MAL-2025-191741 Malicious code in google-cloud-iam-credentials (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e75faf49c379401db38883bfb490edbc74161e0d52d38f6aac38f6166645133a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2025-11084

A security issue exists within DataMosaix™ Private Cloud, allowing attackers to bypass MFA during setup and obtain a valid login-token cookie without knowing the users password. This vulnerability occurs when MFA is enabled but not completed within a 7-day period...

kernel: mm: swap: fix potential buffer overflow in setup_clusters()

In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix potential buffer overflow in setupclusters In setupswapmap, we only ensure badpages are in range 0, lastpage. As maxpages might be = maxpages. Only call incclusterinfopage for badpage which is maxpages to fix the...

EUVD-2025-124906

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix bootlog initialization ordering As soon as we queue MHI buffers to receive the bootlog from the device, we could be receiving data. Therefore all the resources needed to process that data need to be setup prior to...

EUVD-2025-124913

In the Linux kernel, the following vulnerability has been resolved: net: use dstdevrcu in sksetupcaps Use RCU to protect accesses to dst-dev from sksetupcaps and skdstgsomaxsize. Also use dstdevrcu in ip6dstmtumaybeforward, and ipdstmtumaybeforward. ip4dsthoplimit can use dstdevnetrcu...

CVE-2025-40170

CVE-2025-40170 affects the Linux kernel. The fix modernizes RCU-protected access to dst->dev and related destinations in several paths: net: use dst_dev_rcu() in sk_setup_caps(); ip6_dst_mtu_maybe_forward() and ip_dst_mtu_maybe_forward(); and ip4_dst_hoplimit() now uses dst_dev_net_rcu(). The ...

CVE-2025-40170

In the Linux kernel, the following vulnerability has been resolved: net: use dstdevrcu in sksetupcaps Use RCU to protect accesses to dst-dev from sksetupcaps and skdstgsomaxsize. Also use dstdevrcu in ip6dstmtumaybeforward, and ipdstmtumaybeforward. ip4dsthoplimit can use dstdevnetrcu...

CVE-2025-40170 net: use dst_dev_rcu() in sk_setup_caps()

In the Linux kernel, the following vulnerability has been resolved: net: use dstdevrcu in sksetupcaps Use RCU to protect accesses to dst-dev from sksetupcaps and skdstgsomaxsize. Also use dstdevrcu in ip6dstmtumaybeforward, and ipdstmtumaybeforward. ip4dsthoplimit can use dstdevnetrcu...

CVE-2025-40170 net: use dst_dev_rcu() in sk_setup_caps()

In the Linux kernel, the following vulnerability has been resolved: net: use dstdevrcu in sksetupcaps Use RCU to protect accesses to dst-dev from sksetupcaps and skdstgsomaxsize. Also use dstdevrcu in ip6dstmtumaybeforward, and ipdstmtumaybeforward. ip4dsthoplimit can use dstdevnetrcu...

Gladinet Triofox Improper Access Control Vulnerability

Gladinet Triofox contains an improper access control vulnerability that allows access to initial setup pages even after setup is complete...

EUVD-2025-84346

A security issue exists within DataMosaix™ Private Cloud, allowing attackers to bypass MFA during setup and obtain a valid login-token cookie without knowing the users password. This vulnerability occurs when MFA is enabled but not completed within a 7-day period...

CVE-2025-12480

Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete...

CVE-2025-11084

A security issue exists within DataMosaix™ Private Cloud, allowing attackers to bypass MFA during setup and obtain a valid login-token cookie without knowing the users password. This vulnerability occurs when MFA is enabled but not completed within a 7-day period...

CVE-2025-11084

CVE-2025-11084 affects Rockwell Automation’s DataMosaix Private Cloud. The issue allows bypassing MFA during initial setup and obtaining a valid login-token cookie without a user password when MFA is enabled but not completed within 7 days. This can lead to account takeover and credential exposur...

kernel: Bluetooth: btrtl: check for NULL in btrtl_setup_realtek()

A NULL pointer access may result in compromised availability...

kernel: rxrpc: Fix a race between socket set up and I/O thread creation

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix a race between socket set up and I/O thread creation In rxrpcopensocket, it sets up the socket and then sets up the I/O thread that will handle it. This is a problem, however, as there's a gap between the two phases in...

kernel: PCI: Fix NULL dereference in SR-IOV VF creation error path

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix NULL dereference in SR-IOV VF creation error path Clean up when virtfn setup fails to prevent NULL pointer dereference during device removal. The kernel oops below occurred due to incorrect error handling flow when...

kernel: Bluetooth: btrtl: check for NULL in btrtl_setup_realtek()

A NULL pointer access may result in compromised availability...

MAL-2025-82872 Malicious code in ade-gado-gado35-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0283196457a9b7e61c150b6f336fbd13ddaada0e84681ce77430b07ceb827852 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Rockwell Automation DataMosaix Private Cloud 安全漏洞

Rockwell Automation DataMosaix Private Cloud is an industrial DataOps solution from Rockwell Automation, Inc. It is used to simplify and control access to relevant, reliable and contextualized data. A security vulnerability exists in Rockwell Automation DataMosaix Private Cloud that can be...