Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013820)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013820 advisory. In the Linux kernel, the following vulnerability has been resolved: blk-throttle: prevent overflow while calculating wait time There is a problem found by code revie...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011185)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011185 advisory. In the Linux kernel, the following vulnerability has been resolved: iouring: wait interruptibly for request completions on exit WHen the ring exits, cleanup is done...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-010849)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010849 advisory. In the Linux kernel, the following vulnerability has been resolved: posix-timers: Prevent RT livelock in itimerdelete itimerdelete has a retry loop when the timer is...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013053)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013053 advisory. In the Linux kernel, the following vulnerability has been resolved: posix-timers: Prevent RT livelock in itimerdelete itimerdelete has a retry loop when the timer is...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012975)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012975 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: install stub fence into potential unused fence pointers When using cpu to update page...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011156)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011156 advisory. In the Linux kernel, the following vulnerability has been resolved: blk-throttle: prevent overflow while calculating wait time There is a problem found by code revie...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007533)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007533 advisory. In the Linux kernel, the following vulnerability has been resolved: gadgetfs: epio - wait until IRQ finishes after usbepqueue if waitforcompletioninterruptible is...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007484)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007484 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Allow waiting for commands to complete on removed device When a SCSI device is removed...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007605)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007605 advisory. In the Linux kernel, the following vulnerability has been resolved: kcm: annotate data-races around kcm-rxpsock kcm-rxpsock can be read locklessly in kcmrfree...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007496)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007496 advisory. In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: defer device probing when resuming from hibernation syzbot is reporting hung task ...

nginx 0.5.15 < 1.28.3 / 1.29.x < 1.29.7 NULL Pointer Dereference

The installed version of nginx is 0.5.15 prior to 1.28.3, or 1.29.x prior to 1.29.7. It is, therefore, affected by the following issue : - When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue...

BIT-AIRFLOW-2026-34538 Apache Airflow: Authorization bypass in DagRun wait endpoint (XCom exposure)

Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to users who only have DAG Run read permissions, such as the Viewer role.This behavior conflicts with the FAB RBAC model, which treats XCom as a separate protected resource, and with the security mode...

GHSA-R7VR-M4JW-R794 Apache Airflow has an authorization bypass in DagRun wait endpoint

Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to users who only have DAG Run read permissions, such as the Viewer role.This behavior conflicts with the FAB RBAC model, which treats XCom as a separate protected resource, and with the security mode...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization through the waitdagrununtilfinished handler in airflow-core/src/airflow/apifastapi/coreapi/routes/public/dagrun.py. An attacker can read task result values by sending a GET request to the DAG run wait endpoint with...

CVE-2026-34538 Apache Airflow: Authorization bypass in DagRun wait endpoint (XCom exposure)

Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to users who only have DAG Run read permissions, such as the Viewer role.This behavior conflicts with the FAB RBAC model, which treats XCom as a separate protected resource, and with the security mode...

CVE-2026-34538 Apache Airflow: Authorization bypass in DagRun wait endpoint (XCom exposure)

Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to users who only have DAG Run read permissions, such as the Viewer role.This behavior conflicts with the FAB RBAC model, which treats XCom as a separate protected resource, and with the security mode...

PT-2026-31598

Name of the Vulnerable Software and Affected Versions Apache Airflow versions 3.0.0 through 3.1.8 Description The DagRun wait endpoint in Apache Airflow allows users with DAG Run read permissions, such as the Viewer role, to access XCom result values. This behavior contradicts the intended securi...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006749)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006749 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: install stub fence into potential unused fence pointers When using cpu to update page...

SUSE CVE-2026-23469

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Synchronize interrupts before suspending the GPU The runtime PM suspend callback doesn't know whether the IRQ handler is in progress on a different CPU core and doesn't wait for it to finish. Depending on timing,...

Linux Distros Unpatched Vulnerability : CVE-2026-23414

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tls: Purge asynchold in tlsdecryptasyncwait The asynchold queue pins encrypted input skbs while the AEAD engine references their scatterlist data. Once...