CVE-2025-26409

A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used to gain a root shell on the device. This issue is fixed in...

CVE-2025-24956

A vulnerability has been identified in OpenV2G All versions V0.9.6. The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption...

SUSE CVE-2025-21695

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-uart-backlight: fix serdev race The delluartblserdevprobe function calls devmserdevdeviceopen before setting the client ops via serdevdevicesetclientops. This ordering can trigger a NULL pointer dereference in...

Mercedes-Benz NTG 安全漏洞

Mercedes-Benz NTG is an automobile from Mercedes-Benz Germany. A security vulnerability exists in Mercedes-Benz NTG that originates from a service crash when importing or exporting profile settings via USB...

Mercedes-Benz NTG 安全漏洞

Mercedes-Benz NTG is an automobile from Mercedes-Benz Germany. A security vulnerability exists in Mercedes-Benz NTG 6 that originates from a file parsing failure when importing or exporting profile settings via USB...

UBUNTU-CVE-2025-21695

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-uart-backlight: fix serdev race The delluartblserdevprobe function calls devmserdevdeviceopen before setting the client ops via serdevdevicesetclientops. This ordering can trigger a NULL pointer dereference in...

kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format

A vulnerability was found in the Linux kernel's USB Video Class driver. A buffer for video frame data is allocated, which does not account for all of the frame formats contained in a video stream, leading to an out-of-bounds write when a stream includes frames with an undefined format. An attacke...

CVE-2025-24956

A vulnerability has been identified in OpenV2G All versions V0.9.6. The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption...

CVE-2025-24956

A vulnerability has been identified in OpenV2G All versions V0.9.6. The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption...

CVE-2025-24956

A vulnerability has been identified in OpenV2G All versions V0.9.6. The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption...

CVE-2025-24956

OpenV2G (all versions

CVE-2025-24956

A vulnerability has been identified in OpenV2G All versions V0.9.6. The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption...

CVE-2025-26409

A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used to gain a root shell on the device. This issue is fixed...

CVE-2025-26409 Access to Bootloader and Shell Over Serial Interface

A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used to gain a root shell on the device. This issue is fixed...

CVE-2025-26409 Access to Bootloader and Shell Over Serial Interface

A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used to gain a root shell on the device. This issue is fixed...

kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format

A vulnerability was found in the Linux kernel's USB Video Class driver. A buffer for video frame data is allocated, which does not account for all of the frame formats contained in a video stream, leading to an out-of-bounds write when a stream includes frames with an undefined format. An attacke...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: char: xillybus: Check USB endpoints when probing the device. Ensure that, as the driver probes the device, all endpoints that the driver may attempt to access exist and are of the correct type. All XillyUSB devices must have a Bu...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: userial: Fixed the issue where gsstartio crashed due to accessing a null pointer. In some extreme cases, when the uSerial driver is accessed by multiple threads, Thread A executes the open operation and calls gsOpen...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: usb: musb: sunxi: Fixing the issue of accessing a released USB PHY. The commit 6ed05c68cbca “usb: musb: sunxi: Explicitly releasing the USB PHY upon exit” causes the USB PHY @glue-xceiv to be accessed after it has been released. ...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mfd: intelsocpmicbxtwc: Use the IRQ domain for USB Type-C devices. While the idea of adapting the driver to utilize the hierarchy of IRQ chips is correct from a design perspective, the implementation contains flaws. This issue wa...