CVE-2017-5648 Apache Tomcat Information Disclosure
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0.M17
Apache Tomcat 8.5.0 to 8.5.11
Apache Tomcat 8.0.0.RC1 to 8.0.41
Apache Tomcat 7.0.0 to 7.0.75
Apache Tomcat 6.0.x is not affected
CVE-2017-5651 Apache Tomcat Information Disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0.M18
Apache Tomcat 8.5.0 to 8.5.12
Apache Tomcat 8.0.x and earlier are not affected
Description:
The refactoring of the HTTP
, fix released
Release Date: 20170410
Risk: Medium
Full advisory available on the following URL:
http://www.defensecode.com/advisories/DC-2017-01-014_WordPress_Tribulant_Slideshow_Gallery_Plugin_Advisory.pdf
# About DefenseCode
DefenseCode L.L.C. delivers products and services designed
[Original post can be found here:
https://wwws.nightwatchcybersecurity.com/2017/04/09/advisory-chromeos-chromebooks-persist-certain-network-settings-in-guest-mode/]
SUMMARY
Certain network settings in ChromeOS / ChromeBooks persists between
reboots when set in guest mode. These issues have been
Two issues in one that nullify SSL in foscam devices:
All Foscam networked cameras use the same SSL private key that is hard coded
into the downloadable firmware. This is easily extracted using a utility like
binwalk and would allow an attacker to MITM any Foscam device.
One devices SSL keys are
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[slackware-security] libtiff (SSA:2017-098-01)
New libtiff packages are available for Slackware 14.2 and -current to
fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--+
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-3827-1 secur...@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
April 07, 2017
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03733en_us
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: hpesbgn03733en_us
Version: 1
[CVE-2016-6805] Arbitrary File Read due to eXternal Xml Entity attack in Apache
Ignite
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected: Apache Ignite 1.0.0-RC3 to 1.8
Description:
Apache Ignite uses an update notifier component to update the users about new
# Title: D-Link DWR-116 Arbitrary File Download
# Vendor: D-Link (www.dlink.com)
# Affected model(s): DWR-116 / DWR-116A1
# Tested on: V1.01(EU), V1.00(CP)b10, V1.05(AU)
# CVE: CVE-2017-6190
# Date: 04.07.2016
# Author: Patryk Bogdan (@patryk_bogdan)
Description:
D-Link DWR-116 with firmware
10 matches
Mail list logo