master.show-navigation
Meldungen
Services
Vorfall melden
Meldungen
Downloads
Feeds
Mailinglisten
Links
Daten feeds
Emails von uns
Crawler
Statistic Survey
Downloads
Über uns
Leitbild
Zuständigkeit
Das Management Team
Kontakt
Projekte
RFC 2350
Job-Angebote
Circa
Partner
CERT-Beirat
Pressematerial
Austrian Trust Circle
Austrian Energy Cert
FAQ
Impressum
Datenschutzerklärung
Haftungsausschluss
Berichte
Deutsch
English
Meldungen
Warnungen
Aktuelles
Tagesberichte
Blog
Spezielles
Services
Vorfall melden
Meldungen
Downloads
Feeds
Mailinglisten
Links
Daten feeds
Emails von uns
Crawler
Statistic Survey
Downloads
Berichte
Software
Papers
Pressematerial
Über uns
Leitbild
Zuständigkeit
Das Management Team
Kontakt
Projekte
RFC 2350
Job-Angebote
Circa
Partner
CERT-Beirat
Pressematerial
Austrian Trust Circle
Austrian Energy Cert
FAQ
Impressum
Datenschutzerklärung
Haftungsausschluss
Berichte
Jahresbericht 2023
Jahresbericht 2022
Jahresbericht 2021
Jahresbericht 2020
Jahresbericht 2019
Jahresbericht 2018
Jahresbericht 2017
Jahresbericht 2016
Jahresbericht 2015
Jahresbericht 2014
Jahresbericht 2013
DE
Deutsch
English
›
Meldungen
›
Tagesberichte
›
Show
Warnungen
Aktuelles
Tagesberichte
Blog
Spezielles
Tageszusammenfassung - 29.11.2017
End-of-Day report
Timeframe: Dienstag 28-11-2017 18:00 − Mittwoch 29-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner
News
∗∗∗ Annual Incident Analysis Report for the Trust Service Providers ∗∗∗ One year after the eIDAS Regulation entered into force, ENISA publishes the first comprehensive overview of the annual summary reporting by the Member States.
https://www.enisa.europa.eu/news/enisa-news/annual-incident-analysis-report-for-the-trust-service-providers
∗∗∗ Teure Angriffe auf ISDN-Anlagen ∗∗∗ Neuartige Angriffe auf ISDN-Anlagen unterlaufen die Betrugserkennung der Telefongesellschaften durch die Nutzung von Call-by-Call-Vorwahlen und maximieren damit den Schaden. Gefährdet sind auch Besitzer älterer Anlagen ohne Internetanbindung.
https://www.heise.de/newsticker/meldung/Teure-Angriffe-auf-ISDN-Anlagen-3904511.html
Vulnerabilities
∗∗∗ Apple Security Update 2017-001 ∗∗∗ Available for: macOS High Sierra 10.13.1 Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password
https://support.apple.com/kb/HT208315
∗∗∗ [webapps] Synology StorageManager 5.2 - Root Remote Command Execution ∗∗∗ Vulnerability Summary The following advisory describes a remote command execution vulnerability found in Synology StorageManager.
https://www.exploit-db.com/exploits/43190/?rss
∗∗∗ RSA Authentication Agent SDK for C Error Handling Flaw May Let Remote Users Bypass Authentication on the Target System ∗∗∗ In applications that do not properly handle return codes from the API/SDK, a remote user may be able to trigger an error handling flaw and bypass authentication on the target system. Systems with the API/SDK used in TCP asynchronous mode may be affected. The RSA Authentication Agent API/SDK for Java is not affected.
http://www.securitytracker.com/id/1039877
∗∗∗ RSA Authentication Agent for Web for Apache Web Server Lets Remote Users Bypass Authentication on the Target System ∗∗∗ A remote user can supply specially crafted data to trigger an input validation flaw and bypass authentication and gain access to resources ostensibly protected by the target agent. Agents configured to use the TCP protocol to communicate with the RSA Authentication Manager server are affected. The default configuration (UDP) is not affected.
http://www.securitytracker.com/id/1039876
∗∗∗ Siemens SCALANCE W1750D, M800, and S615 ∗∗∗
https://ics-cert.us-cert.gov/advisories/ICSA-17-332-01
∗∗∗ Vuln: Multiple EMC RSA products CVE-2017-14378 Authentication Bypass Vulnerability ∗∗∗
http://www.securityfocus.com/bid/101979
∗∗∗ Vuln: Multiple Siemens SCALANCE Products Multiple Security Vulnerabilities ∗∗∗
http://www.securityfocus.com/bid/101977
∗∗∗ Cisco Secure Access Control System Information Disclosure Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-acs
∗∗∗ Cisco WebEx Meeting Center URL Redirection Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-wmc
∗∗∗ Cisco WebEx Meeting Center Cross-Site Scripting Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex5
∗∗∗ Cisco WebEx Event Center Information Disclosure Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex4
∗∗∗ Cisco WebEx Meeting Server Unauthorized Welcome Message Modification Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex3
∗∗∗ Cisco WebEx Network Recording Player Denial of Service Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex1
∗∗∗ Multiple Vulnerabilities in Cisco WebEx Recording Format and Advanced Recording Format Players ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex-players
∗∗∗ Cisco WebEx Network Recording Player Buffer Overflow Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex
∗∗∗ Multiple Vulnerabilities in Cisco UCS Central Software ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ucs-central
∗∗∗ Cisco Multilayer Director, Nexus 7000 Series, and Nexus 7700 Series Switches Bash Shell Unauthorized Access Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-switch
∗∗∗ Cisco Prime Service Catalog SQL Injection Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-prime
∗∗∗ Cisco Nexus Series Switches Open Agent Container Code Execution Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos9
∗∗∗ Cisco NX-OS System Software Patch Installation Command Injection Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos8
∗∗∗ Cisco NX-OS System Software CLI Command Injection Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos7
∗∗∗ Cisco NX-OS System Software CLI Arbitrary File Read Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos6
∗∗∗ Cisco NX-OS System Software Interactive TCL Shell Escape Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos5
∗∗∗ Cisco NX-OS System Software CLI Command Injection Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos4
∗∗∗ Cisco NX-OS System Software CLI Command Injection Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos3
∗∗∗ Cisco NX-OS System Software Image Signature Bypass Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos2
∗∗∗ Cisco NX-OS System Software Guest Shell Unauthorized Internal Interface Access Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos10
∗∗∗ Cisco NX-OS System Software Patch Installation Arbitrary File Write Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos1
∗∗∗ Cisco NX-OS System Software Patch Signature Bypass Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos
∗∗∗ Cisco Nexus Series Switches CLI Command Injection Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nss
∗∗∗ Cisco Jabber Information Disclosure Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-jabber2
∗∗∗ Cisco Jabber Clients Cross-Site Scripting Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-jabber1
∗∗∗ Cisco Jabber Clients Cross-Site Scripting Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-jabber
∗∗∗ Cisco IP Phone 8800 Series Denial of Service Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ipp
∗∗∗ Cisco IOS XR Software Local Packet Transport Services Denial of Service Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ios-xr
∗∗∗ Cisco FXOS and NX-OS System Software CLI Command Injection Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-fxnx
∗∗∗ Cisco Email Security Appliance Malformed MIME Header Bypass Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-esa
∗∗∗ Multiple Vulnerabilities in Cisco Data Center Network Manager Software ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-dcnm
∗∗∗ Cisco Unified Communications Manager Cross-Site Scripting Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-cucm
∗∗∗ Cisco Meeting Server Denial of Service Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-cms
∗∗∗ Cisco Application Policy Infrastructure Controller Local Command Injection and Privilege Escalation Vulnerability ∗∗∗
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-apic
∗∗∗ Security Advisory - Use After Free Vulnerability in Some Huawei Smart Phones ∗∗∗
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-01-phone-en
∗∗∗ Security Advisory - Multiple NTPd Vulnerabilities in Huawei Products ∗∗∗
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-01-ntpd-en
∗∗∗ Security Advisory - Two Vulnerabilities in H323 protocol of Huawei Products ∗∗∗
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-01-h323-en
∗∗∗ Security Advisory - DoS Vulnerability in Some Huawei Smart Phones ∗∗∗
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-01-smartphone-en
∗∗∗ Security Advisory - A CGI application vulnerability in Some Huawei Products ∗∗∗
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-01-httpproxy-en
∗∗∗ Security Advisory - Memory Leak Vulnerability in Some Huawei Network Products ∗∗∗
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-01-command-en
∗∗∗ Security Advisory - Samba Remote Code Execution Vulnerability in Some Huawei Products ∗∗∗
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-01-samba-en
∗∗∗ Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Products ∗∗∗
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-01-routers-en
∗∗∗ Security Advisory - Denial of Service Vulnerability on Several Products ∗∗∗
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-01-cert-en
∗∗∗ Security Advisory - Buffer Overflow Vulnerability on Several Products ∗∗∗
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-02-sctp-en
∗∗∗ Security Advisory - Integer Overflow Vulnerability on Several Products ∗∗∗
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-01-sctp-en
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ Internet Pass Thru ∗∗∗
http://www.ibm.com/support/docview.wss?uid=swg22009183
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security AppScan Enterprise ∗∗∗
http://www-01.ibm.com/support/docview.wss?uid=swg22010003
∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module and QLogic Virtual Fabric Extension Module for IBM BladeCenter systems (CVE-2016-7055) ∗∗∗
https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099697