SUSE SLED15 / SLES15 Security Update : xorg-x11-server (SUSE-SU-2025:3865-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3865-1 advisory. - Fixed use-after-free in XPresentNotify structures creation CVE-2025-62229, bsc1251958 - Fixed use-after-free...

PT-2025-44669

Name of the Vulnerable Software and Affected Versions Tenda AX-1803 version 1.0.0.1 Description The Tenda AX-1803 router contains a stack overflow issue through the timeZone parameter within the form fast setting wifi set function. A crafted request can lead to a Denial of Service DoS. The...

TOTOLINK A7000R 安全漏洞

TOTOLINK A7000R is a wireless router from China's Gion Electronics TOTOLINK that supports WiFi7 technology for home or small business network environments. The TOTOLINK A7000R suffers from a stack buffer overflow vulnerability, which stems from the ssid5g parameter in the sub4222E0 function faili...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xorg-x11-server (SUSE-SU-2025:3872-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3872-1 advisory. - Fixed use-after-free in XPresentNotify structures creation CVE-2025-62229, bsc1251958 - Fixed...

EUVD-2025-37056

Malicious code in set-egs-backend npm...

Malicious code in set-egs-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bbceb6929d59ced3a4df01c1d61f7da54d4d0a85e467329fecd5f44e59d43f32 The package set-egs-backend was found to contain malicious code...

MAL-2025-49237 Malicious code in set-egs-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bbceb6929d59ced3a4df01c1d61f7da54d4d0a85e467329fecd5f44e59d43f32 The package set-egs-backend was found to contain malicious code...

Security update for xwayland

This update for xwayland fixes the following issues: Fixed use-after-free in XPresentNotify structures creation CVE-2025-62229, bsc1251958 Fixed Use-after-free in Xkb client resource removal CVE-2025-62230, bsc1251959 Fixed Value overflow in Xkb extension XkbSetCompatMap CVE-2025-62231, bsc125196...

Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues: Fixed use-after-free in XPresentNotify structures creation CVE-2025-62229, bsc1251958 Fixed use-after-free in Xkb client resource removal CVE-2025-62230, bsc1251959 Fixed value overflow in Xkb extension XkbSetCompatMap CVE-2025-62231,...

CVE-2025-62231

A flaw was identified in the X.Org X server’s X Keyboard Xkb extension where improper bounds checking in the XkbSetCompatMap function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a cras...

SUSE CVE-2025-40033

In the Linux kernel, the following vulnerability has been resolved: remoteproc: pru: Fix potential NULL pointer dereference in prurprocsetctable prurprocsetctable accessed rproc-priv before the ISERRORNULL check, which could lead to a null pointer dereference. Move the pru assignment, ensuring we...

D-Link DIR600L formSetRoute function buffer overflow vulnerability

D-Link DIR600L is a wireless router for home users, belonging to D-Link's "Cloud Router" series, with an external antenna design, supporting 802.11n standard, with a maximum wireless transmission rate of 150Mbps. The D-Link DIR600L suffers from a buffer overflow vulnerability, which originates fr...

FreeBSD : ISC KEA -- Invalid characters cause assert (55c4e822-b4e4-11f0-8438-001b217e4ee5)

"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 55c4e822-b4e4-11f0-8438-001b217e4ee5 advisory. Internet Systems Consortium, Inc. reports: To trigger the issue, three configuration parameters must...

Xorg -- multiple vulnerabilities

https://access.redhat.com/errata/RHSA-2025:19432 reports: CVE-2025-62229: A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free...

CVE-2025-12424

Privilege Escalation through SUID-bit Binary.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

EUVD-2025-36693

To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "^A-Za-z0-9.-"; "hostname-char-replacement" must be empty the default; and "ddns-qualifying-suffix" must NOT be empty the default is empty. DDNS...

CVE-2025-11232

Kea DHCP (ISC) vulnerability CVE-2025-11232 affects Kea 3.0.1 and 3.1.1–3.1.2. The root cause is an assertion triggered by three specific default config values: hostname-char-set uses the default [^A-Za-z0-9.-], hostname-char-replacement is empty, and ddns-qualifying-suffix is non-empty. When a c...

Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues: Fixed use-after-free in XPresentNotify structures creation CVE-2025-62229, bsc1251958 Fixed use-after-free in Xkb client resource removal CVE-2025-62230, bsc1251959 Fixed value overflow in Xkb extension XkbSetCompatMap CVE-2025-62231,...

remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable()

...

ISC KEA -- Invalid characters cause assert

Internet Systems Consortium, Inc. reports: To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "^A-Za-z0-9.-"; "hostname-char-replacement" must be empty the default; and "ddns-qualifying-suffix" must N...