Slackware Linux 15.0 / current net-snmp Vulnerability (SSA:2025-359-01)

The version of net-snmp installed on the remote host is prior to 5.9.3 / 5.9.5.2. It is, therefore, affected by a vulnerability as referenced in the SSA:2025-359-01 advisory. New net-snmp packages are available for Slackware 15.0 and -current to fix a security issue. Tenable has extracted the...

CVE-2025-68746

In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Fix timeout handling When the CPU that the QSPI interrupt handler runs on typically CPU 0 is excessively busy, it can lead to rare cases of the IRQ thread not running before the transfer timeout is reached...

CVE-2025-68746

CVE-2025-68746: In the Linux kernel SPI Tegra210-quad driver, timeout handling was fixed to address a rare case where the IRQ thread could miss the transfer timeout if the CPU handling the QSPI interrupt was busy. The fix clears curr_xfer to NULL upon timeout and checks for this condition when th...

CVE-2025-68733 smack: fix bug: unprivileged task can create labels

In the Linux kernel, the following vulnerability has been resolved: smack: fix bug: unprivileged task can create labels If an unprivileged task is allowed to relabel itself /smack/relabel-self is not empty, it can freely create new labels by writing their names into own /proc/PID/attr/smack/curre...

EUVD-2025-204986

Soda PDF Desktop Launch Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a...

EUVD-2025-204966

MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but attack vectors m...

PT-2025-52926

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description A flaw exists in the Linux kernel's Smack security module where an unprivileged task, permitted to relabel itself, can create new labels by writing their names into its own...

CVE-2025-14424

GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

CVE-2025-14412

Soda PDF Desktop XLS File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2025-14423

GIMP LBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page ...

CVE-2025-14424

GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

CVE-2025-14404

CVE-2025-14404 affects PDFsam Enhanced, where the flaw lies in the processing of XLS files. The root cause is the execution of dangerous scripts without a user warning, allowing a remote attacker to run arbitrary code in the context of the current user. Exploitation requires user interaction (the...

[slackware-security] php

New php packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: extra/php81/php81-8.1.34-i586-1slack15.0.txz: Upgraded. This update fixes security issues: PDO quoting result null deref. Heap buffer overflow in...

Foxit PDF Reader U3D File Parsing Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...

EulerOS Virtualization 2.13.0 : sudo (EulerOS-SA-2025-2600)

According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed user...

Uncontrolled Search Path Element

Overview Affected versions of this package are vulnerable to Uncontrolled Search Path Element due to unsafe executable resolution when exporting notebooks containing SVG output to PDF. During export, the svg2pdf.py preprocessor resolves the inkscape executable using shutil.which, which on Windows...

SUSE CVE-2025-40358

In the Linux kernel, the following vulnerability has been resolved: riscv: stacktrace: Disable KASAN checks for non-current tasks Unwinding the stack of a task other than current, KASAN would report "BUG: KASAN: out-of-bounds in walkstackframe+0x41c/0x460" There is a same issue on x86 and has bee...

EUVD-2025-203700

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Cache streams targeting link when performing LT automation WHY Last LT automation update can cause crash by referencing currentstate and calling into dcupdateplanesandstream which may clobber currentstate. HOW...

EUVD-2025-203735

In the Linux kernel, the following vulnerability has been resolved: riscv: stacktrace: Disable KASAN checks for non-current tasks Unwinding the stack of a task other than current, KASAN would report "BUG: KASAN: out-of-bounds in walkstackframe+0x41c/0x460" There is a same issue on x86 and has bee...

CVE-2025-68196

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Cache streams targeting link when performing LT automation WHY Last LT automation update can cause crash by referencing currentstate and calling into dcupdateplanesandstream which may clobber currentstate. HOW...