kernel security update

An update is available for kernel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

CVE-2026-40315

PraisonAI is a multi-agent teams system. Prior to 4.5.133, there is an SQL identifier injection vulnerability in SQLiteConversationStore where the tableprefix configuration value is directly concatenated into SQL queries via f-strings without any validation or sanitization. Since SQL identifiers...

UBUNTU-CVE-2025-22237

An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process...

SUSE CVE-2012-3864

Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request...

SUSE CVE-2012-3866

lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for lastrunreport.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file...

SUSE CVE-2019-16544

Jenkins QMetry for JIRA - Test Management Plugin 1.12 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

GHSA-X2Q2-8PWQ-FR5R Jenkins allows Bypass of Access Restrictions

Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665...

CVE-2020-2177

Jenkins Copr Plugin 0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

PT-2020-15377 · Jenkins · Jenkins Cryptomove Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins CryptoMove Plugin versions 0.1.33 and earlier Description: The issue allows attackers with Job/Configure access to execute arbitrary OS commands on the Jenkins master as the OS user account running Jenkins. This is possible because th...

PT-2020-15340 · Jenkins · Jenkins Harvest Scm Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Harvest SCM Plugin versions 0.5.1 and earlier Description: The issue allows passwords to be stored unencrypted in job config.xml files on the Jenkins master. These passwords can be viewed by users with Extended Read permission or thos...

CVE-2019-16572

Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2019-10452

Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

PT-2019-11844 · Jenkins · Jenkins Elasticbox Ci Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins ElasticBox CI Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global config.xml configuration file on the Jenkins master. This allows users with...

PT-2019-11830 · Jenkins · Jenkins Google Oauth Credentials Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Google OAuth Credentials Plugin version 0.9 and earlier Description: The issue allows attackers who can configure jobs and credentials in Jenkins to obtain the contents of any file on the Jenkins master due to an arbitrary file read...

CVE-2019-10413

Jenkins Data Theorem: CI/CD Plugin 1.3 and earlier stored credentials unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...

CVE-2019-10425

Jenkins Google Calendar Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

PT-2019-11815 · Jenkins · Jenkins Azure Event Grid Build Notifier Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Azure Event Grid Build Notifier Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner in job config.xml files on the Jenkins master or controller. Specifically, the...

PT-2019-11807 · Jenkins · Jenkins Data Theorem: Ci/Cd Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Data Theorem: CI/CD Plugin versions 1.3 and earlier Description: The issue concerns the storage of credentials in an unencrypted manner in job config.xml files on the Jenkins master. This allows users with Extended Read permission or...

PT-2019-11771 · Jenkins · Jenkins File System Scm Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins File System SCM Plugin version 2.1 and earlier Description: The issue allows attackers who can configure jobs in Jenkins to read the contents of any file on the Jenkins master. This is due to an arbitrary file read vulnerability...

PT-2019-11750 · Jenkins · Jenkins Caliper Ci Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Caliper CI Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within job config.xml files on the Jenkins master or controller. These credentials can be accessed b...