Sign-up

VARIoT news about IoT security

Siemens LOGO! 8 BM Buffer Overflow (CVE-2022-36361) - vulnerability database | Vulners.com

Related entries in the VARIoT vulnerabilities database: VAR-202210-0505, VAR-202210-0504, VAR-202210-0503

Trust: 3.5

Fetched: Sept. 24, 2023, 9:25 a.m., Published: Sept. 21, 2023, midnight
 Vulnerabilities: improper validation, buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2022-36363, CVE-2022-36361, CVE-2022-36362

CVE-2023-23363 & CVE-2023-23364: High-Severity Bugs Unveiled in QNAP's QTS & Multimedia Console

Trust: 4.25

Fetched: Sept. 24, 2023, 9:24 a.m., Published: May 24, 2023, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2023-23363, CVE-2023-23364

About the security content of iOS 17.0.1 and iPadOS 17.0.1 - Apple Support

Trust: 4.5

Fetched: Sept. 24, 2023, 9:23 a.m., Published: Sept. 21, 2023, midnight
 Vulnerabilities: certificate validation issue, code execution
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: ipad air
vendor: apple model: ipad
db: NVD ids: CVE-2023-41991, CVE-2023-41993, CVE-2023-41992

15 Essential Skills for Cybersecurity Analysts in 2023 | Coursera

Trust: 3.75

Fetched: Sept. 24, 2023, 9:22 a.m., Published: Sept. 24, 2023, midnight
 Vulnerabilities: sql injection
Affected productsExternal IDs
vendor: google model: android

Thousands of Juniper firewalls still vulnerable to RCE • The Register

Trust: 4.0

Fetched: Sept. 24, 2023, 9:21 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-36851, CVE-2023-36847, CVE-2023-36845, CVE-2023-36844, CVE-2023-36846

Azure security baseline for IoT Hub | Microsoft Learn

Trust: 3.0

Fetched: Sept. 24, 2023, 9:20 a.m., Published: Sept. 20, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs

IoT Cyber Security: Trends, Challenges And Solutions - Evolution Systems

Trust: 4.25

Fetched: Sept. 24, 2023, 9:17 a.m., Published: Sept. 19, 2023, 2:04 a.m.
 Vulnerabilities: default password
Affected productsExternal IDs
vendor: tesla model: model
vendor: google model: wi-fi router
vendor: google model: home
vendor: raspberry pi model: 3
vendor: cisco model: router
vendor: cisco model: routers
vendor: node.js model: node.js

The PRTG Network Scanning Tools

Trust: 3.0

Fetched: Sept. 24, 2023, 9:17 a.m., Published: Sept. 25, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: paessler model: prtg network monitor

16 Best Vulnerability Scanners of 2023 [Expert Review]

Trust: 4.25

Fetched: Sept. 24, 2023, 9:15 a.m., Published: Sept. 6, 2022, 10:41 a.m.
 Vulnerabilities: cross-site scripting, request forgery, cross-site request forgery...
Affected productsExternal IDs
vendor: sophos model: endpoint protection
vendor: sophos model: firewall
vendor: sophos model: mobile

The 5 Riskiest Connected Devices in 2023: IT, IoT, OT, IoMT - Forescout

Trust: 3.75

Fetched: Sept. 24, 2023, 9:11 a.m., Published: July 13, 2023, 9 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security

Cisco, Juniper Networks address vulnerabilities | SC Media

Trust: 5.5

Fetched: Sept. 22, 2023, 9:55 a.m., Published: March 7, 2023, 7 p.m.
 Vulnerabilities: authentication bypass, command execution, input validation bug
Affected productsExternal IDs
vendor: tenda model: router
vendor: cisco model: firepower threat defense
vendor: cisco model: firepower
vendor: cisco model: router
vendor: cisco model: adaptive security appliance software
vendor: cisco model: adaptive security appliance
vendor: cisco model: identity services engine
vendor: cisco model: cisco identity services engine
vendor: cisco model: firepower threat defense software
db: NVD ids: CVE-2023-20269, CVE-2023-20243, CVE-2023-20238, CVE-2023-4498

Evil Twin Attack: Fake WiFi Access Point Vulnerabilities | Okta

Trust: 3.5

Fetched: Sept. 22, 2023, 9:54 a.m., Published: Oct. 4, 2023, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: google model: home
vendor: google model: wifi

ASPL 2023-09-01 / CVE-2023-35674 | Threat Intelligence

Trust: 5.5

Fetched: Sept. 22, 2023, 9:53 a.m., Published: Sept. 1, 2023, midnight
 Vulnerabilities: code execution, use after free, integer overflow...
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2023-35658, CVE-2023-35681, CVE-2023-35674, CVE-2023-35673

Attacks on 5G Infrastructure From Users’ Devices

Trust: 3.5

Fetched: Sept. 22, 2023, 9:53 a.m., Published: Sept. 20, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend micro model: security
vendor: trend model: security
db: NVD ids: CVE-2021-45462

2237579 - (CVE-2023-39513) CVE-2023-39513 cacti: Cross-Site Scripting vulnerability with Device Name when debugging data queries

Trust: 4.5

Fetched: Sept. 22, 2023, 9:51 a.m., Published: Sept. 6, 2023, 5:04 a.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2023-39513

Web Application Testing Concept Explained

Trust: 3.5

Fetched: Sept. 22, 2023, 9:49 a.m., Published: Feb. 12, 2017, 11:29 a.m.
 Vulnerabilities: cross-site scripting, sql injection
Affected productsExternal IDs
vendor: node.js model: node.js

Unveiling CVE-2023-3519 : Citrix ADC & Gateway Vulnerability Analysis - CYFIRMA

Trust: 4.25

Fetched: Sept. 22, 2023, 9:43 a.m., Published: Aug. 25, 2023, midnight
 Vulnerabilities: code execution, buffer overflow, command execution
Affected productsExternal IDs
vendor: citrix model: gateway
vendor: citrix model: netscaler gateway
vendor: citrix model: netscaler adc
vendor: citrix model: netscaler
db: NVD ids: CVE-2023-3519

2237817 - (CVE-2023-39511) CVE-2023-39511 Cacti: Cross-Site Scripting vulnerability with Device Name when editing Graphs whilst managing Reports

Trust: 4.5

Fetched: Sept. 22, 2023, 9:42 a.m., Published: Sept. 7, 2023, 5:04 a.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2023-39511

Top Password Strengths and Vulnerabilities: Threats, Preventive Measures, and Recoveries

Trust: 3.5

Fetched: Sept. 22, 2023, 9:40 a.m., Published: Sept. 21, 2023, midnight
 Vulnerabilities: account lockout, default password, session hijacking...
Affected productsExternal IDs
vendor: essential model: phone

2237601 - (CVE-2023-39510) CVE-2023-39510 cacti: Cross-Site Scripting vulnerability with Device Name when administrating Reports

Trust: 4.5

Fetched: Sept. 22, 2023, 9:39 a.m., Published: Sept. 6, 2023, 5:20 a.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2023-39510