Sign-up

VARIoT news about IoT security

Cisco Firepower Threat Defense Software SSL and Snort 3 Detection Engine Bypass and Denial of Service Vulnerability - Cisco

Trust: 3.5

Fetched: Nov. 3, 2023, 9:08 a.m., Published: Nov. 2, 2023, 11:34 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: device manager
vendor: cisco model: firepower threat defense
vendor: cisco model: firepower
vendor: cisco model: firepower threat defense software
vendor: cisco model: firepower management center
vendor: cisco model: cisco firepower threat defense software
vendor: snort model: snort

Cisco Firepower Threat Defense Software and Firepower Management Center Software Code Injection Vulnerability - Cisco

Trust: 4.0

Fetched: Nov. 3, 2023, 9:05 a.m., Published: Nov. 2, 2023, 11:34 p.m.
 Vulnerabilities: code injection
Affected productsExternal IDs
vendor: cisco model: firepower threat defense
vendor: cisco model: firepower
vendor: cisco model: asa software
vendor: cisco model: cisco firepower management center
vendor: cisco model: firepower threat defense software
vendor: cisco model: firepower management center
vendor: cisco model: cisco firepower threat defense software

Citrix Bleed: Mass exploitation in progress (CVE-2023-4966) - Help Net Security

Trust: 4.5

Fetched: Nov. 1, 2023, 9:26 a.m., Published: Oct. 30, 2023, 11:37 a.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
vendor: citrix model: netscaler
vendor: citrix model: gateway
vendor: citrix model: netscaler adc
db: NVD ids: CVE-2023-4966

Milesight Industrial Router Vulnerability Possibly Exploited in Attacks - SecurityWeek

Related entries in the VARIoT vulnerabilities database: VAR-202310-0004

Trust: 5.0

Fetched: Nov. 1, 2023, 9:26 a.m., Published: Oct. 17, 2023, midnight
 Vulnerabilities: default credentials
Affected productsExternal IDs
db: NVD ids: CVE-2023-43261

The Windows October 2023 security updates fix three 0-day vulnerabilities - gHacks Tech News

Related entries in the VARIoT vulnerabilities database: VAR-202310-0175

Trust: 3.5

Fetched: Nov. 1, 2023, 9:24 a.m., Published: Oct. 10, 2023, 5:57 p.m.
 Vulnerabilities: information disclosure, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-41767, CVE-2023-41765, CVE-2023-44487, CVE-2023-41774, CVE-2023-41771, CVE-2023-36563, CVE-2023-36697, CVE-2023-38166, CVE-2023-41768, CVE-2023-36718, CVE-2023-41763, CVE-2023-41770, CVE-2023-41769, CVE-2023-41773, CVE-2023-35349

CERT-In Warns of Multiple Security Vulnerabilities Affecting Older iPhone, iPad Models: All You Need to Know | Technology News

Trust: 3.5

Fetched: Nov. 1, 2023, 9:23 a.m., Published: Nov. 1, 2023, 7:01 a.m.
 Vulnerabilities: improper validation, buffer overflow
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: iphone
vendor: apple model: ipad
vendor: apple model: ipad air

ConnectedIO’s 3/4G Routers Vulnerability Execute Malicious Code

Trust: 3.0

Fetched: Nov. 1, 2023, 9:15 a.m., Published: Oct. 9, 2023, 3:43 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-33376, CVE-2023-33377, CVE-2023-33378, CVE-2023-33375

Microsoft Response to Distributed Denial of Service (DDoS) Attacks against HTTP/2 | MSRC Blog | Microsoft Security Response Center

Related entries in the VARIoT vulnerabilities database: VAR-202310-0175

Trust: 3.5

Fetched: Nov. 1, 2023, 9:12 a.m., Published: Nov. 2, 2023, midnight
 Vulnerabilities: resource exhaustion, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2023-44487

Security Vulnerabilities Newsletter: Top News Rundown (October 2023)

