SUSE CVE-2025-68771

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix kernel BUG in ocfs2findvictimchain syzbot reported a kernel BUG in ocfs2findvictimchain because the clnextfreerec field of the allocation chain list next free slot in the chain list is 0, triggring the...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001371)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001371 advisory. A missing address check in the callers of the showopcodes in the Linux kernel allows an attacker to dump the kernel memory at an arbitrary kernel address into the...

MiracleLinux 3 : nfs-utils-1.0.9-60.AXS3 (AXSA:2012-253:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-253:01 advisory. The nfs-utils package provides a daemon for the kernel NFS server and related tools, which provides a much higher level of performance than the traditional...

MiracleLinux 4 : dhcp-4.1.1-19.P1.AXS4.1 (AXSA:2011-427:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-427:03 advisory. DHCP Dynamic Host Configuration Protocol is a protocol which allows individual devices on an IP network to get their own network configuration...

MiracleLinux 4 : 389-ds-base-1.2.10.2-18.AXS4 (AXSA:2012-589:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-589:02 advisory. 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration...

MiracleLinux 4 : sudo-1.7.4p5-7.AXS4 (AXSA:2011-635:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2011-635:01 advisory. Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all...

EUVD-2026-1996

hermes's raw options logging may disclose secrets passed in via subcommand options argument...

GHSA-JM5J-JFRM-HM23 hermes's raw options logging may disclose secrets passed in via subcommand options argument

Thanks, @thunze for reporting this! hermes subcommands take arbitrary options under the -O argument. These have been logged in raw form since https://github.com/softwarepub/hermes/commit/7f64f102e916c76dc44404b77ab2a80f5a4e59b1 in:...

GO-2026-4299 Mattermost Server allows attackers to log sensitive information via DEBUG REST API logging endpoint in github.com/mattermost/mattermost-server

Mattermost Server allows attackers to log sensitive information via DEBUG REST API logging endpoint in github.com/mattermost/mattermost-server...

CVE-2025-68778

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't log conflicting inode if it's a dir moved in the current transaction We can't log a conflicting inode if it's a directory and it was moved from one parent directory to another parent directory in the current...

CVE-2025-68771

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix kernel BUG in ocfs2findvictimchain syzbot reported a kernel BUG in ocfs2findvictimchain because the clnextfreerec field of the allocation chain list next free slot in the chain list is 0, triggring the...

UBUNTU-CVE-2025-68771

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix kernel BUG in ocfs2findvictimchain syzbot reported a kernel BUG in ocfs2findvictimchain because the clnextfreerec field of the allocation chain list next free slot in the chain list is 0, triggring the...

UBUNTU-CVE-2025-68778

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't log conflicting inode if it's a dir moved in the current transaction We can't log a conflicting inode if it's a directory and it was moved from one parent directory to another parent directory in the current...

Description of the security update for SharePoint Server 2016 Language Pack: January 13, 2026 (KB5002827)

Description of the security update for SharePoint Server 2016 Language Pack: January 13, 2026 KB5002827 Summary Important: If you're running Microsoft SharePoint Server 2013-type workflows, you must install the August 2025 update for SharePoint Workflow Manager to your farm before you install thi...

CVE-2025-68778 btrfs: don't log conflicting inode if it's a dir moved in the current transaction

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't log conflicting inode if it's a dir moved in the current transaction We can't log a conflicting inode if it's a directory and it was moved from one parent directory to another parent directory in the current...

CVE-2025-68771 ocfs2: fix kernel BUG in ocfs2_find_victim_chain

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix kernel BUG in ocfs2findvictimchain syzbot reported a kernel BUG in ocfs2findvictimchain because the clnextfreerec field of the allocation chain list next free slot in the chain list is 0, triggring the...

Security Bulletin: IBM B2B Advanced Communications is affected by multiple vulnerabilities in log4j

Summary IBM B2B Advanced Communications has addressed vulnerabilities in log4j shipped with productCVE-2022-0084 CVE-2020-36518 CVE-2021-37136 CVE-2022-23913 CVE-2022-24785 Vulnerability Details CVEID:CVE-2022-0084 DESCRIPTION: A flaw was found in XNIO, specifically in the notifyReadClosed method...

CVE-2026-22798

The CVE-2026-22798 issue affects the Hermes workflow tool. It concerns logging of arbitrary options passed via the -O argument, which could cause sensitive data (e.g., API tokens) to be written to log files in plaintext. This behavior occurs in Hermes releases from 0.8.1 up to before 0.9.1. Impac...

CVE-2026-22798 hermes's raw options logging may disclose secrets passed in via subcommand options argument

hermes is an implementation of the HERMES workflow to automatize software publication with rich metadata. From 0.8.1 to before 0.9.1, hermes subcommands take arbitrary options under the -O argument. These have been logged in raw form. If users provide sensitive data such as API tokens e.g., via...

Avahi 安全漏洞

Avahi is the Avahi open source set of local service discovery tools for Linux. A security vulnerability exists in Avahi 0.9-rc2 and earlier versions, which stems from the fact that an unauthorized local user can create a logging browser via D-Bus, which may cause avahi-daemon to crash...