21 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: platform/x86/intel/pmt: fixed an issue with NULL pointer access in crashlog. The use of intelpmtread for binary sysfs requires a pcidev. The current use of the endpoint value is only valid for telemetry endpoint usage. Without th...
MAL-2026-2507 Malicious code in @fairwords/loopback-connector-es (npm)
The @fairwords/loopback-connector-es package was compromised as part of the TeamPCP/CanisterWorm campaign. A postinstall hook executes node scripts/check-env.js || true which performs multi-stage credential harvesting, encrypted exfiltration, and self-propagation. The payload harvests 40+...
EUVD-2025-27902
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-39211
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server...
CVE-2025-38559
CVE-2025-38559 (Linux kernel) affects the Intel PMT subsystem on x86 platforms. The issue is a NULL pointer dereference in intel_pmt_read() when an ep (endpoint) is missing, leading to kernel oops in crashlog handling. The fix, as described, augments intel_pmt_entry with a pointer to the pcidev t...
CVE-2025-38559 platform/x86/intel/pmt: fix a crashlog NULL pointer access
In the Linux kernel, the following vulnerability has been resolved: platform/x86/intel/pmt: fix a crashlog NULL pointer access Usage of the intelpmtread for binary sysfs, requires a pcidev. The current use of the endpoint value is only valid for telemetry endpoint usage. Without the ep, the...
PT-2025-33758
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the platform/x86/intel/pmt component of the Linux kernel related to a NULL pointer dereference when using intel pmt read for binary sysfs. This occurs when a pcidev is...
Secrets leakage to telemetry endpoint via cache backend configuration via buildx
...
CVE-2021-39211
GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file ajax/telemetry.php, which is not needed for usual...
GO-2025-3527 buildx allows a possible credential leakage to telemetry endpoint in github.com/docker/buildx
buildx allows a possible credential leakage to telemetry endpoint in github.com/docker/buildx...
buildx allows a possible credential leakage to telemetry endpoint
Impact Some cache backends allow configuring their credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. If this was done by the user, these secure values could be captured together with OpenTelemetry trace as part of the arguments and flags for the...
GHSA-M4GQ-FM9H-8Q75 buildx allows a possible credential leakage to telemetry endpoint
Impact Some cache backends allow configuring their credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. If this was done by the user, these secure values could be captured together with OpenTelemetry trace as part of the arguments and flags for the...
CVE-2025-0495 Secrets leakage to telemetry endpoint via cache backend configuration via buildx
Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...
CVE-2025-0495 Secrets leakage to telemetry endpoint via cache backend configuration via buildx
Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry...
Important: Red Hat Security Advisory: RHACS 4.4 enhancement and security update
Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes changes, bug fixes, and updates to patch vulnerabilities. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...
VulnCheck KEV: CVE-2021-39211
GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file ajax/telemetry.php, which is not needed for usual...
Security fix for the ALT Linux 9 package glpi version 9.5.6-alt1
9.5.6-alt1 built Oct. 18, 2021 Pavel Zilke in task 287044 Oct. 12, 2021 Pavel Zilke - New version 9.5.6 - This is a security release, upgrading is recommended - Security fixes: + CVE-2021-39211 : Disclosure of GLPI and server informations in telemetry endpoint + CVE-2021-39210 : Autologin cookie...
CVE-2021-39211
GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file ajax/telemetry.php, which is not needed for usual...
Information disclosure
GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file ajax/telemetry.php, which is not needed for usual...
CVE-2021-39211 Disclosure of GLPI and server information in telemetry endpoint
GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file ajax/telemetry.php, which is not needed for usual...