VARIoT latest news about IoT security

Cisco Identity Services Engine Stored Cross-Site Scripting V... - vulnerability database \| Vulners.com Trust: 5.0 Fetched: Jan. 12, 2024, 9:54 a.m., Published: Jan. 10, 2024, 4 p.m.	Vulnerabilities: cross-site scripting

Affected products

External IDs

vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	cisco identity services engine

CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign Trust: 3.5 Fetched: Jan. 12, 2024, 9:52 a.m., Published: Jan. 12, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	trend	model:	security
vendor:	trend	model:	antivirus
vendor:	trend micro	model:	security
vendor:	trend micro	model:	antivirus
vendor:	filezilla	model:	server

db:

NVD

ids:

CVE-2023-36025

CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign Trust: 3.5 Fetched: Jan. 12, 2024, 9:52 a.m., Published: Jan. 12, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	trend	model:	security
vendor:	trend	model:	antivirus
vendor:	trend micro	model:	security
vendor:	trend micro	model:	antivirus
vendor:	filezilla	model:	server

db:

NVD

ids:

CVE-2023-36025

CVE - CVE-2023-43115 Trust: 3.25 Fetched: Jan. 12, 2024, 9:51 a.m., Published: Jan. 3, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2023-43115

CVE-2024-20666 Vulnerability Creates Patch Failures for WinRE OS Update - NinjaOne Trust: 3.25 Fetched: Jan. 12, 2024, 9:51 a.m., Published: Jan. 10, 2024, 5:21 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2024-20666

CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign Trust: 3.5 Fetched: Jan. 12, 2024, 9:50 a.m., Published: Jan. 12, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	trend	model:	security
vendor:	trend	model:	antivirus
vendor:	trend micro	model:	security
vendor:	trend micro	model:	antivirus
vendor:	filezilla	model:	server

db:

NVD

ids:

CVE-2023-36025

Kyocera Device Manager Vulnerability (CVE-2023-50916) and QNAP Systems Security Fixes - CyberSRC Trust: 3.0 Fetched: Jan. 12, 2024, 9:49 a.m., Published: Jan. 10, 2024, 7:36 a.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2023-50916

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability - Cisco Trust: 5.0 Fetched: Jan. 12, 2024, 9:38 a.m., Published: Jan. 10, 2024, 10:05 a.m.	Vulnerabilities: cross-site scripting

Affected products

External IDs

vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	cisco identity services engine

Security Vulnerability in KYOCERA Device Manager \| KYOCERA Document Solutions Trust: 3.25 Fetched: Jan. 12, 2024, 9:33 a.m., Published: Jan. 11, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2023-50916

Cisco Fixes High-Risk Vulnerability Impacting Unity Connection Software Trust: 5.75 Fetched: Jan. 12, 2024, 9:32 a.m., Published: Jan. 11, 2024, 4:55 a.m.	Vulnerabilities: command injection, file upload bug, improper validation

Affected products

External IDs

vendor:	cisco	model:	wap371
vendor:	cisco	model:	cisco unity
vendor:	cisco	model:	unity
vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	cisco unity connection
vendor:	cisco	model:	wireless access point
vendor:	cisco	model:	telepresence
vendor:	cisco	model:	telepresence management suite
vendor:	cisco	model:	unity connection

db:

NVD

ids:

CVE-2024-20287, CVE-2024-20272

Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887) - Help Net Security Trust: 3.5 Fetched: Jan. 12, 2024, 9:32 a.m., Published: Jan. 11, 2024, 11:35 a.m.	Vulnerabilities: command injection, command execution

Affected products

External IDs

db:

NVD

ids:

CVE-2024-21887, CVE-2023-46805

Security Vulnerability in KYOCERA Device Manager Trust: 3.25 Fetched: Jan. 12, 2024, 9:27 a.m., Published: Jan. 24, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2023-50916

(Response) Splitting Up Reverse Proxies To Reach Internal Only Paths Trust: 3.75 Fetched: Jan. 12, 2024, 9:26 a.m., Published: Jan. 24, 2024, midnight	Vulnerabilities: response splitting vulnerability

Affected products	External IDs

.NET January 2024 Updates - .NET 8.0.1, 7.0.15, .NET 6.0.26 - .NET Blog Trust: 5.0 Fetched: Jan. 12, 2024, 9:26 a.m., Published: Jan. 9, 2024, 6 p.m.	Vulnerabilities: feature bypass, denial of service, security feature bypass...

Affected products

External IDs

db:

NVD

ids:

CVE-2024-0057, CVE-2024-21319, CVE-2024-0056

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability Trust: 5.0 Fetched: Jan. 12, 2024, 9:20 a.m., Published: Jan. 10, 2024, 3:55 p.m.	Vulnerabilities: cross-site scripting

Affected products

External IDs

vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	cisco identity services engine

Cisco WAP371 Wireless Access Point Command Injection Vulnerability - Cisco Trust: 5.0 Fetched: Jan. 12, 2024, 9:20 a.m., Published: Jan. 10, 2024, 10:05 a.m.	Vulnerabilities: command injection

Affected products

External IDs

vendor:	cisco	model:	wap371
vendor:	cisco	model:	wireless access point

Actively exploited 0-days in Ivanti VPN are letting hackers backdoor networks \| Ars Technica Trust: 5.75 Fetched: Jan. 12, 2024, 9:20 a.m., Published: Jan. 10, 2024, 10:18 p.m.	Vulnerabilities: command execution

Affected products

External IDs

vendor:	pulse secure	model:	connect secure
vendor:	citrix	model:	netscaler gateway
vendor:	citrix	model:	gateway
vendor:	citrix	model:	netscaler application delivery controller
vendor:	citrix	model:	application delivery controller
vendor:	citrix	model:	netscaler

db:

NVD

ids:

CVE-2023-49103, CVE-2023-46805, CVE-2022-47966, CVE-2024-21887, CVE-2023-34362

Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation Vulnerability Trust: 4.25 Fetched: Jan. 12, 2024, 9:19 a.m., Published: Jan. 10, 2024, 3:55 p.m.	Vulnerabilities: privilege escalation

Affected products	External IDs

Ivanti warns of critical vulnerability in its popular line of endpoint protection software \| Ars Technica Trust: 3.5 Fetched: Jan. 12, 2024, 9:19 a.m., Published: Jan. 5, 2024, 10:33 p.m.	Vulnerabilities: sql injection, code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2023-39336

Type Juggling Leads to Two Vulnerabilities in POST SMTP Mailer WordPress Plugin Trust: 3.75 Fetched: Jan. 12, 2024, 9:13 a.m., Published: Jan. 10, 2024, 4:01 p.m.	Vulnerabilities: cross-site scripting, code execution

Affected products	External IDs

VARIoT news about IoT security