[slackware-security] seamonkey

New seamonkey packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/seamonkey-2.53.22-i686-1slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more information, see:...

UBUNTU-CVE-2025-40100

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not assert we found block group item when creating free space tree Currently, when building a free space tree at populatefreespacetree, if we are not using the block group tree feature, we always expect to find block...

CVE-2025-40100

The CVE-2025-40100 issue is in the Linux kernel, specifically the Btrfs code path used when building the free space tree. The problem was an assertion in populate_free_space_tree() that assumed a block group item always exists in the extent tree when not using the block group tree feature. This c...

CVE-2025-40100 btrfs: do not assert we found block group item when creating free space tree

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not assert we found block group item when creating free space tree Currently, when building a free space tree at populatefreespacetree, if we are not using the block group tree feature, we always expect to find block...

[slackware-security] tigervnc

New tigervnc packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: extra/tigervnc/tigervnc-1.12.0-i586-9slack15.0.txz: Rebuilt. Recompiled against xorg-server-1.20.14, including patches for security issues:...

📄 Windows Persistent Startup Folder

This Metasploit module establishes persistence by creating a payload in the user or system startup folder. Works on Vista and newer systems. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

CVE-2025-40073

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Do not validate SSPP when it is not ready Current code will validate current plane and previous plane to confirm they can share a SSPP with multi-rect mode. The SSPP is already allocated for previous plane, while current...

UBUNTU-CVE-2025-40073

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Do not validate SSPP when it is not ready Current code will validate current plane and previous plane to confirm they can share a SSPP with multi-rect mode. The SSPP is already allocated for previous plane, while current...

EUVD-2025-36381

PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. Prior to 4.8.0, users with a local account can change their password while logged in. When doing so, all other active sessions are terminated, except for the currently active one. However, the current session’s...

EUVD-2025-36187

StarCharge Artemis AC Charger 7-22 kW v1.0.4 was discovered to contain a stack overflow via the cgiMain function at download.cgi...

PT-2025-44055

Name of the Vulnerable Software and Affected Versions PILOS versions prior to 4.8.0 Description PILOS, a frontend for BigBlueButton, contains a flaw where changing a local user’s password does not invalidate existing session tokens, except for the current session. An attacker who previously...

EulerOS 2.0 SP13 : sudo (EulerOS-SA-2025-2279)

According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute...

PT-2025-43645

Name of the Vulnerable Software and Affected Versions D-Link DIR600L Ax version FW116WWb01 Description A buffer overflow exists in the D-Link DIR600L Ax FW116WWb01. This issue is due to a vulnerability in the formWlSiteSurvey function when handling the curTime parameter. Recommendations At the...

EulerOS 2.0 SP13 : sudo (EulerOS-SA-2025-2311)

According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute...

PT-2025-51649

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s UFS Universal Flash Storage subsystem, specifically within the ufs-qcom component, related to power-down sequences. During UFS device power down,...

[slackware-security] bind

New bind packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/bind-9.18.41-i586-1slack15.0.txz: Upgraded. This update fixes security issues: DNSSEC validation fails if matching but invalid DNSKEY is...

Ultra-Fast Wireless Power Hacking

The rapid growth of electric vehicles EVs has driven the development of roadway wireless charging technology, effectively extending EV driving range. However, wireless charging introduces significant cybersecurity challenges. Any receiver within the magnetic field can potentially extract energy,...

CVE-2025-60932

Multiple stored cross-site scripting XSS vulnerabilities in the Current Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step...

Adobe Animate Memory Misreference Vulnerability (CNVD-2025-24424)

Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. A memory misreference vulnerability exists in Adobe Animate, which can be exploited by an attacker to cause arbitrary code to be executed in the current user environment...

Adobe Bridge heap buffer overflow vulnerability (CNVD-2025-24426)

Adobe Bridge is a file viewer from the American company Audobee Adobe. Adobe Bridge suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to cause arbitrary code to be executed in the current user's environment...