Lucene search
K

5470 matches found

Cvelist
Cvelist
added 2020/03/16 3:7 p.m.19 views

CVE-2020-1740

A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and t...

3.9CVSS5.6AI score0.00374EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2020/03/16 3:7 p.m.20 views

CVE-2020-1740

A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and t...

4.7CVSS6.6AI score0.00374EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2020/03/16 3:7 p.m.37 views

CVE-2020-1740

A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and t...

4.7CVSS5.9AI score0.00374EPSS
Exploits0
OpenVAS
OpenVAS
added 2020/03/13 12:0 a.m.38 views

Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2020-1214)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.4AI score0.44398EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2020/03/12 12:0 a.m.4 views

The vulnerability of the RSLogix 500 software, the programmable logic controllers MicroLogix 1100 and MicroLogix 1400, arises from the use of a rigidly encrypted cryptographic key, which allows an intruder to gain enhanced privileges.

The vulnerability of the RSLogix 500 software, the programmable logic controllers MicroLogix 1100, and MicroLogix lies in the use of a rigidly encrypted cryptographic key. Exploiting this vulnerability can allow an attacker operating remotely to enhance their privileges...

10CVSS5.5AI score0.04226EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2020/03/11 3:15 p.m.19 views

CVE-2019-9095

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker may be able to intercept weakly encrypted passwords and gain administrative access...

9.8CVSS8AI score0.00746EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/03/11 2:27 p.m.23 views

CVE-2019-9095

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An attacker may be able to intercept weakly encrypted passwords and gain administrative access...

6.2CVSS9.6AI score0.00746EPSS
Exploits0References2
Prion
Prion
added 2020/03/10 8:15 p.m.16 views

Design/Logic Flaw

A vulnerability has been identified in OpenPCS 7 V8.1 All versions, OpenPCS 7 V8.2 All versions, OpenPCS 7 V9.0 All versions V9.0 Upd3, SIMATIC BATCH V8.1 All versions, SIMATIC BATCH V8.2 All versions V8.2 Upd12, SIMATIC BATCH V9.0 All versions V9.0 SP1 Upd5, SIMATIC NET PC Software V14 All...

7.1CVSS7.3AI score0.01311EPSS
Exploits0References1Affected Software6
OSV
OSV
added 2020/03/06 9:15 p.m.6 views

CVE-2020-5328

Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur...

9.8CVSS7.3AI score0.01387EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/03/06 8:25 p.m.15 views

CVE-2020-5328

Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized access vulnerability due to a lack of thorough authorization checks when SyncIQ is licensed, but encrypted syncs are not marked as required. When this happens, loss of control of the cluster can occur...

9.8CVSS9.4AI score0.01387EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2020/03/04 7:16 a.m.48 views

CVE-2020-1749

A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data...

7.5CVSS1.9AI score0.01229EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2020/02/25 7:11 p.m.59 views

Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users

If you use the Firefox web browser, here's an important update that you need to be aware of. Starting today, Mozilla is activating the DNS-over-HTTPS security feature by default for all Firefox users in the U.S. by automatically changing their DNS server configuration in the settings. That means,...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2020/02/25 7:11 p.m.3 views

Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users

If you use the Firefox web browser, here's an important update that you need to be aware of. Starting today, Mozilla is activating the DNS-over-HTTPS security feature by default for all Firefox users in the U.S. by automatically changing their DNS server configuration in the settings. That means,...

5.9AI score
Exploits0
OSV
OSV
added 2020/02/25 4:15 p.m.6 views

CVE-2019-5138

An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker...

9.9CVSS7.4AI score0.05364EPSS
Exploits1References1
Prion
Prion
added 2020/02/25 4:15 p.m.20 views

Command injection

An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker...

9CVSS9.6AI score0.05364EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2020/02/20 4:15 p.m.23 views

CVE-2019-19741

Electronic Arts Origin 10.5.55.33574 is vulnerable to local privilege escalation due to arbitrary directory DACL manipulation, a different issue than CVE-2019-19247 and CVE-2019-19248. When Origin.exe connects to the named pipe OriginClientService, the privileged service verifies the client's...

7.8CVSS7.8AI score0.00723EPSS
Exploits0References1
HackRead
HackRead
added 2020/02/18 10:41 p.m.39 views

Russia Blocks Encrypted Email Service Tutanota

By Deeba Ahmed The open-source encrypted email service Tutanota has been blocked in certain parts of Russia over the weekend. This is a post from HackRead.com Read the original post: Russia Blocks Encrypted Email Service Tutanota...

2.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2020/02/18 2:29 p.m.31 views

CVE-2020-1740

A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and t...

4.7CVSS0.8AI score0.00374EPSS
Exploits0References3
CNVD
CNVD
added 2020/02/17 12:0 a.m.1 views

Lenovo XClarity Administrator Access Control Error Vulnerability

Lenovo XClarity Administrator LXCA is a centralized resource management solution from Lenovo, China. The product is capable of providing agentless hardware management for servers, storage, network switches, and more. An access control error vulnerability exists in Lenovo XClarity Administrator LX...

7.5CVSS7AI score0.01033EPSS
Exploits0References1
Fedora
Fedora
added 2020/02/16 1:30 a.m.33 views

[SECURITY] Fedora 31 Update: ipmitool-1.8.18-19.fc31

This package contains a utility for interfacing with devices that support the Intelligent Platform Management Interface specification. IPMI is an open standard for machine health, inventory, and remote power control. This utility can communicate with IPMI-enabled devices through either a kernel...

8.8CVSS0.6AI score0.0329EPSS
Exploits1
Rows per page
Query Builder