pointer dereference in SOAP apache map decoder typemap configured...

CVE-2026-43496

A flaw was found in the Linux kernel's networking scheduler component. This vulnerability occurs when a specific queueing discipline qdisc configuration is used, where a parent qdisc attempts to retrieve a network packet from a child qdisc. An incorrect function call during this process can lead ...

CVE-2026-43499

In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in removewaiter removewaiter is used by the slowlock paths, but it is also used for proxy-lock rollback in rtmutexstartproxylock when invoked from futexrequeue. In the latter case...

UBUNTU-CVE-2026-43499

In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in removewaiter removewaiter is used by the slowlock paths, but it is also used for proxy-lock rollback in rtmutexstartproxylock when invoked from futexrequeue. In the latter case...

SUSE-SU-2026:2037-1 Security update for php8

This update for php8 fixes the following issues - CVE-2025-14179: improper handling of NULL bytes by the PDO Firebird driver when preparing SQL queries can lead to SQL injection bsc1264778. - CVE-2026-6722: use-after-free in SOAP using Apache map can lead to remote code execution bsc1264776. -...

php: Fix of 2 CVEs

CVE-2026-6722: Use-after-free in SOAP ext via stale refmap pointer - CVE-2026-7261: Use-after-free in SOAP after header parse failure with SOAPPERSISTENCESESSION...

CVEs

NULL Dereference The vulnerabilities found in cryptofioctl...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from schred qdisc directly calling dequeue of sub-qdisc instead of peek and qdiscdequeuepeeked. This could...

ROS-20260521-73-0004

A vulnerability in the icmptagvalidation function of the Linux kernel is related to pointer dereferencing errors. Exploitation of the vulnerability could allow a remote attacker to cause a denial of service by sending specially crafted ICMP packets...

freerdp: FreeRDP: Denial of Service via double free vulnerability during disconnect

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. This double free vulnerability occurs during the cleanup process when a remote desktop session disconnects. Specifically, if a title allocation fails, a pointer to an application window is freed but not removed fro...

firefox: thunderbird: Invalid pointer in the JavaScript: WebAssembly component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Invalid pointer in the JavaScript: WebAssembly component...

golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS

A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSHAGENTSUCCESS 0x06 message to requests expecting typed replies e.g., List, Sign. The unmarshal layer produces an unexpected message type, which the client code does not handle,...

firefox: thunderbird: Invalid pointer in the JavaScript: WebAssembly component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Invalid pointer in the JavaScript: WebAssembly component...