5470 matches found
CVE-2020-1740
A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and t...
CVE-2020-1740
A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and t...
CVE-2020-1740
A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and t...
Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2020-1214)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The vulnerability of the RSLogix 500 software, the programmable logic controllers MicroLogix 1100 and MicroLogix 1400, arises from the use of a rigidly encrypted cryptographic key, which allows an intruder to gain enhanced privileges.
The vulnerability of the RSLogix 500 software, the programmable logic controllers MicroLogix 1100, and MicroLogix lies in the use of a rigidly encrypted cryptographic key. Exploiting this vulnerability can allow an attacker operating remotely to enhance their privileges...
CVE-2019-9095
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker may be able to intercept weakly encrypted passwords and gain administrative access...
CVE-2019-9095
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker may be able to intercept weakly encrypted passwords and gain administrative access...
Design/Logic Flaw
A vulnerability has been identified in OpenPCS 7 V8.1 All versions, OpenPCS 7 V8.2 All versions, OpenPCS 7 V9.0 All versions V9.0 Upd3, SIMATIC BATCH V8.1 All versions, SIMATIC BATCH V8.2 All versions V8.2 Upd12, SIMATIC BATCH V9.0 All versions V9.0 SP1 Upd5, SIMATIC NET PC Software V14 All...
CVE-2020-5328
Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur...
CVE-2020-5328
Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur...
CVE-2020-1749
A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data...
Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users
If you use the Firefox web browser, here's an important update that you need to be aware of. Starting today, Mozilla is activating the DNS-over-HTTPS security feature by default for all Firefox users in the U.S. by automatically changing their DNS server configuration in the settings. That means,...
Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users
If you use the Firefox web browser, here's an important update that you need to be aware of. Starting today, Mozilla is activating the DNS-over-HTTPS security feature by default for all Firefox users in the U.S. by automatically changing their DNS server configuration in the settings. That means,...
CVE-2019-5138
An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker...
Command injection
An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker...
CVE-2019-19741
Electronic Arts Origin 10.5.55.33574 is vulnerable to local privilege escalation due to arbitrary directory DACL manipulation, a different issue than CVE-2019-19247 and CVE-2019-19248. When Origin.exe connects to the named pipe OriginClientService, the privileged service verifies the client's...
Russia Blocks Encrypted Email Service Tutanota
By Deeba Ahmed The open-source encrypted email service Tutanota has been blocked in certain parts of Russia over the weekend. This is a post from HackRead.com Read the original post: Russia Blocks Encrypted Email Service Tutanota...
CVE-2020-1740
A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and t...
Lenovo XClarity Administrator Access Control Error Vulnerability
Lenovo XClarity Administrator LXCA is a centralized resource management solution from Lenovo, China. The product is capable of providing agentless hardware management for servers, storage, network switches, and more. An access control error vulnerability exists in Lenovo XClarity Administrator LX...
[SECURITY] Fedora 31 Update: ipmitool-1.8.18-19.fc31
This package contains a utility for interfacing with devices that support the Intelligent Platform Management Interface specification. IPMI is an open standard for machine health, inventory, and remote power control. This utility can communicate with IPMI-enabled devices through either a kernel...