CVE-2025-40054 f2fs: fix UAF issue in f2fs_merge_page_bio()

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix UAF issue in f2fsmergepagebio As JY reported in bugzilla 1, Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 pc : 0xffffffe51d249484 f2fsiscpguaranteed+0x70/0x98 lr : 0xffffffe51d24ad...

EUVD-2025-36484

In the Linux kernel, the following vulnerability has been resolved: fs: udf: fix OOB read in lengthAllocDescs handling When parsing Allocation Extent Descriptor, lengthAllocDescs comes from on-disk data and must be validated against the block size. Crafted or corrupted images may set...

CVE-2025-40044

CVE-2025-40044 affects the Linux kernel udf code. The vulnerability arises when parsing Allocation Ext Descriptors: lengthAllocDescs from on-disk data is not validated against the block size, allowing the total descriptor length (sizeof(allocExtDesc) + lengthAllocDescs) to exceed the buffer. This...

CVE-2025-40044 fs: udf: fix OOB read in lengthAllocDescs handling

In the Linux kernel, the following vulnerability has been resolved: fs: udf: fix OOB read in lengthAllocDescs handling When parsing Allocation Extent Descriptor, lengthAllocDescs comes from on-disk data and must be validated against the block size. Crafted or corrupted images may set...

EUVD-2025-36370

A GUI dialog of an application allows to view what files are in the file system without proper authorization...

CVE-2025-43024

A GUI dialog of an application allows to view what files are in the file system without proper authorization...

CVE-2025-43024

A GUI dialog of an application allows to view what files are in the file system without proper authorization...

Linux Distros Unpatched Vulnerability : CVE-2025-40077

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - f2fs: fix to avoid overflow while left shift operation Should cast type of folio-index from pgofft to lofft to avoid overflow while left shift operation...

CVE-2025-43024 HP ThinPro 8.1 SP8 Security Updates

A GUI dialog of an application allows to view what files are in the file system without proper authorization...

CVE-2025-43024 HP ThinPro 8.1 SP8 Security Updates

A GUI dialog of an application allows to view what files are in the file system without proper authorization...

CVE-2025-43024

CVE-2025-43024 relates to HP ThinPro 8.1 SP8 and involves a GUI dialog that allows unauthorized viewing of files on the file system. The root cause is an insufficient access check in the dialog that displays file-system contents, enabling information disclosure. Public details across connected so...

kernel: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()

A flaw out of boundary read in the Linux kernel NFS functionality was found in the way connected user sends malicious data to the server. A remote user could use this flaw to crash the system...

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

CVE-2025-12203

A weakness has been identified in givanz Vvveb up to 1.0.7.3. This issue affects the function sanitizeFileName of the file system/functions.php of the component Code Editor. Executing a manipulation of the argument File can lead to path traversal. The attack can be launched remotely. The exploit...

Siemens SIMATIC Devices Return of Wrong Status Code (CVE-2024-26629)

nfsd: The test on socount in nfsd4releaselockowner is potentially harmful. It can transiently return a false positive resulting in a return of NFS4ERRLOCKSHELD when in fact no locks are held. This is clearly a protocol violation and with the Linux NFS client it can cause incorrect behaviour. This...

Linux Distros Unpatched Vulnerability : CVE-2023-53711

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a potential data corruption We must ensure that the subrequests are joined back int...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Use of Uninitialized Resource (CVE-2024-49900)

In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of newea in eabuffer syzbot reports that lzo1x1docompress is using uninit-value: ===================================================== BUG: KMSAN: uninit-value in lzo1x1docompress+0x19f9/0x2510...

PT-2025-44062

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A GUI dialog within an application permits unauthorized viewing of files present in the file system. This occurs due to a lack of appropriate authorization checks when displaying file system contents...

Siemens SIMATIC Devices Improper Input Validation (CVE-2024-26870)

NFSv4.2: fix nfs4listxattr kernel BUG at mm/usercopy.c:102. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503505; scriptversion"1.2";...

Siemens SIMATIC Devices Improper Input Validation (CVE-2025-21795)

NFSD: hang in nfsd4shutdowncallback. If nfs4client is in courtesy state then there is no point to send the callback. This causes nfsd4shutdowncallback to hang since clcbinflight is not 0. This hang lasts about 15 minutes until TCP notifies NFSD that the connection was dropped. This plugin only...