Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992700)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992700 advisory. In the Linux kernel, the following vulnerability has been resolved: power: supply: gpio-charger: Fix set charge current limits Fix set charge current limits for...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992580)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992580 advisory. In the Linux kernel, the following vulnerability has been resolved: sched/fair: Don't balance task to its current running CPU We've run into the case that the balanc...

Slackware: Security Advisory (SSA:2025-361-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[slackware-security] vim

New vim packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/vim-9.1.2028-i586-1slack15.0.txz: Upgraded. This update fixes a security issue: patch 9.1.2028: security: Buffer-overflow with incomplet...

Slackware Linux 15.0 / current vim Vulnerability (SSA:2025-361-01)

The version of vim installed on the remote host is prior to 9.1.2028. It is, therefore, affected by a vulnerability as referenced in the SSA:2025-361-01 advisory. New vim packages are available for Slackware 15.0 and -current to fix a security issue. Tenable has extracted the preceding descriptio...

Slackware: Security Advisory (SSA:2025-359-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[slackware-security] net-snmp

New net-snmp packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/net-snmp-5.9.3-i586-2slack15.0.txz: Rebuilt. This update fixes a security issue: snmptrapd: fixed a critical vulnerability triggere...

Slackware Linux 15.0 / current net-snmp Vulnerability (SSA:2025-359-01)

The version of net-snmp installed on the remote host is prior to 5.9.3 / 5.9.5.2. It is, therefore, affected by a vulnerability as referenced in the SSA:2025-359-01 advisory. New net-snmp packages are available for Slackware 15.0 and -current to fix a security issue. Tenable has extracted the...

CVE-2025-68746

In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Fix timeout handling When the CPU that the QSPI interrupt handler runs on typically CPU 0 is excessively busy, it can lead to rare cases of the IRQ thread not running before the transfer timeout is reached...

CVE-2025-68746

CVE-2025-68746: In the Linux kernel SPI Tegra210-quad driver, timeout handling was fixed to address a rare case where the IRQ thread could miss the transfer timeout if the CPU handling the QSPI interrupt was busy. The fix clears curr_xfer to NULL upon timeout and checks for this condition when th...

CVE-2025-68733 smack: fix bug: unprivileged task can create labels

In the Linux kernel, the following vulnerability has been resolved: smack: fix bug: unprivileged task can create labels If an unprivileged task is allowed to relabel itself /smack/relabel-self is not empty, it can freely create new labels by writing their names into own /proc/PID/attr/smack/curre...

EUVD-2025-204986

Soda PDF Desktop Launch Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a...

EUVD-2025-204966

MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but attack vectors m...

PT-2025-52926

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description A flaw exists in the Linux kernel's Smack security module where an unprivileged task, permitted to relabel itself, can create new labels by writing their names into its own...

CVE-2025-14424

GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

CVE-2025-14412

Soda PDF Desktop XLS File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2025-14423

GIMP LBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page ...

CVE-2025-14424

GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

CVE-2025-14404

CVE-2025-14404 affects PDFsam Enhanced, where the flaw lies in the processing of XLS files. The root cause is the execution of dangerous scripts without a user warning, allowing a remote attacker to run arbitrary code in the context of the current user. Exploitation requires user interaction (the...

[slackware-security] php

New php packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: extra/php81/php81-8.1.34-i586-1slack15.0.txz: Upgraded. This update fixes security issues: PDO quoting result null deref. Heap buffer overflow in...