Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users

If you use the Firefox web browser, here's an important update that you need to be aware of. Starting today, Mozilla is activating the DNS-over-HTTPS security feature by default for all Firefox users in the U.S. by automatically changing their DNS server configuration in the settings. That means,...

Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users

If you use the Firefox web browser, here's an important update that you need to be aware of. Starting today, Mozilla is activating the DNS-over-HTTPS security feature by default for all Firefox users in the U.S. by automatically changing their DNS server configuration in the settings. That means,...

CVE-2019-5138

An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker...

Command injection

An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker...

CVE-2019-19741

Electronic Arts Origin 10.5.55.33574 is vulnerable to local privilege escalation due to arbitrary directory DACL manipulation, a different issue than CVE-2019-19247 and CVE-2019-19248. When Origin.exe connects to the named pipe OriginClientService, the privileged service verifies the client's...

Russia Blocks Encrypted Email Service Tutanota

By Deeba Ahmed The open-source encrypted email service Tutanota has been blocked in certain parts of Russia over the weekend. This is a post from HackRead.com Read the original post: Russia Blocks Encrypted Email Service Tutanota...

CVE-2020-1740

A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and t...

Lenovo XClarity Administrator Access Control Error Vulnerability

Lenovo XClarity Administrator LXCA is a centralized resource management solution from Lenovo, China. The product is capable of providing agentless hardware management for servers, storage, network switches, and more. An access control error vulnerability exists in Lenovo XClarity Administrator LX...

[SECURITY] Fedora 31 Update: ipmitool-1.8.18-19.fc31

This package contains a utility for interfacing with devices that support the Intelligent Platform Management Interface specification. IPMI is an open standard for machine health, inventory, and remote power control. This utility can communicate with IPMI-enabled devices through either a kernel...

[SECURITY] Fedora 30 Update: ipmitool-1.8.18-19.fc30

This package contains a utility for interfacing with devices that support the Intelligent Platform Management Interface specification. IPMI is an open standard for machine health, inventory, and remote power control. This utility can communicate with IPMI-enabled devices through either a kernel...

PT-2020-15321 · Jenkins · Jenkins S3 Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins S3 publisher Plugin versions 0.11.4 and earlier Description: The issue concerns the transmission of configured credentials in plain text as part of the global Jenkins configuration form, potentially leading to their exposure. This...

Vulnerability fixed in Siemens WinCC, PCS 7 and Net PC products

Siemens has fixed a vulnerability in the products SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC. An unauthenticated malicious person with access to the network can exploit the vulnerability exploit to cause a denial-of-service when using encrypted connections are used. Siemens has released...

The vulnerability of the FortiSIEM security management system, related to the use of strictly encrypted credentials, allows attackers to enhance their privileges.

The vulnerability of the FortiSIEM security management system is related to the use of strictly encrypted user credentials for the “tunneluser” user. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...

Google Chrome To Bar HTTP File Downloads

Google Chrome will soon restrict certain files, like PDFs or executables, from being downloaded via an HTTP connection, if they are loaded on HTTPS webpages. HTTPS indicates that a website has an encrypted connection. When connecting to an HTTP website, browsers merely look up the IP address and...

Security Bulletin: IBM Sterling B2B Integrator is Vulnerable to a Robot Security Vulnerability (CVE-2017-6168)

Summary IBM Sterling B2B Integrator is vulnerable to a robot security vulnerability. This could allow an attacker to obtain encrypted data in clear text. Vulnerability Details CVEID: CVE-2017-6168 DESCRIPTION: F5 BIG-IP virtual servers configured with a Client SSL profile could allow a remote...

PT-2020-1885 · Broadcom +2 · Broadcom Wi-Fi Chips +2

Name of the Vulnerable Software and Affected Versions: Broadcom and Cypress Wi-Fi chips affected versions not specified Description: The issue is related to errors in synchronization when using a shared resource in Wi-Fi chipsets from Broadcom. This can allow a remote attacker to gain unauthorize...

Nfstream - A Flexible Network Data Analysis Framework

nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python...

JVN#00014057: AWMS Mobile App vulnerable to improper server certificate verification

AWMS Mobile App is vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the developer...

CVE-2013-1351

Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the cleartext password...

Design/Logic Flaw

Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the cleartext password...