Sign-up

VARIoT news about IoT security

Microsoft Warns of Nation-State Hackers Exploiting Critical Atlassian Confluence Vulnerability

Trust: 4.75

Fetched: Oct. 15, 2023, 9:32 a.m., Published: Oct. 11, 2023, 4:12 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2023-22515

Update now! Atlassian Confluence vulnerability is being actively exploited

Trust: 3.5

Fetched: Oct. 15, 2023, 9:29 a.m., Published: -
 Vulnerabilities: access control vulnerability, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-22515, CVE-2021-26084

Govt issues high-risk warning for Google Chrome users, know all details here - BusinessToday

Trust: 3.5

Fetched: Oct. 15, 2023, 9:27 a.m., Published: Oct. 13, 2023, 6:53 a.m.
 Vulnerabilities: buffer overflow, use after free
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: google chrome
vendor: google model: android

End-to-end security in Azure | Microsoft Learn

Trust: 3.0

Fetched: Oct. 15, 2023, 9:23 a.m., Published: Jan. 29, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs

Achieve Zero Trust at Scale With Tanium and Microsoft Entra ID | Tanium

Trust: 3.0

Fetched: Oct. 15, 2023, 9:22 a.m., Published: Oct. 2, 2023, 3:37 p.m.
 Vulnerabilities: configuration issue
Affected productsExternal IDs

SSA-843070

Trust: 5.25

Fetched: Oct. 15, 2023, 9:21 a.m., Published: Oct. 1, 2023, midnight
 Vulnerabilities: input validation vulnerability, code execution, denial of service...
Affected productsExternal IDs
vendor: aruba model: instantos
vendor: aruba model: arubaos
db: NVD ids: CVE-2023-22790, CVE-2023-22785, CVE-2023-22789, CVE-2023-22780, CVE-2023-22782, CVE-2023-22786, CVE-2023-22779, CVE-2023-22783, CVE-2023-22791, CVE-2023-22788, CVE-2023-22787, CVE-2023-22781, CVE-2023-22784

Azure threat protection | Microsoft Learn

Trust: 4.25

Fetched: Oct. 15, 2023, 9:18 a.m., Published: Jan. 20, 2023, midnight
 Vulnerabilities: file inclusion, sql injection, command execution...
Affected productsExternal IDs
vendor: imperva model: web application firewall
vendor: barracuda model: running
vendor: barracuda model: web application firewall
vendor: barracuda model: barracuda

Vulnerability Disclosure Program - Qwilr

Trust: 3.75

Fetched: Oct. 15, 2023, 9:18 a.m., Published: Oct. 2, 2023, midnight
 Vulnerabilities: privilege escalation, code execution, denial of service
Affected productsExternal IDs

Released 09 October 2023 CVE (Common Vulnerabilities and Exposures)

Trust: 4.75

Fetched: Oct. 15, 2023, 9:16 a.m., Published: Oct. 9, 2023, midnight
 Vulnerabilities: request forgery, information exposure, cross-site scripting...
Affected productsExternal IDs
vendor: lenovo model: notebook
db: NVD ids: CVE-2023-45353, CVE-2023-44378, CVE-2023-45612, CVE-2023-43700, CVE-2023-5100, CVE-2023-44236, CVE-2023-45350, CVE-2023-43643, CVE-2023-44238, CVE-2023-43699, CVE-2023-45352, CVE-2023-45356, CVE-2023-45373, CVE-2023-45369, CVE-2023-45351, CVE-2023-43697, CVE-2023-44246, CVE-2023-25822, CVE-2022-35950, CVE-2023-45372, CVE-2023-36820, CVE-2023-5333, CVE-2023-44393, CVE-2023-39194, CVE-2023-41667, CVE-2023-44240, CVE-2023-44237, CVE-2023-5103, CVE-2023-43698, CVE-2023-41660, CVE-2023-44232, CVE-2023-5330, CVE-2023-5460, CVE-2023-5459, CVE-2023-45371, CVE-2023-45613, CVE-2023-39193, CVE-2023-45370, CVE-2023-45354, CVE-2023-41669, CVE-2023-39192, CVE-2023-5331, CVE-2022-3431, CVE-2023-3589, CVE-2023-45247, CVE-2023-45374, CVE-2023-44231, CVE-2023-45248, CVE-2023-45349, CVE-2023-45364, CVE-2023-45367, CVE-2023-43696, CVE-2023-41670, CVE-2023-44993, CVE-2023-5101, CVE-2023-41672, CVE-2023-44260, CVE-2023-39189, CVE-2023-41668, CVE-2023-45363, CVE-2023-45355

