Malicious code in some-error-logging-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 12ec550029e2d4afb8e030a4f5d0f35eed74507e8c10420197915d518200ef38 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

DEBIAN-CVE-2025-21975

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: handle errors in mlx5chainscreatetable In mlx5chainscreatetable, the return value of mlx5getfdbsubns and mlx5getflownamespace must be checked to prevent NULL pointer dereferences. If either function fails, the function...

CVE-2025-21975

Technical details for CVE-2025-21975 are not publicly provided in the supplied Connected documents. The entry description exists, but there are no explicit affected products/versions, impact, or fixes in the connected items. Monitor for vendor advisories.

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the fact that socpcmret should not be used in the .prepare callback, which could lead to error logging...

CVE-2024-11274

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfiltration...

CVE-2024-13536

The 1003 Mortgage Application plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.87. This is due the /inc/class/fnm/export.php file being publicly accessible with error logging enabled. This makes it possible for unauthenticated attackers to retriev...

OPENSUSE-SU-2025:0003-1 Security update for etcd

This update for etcd fixes the following issues: Update to version 3.5.12: Bump golang.org/x/crypto to v0.17+ to address CVE-2023-48795 test: fix TestHashKVWhenCompacting: ensure all goroutine finished print error log when creating peer listener failed mvcc: Printing etcd backend database related...

CVE-2024-56722

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix cpu stuck caused by printings during reset During reset, cmd to destroy resources such as qp, cq, and mr may fail, and error logs will be printed. When a large number of resources are destroyed, there will be lots o...

CVE-2024-56722

In CVE-2024-56722, the Linux kernel RDMA/hns component fixes a cpu-stall risk during reset by removing unnecessary prints and converting remaining print statements to a rate-limited version when destroying resources (qp, cq, mr). The issue arises if resource destruction logs flood with numerous m...

AZL-54804 CVE-2024-56657 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: ALSA: control: Avoid WARN for symlink errors Using WARN for showing the error of symlink creations don't give more information than telling that something goes wrong, since the usual code path is a lregister callback from each...

The vulnerability of the Git-based software platform for collaborative code development in GitLab EE/CE involves information disclosure during data transmission, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the Git-based software platform for collaborative code development in GitLab EE/CE relates to the disclosure of information during data transmission. Exploiting this vulnerability can allow unauthorized individuals to gain unauthorized access to protected information by...

FreeBSD : Gitlab -- Vulnerabilities (275ac414-b847-11ef-9877-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 275ac414-b847-11ef-9877-2cf05da270f3 advisory. Gitlab reports: Injection of Network Error Logging NEL headers in kubernetes proxy response...

Yelp: Object Level access control leads to reading user's full requests, sessions, and error messages

The summary is as follows: A vulnerability was discovered in the Yelp internal administration tool called "Tailored Mail" hosted on the subdomain https://proze.yelp.com/. The vulnerability allowed unauthenticated attackers to read the internal admin's full HTTP requests, sessions, and other...

Information Exposure

Overview chaturbate-poller is a Poller for the Chaturbate events API. Affected versions of this package are vulnerable to Information Exposure due to the error handling in the ChaturbateClient class which log in the full HTTP error response, without sanitization of the sensitive data in the URL...

DEBIAN-CVE-2024-46751

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUGON when 0 reference count at btrfslookupextentinfo Instead of doing a BUGON handle the error by returning -EUCLEAN, aborting the transaction and logging an error message...

GHSA-MG8J-W93W-XJGC Drupal Full Path Disclosure

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist...

Drupal Full Path Disclosure

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist...

CVE-2024-45440

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist...

CVE-2024-45440

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist...

CVE-2024-45440

Summary: CVE-2024-45440 affects Drupal 11.x-dev, where core/authorize.php can disclose full file paths when hash_salt is set to file_get_contents of a non-existent file. Affected components: Drupal 11.x-dev, core/authorize.php. Root cause (as stated): hash_salt evaluated via file_get_contents of ...