IEC104 安全漏洞

IEC104 is an international standard of the International Electrotechnical Commission IEC standards organization widely used in the electric power, urban rail transit, and other industries. A security vulnerability exists in IEC104 Commit be6d841 and prior versions, which stems from the possibilit...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990769)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990769 advisory. In the Linux kernel, the following vulnerability has been resolved: sctp: clear outcurr if all frag chunks of current msg are pruned A crash was reported by Zhen Che...

CVE-2025-40815

A vulnerability has been identified in LOGO! 12/24RCE 6ED1052-1MD08-0BA2 All versions, LOGO! 12/24RCEo 6ED1052-2MD08-0BA2 All versions, LOGO! 230RCE 6ED1052-1FB08-0BA2 All versions, LOGO! 230RCEo 6ED1052-2FB08-0BA2 All versions, LOGO! 24CE 6ED1052-1CC08-0BA2 All versions, LOGO! 24CEo...

PT-2025-46541

Name of the Vulnerable Software and Affected Versions LOGO! 12/24RCE 6ED1052-1MD08-0BA2 affected versions not specified LOGO! 12/24RCEo 6ED1052-2MD08-0BA2 affected versions not specified LOGO! 230RCE 6ED1052-1FB08-0BA2 affected versions not specified LOGO! 230RCEo 6ED1052-2FB08-0BA2 affected...

Important: kernel-livepatch-6.12.40-63.114

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdiscdequeueinternal CVE-2025-39677 In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: bamdma: Fix DT error handling for num-channels/ees...

Important: kernel-livepatch-6.1.147-172.266

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdiscdequeueinternal CVE-2025-39677 In the Linux kernel, the following vulnerability has been resolved: fs/buffer: fix use-after-free when call bhread helper CVE-2025-39691 In...

USN-7853-3 linux-azure, linux-azure-4.15 vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

CVE-2025-10259

Improper Validation of Specified Quantity in Input vulnerability in TCP Communication Function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote attacker to disconnect the connection by sending specially crafted TCP packets to cause a denial-of-service DoS condition...

EUVD-2025-37980

Improper Validation of Specified Quantity in Input vulnerability in TCP Communication Function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote attacker to disconnect the connection by sending specially crafted TCP packets to cause a denial-of-service DoS condition...

Mitsubishi Electric MELSEC iQ-F Series CPU 安全漏洞

The Mitsubishi Electric MELSEC iQ-F Series CPU is a series of CPU modules from Mitsubishi Electric Japan. A security vulnerability exists in the Mitsubishi Electric MELSEC iQ-F Series CPUs that originates from improper validation of the number of inputs in the TCP communication function, which...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990409)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990409 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas...

Malicious code in wayspiritmcp-tpa (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 523cbbda7a0fda2addfcd432b1bfcc1df072ee67a593ffce535b7da7005caae8 Package seems to provide an MCP server, but in fact contains attempts to make an LLM agent break safeguards. As the request is about leaves just a flag, it see...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990228)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990228 advisory. In the Linux kernel, the following vulnerability has been resolved: ppp: reject claimed-as-LCP but actually malformed packets Since 'pppasyncencode' assumes valid LC...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989862)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989862 advisory. In the Linux kernel, the following vulnerability has been resolved: ppp: reject claimed-as-LCP but actually malformed packets Since 'pppasyncencode' assumes valid LC...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988839)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988839 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp: tcprtxsynack can be called from process context Laurent reported the enclosed report 1 This...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990022)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990022 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctltcpminsndmss. While reading sysctltcpminsndmss, it can be change...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: tcp: Correct signedness in skb remaining space calculation Syzkaller reported a bug 1 where sk-skforwardalloc can overflow. When we send data, if an skb exists at the tail of the write queue, the kernel will attempt to append the...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: Net: Ethernet: Cortina: Use TOE/TSO for all TCP protocols. It is desirable to enable the hardware accelerator to also process non-segmented TCP frames. We can pass the skb-len value to the “TOE/TSO” offloader, which will handle...

CVE-2025-61234

Incorrect access control on Dataphone A920 v2025.07.161103 exposes a service on port 8888 by default on the local network without authentication. This allows an attacker to interact with the device via a TCP socket without credentials. Additionally, sending an HTTP request to the service on port...

nbd: restrict sockets to TCP and UDP

...