[CERT-daily] Tageszusammenfassung - 07.02.2018

Daily end-of-shift report team at cert.at
Wed Feb 7 18:25:04 CET 2018


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 06-02-2018 18:00 − Mittwoch 07-02-2018 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ A Flaw In Hotspot Shield Can Expose VPN Users, Locations ∗∗∗
---------------------------------------------
An anonymous reader quotes a report from ZDNet: A security researcher has found a way to identify users of Hotspot Shield, a popular free virtual private network service that promises its users anonymity and privacy. Hotspot Shield, developed by AnchorFree, has an estimated 500 million users around the world relying on its privacy service.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/zRG3hEa7Tro/a-flaw-in-hotspot-shield-can-expose-vpn-users-locations




=====================
=  Vulnerabilities  =
=====================

∗∗∗ Update: "Zero-Day" Sicherheitslücke in Adobe Flash Player - aktiv ausgenützt - Patches nun verfügbar ∗∗∗
---------------------------------------------
Update: 7. Februar 2018
Adobe hat nun ein entsprechendes Update veröffentlicht, die Details finden sich unter https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
---------------------------------------------
http://www.cert.at/warnings/all/20180201.html


∗∗∗ Vyaire Medical CareFusion Upgrade Utility Vulnerability ∗∗∗
---------------------------------------------
This medical device advisory contains mitigation details for an uncontrolled search path element vulnerability in Vyaire Medical’s CareFusion Upgrade Utility application.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-01


∗∗∗ Bugtraq: SEC Consult SA-20180207-0 :: Multiple buffer overflow vulnerabilities in InfoZip UnZip ∗∗∗
---------------------------------------------
Business recommendation: InfoZip Unzip should be updated to the latest available version.
---------------------------------------------
http://www.securityfocus.com/archive/1/541753


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (mpv), Fedora (jackson-databind), Mageia (flash-player-plugin), Slackware (kernel), and Ubuntu (python-django).
---------------------------------------------
https://lwn.net/Articles/746787/rss


∗∗∗ Cisco Enterprise License Manager Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-elm


∗∗∗ Cisco StarOS for Cisco ASR 5000 Series Aggregation Services Routers File Overwrite Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-asr


∗∗∗ Cisco Virtualized Packet Core-Distributed Instance Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-vpcdi


∗∗∗ Cisco UCS Central Arbitrary Command Execution Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucsc


∗∗∗ Cisco Unified Communications Manager Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucm1


∗∗∗ Cisco Unified Communications Manager Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ucm


∗∗∗ Cisco Spark Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-spark


∗∗∗ Cisco RV132W and RV134W Wireless VPN Routers Unauthenticated Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x_2


∗∗∗ Cisco RV132W and RV134W Remote Code Execution and Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x


∗∗∗ Cisco IOS XR Software Routing and Forwarding Inconsistency Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-iosxr


∗∗∗ Cisco IOS and IOS XE Software Diagnostic Shell Path Traversal Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-ios


∗∗∗ Cisco Firepower System Software BitTorrent File Policy Bypass Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-fss


∗∗∗ Cisco Email Security Appliance and Cisco Content Security Management Appliance Spam Quarantine Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-esacsm


∗∗∗ Cisco Data Center Analytics Framework Reflected Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-dcaf1


∗∗∗ Cisco Data Center Analytics Framework Stored Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-dcaf


∗∗∗ Cisco Unified Communications Manager SQL Injection Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cucm


∗∗∗ Cisco Policy Suite RADIUS Authentication Information Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cps1


∗∗∗ Cisco Policy Suite RADIUS Authentication Bypass Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cps


∗∗∗ Cisco Prime Network TCP Denial of Service Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cpn


∗∗∗ Security Advisory - Two Out-of-Bounds Read Vulnerabilities in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180207-03-h323-en


∗∗∗ Security Advisory - Six Vulnerabilities in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180207-01-soap-en


∗∗∗ Security Advisory - Two Vulnerabilities in the SIP Module of Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180207-02-sip-en


∗∗∗ Security Advisory - Two Buffer Overflow Vulnerabilities in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180207-01-encryption-en


∗∗∗ Security Advisory - Out-of-Bounds Memory Access Vulnerability in the GPU Driver of Huawei Mobile Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180207-01-smartphone-en


∗∗∗ Security Advisory - Three Vulnerabilities in SCCPX Module of Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180207-01-sccpx-en


∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2018-1401) ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=swg22013097


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22008892


∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by Open Source Oracle MySQL Server Vulnerabilities ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22012410


∗∗∗ IBM Security Bulletin: Vulnerabilities in Apache Struts Affect IBM Emptoris Contract Management and IBM Emptoris Spend (CVE-2016-1181,CVE-2016-1182) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22013334


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Platform Software clients. ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22012609


∗∗∗ IBM Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by Insufficient Authorization Checks vulnerability (CVE-2018-1368 ) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22013302


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in Open Source Binutils and Open Source OpenSSL affect IBM Netezza Analytics ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012605


∗∗∗ IBM Security Bulletin:Vulnerability in Apache Poi Affects IBM Emptoris Sourcing and IBM Emptoris Contract Management (CVE-2017-5644) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012515

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list