OSV-2026-112 Use-of-uninitialized-value in PrintSERPacket

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=477681214 Crash type: Use-of-uninitialized-value Crash state: PrintSERPacket garminserparse gpsdpoll...

PT-2026-4357

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to a device reference imbalance within the ISP1301 USB PHY driver. A recent fix for a device reference leak in a UDC driver introduced a potenti...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004829)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004829 advisory. In the Linux kernel, the following vulnerability has been resolved: drivers: serial: jsm: fix some leaks in probe This error path needs to unwind instead of just...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004878)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004878 advisory. In the Linux kernel, the following vulnerability has been resolved: serial: imx: Add missing .thawnoirq hook The following warning is seen with non-console UART...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004873)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004873 advisory. In the Linux kernel, the following vulnerability has been resolved: tty: serial: Fix refcount leak bug in uccuart.c In socinfo, offindnodebytype will return a node...

CVE-2025-68132

EVerest is an EV charging software stack. Prior to version 2025.12.0, ismessagecrccorrect in the DZGGSH01 powermeter SLIP parser reads vecvec.size-1 and vecvec.size-2 without checking that at least two bytes are present. Malformed SLIP frames on the serial link can reach ismessagecrccorrect with...

EUVD-2026-4015

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in matiskiba Ravpage ravpage allows Reflected XSS.This issue affects Ravpage: from n/a through = 2.33...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37985)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37985 advisory. - In the Linux kernel, the following vulnerability has been resolved: USB: wdm: close race between wdmopen and...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21773)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21773 advisory. - In the Linux kernel, the following vulnerability has been resolved: can: etases58x: fix potential NULL point...

Azure Linux 3.0 Security Update: kernel (CVE-2024-42248)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42248 advisory. - In the Linux kernel, the following vulnerability has been resolved: tty: serial: ma35d1: Add a NULL check fo...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21776)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21776 advisory. - In the Linux kernel, the following vulnerability has been resolved: USB: hub: Ignore non-compliant devices...

Azure Linux 3.0 Security Update: kernel (CVE-2024-50058)

"The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-50058 advisory. - In the Linux kernel, the following vulnerability has been resolved: serial: protect uartportdtrrts in...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38040)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38040 advisory. - In the Linux kernel, the following vulnerability has been resolved: serial: mctrlgpio: split disablems into...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38265)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38265 advisory. - In the Linux kernel, the following vulnerability has been resolved: serial: jsm: fix NPE during...

Azure Linux 3.0 Security Update: kernel (CVE-2024-58007)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-58007 advisory. - In the Linux kernel, the following vulnerability has been resolved: soc: qcom: socinfo: Avoid out of bounds...

EUVD-2025-206323

EVerest is an EV charging software stack. Prior to version 2025.12.0, ismessagecrccorrect in the DZGGSH01 powermeter SLIP parser reads vecvec.size-1 and vecvec.size-2 without checking that at least two bytes are present. Malformed SLIP frames on the serial link can reach ismessagecrccorrect with...

CVE-2025-68132

CVE-2025-68132 affects EVerest EV charging software stack. The issue lies in the DZG_GSH01 powermeter SLIP parser, where is_message_crc_correct reads vec[vec.size()-1] and vec[vec.size()-2] without verifying that at least two bytes exist. Malformed SLIP frames on the serial link can reach this fu...

CVE-2025-68132

EVerest is an EV charging software stack. Prior to version 2025.12.0, ismessagecrccorrect in the DZGGSH01 powermeter SLIP parser reads vecvec.size-1 and vecvec.size-2 without checking that at least two bytes are present. Malformed SLIP frames on the serial link can reach ismessagecrccorrect with...

CVE-2025-68132 EVerest has out-of-bounds read in DZG_GSH01 SLIP CRC parser that can crash powermeter driver

EVerest is an EV charging software stack. Prior to version 2025.12.0, ismessagecrccorrect in the DZGGSH01 powermeter SLIP parser reads vecvec.size-1 and vecvec.size-2 without checking that at least two bytes are present. Malformed SLIP frames on the serial link can reach ismessagecrccorrect with...

CVE-2025-68132 EVerest has out-of-bounds read in DZG_GSH01 SLIP CRC parser that can crash powermeter driver

EVerest is an EV charging software stack. Prior to version 2025.12.0, ismessagecrccorrect in the DZGGSH01 powermeter SLIP parser reads vecvec.size-1 and vecvec.size-2 without checking that at least two bytes are present. Malformed SLIP frames on the serial link can reach ismessagecrccorrect with...