CVE-2022-23235

CVE-2022-23235 affects Active IQ Unified Manager on VMware vSphere, Linux, and Windows prior to version 9.10P1. The underlying issue is exposure of cluster, node, and Active IQ data via AutoSupport telemetry data that is sent even when AutoSupport is disabled, enabling information disclosure. Aff...

Netapp Active IQ Unified Manager 信息泄露漏洞

Netapp Active IQ Unified Manager is an ONTAP storage product monitoring and management solution from Network Appliance Netapp. The product supports features such as performance monitoring and secret key management. A security vulnerability exists in Netapp Active IQ Unified Manager versions prior...

CVE-2021-45454

Ampere Altra before SRP 1.08b and Altra Max​ before SRP 2.05 allow information disclosure of power telemetry via HWmon...

CVE-2021-45454

Ampere Altra before SRP 1.08b and Altra Max​ before SRP 2.05 allow information disclosure of power telemetry via HWmon...

Information disclosure

Ampere Altra before SRP 1.08b and Altra Max? before SRP 2.05 allow information disclosure of power telemetry via HWmon...

CVE-2021-45454

The vulnerability CVE-2021-45454 affects Ampere Altra SRP prior to 1.08b and Ampere Altra Max SRP prior to 2.05, allowing information disclosure of power telemetry via HWmon. The root cause is exposure of power telemetry data through HWmon in affected SRP versions. Impact is information disclosur...

CVE-2021-45454

Ampere Altra before SRP 1.08b and Altra Max​ before SRP 2.05 allow information disclosure of power telemetry via HWmon...

PT-2022-12362 · Ampere · Ampere Altra +1

Name of the Vulnerable Software and Affected Versions: Ampere Altra versions before SRP 1.08b Ampere Altra Max versions before SRP 2.05 Description: The issue allows information disclosure of power telemetry via HWmon. Recommendations: For Ampere Altra versions before SRP 1.08b, update to SRP 1.0...

Important: Red Hat Security Advisory: Service Telemetry Framework 1.4 security update

An update is now available for Service Telemetry Framework 1.4 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

Important: Red Hat Security Advisory: Service Telemetry Framework 1.3 security update

An update is now available for Service Telemetry Framework 1.3 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

Five Data Security Controls and Processes you Must Bring to Cloud-native Infrastructures

Too frequently, there are significant misunderstandings in organizations with regard to who has the responsibility to protect cloud-hosted data. In Imperva’s recent report, A Data-Centric Cybersecurity Framework for Digital Transformation, IT analyst and author Richard Stiennon explains what...

The Future of the SOC Is XDR

Extended detection and response XDR is increasingly gaining traction across the industry. In a new research ebook sponsored by Rapid7, SOC Modernization and the Role of XDR, ESG identified that 61% of security professionals claim that they are very familiar with XDR technology. While this is an...

Researcher Spotlight: You should have been listening to Lurene Grenier years ago

The exploit researcher recently rejoined Talos after starting her career with the company’s predecessor By Jonathan Munshaw. Lurene Grenier says state-sponsored threat actors keep her up at night, even after years of studying and following them. She’s spent her security career warning people why...

New Ducktail Infostealer Malware Targeting Facebook Business and Ad Accounts

Facebook business and advertising accounts are at the receiving end of an ongoing campaign dubbed Ducktail designed to seize control as part of a financially driven cybercriminal operation. "The threat actor targets individuals and employees that may have access to a Facebook Business account wit...

A Data-Centric Cybersecurity Framework for Digital Transformation

In this white paper A Cybersecurity Framework for Securing Cloud Data for Digital Transformation, analyst Richard Steinnon of IT Harvest explains that while cloud vendors supply a resilient and secure infrastructure, organizations who put data into the cloud are ultimately responsible for...

CVE-2022-32449

TOTOLINK EX300V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet...

MAL-2022-1357 Malicious code in azure-monitor-opentelemetry-exporter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a4105e451e06ab909d8a5420349c767fec791355572db7e3696eb80c244fb050 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

NVIDIA Data Center GPU Manager Remote Memory Corruption

!/usr/bin/python3 -- coding: UTF-8 -- heart.py NVIDIA Data Center GPU Manager Remote Memory Corruption Vulnerability Jeremy Brown jbrown3264/gmail NVIDIA DCGM runs on machines with NVIDIA GPUs to gather telemetry and GPU health data. nv-hostengine is a daemon that by default listens on the loopba...

CVE-2021-28508

This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak IPsec sensitive data in clear text in CVP to...

CVE-2021-28509

This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak MACsec sensitive data in clear text in CVP to...