Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007263)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007263 advisory. In the Linux kernel, the following vulnerability has been resolved: inet: inetdefrag: prevent sk release while still in use iplocalout and other functions can pass...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007398)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007398 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcommsockalloc btsockalloc attaches...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007222)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007222 advisory. In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: free queued packets when closing socket As reported by syzbot 1, there is a memory...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007479)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007479 advisory. In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDRPORTANY It is possible for a vsock to autobind to...

SUSE SLED15 / SLES15 Security Update : kea (SUSE-SU-2026:1378-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1378-1 advisory. Update to release 2.6.5: A large number of bracket pairs in a JSON payload directed to any endpoint would result in a...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007396)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007396 advisory. In the Linux kernel, the following vulnerability has been resolved: net: nsh: Use correct macoffset to unwind gso skb in nshgsosegment As the call trace shows,...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007437)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007437 advisory. In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix memory leak of struct clipvcc. ioctlATMARPMKIP allocates struct clipvcc and set it...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007343)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007343 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2capsockcreate btsockalloc...

SUSE-SU-2026:1378-1 Security update for kea

This update for kea fixes the following issues: Update to release 2.6.5: A large number of bracket pairs in a JSON payload directed to any endpoint would result in a stack overflow, due to recursive calls when parsing the JSON. This has been fixed. CVE-2026-3608 bsc1260380 A null dereference is n...

AlmaLinux 8 : nodejs:24 (ALSA-2026:7670)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:7670 advisory. nodejs: Nodejs denial of service CVE-2026-21637 minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 undici: Undici:...

AlmaLinux 9 : nodejs:24 (ALSA-2026:7350)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:7350 advisory. nodejs: Nodejs denial of service CVE-2026-21637 brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion CVE-2026-25547...

MAL-2026-2827 Malicious code in js-logger-pack (npm)

js-logger-pack is a fake npm logger that the attacker developed openly on the registry over 23 versions across two weeks 2026-04-01 to 2026-04-15. Version 1.1.20, published hours after initial detection, is a re-obfuscation of the same payload with a new hash — same C2, same capabilities. Early...

AlmaLinux 10 : nodejs24 (ALSA-2026:7675)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:7675 advisory. nodejs: Nodejs denial of service CVE-2026-21637 brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion CVE-2026-25547...

SUSE CVE-2026-34477

The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.htmllog4j2.sslVerifyHostName system property, but no...

CVE-2026-33100 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

...

CVE-2026-33099

Technical details (affected products, root cause, vulnerable components, or exploitation specifics) are not publicly provided in the supplied documents. Monitor for updates from sources like MSRC and the CVE record.

CVE-2026-26173 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

...

CVE-2026-26173 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

...

CVE-2026-26168 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

...

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...