Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: redis6 (UTSA-2026-006168)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006168 advisory. Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: grafana-pcp (UTSA-2026-006198)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006198 advisory. Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is...

Unity Linux 20.1070e Security Update: vim (UTSA-2026-006140)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006140 advisory. Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the :redir ex command to register, variables and files...

Unity Linux 20.1070e Security Update: vim (UTSA-2026-006149)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006149 advisory. Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vims zip.vim plugin can allow overwriting of arbitrary files wh...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: xorg-x11-server (UTSA-2026-006141)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006141 advisory. A flaw was identified in the X.Org X servers X Keyboard Xkb extension where improper bounds checking in the XkbSetCompatMap function can cause an unsigned short...

Unity Linux 20.1070e Security Update: avahi (UTSA-2026-006160)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006160 advisory. Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: gimp (UTSA-2026-006174)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006174 advisory. A flaw was found in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricke...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: redis6 (UTSA-2026-006170)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006170 advisory. Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to caus...

Unity Linux 20.1070e Security Update: vim (UTSA-2026-006151)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006151 advisory. When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: openssl (UTSA-2026-006143)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006143 advisory. Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code poin...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: xorg-x11-server (UTSA-2026-006165)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006165 advisory. A flaw was discovered in the X.Org X servers X Keyboard Xkb extension when handling client resource cleanup. The software frees certain data structures without...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: perl-YAML-LibYAML (UTSA-2026-006156)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006156 advisory. YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified Tenable has extracted the preceding description block directly from t...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: gnupg2 (UTSA-2026-006148)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006148 advisory. In GnuPG before 2.4.9, armorfilter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: xorg-x11-server (UTSA-2026-006190)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006190 advisory. A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an intege...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pip (UTSA-2026-006147)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006147 advisory. urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded...

Unity Linux 20.1060e / 20.1070e Security Update: erlang (UTSA-2026-006131)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006131 advisory. Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an...

Unity Linux 20.1070e Security Update: python-django (UTSA-2026-006130)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006130 advisory. An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.striptags function is vulnerable to a potential...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: raptor2 (UTSA-2026-006052)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006052 advisory. In Raptor RDF Syntax Library through 2.0.16, there is a heap-based buffer over-read when parsing triples with the nquads parser in raptorntriplesparseterminternal...

CVE-2026-27478

Unity Catalog is an open, multi-modal Catalog for data and AI. In 0.4.0 and earlier, a critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint /api/1.0/unity-control/auth/tokens. The endpoint extracts the issuer iss claim from incoming JWTs and uses it to...

CVE-2026-27478 Unity Catalog has a JWT Issuer Validation Bypass Allows Complete User Impersonation

Unity Catalog is an open, multi-modal Catalog for data and AI. In 0.4.0 and earlier, a critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint /api/1.0/unity-control/auth/tokens. The endpoint extracts the issuer iss claim from incoming JWTs and uses it to...