EUVD-2022-3787

Malicious code in bioql PyPI...

AZL-56433 CVE-2025-24860 affecting package cassandra 5.0.0-2

Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control...

GHSA-FHM8-CXCV-PWVC HashiCorp Consul Access Restriction Bypass

HashiCorp Consul and Consul Enterprise 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "" as its secret is used in unusual circumstances...

HashiCorp Consul Access Restriction Bypass

HashiCorp Consul and Consul Enterprise 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "" as its secret is used in unusual circumstances...

Critical VMware Cloud Director Bug Could Let Hackers Takeover Entire Cloud Infrastructure

Cloud computing and virtualization technology firm VMWare on Thursday rolled out an update to resolve a critical security flaw in its Cloud Director product that could be weaponized to launch remote code execution attacks. The issue, assigned the identifier CVE-2022-22966, has a CVSS score of 9.1...

3 trends shaping identity as the center of modern security

I recently returned from Kenya, where I visited our Microsoft Nairobi development center. Like many of you, I’ve mostly worked from home for the past year and more, so it was refreshing to meet members of our global team and inspiring to feel their passion for our mission: delivering identity...

IoT security: how Microsoft protects Azure Datacenters

Azure Sphere first entered the IoT Security market in 2018 with a clear mission—to empower every organization on the planet to connect and create secure and trustworthy IoT devices. Security is the foundation for durable innovation and business resilience. Every industry investing in IoT must...

Critical SaltStack RCE Bug (CVSS Score 10) Affects Thousands of Data Centers

Two severe security flaws have been discovered in the open-source SaltStack Salt configuration framework that could allow an adversary to execute arbitrary code on remote servers deployed in data centers and cloud environments. The vulnerabilities were identified by F-Secure researchers earlier...

Oracle solaris sshd Remote Root Exploit

amd64/sparc targets, used vs. solaris in datacenters only rare across the perimeter...

Privilege Escalation

github.com/hashicorp/consul is vulnerable to privilege escalation. In an unusual circumstance, a client is able to bypass access restrictions to obtain higher privileges within secondary datacenters using a secret token...

Security feature bypass

HashiCorp Consul and Consul Enterprise 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "" as its secret is used in unusual circumstances...

CVE-2019-8336

HashiCorp Consul and Consul Enterprise 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "" as its secret is used in unusual circumstances...

CVE-2019-8336

HashiCorp Consul and Consul Enterprise 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "" as its secret is used in unusual circumstances...

PT-2019-18973 · Hashicorp +1 · Hashicorp Consul +2

Name of the Vulnerable Software and Affected Versions: HashiCorp Consul and Consul Enterprise versions 1.4.0 through 1.4.2 Description: The issue allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters. This occurs...

Datacenter Traces

In our research we use actual traces, collected from different production datacenters...

Design/Logic Flaw

The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel SSH which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for remote support and allowed for...