[SECURITY] Fedora 27 Update: zziplib-0.13.67-1.fc27

The zziplib library is intentionally lightweight, it offers the ability to easily extract data from files archived in a single zip file. Applications can bundle files into a single zip archive and access them. The implementat ion is based only on the free subset of compression with the zlib...

Apache Tomcat Incorrectly Documented CGI Search Algorithm (Jan 2018) - Linux

Apache Tomcat has an incorrectly documented CGI search algorithm. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat";...

Apache Tomcat Incorrectly Documented CGI Search Algorithm (Jan 2018) - Windows

Apache Tomcat has an incorrectly documented CGI search algorithm. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat";...

[SECURITY] Fedora 26 Update: rsync-3.1.3-2.fc26

Rsync uses a reliable algorithm to bring remote and host files into sync very quickly. Rsync is fast because it just sends the differences in the files over the network instead of sending the complete files. Rsync is often used as a very powerful mirroring process or just as a more capable...

Incorrect Documentation

Apache Tomcat contains incorrect documentation. The library's default documentation's CGI search algorithm was incorrect, and could have caused the outcome of scripts to be incorrect when executed...

Design/Logic Flaw

As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a...

CVE-2017-15706

As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a...

KLA11189 DoS vulnerability in Apache Tomcat

An incorrectly documented CGI search algorithm was found in Apache Tomcat. By exploiting this vulnerability malicious users can cause denial of service. Technical details Note that the behaviour of the CGI servlet has remained unchanged in this regard. It is only the documentation of the behaviou...

UBUNTU-CVE-2017-15706

As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a...

strongswan - Insufficient input validation in RSASSA-PSS signature parser

Strongswan Release Notes reports: Fixed a DoS vulnerability in the parser for PKCS1 RSASSA-PSS signatures that was caused by insufficient input validation. One of the configurable parameters in algorithm identifier structures for RSASSA-PSS signatures is the mask generation function MGF. Only MGF...

CVE-2016-6599

BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service ConfigurationService on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the...

Design/Logic Flaw

BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service ConfigurationService on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the...

CVE-2016-6599

BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service ConfigurationService on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the...

Hard-coded Password Lets Attackers Bypass Lenovo's Fingerprint Scanner

Lenovo has recently rolled out security patches for a severe vulnerability in its Fingerprint Manager Pro software that could allow leak sensitive data stored by the users. Fingerprint Manager Pro is a utility for Microsoft Windows 7, 8 and 8.1 operating systems that allows users to log into thei...

Twebit - Bitcoin Analysis in Twitter With Machine Learning

Bitcoin analysis with machine learning. How it works? 1- Get tweets from twitter. 2- Filter tweets. 3- Tweet classification with naive bayes algorithm Positive,negative and neut. Installation git clone https://github.com/omergunal/twebit cd twebit pip3 install -r requirements.txt Update your api...

Hardcoded credentials

Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the...

CVE-2017-3762

Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the...

Fixed in Apache Tomcat 7.0.84

Low: Incorrectly documented CGI search algorithm CVE-2017-15706 Note: The issue below was fixed in Apache Tomcat 7.0.83 but the release vote for the 7.0.83 release candidate did not pass. Therefore, although users must download 7.0.84 to obtain a version that includes the fix for this issue,...

Dahua Technology IP Camera Predictable Password Algorithm Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dahua Technology IP Camera. Authentication is not required to exploit this vulnerability. The specific flaw exists within the disaster recovery password functionality. If the device uses its defaul...

Fedora 27 : knot / knot-resolver (2017-7a7ea1cf50)

"Major update for Knot DNS and Knot Resolver : Knot Resolver 1.5.0 2017-11-02 ================================ Bugfixes -------- - fix loading modules on Darwin Improvements ------------ - new module tasignalquery supporting Signaling Trust Anchor Knowledge using Keytag Query RFC 8145 section 5...