Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001195)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001195 advisory. A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual SDM was mishandled in the development of some or all...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003702)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003702 advisory. In hiddebugeventsread of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003536)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003536 advisory. A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual SDM was mishandled in the development of some or all...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002130)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002130 advisory. The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service host OS panic or hang by...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003017)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003017 advisory. The hidmachanstats function in drivers/dma/qcom/hidmadbg.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading callback...

Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers

The Black Lotus Labs team at Lumen Technologies said it null-routed traffic to more than 550 command-and-control C2 nodes associated with the AISURU/Kimwolf botnet since early October 2025. AISURU and its Android counterpart, Kimwolf, have emerged as some of the biggest botnets in recent times,...

CVE-2025-71102

In the Linux kernel, the following vulnerability has been resolved: scs: fix a wrong parameter in scsmagic scsmagic needs a 'void ' variable, but a 'struct taskstruct ' is given. 'taskscstsk' is the starting address of the task's shadow call stack, and 'scsmagictaskscstsk' is the end address of t...

CVE-2025-71102

In the Linux kernel, the following vulnerability has been resolved: scs: fix a wrong parameter in scsmagic scsmagic needs a 'void ' variable, but a 'struct taskstruct ' is given. 'taskscstsk' is the starting address of the task's shadow call stack, and 'scsmagictaskscstsk' is the end address of t...

UBUNTU-CVE-2025-71102

In the Linux kernel, the following vulnerability has been resolved: scs: fix a wrong parameter in scsmagic scsmagic needs a 'void ' variable, but a 'struct taskstruct ' is given. 'taskscstsk' is the starting address of the task's shadow call stack, and 'scsmagictaskscstsk' is the end address of t...

CVE-2025-71102

In the Linux kernel, the following vulnerability has been resolved: scs: fix a wrong parameter in scsmagic scsmagic needs a 'void ' variable, but a 'struct taskstruct ' is given. 'taskscstsk' is the starting address of the task's shadow call stack, and 'scsmagictaskscstsk' is the end address of t...

CVE-2025-71102

In the Linux kernel, the following vulnerability has been resolved: scs: fix a wrong parameter in scsmagic scsmagic needs a 'void ' variable, but a 'struct taskstruct ' is given. 'taskscstsk' is the starting address of the task's shadow call stack, and 'scsmagictaskscstsk' is the end address of t...

CVE-2025-71102

CVE-2025-71102 affects the Linux kernel with a bug in shadow call stack handling: __scs_magic() received a struct task_struct* instead of the required void*. This caused scs_check_usage to scan an incorrect memory range when CONFIG_DEBUG_STACK_USAGE is enabled, potentially yielding inaccurate sha...

CVE-2025-71102 scs: fix a wrong parameter in __scs_magic

In the Linux kernel, the following vulnerability has been resolved: scs: fix a wrong parameter in scsmagic scsmagic needs a 'void ' variable, but a 'struct taskstruct ' is given. 'taskscstsk' is the starting address of the task's shadow call stack, and 'scsmagictaskscstsk' is the end address of t...

MiracleLinux 3 : kvm-84-7AXS3 (AXSA:2009-490:03)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2009-490:03 advisory. This package provides the kvm kernel modules built for the Linux kernel CVE-2009-3638 Integer overflow in the kvmdevioctlgetsupportedcpuid function i...

Linux Distros Unpatched Vulnerability : CVE-2025-71102

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: scs: fix a wrong parameter in scsmagic scsmagic needs a 'void ' variable, but a 'struct...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001377)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001377 advisory. In the Android kernel in sync debug fs driver there is a kernel pointer leak due to the usage of printf with %p. This could lead to local information disclosure with...

CVE-2025-14720

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on multiple AJAX actions in all versions up to, and including, 1.2.38. This makes it possible for unauthenticated attackers to mark payments as...

CVE-2026-0853

Certain NVR models developed by A-Plus Video Technologies has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access the debug page and obtain device status information...

Vulnerability fixed in Microsoft SQL Server

Microsoft has fixed a vulnerability in SQL Server A malicious party can exploit the vulnerability to gain unauthorized access to DEBUG functionality and thereby generate, among other things, memory dumps. These dumps can also involve memory outside the scope of SQL Server, allowing the malicious...

Description of the security update for SharePoint Server Subscription Edition: January 13, 2026 (KB5002822)

Description of the security update for SharePoint Server Subscription Edition: January 13, 2026 KB5002822 Summary Important: If you're currently running SharePoint Workflow Manager, you must install SharePoint Workflow Manager KB5002799 to your farm before you install this cumulative update. If...