CVE-2018-15427

A vulnerability in Cisco Video Surveillance Manager VSM Software running on certain Cisco Connected Safety and Security Unified Computing System UCS platforms could allow an unauthenticated, remote attacker to log in to an affected system by using the root account, which has default, static user...

Moderate: Red Hat Security Advisory: openstack-nova security and bug fix update

An update for openstack-nova is now available for Red Hat OpenStack Platform 9.0 Mitaka. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Ignite 2018 highlights: password-less sign-in, confidential computing, new threat protection, and more

What a week it was in Orlando! Ignite is always a biggie, and this one was no exception. For all of us here at Microsoft who get to work on security, spending time with customers to learn how you are using our security products today and to share new innovations to come is a highlight. At this...

Important: Red Hat Security Advisory: OpenShift Container Platform 3.6 security and bug fix update

Red Hat OpenShift Container Platform release 3.6.173.0.130 is now available with updates to packages that fix one security issue and several bugs. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which...

Apache Hadoop YARN ResourceManager Web Interface

The web interface for Hadoop YARN ResourceManager was detected on the remote host. This interface can be used to monitor and assign resources for application execution. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid117616; scriptversion"1.4";...

Debian: Security Advisory (DLA-1506-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Quantum Computing and Cryptography

Quantum computing is a new way of computing -- one that could allow humankind to perform computations that are simply impossible using today's computing technologies. It allows for very fast searching, something that would break some of the encryption algorithms we use today. And it allows us to...

New Cold Boot Attack Unlocks Disk Encryption On Nearly All Modern PCs

Security researchers have revealed a new attack to steal passwords, encryption keys and other sensitive information stored on most modern computers, even those with full disk encryption. The attack is a new variation of a traditional Cold Boot Attack, which is around since 2008 and lets attackers...

CVE-2018-12168

Privilege escalation in file permissions in Intel Computing Improvement Program before version 2.2.0.03942 may allow an authenticated user to potentially execute code as administrator via local access...

Privilege escalation

Privilege escalation in file permissions in Intel Computing Improvement Program before version 2.2.0.03942 may allow an authenticated user to potentially execute code as administrator via local access...

CVE-2018-12168

CVE-2018-12168 describes a privilege-escalation in Intel Computing Improvement Program before version 2.2.0.03942. An authenticated user on the local system could potentially execute code with Administrator privileges due to file-permission and access-control weaknesses. The NVD entry lists a HIG...

CVE-2018-12168

Privilege escalation in file permissions in Intel Computing Improvement Program before version 2.2.0.03942 may allow an authenticated user to potentially execute code as administrator via local access...

Intel® Driver & Support Assistant and Intel® Software Asset Manager Advisory

Summary: Potential security vulnerabilities in Intel® Driver & Support Assistant, Intel® Software Asset Manager and Intel® Computing Improvement Program may allow escalation of privilege. Intel is releasing Intel® Driver & Support Assistant updates to mitigate these potential vulnerabilities...

IBM Spectrum Symphony and Platform Symphony Information Disclosure Vulnerabilities

IBM Spectrum Symphony and Platform Symphony are both products of IBM Corporation in the U.S. IBM Spectrum Symphony is a suite of enterprise-class management software for running compute- and data-intensive distributed applications on shared grids.Platform Symphony is a set of SOA-based architectu...

Moderate: Red Hat Security Advisory: openstack-nova security, bug fix, and enhancement update

An update for openstack-nova is now available for Red Hat OpenStack Platform 12.0 Pike. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Foreshadow Attacks — 3 New Intel CPU Side-Channel Flaws Discovered

2018 has been quite a tough year for Intel. While the chip-maker giant is still dealing with Meltdown and Spectre processor vulnerabilities, yet another major speculative execution flaw has been revealed in Intel's Core and Xeon lines of processors that may leave users vulnerable to cyber-attacks...

Low: Red Hat Bug Fix Advisory: OpenShift Container Platform 3.10 RPM Release Advisory

Red Hat OpenShift Container Platform 3.10, which fixes several bugs and includes various enhancements, is now available. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. The OpenShift...

ALPINE-CVE-2016-9603

A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this fla...

Apache, IBM Patch Critical Cloud Vulnerability

Apache and IBM have patched a critical vulnerability that allows attackers to replace a company’s serverless code with their own malicious script. Once running, the bad code could then be used for a range of nefarious tasks, including extracting confidential customer data such as passwords or...

Spectre Will Haunt Us For a Long Time

During a recent Congressional hearing, Senators voiced concerns about the ongoing Spectre and Meltdown vulnerabilities. While the technical details were predictably glossed over, most of the hearing focused on Intel informing Chinese partners about the flaws six months before they went public...