Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013370)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013370 advisory. In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/cadence-ttc: Fix memory leak in ttctimerprobe Smatch reports:...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011079)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011079 advisory. In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/cadence-ttc: Fix memory leak in ttctimerprobe Smatch reports:...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-013363)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013363 advisory. In the Linux kernel, the following vulnerability has been resolved: mrp: introduce active flags to prevent UAF when applicant uninit The caller of deltimersync must...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011075)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011075 advisory. In the Linux kernel, the following vulnerability has been resolved: media: netupunidvb: fix use-after-free at deltimer When Universal DVB card is detaching,...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013302)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013302 advisory. The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, a...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013160)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013160 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix race condition in hidpsessionthread There is a potential race condition in...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011209)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011209 advisory. In the Linux kernel, the following vulnerability has been resolved: media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe The state-timer is ...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012968)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012968 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs The dreamcastcard-timer could schedu...

EUVD-2026-23912

A stack-use-after-return issue exists in the ArduinoCoreSTM32 library prior to version 1.7.0. The pwmstart function allocates a TIMHandleTypeDef structure on the stack and passes its address to HAL initialization routines, where it is stored in a global timer handle registry. After the function...

CVE-2026-26399

A stack-use-after-return issue exists in the ArduinoCoreSTM32 library prior to version 1.7.0. The pwmstart function allocates a TIMHandleTypeDef structure on the stack and passes its address to HAL initialization routines, where it is stored in a global timer handle registry. After the function...

CVE-2026-26399

Summary of CVE-2026-26399 (Arduino_Core_STM32) : A stack-use-after-return vulnerability exists in the Arduino Core STM32 library for versions prior to 1.7.0. The function pwm_start() allocates a TIM_HandleTypeDef on the stack and passes its address to HAL initialization routines, which store a re...

CVE-2026-26399

A stack-use-after-return issue exists in the ArduinoCoreSTM32 library prior to version 1.7.0. The pwmstart function allocates a TIMHandleTypeDef structure on the stack and passes its address to HAL initialization routines, where it is stored in a global timer handle registry. After the function...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007419)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007419 advisory. In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreqmonitorstart/stop There is a chance if a frequent switch of the...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007391)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007391 advisory. In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix UAF in runtimersoftirq When dmresume and dmdestroy are concurrent, it will lead to...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007225)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007225 advisory. In the Linux kernel, the following vulnerability has been resolved: sh: push-switch: Reorder cleanup operations to avoid use-after-free bug The original code puts...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-007203)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007203 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, videotimer can send client notifications after the control channel is closed,...

WordPress Countdown Timer Ultimate plugin <= 2.6.9 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin Countdown Timer Ultimate versions = 2.6.9...

RLSA-2026:6799 Important: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: freerdp: FreeRDP heap-use-after-free CVE-2026-22856 freerdp: FreeRDP...

Cisco IOS XE Software Release 3E HTTP Server DoS (cisco-sa-ios-http-dos-sbv8XRpL)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A denial of service DoS vulnerability exists in Cisco IOS XE Software due to improper validation of user-supplied input. An authenticated remote attacker can exploit this issue, via sending malformed...

freerdp: FreeRDP has a heap-use-after-free in video_timer

A use after free flaw has been discovered in FreeRDP. The videotimer can send client notifications after the control channel is closed, dereferencing a freed callback and triggering a use after free. A malicious server can trigger a client‑side heap use after free causing a crash DoS...