Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013342)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013342 advisory. In the Linux kernel, the following vulnerability has been resolved: afunix: Fix data races around sk-skshutdown. KCSAN found a data race around sk-skshutdown where...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-010702)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010702 advisory. An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of- bounds read and OOPS for SMB2WRITE, when there is a large...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011016)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011016 advisory. In the Linux kernel, the following vulnerability has been resolved: tipc: fix an information leak in tipctopsrvkernsubscr Use a 8-byte write to initialize...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013055)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013055 advisory. In the Linux kernel, the following vulnerability has been resolved: netlink: annotate accesses to nlk-cbrunning Both netlinkrecvmsg and netlinknativeseqshow read...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010714)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010714 advisory. A flaw was found in unrestricted eBPF usage by the BPFBTFLOAD, leading to a possible out-of-bounds memory write in the Linux kernels BPF subsystem due to the way a...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013169)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013169 advisory. In the Linux kernel, the following vulnerability has been resolved: dccp: fix data-race around dp-dccpsmsscache dccpsendmsg reads dp-dccpsmsscache before locking the...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013142)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013142 advisory. In the Linux kernel, the following vulnerability has been resolved: netlink: annotate accesses to nlk-cbrunning Both netlinkrecvmsg and netlinknativeseqshow read...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013009)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013009 advisory. In the Linux kernel, the following vulnerability has been resolved: fs: writeback: fix use-after-free in markinodedirty An use-after-free issue occurred when...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011352)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011352 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: refresh inline data size before write operations The cached ei-iinlinesize can become stal...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013093)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013093 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: refresh inline data size before write operations The cached ei-iinlinesize can become stal...

CVE-2026-35588

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module glances/exports/glancescassandra/init.py interpolates keyspace, table, and replicationfactor configuration values directly into CQL statements without validation. A user with write...

CVE-2026-41298

OpenClaw before 2026.4.2 fails to enforce write scopes on the POST /sessions/:sessionKey/kill endpoint in identity-bearing HTTP modes. Read-scoped callers can terminate running subagent sessions by sending requests to this endpoint, bypassing authorization controls...

EUVD-2026-24004

OpenClaw before 2026.4.2 fails to enforce write scopes on the POST /sessions/:sessionKey/kill endpoint in identity-bearing HTTP modes. Read-scoped callers can terminate running subagent sessions by sending requests to this endpoint, bypassing authorization controls...

EUVD-2026-23954

A local attacker who can execute privileged CSR operations or can induce firmware to do so performs carefully crafted reads/writes to menvcfg e.g., csrrs in M-mode. On affected XiangShan versions commit aecf601e803bfd2371667a3fb60bfcd83c333027, 2024-11-19, these menvcfg accesses can unexpectedly...

CVE-2026-29642

A local attacker who can execute privileged CSR operations or can induce firmware to do so performs carefully crafted reads/writes to menvcfg e.g., csrrs in M-mode. On affected XiangShan versions commit aecf601e803bfd2371667a3fb60bfcd83c333027, 2024-11-19, these menvcfg accesses can unexpectedly...

Directory Traversal

Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Directory Traversal through the files request parameter in the dataflow import parsers. An attacker with administrative privileges can read...

JLSEC-2026-159

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctbinfo.log2unitSize after an SPS change where PicWidthInCtbsY and PicHeightInCtbsY stay...

Security update for GraphicsMagick

This update for GraphicsMagick fixes the following issue: CVE-2026-33535: Out-of-Bounds write of a zero byte in X11 display interaction bsc1260874. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...

Security update for ImageMagick

This update for ImageMagick fixes the following issues: CVE-2026-24484: denial of service via multi-layer nested MVG to SVG conversion bsc1258790. CVE-2026-28493: integer overflow in the SIXEL decoder leads to out-of-bounds write bsc1259446. CVE-2026-28494: missing bounds checks in the morphology...

SUSE-SU-2026:1497-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2026-24484: denial of service via multi-layer nested MVG to SVG conversion bsc1258790. - CVE-2026-28493: integer overflow in the SIXEL decoder leads to out-of-bounds write bsc1259446. - CVE-2026-28494: missing bounds checks in the...