Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013359)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013359 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use timestamp to check for set element timeout Add a timestamp field at the...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013375)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013375 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: mark set as dead when unbinding anonymous set with timeout While the...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011059)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011059 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9kwmirspcallback Fix a...

Fortra GoAnywhere MFT 安全漏洞

Fortra GoAnywhere MFT is a file transfer software developed by the American company Fortra. Versions of Fortra GoAnywhere MFT prior to 7.10.0 contained a security vulnerability. This vulnerability was due to improper session timeout settings, which could cause Web users with SAML configurations t...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012964)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012964 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: disallow anonymous set with timeout flag Anonymous sets are never used with...

PT-2026-33977

An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page...

Data Sharing Framework 代码问题漏洞

Data Sharing Framework is an open-source distributed medical data sharing and processing framework based on BPMN and FHIR. Versions of Data Sharing Framework prior to 2.1.0 contained code vulnerabilities. These vulnerabilities stemmed from OIDC authentication sessions not having a maximum...

Giskard Has A Regular Expression Denial Of Service (ReDoS) In RegexMatching Check

Summary The RegexMatching check in the "giskard-checks" package passes a user-supplied regular expression pattern directly to Python's re.search without any timeout, complexity guard, or pattern validation. An attacker who can control the regex pattern or the text being matched can craft inputs...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007410)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007410 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: disallow timeout for anonymous sets Never used from userspace, disallow thes...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007587)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007587 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9kwmirspcallback Fix a...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007522)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007522 advisory. In the Linux kernel, the following vulnerability has been resolved: iouring: fix ltout double free on completion race Always remove linked timeout on iolinktimeoutfn...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007573)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007573 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp: avoid too many retransmit packets If a TCP socket is using TCPUSERTIMEOUT, and the other pee...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007313)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007313 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by scosocktimeout When the sco connection is establishe...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007233)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007233 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: disallow anonymous set with timeout flag Anonymous sets are never used with...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007232)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007232 advisory. In the Linux kernel, the following vulnerability has been resolved: ravb: Fix use-after-free issue in ravbtxtimeoutwork The ravbstop should call cancelworksync...

Data Sharing Framework has an Inverted Time Comparison in OIDC JWKS and Token Cache

Affected Components - DSF FHIR Server with enabled bearer-token authentication or back-channel logout. - DSF BPE Server with enabled bearer-token authentication or back-channel logout. - DSF BPE Server API v2 process plugins using FHIR client connections with configured OIDC authentication. Summa...

Data Sharing Framework is Missing Session Timeout for OIDC Sessions

Affected Components DSF FHIR Server with enabled OIDC authentication. DSF BPE Server with enabled OIDC authentication. Summary OIDC-authenticated sessions had no configured maximum inactivity timeout. Sessions persisted indefinitely after login, even after the OIDC access token expired. Impact If...

GHSA-GJ7P-595X-QWF5 Data Sharing Framework is Missing Session Timeout for OIDC Sessions

Affected Components DSF FHIR Server with enabled OIDC authentication. DSF BPE Server with enabled OIDC authentication. Summary OIDC-authenticated sessions had no configured maximum inactivity timeout. Sessions persisted indefinitely after login, even after the OIDC access token expired. Impact If...

PT-2026-33385

Name of the Vulnerable Software and Affected Versions Data Sharing Framework versions prior to 2.1.0 Description OIDC-authenticated sessions lack a configured maximum inactivity timeout, allowing sessions to persist indefinitely after login, even after the OIDC access token has expired. This allo...

Giskard has a Regular Expression Denial of Service (ReDoS) in RegexMatching Check

Summary The RegexMatching check in the giskard-checks package passes a user-supplied regular expression pattern directly to Python's re.search without any timeout, complexity guard, or pattern validation. An attacker who can control the regex pattern or the text being matched can craft inputs tha...