How to Protect Your Personal Devices and Data from Cyber Threats

Trust: 3.5

Fetched: Oct. 15, 2023, 9:14 a.m., Published: Oct. 3, 2023, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: google model: wifi
vendor: apple model: watch

ERROR: The request could not be satisfied

Trust: 3.25

Fetched: Oct. 15, 2023, 9:11 a.m., Published: Oct. 15, 2021, midnight
 Vulnerabilities: configuration error
Affected productsExternal IDs

The Rising Security Risk and Mitigation Options for IoT Devices

Trust: 3.75

Fetched: Oct. 15, 2023, 9:11 a.m., Published: -
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: series

Siemens SICAM PAS/PQS | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202310-0215

Trust: 3.5

Fetched: Oct. 13, 2023, 9:25 a.m., Published: Jan. 10, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: sicam pas/pqs
vendor: siemens model: sicam
vendor: siemens model: sicam pas
db: NVD ids: CVE-2023-38640

Siemens Xpedition Layout Browser | CISA

Trust: 3.75

Fetched: Oct. 13, 2023, 9:25 a.m., Published: Jan. 10, 2023, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2023-30900

Fortifying IoT Devices: Unraveling the Art of Securing Embedded Systems | Tripwire

Trust: 3.75

Fetched: Oct. 13, 2023, 9:24 a.m., Published: Oct. 13, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: essential model: phone

Google Cloud, AWS, and Cloudflare report largest DDoS attacks ever | ZDNET

Related entries in the VARIoT vulnerabilities database: VAR-202310-0175

Trust: 4.75

Fetched: Oct. 13, 2023, 9:24 a.m., Published: Oct. 13, 2023, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2023-44487

.NET October 2023 Updates - .NET 7.0.12, .NET 6.0.23 - .NET Blog

Related entries in the VARIoT vulnerabilities database: VAR-202310-0175

Trust: 4.75

Fetched: Oct. 13, 2023, 9:23 a.m., Published: Oct. 10, 2023, 5:04 p.m.
 Vulnerabilities: memory leak, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2023-44487, CVE-2023-38171, CVE-2023-36435

SSA-594373

Related entries in the VARIoT vulnerabilities database: VAR-202310-0197

Trust: 5.0

Fetched: Oct. 13, 2023, 9:22 a.m., Published: Oct. 1, 2023, midnight
 Vulnerabilities: code execution, cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2023-35796

Badbox Operation Targets Android Devices in Fraud Schemes

Trust: 3.0

Fetched: Oct. 13, 2023, 9:21 a.m., Published: Oct. 10, 2023, 8:30 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

10 zero-day vulnerabilities in industrial cell router could lead to code execution, buffer overflows

Trust: 5.5

Fetched: Oct. 13, 2023, 9:21 a.m., Published: Oct. 11, 2023, 4 p.m.
 Vulnerabilities: code execution, authentication bypass, buffer overflow
Affected productsExternal IDs
vendor: snort model: snort
vendor: apple model: webkit
vendor: apple model: safari
vendor: snort.org model: snort
vendor: cisco model: router
db: NVD ids: CVE-2023-32632, CVE-2023-24479, CVE-2023-39928, CVE-2023-32645