[SECURITY] Fedora 35 Update: mosquitto-2.0.12-1.fc35

Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power senso...

CVE-2021-39211

GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file ajax/telemetry.php, which is not needed for usual...

CVE-2021-39211

GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file ajax/telemetry.php, which is not needed for usual...

CVE-2021-39211

GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file ajax/telemetry.php, which is not needed for usual...

Information disclosure

GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file ajax/telemetry.php, which is not needed for usual...

UBUNTU-CVE-2021-39211

GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file ajax/telemetry.php, which is not needed for usual...

CVE-2021-39211

CVE-2021-39211 (GLPI) affects GLPI 9.2–9.5.6 with information disclosure via the telemetry endpoint that reveals GLPI and server details. The issue is fixed in 9.5.6; a workaround is to remove ajax/telemetry.php. Related sources from connected documents describe additional issues across GLPI vers...

CVE-2021-39211 Disclosure of GLPI and server information in telemetry endpoint

GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file ajax/telemetry.php, which is not needed for usual...

GLPI 信息泄露漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

PT-2021-22464 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions 9.2 through 9.5.5 Description: The issue concerns the disclosure of GLPI and server information through the telemetry endpoint. This problem is fixed in version 9.5.6. Recommendations: For versions 9.2 through 9.5.5, as a...

Improper Handling of Case Sensitivity

Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. According to RFC 4343, Istio authorization policy should compare the hostname in the HTTP Host header in a case...

Free of uninitialized memory in telemetry

An issue was discovered in the telemetry crate through 0.1.2 for Rust. There is a drop of uninitialized memory if a value.clone call panics within misc::vecwithsize...

GHSA-HPCX-3PW8-G3J2 Free of uninitialized memory in telemetry

An issue was discovered in the telemetry crate through 0.1.2 for Rust. There is a drop of uninitialized memory if a value.clone call panics within misc::vecwithsize...

CVE-2021-39156

Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio 1.11.0, 1.10.3 and below, and 1.9.7 and below contain a remotely exploitable vulnerability where an HTTP request...

CVE-2021-39155

Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. According to RFC 4343, Istio authorization policy should compare the hostname in the HTTP Host header in a case...

CVE-2021-39155

Technical details about CVE-2021-39155 are not publicly available in the provided connected documents. Monitor for updates; these sources do not specify affected products, vectors, impact, or fixes.

Sharing the first SimuLand dataset to expedite research and learn about adversary tradecraft

Last month, we introduced the SimuLand project to help security researchers around the world deploy lab environments to reproduce well-known attack scenarios, actively test detections, and learn more about the underlying behavior and implementation of adversary techniques. Since the release of th...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Container Platform for Windows Containers 3.0.0 security and bug fix update

The components for Red Hat OpenShift Container Platform for Windows Containers 3.0.0 are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

Managed Detection and Response in Q4 2020

Download full report PDF As cyberattacks become more sophisticated, and security solutions require more resources to analyze the huge amount of data gathered every day, many organizations feel the need for advanced security services that can deal with this growing complexity in real time, 24/7...

[The Lost Bots] Episode 1: External Threat Intelligence

!\The Lost Bots\ Episode 1: External Threat Intelligencehttps://blog.rapid7.com/content/images/2021/07/-The-Lost-Bots--Episode-1--External-Threat-Intelligence.png Welcome to The Lost Bots, a new vlog series where Rapid7 resident expert and former CISO Jeffrey Gardner virtually sits down with fell...