[CERT-daily] Tageszusammenfassung - 01.12.2017

Fri Dec 1 18:27:42 CET 2017

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 30-11-2017 18:00 − Freitag 01-12-2017 18:00
Handler:     Nina Bieringer
Co-Handler:  Petr Sikuta

=====================
=       News        =
=====================

∗∗∗ Thousands of Serial-To-Ethernet Devices Leak Telnet Passwords ∗∗∗
---------------------------------------------
A security researcher has identified thousands of Serial-to-Ethernet devices connected online that leak Telnet passwords that could be used to attack the equipment that is placed behind them. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/thousands-of-serial-to-ethernet-devices-leak-telnet-passwords/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Geovap Reliance SCADA ∗∗∗
---------------------------------------------
This advisory contains mitigation details for a cross-site scripting vulnerability in Geovap's Reliance SCADA.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-334-02


∗∗∗ DFN-CERT-2017-2180 - Apache Software Foundation Struts: Zwei Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-2180/


∗∗∗ DFN-CERT-2017-2181 - Wireshark: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-2181/


∗∗∗ Security Advisory - Multiple Vulnerabilities in Intel Management Engine Firmware ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-01-intel-en


∗∗∗ Security Advisory - Memory Double Free Vulnerability in GPU Driver of Some Huawei Smart Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-01-smartphone-en


∗∗∗ Security Advisory - DoS Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-01-pse-en


∗∗∗ Security Advisory - Two DOS Vulnerabilities of XML Parser in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-01-xml-en


∗∗∗ Security Advisory - Memory Leak Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-01-router-en


∗∗∗ Security Advisory - Multiple Buffer Overflow Vulnerabilities in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-01-sip-en


∗∗∗ Security Notice - Statement About the Vulnerabilities in Huawei SmartCare Products Disclosed by Bhaskar Borman ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20171201-01-smartcare-en


∗∗∗ IBM Security Bulletin: Aspera Applications are affected by a Nginx vulnerability ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011149


∗∗∗ IBM Security Bulletin: Aspera Applications are affected by an OpenSSL vulnerability ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22010618


∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, Faspex on Demand, Server on Demand, Application on Demand, and Azure on Demand ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22010689


∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, Connect Server, Point to Point Client, Desktop Client, Faspstream, Cargo, and Sync ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011142


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shares ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011143


∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011146


∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011145


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Transfer Clustered Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011148


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011150


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities with the open source Perl Compatible Regular Expression (PCRE) libraries used in IBM Aspera Shares Application ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011151


∗∗∗ IBM Security Bulletin: IBM Connections Docs is affected by vulnerability issues caused by libxml2 ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22009408


∗∗∗ IBM Security Bulletin: A vulnerability in Apache Commons FileUpload affects IBM InfoSphere Information Server ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22010019


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Access Manager ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22010227


∗∗∗ IBM Security Bulletin: IBM TRIRIGA is Missing HTTP Strict-Transport-Security Header ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22006185


∗∗∗ IBM Security Bulletin: IBM TRIRIGA default login page has no defenses against clickjacking ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22006184

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily