Sign-up

VARIoT news about IoT security

Decoding CVE-2023-50164: Unveiling the Apache Struts File Upload Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201703-0755

Trust: 5.25

Fetched: Dec. 15, 2023, 9:57 a.m., Published: Dec. 15, 2023, midnight
 Vulnerabilities: path traversal, code execution
Affected productsExternal IDs
vendor: trend micro model: deep security
vendor: trend micro model: security
vendor: trend model: deep security
vendor: trend model: security
db: NVD ids: CVE-2017-5638, CVE-2023-50164

iOS 17.1.2: Why You Should Download the iPhone Update Now - CNET

Trust: 3.75

Fetched: Dec. 15, 2023, 9:56 a.m., Published: Jan. 17, 2002, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: webkit
vendor: apple model: safari

Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671) - Help Net Security

Trust: 5.0

Fetched: Dec. 15, 2023, 9:55 a.m., Published: Nov. 20, 2023, 11:43 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: sophos model: firewall
vendor: sophos model: web appliance
vendor: sophos model: sophos web appliance
db: NVD ids: CVE-2020-2551, CVE-2023-1671

System BIOS dla komputera Dell Latitude 5290/5490/5590 | Szczegóły sterownika | Dell Polska

Trust: 3.0

Fetched: Dec. 15, 2023, 9:54 a.m., Published: Dec. 7, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: bios
vendor: dell model: latitude 5290
vendor: dell model: latitude

New attack proves critical Windows bug 'highly exploitable'

Trust: 3.0

Fetched: Dec. 15, 2023, 9:54 a.m., Published: July 8, 2010, 11 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

Google patches security bugs in Chrome, exploit out there • The Register

Trust: 5.5

Fetched: Dec. 15, 2023, 9:51 a.m., Published: -
 Vulnerabilities: authentication flaw, command injection, memory access bug...
Affected productsExternal IDs
vendor: zyxel model: nas542
vendor: zyxel model: nas326
vendor: google model: chrome
db: NVD ids: CVE-2023-35138, CVE-2023-37928, CVE-2023-4473, CVE-2023-6345, CVE-2023-6350, CVE-2023-35137, CVE-2023-37927, CVE-2023-6347, CVE-2023-6346, CVE-2023-4474, CVE-2023-6348, CVE-2023-6351

Cyber Briefing - 2023.11.29

Trust: 4.25

Fetched: Dec. 15, 2023, 9:51 a.m., Published: Nov. 29, 2023, midnight
 Vulnerabilities: integer overflow, privilege escalation
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: android

Exploit for Critical Windows Defender Bypass Goes Public

Trust: 4.0

Fetched: Dec. 15, 2023, 9:50 a.m., Published: Dec. 5, 2023, midnight
 Vulnerabilities: security bypass
Affected productsExternal IDs
db: NVD ids: CVE-2023-36025, CVE-2023-32049, CVE-2023-24880

Decoding CVE-2023-50164: Unveiling the Apache Struts File Upload Exploit

Related entries in the VARIoT vulnerabilities database: VAR-201703-0755

Trust: 5.25

Fetched: Dec. 15, 2023, 9:49 a.m., Published: Dec. 15, 2023, midnight
 Vulnerabilities: path traversal, code execution
Affected productsExternal IDs
vendor: trend micro model: deep security
vendor: trend micro model: security
vendor: trend model: deep security
vendor: trend model: security
db: NVD ids: CVE-2017-5638, CVE-2023-50164

Ransomware review: December 2023

Trust: 3.75

Fetched: Dec. 15, 2023, 9:48 a.m., Published: Dec. 13, 2023, 7:22 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2023-4966

5 Cloud Security Trends to Watch for Network Professionals

Trust: 4.25

Fetched: Dec. 15, 2023, 9:47 a.m., Published: Dec. 5, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security

Google issues critical Chrome patch addressing active zero-day

Trust: 5.5

Fetched: Dec. 15, 2023, 9:46 a.m., Published: Dec. 3, 2023, midnight
 Vulnerabilities: validation bypass, command execution, command injection...
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: google chrome
vendor: google model: android
db: NVD ids: CVE-2023-35138, CVE-2023-49103, CVE-2023-6345, CVE-2023-4473, CVE-2023-35137, CVE-2023-37927, CVE-2023-4474

2023 'ASTORS' Honors Homeland Security & Public Safety (A - GL) - American Security Today

Trust: 3.25

Fetched: Dec. 15, 2023, 9:43 a.m., Published: Nov. 29, 2023, 7 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: hewlett packard model: stream
vendor: hewlett packard model: integrity
vendor: hewlett packard model: network automation
vendor: hewlett packard model: 360
vendor: zoom model: client
vendor: rapid model: scada
vendor: ati systems model: mhpss
vendor: axis communications model: communications
vendor: axis communications model: ptz network camera
vendor: axis communications model: network camera
vendor: rockwell model: arena
vendor: hewlett packard enterprise model: stream
vendor: hewlett packard enterprise model: integrity
vendor: hewlett packard enterprise model: network automation
vendor: hewlett packard enterprise model: 360
vendor: axis model: communications
vendor: axis model: ptz network camera
vendor: axis model: network camera
vendor: rockwell automation model: arena

5 Vulnerabilities on SEL-451 Allow Authentication Bypass & DoS

Trust: 4.5

Fetched: Dec. 15, 2023, 9:42 a.m., Published: -
 Vulnerabilities: authentication bypass, cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2023-34390, CVE-2023-31176, CVE-2023-31776, CVE-2023-34388, CVE-2023-34389, CVE-2023-31177

Google issues critical Chrome patch addressing active zero-day

Trust: 5.5

Fetched: Dec. 15, 2023, 9:40 a.m., Published: Dec. 3, 2023, midnight
 Vulnerabilities: validation bypass, command execution, command injection...
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: google chrome
vendor: google model: android
db: NVD ids: CVE-2023-35138, CVE-2023-49103, CVE-2023-6345, CVE-2023-4473, CVE-2023-35137, CVE-2023-37927, CVE-2023-4474

Using Samsung Galaxy S23, Samsung Galaxy Z Fold 5, Samsung Galaxy Z Flip 5, Samsung gallaxy S22 and other phones? Indian Govt has warning for you! Update your phone now | Technology & Science News, Times Now

Trust: 3.75

Fetched: Dec. 15, 2023, 9:40 a.m., Published: Dec. 5, 2023, midnight
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: samsung model: knox
vendor: samsung model: galaxy
vendor: samsung model: samsung galaxy
vendor: google model: android

Alert for Samsung smartphone users: CERT-In warns of high-risk vulnerabilities | Technology News - India TV

Trust: 3.5

Fetched: Dec. 15, 2023, 9:39 a.m., Published: Dec. 15, 2023, 1:12 p.m.
 Vulnerabilities: buffer overflow, integer overflow
Affected productsExternal IDs
vendor: samsung model: knox
vendor: samsung model: galaxy
vendor: samsung model: note
vendor: samsung model: samsung galaxy
vendor: google model: chrome
vendor: google model: pixel
vendor: google model: google chrome
vendor: google model: android

Govt issues high-risk alert for Samsung mobile users

Trust: 3.5

Fetched: Dec. 15, 2023, 9:33 a.m., Published: Dec. 14, 2023, 8:13 p.m.
 Vulnerabilities: buffer overflow, improper access control, integer overflow
Affected productsExternal IDs
vendor: samsung model: mobile
vendor: samsung model: galaxy
vendor: samsung model: note
vendor: samsung model: samsung mobile
vendor: samsung model: knox

Siemens SICAM Q100 Devices | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202306-0890, VAR-202306-0889

Trust: 4.5

Fetched: Dec. 15, 2023, 9:33 a.m., Published: Jan. 10, 2023, midnight
 Vulnerabilities: cross-site request forgery, request forgery
Affected productsExternal IDs
vendor: siemens model: sicam
db: NVD ids: CVE-2023-30901, CVE-2023-31238

Armis is Named a Leader in Three 2023 Quadrant SPARK Matrix™ Reports | Armis

Trust: 3.0

Fetched: Dec. 15, 2023, 9:32 a.m., Published: Dec. 11, 2023, 9:53 p.m.
 Vulnerabilities: -
Affected productsExternal IDs