Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001803)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001803 advisory. The rdsibladdrcheck function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service NULL pointer dereference and system...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002522)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002522 advisory. The logprefix function in kernel/printk.c in the Linux kernel 3.x before 3.4.33 does not properly remove a prefix string from a syslog header, which allows local use...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002659)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002659 advisory. The inetcskclonelock function in net/ipv4/inetconnectionsock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service double free or...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002309)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002309 advisory. The rdsibladdrcheck function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service NULL pointer dereference and system...

CVE-2026-20821

Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an unauthorized attacker to disclose information locally...

CVE-2026-20832

Windows Remote Procedure Call Interface Definition Language IDL Elevation of Privilege Vulnerability...

CVE-2026-22855 FreeRDP has a heap-buffer-overflow in smartcard_unpack_set_attrib_call

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length. This vulnerability is fixed in 3.20.1...

AZL-74628 CVE-2025-71120 affecting package kernel for versions less than 6.6.121.1-1

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: svcauthgss: avoid NULL deref on zero length gsstoken in gssreadproxyverf A zero length gsstoken results in pages == 0 and intoken-pages0 is NULL. The code unconditionally evaluates pageaddressintoken-pages0 for the initia...

CVE-2025-71102

In the Linux kernel, the following vulnerability has been resolved: scs: fix a wrong parameter in scsmagic scsmagic needs a 'void ' variable, but a 'struct taskstruct ' is given. 'taskscstsk' is the starting address of the task's shadow call stack, and 'scsmagictaskscstsk' is the end address of t...

CVE-2025-71102

In the Linux kernel, the following vulnerability has been resolved: scs: fix a wrong parameter in scsmagic scsmagic needs a 'void ' variable, but a 'struct taskstruct ' is given. 'taskscstsk' is the starting address of the task's shadow call stack, and 'scsmagictaskscstsk' is the end address of t...

UBUNTU-CVE-2025-71102

In the Linux kernel, the following vulnerability has been resolved: scs: fix a wrong parameter in scsmagic scsmagic needs a 'void ' variable, but a 'struct taskstruct ' is given. 'taskscstsk' is the starting address of the task's shadow call stack, and 'scsmagictaskscstsk' is the end address of t...

CVE-2025-71135 md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt()

In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix possible null-pointer dereferences in raid5storegroupthreadcnt The variable mddev-private is first assigned to conf and then checked: conf = mddev-private; if !conf ... If conf is NULL, then mddev-private is also...

CVE-2025-71102 scs: fix a wrong parameter in __scs_magic

In the Linux kernel, the following vulnerability has been resolved: scs: fix a wrong parameter in scsmagic scsmagic needs a 'void ' variable, but a 'struct taskstruct ' is given. 'taskscstsk' is the starting address of the task's shadow call stack, and 'scsmagictaskscstsk' is the end address of t...

CVE-2025-71102

In the Linux kernel, the following vulnerability has been resolved: scs: fix a wrong parameter in scsmagic scsmagic needs a 'void ' variable, but a 'struct taskstruct ' is given. 'taskscstsk' is the starting address of the task's shadow call stack, and 'scsmagictaskscstsk' is the end address of t...

CVE-2025-71102

In the Linux kernel, the following vulnerability has been resolved: scs: fix a wrong parameter in scsmagic scsmagic needs a 'void ' variable, but a 'struct taskstruct ' is given. 'taskscstsk' is the starting address of the task's shadow call stack, and 'scsmagictaskscstsk' is the end address of t...

CVE-2025-71102

CVE-2025-71102 affects the Linux kernel with a bug in shadow call stack handling: __scs_magic() received a struct task_struct* instead of the required void*. This caused scs_check_usage to scan an incorrect memory range when CONFIG_DEBUG_STACK_USAGE is enabled, potentially yielding inaccurate sha...

CVE-2025-71102 scs: fix a wrong parameter in __scs_magic

In the Linux kernel, the following vulnerability has been resolved: scs: fix a wrong parameter in scsmagic scsmagic needs a 'void ' variable, but a 'struct taskstruct ' is given. 'taskscstsk' is the starting address of the task's shadow call stack, and 'scsmagictaskscstsk' is the end address of t...

CVE-2026-0491

SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability effectively...

MiracleLinux 4 : samba-3.5.10-115.AXS4 (AXSA:2012-512:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-512:02 advisory. Samba is the suite of programs by which a lot of PC-related machines share files, printers, and other information such as lists of available files and printer...

MiracleLinux 3 : samba-3.0.33-3.39.0.1.AXS3 (AXSA:2012-537:02)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-537:02 advisory. Samba is the suite of programs by which a lot of PC-related machines share files, printers, and other information such as lists of available files and printer...