CVE-2025-40265

No description is available for this CVE...

Insertion Of Sensitive Information

Jenkins Kryptowire Plugin is vulnerable to insertion of sensitive information. The vulnerability is due to storing the Kryptowire API key in an unencrypted global configuration file, which allows an attacker with access to the Jenkins controller file system to retrieve the API key...

Information Disclosure

Jenkins OpenShift Pipeline Plugin is vulnerable to sensitive information exposure. The vulnerability is due to storing authorization tokens in plaintext within job config.xml files, where the plugin fails to encrypt or securely protect authentication tokens used for OpenShift access, and allows...

Sensitive Information Disclosure

Jenkins Curseforge Publisher Plugin is vulnerable to Sensitive Information Disclosure. The vulnerability is due to storing API keys in plaintext in job configuration files, allowing users with Item/Extended Read permission or file system access on the Jenkins controller to view and misuse the...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2025-28049)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-28049 advisory. - NFSD: Define a proclayoutcommit for the FlexFiles layout type Chuck Lever Orabug: 38601819 CVE-2025-40087 - vfs: Don't leak disconnected dentrie...

CLSA-2025-1765463110 kernel: Fix of 51 CVEs

Bluetooth: MGMT: Protect mgmtpending list with its own lock CVE-2025-38117 - padata: Fix pd UAF once and for all CVE-2025-38584 - wifi: cfg80211: Fix use after free for wext CVE-2023-53153 - padata: Fix list iterator in padatadoserial - padata: do not leak refcount in reorderwork CVE-2025-38031 -...

CVE-2025-14512

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service DoS via an integer overflow in GLib's GIO GLib Input/Output escapebytestring function when processing malicious file or remote filesystem attribute values...

EUVD-2025-202664

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service DoS via an integer overflow in GLib's GIO GLib Input/Output escapebytestring function when processing malicious file or remote filesystem attribute values...

CVE-2025-14512

CVE-2025-14512 affects GLib2 (glib2) in IBM Netezza Appliance. The IBM security bulletin confirms a vulnerability in GLib’s GIO escape_byte_string() that can cause a heap-based buffer overflow leading to DoS when processing certain file or remote filesystem attribute values. Remediation: upgrade ...

CVE-2025-14512

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service DoS via an integer overflow in GLib's GIO GLib Input/Output escapebytestring function when processing malicious file or remote filesystem attribute values...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-991147)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991147 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: avoid resizing to a partial cluster size This patch avoids an attempt to resize the...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1884 more potentially affected by CVE-2025-67635 via org.jenkins-ci.main:cli (>=1.396 <=2.528.2)

org.jenkins-ci.main:cli MAVEN version =1.396, =1.1, =0.0.1, =1.0, =55.v51410e712e0c, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.23 and more Source cves: CVE-2025-67635 Source advisory: OSV:GHSA-9P56-P6MW-W8QC...

GHSA-FXJ7-6V9W-XC76 Jenkins's build authorization token is stored and displayed in plain text

Jenkins 2.540 and earlier, LTS 2.528.2 and earlier stores build authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2025-34428 MailEnable < 10.54 Cleartext Credential Storage in AUTH.SAV

MailEnable versions prior to 10.54 contain a cleartext storage of credentials vulnerability that can lead to local credential compromise and account takeover. The product stores user and administrative passwords in plaintext within AUTH.SAV with overly permissive filesystem access. A local...

CVE-2025-62464

Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally...

CVE-2025-67637

Jenkins 2.540 and earlier, LTS 2.528.2 and earlier stores build authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

f2fs: fix infinite loop in __insert_extent_tree()

...

CVE-2025-41696

An attacker can use an undocumented UART port on the PCB as a side-channel with the user hardcoded credentials obtained from CVE-2025-41692 to gain read access to parts of the filesystem of the device...

CVE-2023-53813

In the Linux kernel, the following vulnerability has been resolved: ext4: fix rbtree traversal bug in ext4mbusepreallocated During allocations, while looking for preallocationsPA in the per inode rbtree, we can't do a direct traversal of the tree because ext4mbdiscardgrouppreallocation can...

CVE-2023-53800

In the Linux kernel, the following vulnerability has been resolved: ubi: Fix use-after-free when volume resizing failed There is an use-after-free problem reported by KASAN: ================================================================== BUG: KASAN: use-after-free in ubiebacopytable+0x11f/0x1c...