Related entries in the VARIoT vulnerabilities database: VAR-202310-0004

Trust: 4.75

Fetched: Nov. 1, 2023, 9:12 a.m., Published: Oct. 1, 2023, midnight
 Vulnerabilities: denial of service, command injection, remote command injection
Affected productsExternal IDs
vendor: d-link model: router
db: NVD ids: CVE-2023-43261

Cisco Devices Hacked via IOS XE Zero-Day Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-202103-0773

Trust: 4.75

Fetched: Nov. 1, 2023, 9:11 a.m., Published: Nov. 3, 2023, midnight
 Vulnerabilities: privilege escalation, command injection
Affected productsExternal IDs
vendor: cisco model: ios xe
db: NVD ids: CVE-2023-20198, CVE-2021-1435

6 Best Network Vulnerability Scanning Tools for Security Teams in 2023

Trust: 3.5

Fetched: Nov. 1, 2023, 9:10 a.m., Published: Oct. 20, 2023, 9:47 p.m.
 Vulnerabilities: sql injection
Affected productsExternal IDs
vendor: essential model: phone
vendor: manageengine model: network configuration manager

Apple, Google, and Microsoft Just Patched Some Spooky Security Flaws | WIRED UK

Trust: 5.5

Fetched: Nov. 1, 2023, 9:04 a.m., Published: Oct. 31, 2023, 11 a.m.
 Vulnerabilities: information disclosure, denial of service, cross-site scripting...
Affected productsExternal IDs
vendor: citrix model: gateway
vendor: citrix model: netscaler adc
vendor: citrix model: netscaler
vendor: citrix model: netscaler gateway
vendor: cisco model: ios xe software
vendor: cisco model: ios xe
vendor: cisco model: series
vendor: cisco model: cisco ios xe
vendor: cisco model: cisco ios
vendor: cisco model: netscaler gateway
vendor: samsung model: notes
vendor: samsung model: galaxy
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2023-34056, CVE-2023-40129, CVE-2023-34048, CVE-2023-4967, CVE-2023-20273, CVE-2023-42474, CVE-2023-20198, CVE-2023-4966

CVE-2023-35082: Unauthenticated API Access Vulnerability in MobileIron Core

Trust: 3.0

Fetched: Nov. 1, 2023, 9:04 a.m., Published: Aug. 7, 2023, 1:52 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-35078, CVE-2023-35081, CVE-2023-35082

Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores

Trust: 3.5

Fetched: Oct. 31, 2023, 9:28 a.m., Published: Oct. 20, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2022-43677

Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores

Trust: 3.5

Fetched: Oct. 31, 2023, 9:27 a.m., Published: Oct. 20, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2022-43677

Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores

Trust: 3.5

Fetched: Oct. 31, 2023, 9:27 a.m., Published: Oct. 20, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2022-43677

Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores

Trust: 3.5

Fetched: Oct. 31, 2023, 9:27 a.m., Published: Oct. 20, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2022-43677

The Cloud | Russ Harvey Consulting

Trust: 3.5

Fetched: Oct. 31, 2023, 9:20 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: blackberry model: smartphone
vendor: blackberry model: blackberry
vendor: google model: android
vendor: google model: home
vendor: google model: wifi
vendor: apple model: icloud
vendor: apple model: iphone
vendor: apple model: ipad
vendor: apple model: macos
vendor: trend model: security

Phosphorus Releases Mitigation Solutions for Critical Cisco

Trust: 4.25

Fetched: Oct. 31, 2023, 9:16 a.m., Published: Oct. 17, 2023, midnight
 Vulnerabilities: privilege escalation, default credentials
Affected productsExternal IDs
vendor: cisco model: cisco ios xe
vendor: cisco model: ios xe software
vendor: cisco model: cisco ios
vendor: cisco model: access points
vendor: cisco model: ios xe
vendor: cisco model: routers
db: NVD ids: CVE-2023-20198

Quantum Machine Learning for Security Assessment in IoMT | Encyclopedia MDPI

Trust: 3.75

Fetched: Oct. 31, 2023, 9:16 a.m., Published: Oct. 1, 2023, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs