EUVD-2025-36655

Jenkins OpenShift Pipeline Plugin stores authorization tokens unencrypted in job config.xml files...

CVE-2025-64143

The CVE-2025-64143 issue affects the Jenkins OpenShift Pipeline Plugin, version 1.0.57 and earlier, which stores authorization tokens unencrypted in job config.xml on the Jenkins controller. This allows users with Item/Extended Read permission or control‑plane access to view tokens, exposing sens...

fs: udf: fix OOB read in lengthAllocDescs handling

...

f2fs: fix to do sanity check on node footer for non inode dnode

...

Jenkins Curseforge Publisher Plugin 安全漏洞

Jenkins Curseforge Publisher Plugin is an automated publishing plugin for Jenkins open source. A security vulnerability exists in version 1.0 of the Jenkins Curseforge Publisher Plugin that stems from unencrypted storage of API keys, which could lead to a user viewing the keys via Item or Extende...

CVE-2025-40044

In the Linux kernel, the following vulnerability has been resolved: fs: udf: fix OOB read in lengthAllocDescs handling When parsing Allocation Extent Descriptor, lengthAllocDescs comes from on-disk data and must be validated against the block size. Crafted or corrupted images may set...

CVE-2025-40082

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplusuni2asc BUG: KASAN: slab-out-of-bounds in hfsplusuni2asc+0xa71/0xb90 fs/hfsplus/unicode.c:186 Read of size 2 at addr ffff8880289ef218 by task syz.6.248/14290 CPU: 0 UID: 0 PID: 14290...

CVE-2025-40077 f2fs: fix to avoid overflow while left shift operation

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid overflow while left shift operation Should cast type of folio-index from pgofft to lofft to avoid overflow while left shift operation...

CVE-2025-40077

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid overflow while left shift operation Should cast type of folio-index from pgofft to lofft to avoid overflow while left shift operation...

EUVD-2025-36473

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix double free in userclusterconnect userclusterdisconnect frees "conn-ccprivate" which is "lc" but then the error handling frees "lc" a second time. Set "lc" to NULL on this path to avoid a double free...

CVE-2025-40044 fs: udf: fix OOB read in lengthAllocDescs handling

In the Linux kernel, the following vulnerability has been resolved: fs: udf: fix OOB read in lengthAllocDescs handling When parsing Allocation Extent Descriptor, lengthAllocDescs comes from on-disk data and must be validated against the block size. Crafted or corrupted images may set...

CVE-2025-40044

In the Linux kernel, the following vulnerability has been resolved: fs: udf: fix OOB read in lengthAllocDescs handling When parsing Allocation Extent Descriptor, lengthAllocDescs comes from on-disk data and must be validated against the block size. Crafted or corrupted images may set...

CVE-2025-40025

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on node footer for non inode dnode As syzbot reported below: ------------ cut here ------------ kernel BUG at fs/f2fs/file.c:1243! Oops: invalid opcode: 0000 1 SMP KASAN NOPTI CPU: 0 UID: 0 PID: 5354...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the rununpack function in the ntfs3 filesystem that does not validate the runlist array value, potentially...

Linux Distros Unpatched Vulnerability : CVE-2025-40025

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - f2fs: fix to do sanity check on node footer for non inode dnode As syzbot reported below: ------------ cut here ------------ kernel BUG at fs/f2fs/file.c:1243!...

kernel: NFS: Fix a race when updating an existing write

A flaw use after free in the Linux kernel NFS functionality was found in the way connected user sends malicious data to the server. A remote user could use this flaw to crash the system...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices NULL Pointer Dereference (CVE-2024-47699)

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential null-ptr-deref in nilfsbtreeinsert Patch series nilfs2: fix potential issues with empty b-tree nodes. This series addresses three potential issues with empty b-tree nodes that can occur with corrupted...

Linux Distros Unpatched Vulnerability : CVE-2023-53695

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - udf: Detect system inodes linked into directory hierarchy When UDF filesystem is corrupted, hidden system inodes can be linked into directory hierarchy which is...

SUSE CVE-2024-45003

In the Linux kernel, the following vulnerability has been resolved: vfs: Don't evict inode under the inode lru traversing context The inode reclaiming processSee function pruneicachesb collects all reclaimable inodes and mark them with IFREEING flag at first, at that time, other processes will be...

CVE-2025-34502

Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboo...