PT-2026-5386

Dell Unity, versions 5.5.2 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root...

Dell Unity operating system command injection vulnerability

Dell Unity is a virtual Unity storage environment provided by the American company Dell. Versions of Dell Unity prior to 5.5.2 contained a vulnerability related to operating system command injection. This vulnerability stemmed from improper handling of special elements, which could allow local,...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: weldr-client (UTSA-2026-005216)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005216 advisory. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is us...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: squid (UTSA-2026-005211)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005211 advisory. Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information...

Unity Linux 20.1070e Security Update: screen (UTSA-2026-005210)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005210 advisory. For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session. Tenable has extracted the preceding description block...

Unity Linux 20.1070e Security Update: screen (UTSA-2026-005209)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005209 advisory. A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be...

Unity Linux 20.1070e Security Update: screen (UTSA-2026-005208)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005208 advisory. Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: fcgi (UTSA-2026-005213)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005213 advisory. FastCGI fcgi2 aka fcgi 2.x through 2.4.4 has an integer overflow and resultant heap-based buffer overflow via crafted nameLen or valueLen values in data to the IPC...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: squid (UTSA-2026-005214)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005214 advisory. Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: glibc (UTSA-2026-005215)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005215 advisory. Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: nodejs-form-data (UTSA-2026-005212)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005212 advisory. Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files...

Malicious Package

Overview com.microsoft.mrtk.graphicstools.unity is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

Malicious Package

Overview com.unity.xr.visionos is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005095)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005095 advisory. In the Linux kernel, the following vulnerability has been resolved: media: xc2028: avoid use-after-free in loadfirmwarecb syzkaller reported use-after-free in...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005012)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005012 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in ext4handleinodeextension We got issue as follows: EXT4-fs error device loop...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005006)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005006 advisory. In the Linux kernel, the following vulnerability has been resolved: block, bfq: don't move oombfqq Our test report a UAF: 2073.019181...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005166)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005166 advisory. In the Linux kernel, the following vulnerability has been resolved: fsl/fman: Fix refcount handling of fman-related devices In macprobe there are multiple calls to...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005037)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005037 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: Fix race of sndseqtimeropen The timer instance per queue is exclusive, and...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005071)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005071 advisory. In the Linux kernel, the following vulnerability has been resolved: ax25: Fix reference count leak issue of netdevice There is a reference count leak issue of the...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005014)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005014 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifsdebugdataprocshow Skip SMB sessions that are being...