CVE-2018-7096

The CVE-2018-7096 entry concerns the HPE 3PAR Service Processor (SP). Affected are SPs versioned prior to SP-4.4.0.GA-110 (MU7); the vulnerability is exploitable remotely to achieve code execution. Several connected sources corroborate that this is a remote-code-execution issue in the 3PAR SP sta...

CVE-2018-7098

A security vulnerability was identified in 3PAR Service Processor SP prior to SP-4.4.0.GA-110MU7. The vulnerability may be locally exploited to allow directory traversal...

CVE-2018-7095

A security vulnerability was identified in 3PAR Service Processor SP prior to SP-4.4.0.GA-110MU7. The vulnerability may be exploited remotely to allow access restriction bypass...

CVE-2018-7094

CVE-2018-7094 affects the HPE 3PAR Service Processor (SP) prior to SP-5.0.0.0-22913 GA. The vulnerability allows a local attacker to disclose privileged information. The available documents identify the affected component and root cause as an information disclosure issue on SPs before the listed ...

CVE-2018-7099

The CVE-2018-7099 entry describes a vulnerability in HPE 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). A local attacker could disclose privileged information via the SP, with CVSSv3.0 indicating LOCAL access, LOW attack complexity, and Privileges Required: LOW, resulting in HIGH conf...

CVE-2018-7094

A security vulnerability was identified in 3PAR Service Processor SP prior to SP-5.0.0.0-22913GA. The vulnerability may be exploited locally to allow disclosure of privileged information...

CVE-2018-7096

A security vulnerability was identified in 3PAR Service Processor SP prior to SP-4.4.0.GA-110MU7. The vulnerability may be exploited remotely to allow code execution...

FBI Warns of ‘Unlimited’ ATM Cashout Blitz

The Federal Bureau of Investigation FBI is warning banks that cybercriminals are preparing to carry out a highly choreographed, global fraud scheme known as an "ATM cash-out," in which crooks hack a bank or payment card processor and use cloned cards at cash machines around the world to...

SUSE-SU-2018:2269-1 Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP3)

This update for the Linux Kernel 4.4.132-9433 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from...

SUSE-SU-2018:2263-1 Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP3)

This update for the Linux Kernel 4.4.82-66 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from...

Steam Bans Developer After Outcry Over Cryptomining, Scam Items

The popular Steam online gaming platform has pulled a simple, 2D game from its library, after it was found to be consuming an unusual amount of processing power on gamers’ machines. Steam owner Valve booted the game, “Abstractism,” after players lodged complaints about the game chewing up process...

CVE-2018-9065

In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and...

CVE-2018-9065

In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and...

CVE-2018-9065

In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and...

Code injection

In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and...

CVE-2018-9065

In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and...

Samsung SmartThings Hub video-core Camera Creation Code Execution Vulnerability(CVE-2018-3905)

Summary An exploitable buffer overflow vulnerability exists in the camera "create" feature of video-core's HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts the "state" field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An...

Spectre attack variant can be remotely mounted to extract sensitive data

By ghostadmin What we know so far about Spectre attacks is that it relies upon execution of malicious code. The code is executed on computers having speculative-execution design flaws in processor chip; once a device is compromised, it becomes possible to obtain sensitive data such as passwords,...

SUSE-SU-2018:2102-1 Security update for the Linux Kernel (Live Patch 26 for SLE 12)

This update for the Linux Kernel 3.12.61-5289 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from...

NetSpectre — New Remote Spectre Attack Steals Data Over the Network

A team of security researchers has discovered a new Spectre attack that can be launched over the network, unlike all other Spectre variants that require some form of local code execution on the target system. Dubbed "NetSpectre," the new remote side-channel attack, which is related to Spectre...