Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2026-50100)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50100 advisory. - crypto: afalg - Fix incorrect boolean values in afalgctx Eric Biggers Orabug: 38879907 CVE-2025-40022 - crypto: afalg - Disallow concurrent writ...

nodejs: Nodejs uninitialized memory exposure

A memory exposure flaw has been discovered in Node.js. A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other...

nodejs: Nodejs uninitialized memory exposure

A memory exposure flaw has been discovered in Node.js. A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other...

Security update for rekor

This update for rekor fixes the following issues: Security fixes: CVE-2025-58058: Fixed github.com/ulikunitz/xz leaks memory bsc1248910 CVE-2025-29923: Fixed potential out of order responses when CLIENT SETINFO times out during connection establishment bsc1241153 Other fixes: Update to version...

SUSE-SU-2026:0383-1 Security update for rekor

This update for rekor fixes the following issues: Security fixes: - CVE-2025-58058: Fixed github.com/ulikunitz/xz leaks memory bsc1248910 - CVE-2025-29923: Fixed potential out of order responses when CLIENT SETINFO times out during connection establishment bsc1241153 Other fixes: - Update to...

kernel: Linux kernel: vsock vulnerability may lead to memory corruption

A flaw was found in the Linux kernel's vsock component. This vulnerability occurs when a connect operation on an already established socket is interrupted by a signal or timeout, causing the system to mishandle the socket's state. This incorrect handling can lead to a race condition, potentially...

CVE-2025-61728

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

CVE-2026-21720

Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel...

CVE-2026-21720

Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel...

CVE-2026-21720

Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel...

UBUNTU-CVE-2026-21720

Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel...

CVE-2026-21720

Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel...

EUVD-2026-4841

Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005140)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005140 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp: check skb is non-NULL in tcprtodeltaus We have some machines running stock Ubuntu 20.04.6...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005156)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005156 advisory. In the Linux kernel, the following vulnerability has been resolved: nbd: fix race between timeout and normal completion If request timetout is handled by...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005165)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005165 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix UAF on scosocktimeout conn-sk maybe have been unlinked/freed while waiting fo...

PT-2026-4877

Name of the Vulnerable Software and Affected Versions Grafana affected versions not specified Description The software can crash due to a memory exhaustion issue triggered by uncached requests to the /avatar/:hash endpoint. Each request spawns a goroutine to refresh the Gravatar image. If this...

BIT-NODE-2025-55131

A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other TypedArray instances like Uint8Array may contain leftover...

BIT-NODE-MIN-2025-55131

A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other TypedArray instances like Uint8Array may contain leftover...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004953)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004953 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: qup: jump out of the loop in case of timeout Original logic only sets the return value but...