Sign-up

VARIoT news about IoT security

IoC scan scope in the registry

Trust: 3.25

Fetched: Sept. 20, 2023, 9:19 a.m., Published: -
 Vulnerabilities: file execution
Affected productsExternal IDs

Control the health of Windows devices - Windows Security | Microsoft Learn

Trust: 3.75

Fetched: Sept. 20, 2023, 9:12 a.m., Published: Aug. 11, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: essential model: phone

IoT Under Siege: The Anatomy of the Latest Mirai Campaign Leveraging Multiple IoT Exploits

Related entries in the VARIoT vulnerabilities database: VAR-202208-1439, VAR-202303-1268, VAR-202205-0957, VAR-202203-1289, VAR-202303-1196, VAR-201912-1012, VAR-202003-0963

Trust: 5.25

Fetched: Sept. 20, 2023, 9:10 a.m., Published: June 22, 2023, 6 a.m.
 Vulnerabilities: command execution, command injection, injection attack...
Affected productsExternal IDs
vendor: palo model: firewall
vendor: palo model: networks
vendor: vacron model: vacron nvr
vendor: tenda model: router
vendor: trend model: security
vendor: telesquare model: sdt-cw3b1
vendor: d-link model: dir-859
vendor: d-link model: router
vendor: d-link model: dwl-2600ap
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: netgear model: dgn1000
vendor: netgear model: router
vendor: nagios model: nagios xi
db: NVD ids: CVE-2022-37061, CVE-2023-1389, CVE-2022-30525, CVE-2022-29303, CVE-2021-25296, CVE-2022-27002, CVE-2022-45699, CVE-2022-30023, CVE-2019-12725, CVE-2023-25280, CVE-2022-40005, CVE-2021-46422, CVE-2023-27240, CVE-2019-17621, CVE-2022-31499, CVE-2019-20500

Security Advisories | Bosch Security and Safety Systems I Global

Related entries in the VARIoT vulnerabilities database: VAR-202206-2162, VAR-202206-1805, VAR-202206-2178

Trust: 4.5

Fetched: Sept. 20, 2023, 9:10 a.m., Published: Sept. 20, 2023, midnight
 Vulnerabilities: buffer overflow, information disclosure
Affected productsExternal IDs
vendor: bosch model: divar ip all-in-one
vendor: bosch model: bvms
vendor: bosch model: divar ip 7000
vendor: bosch model: divar ip
db: NVD ids: CVE-2021-23850, CVE-2022-40184, CVE-2022-32534, CVE-2021-23842, CVE-2021-23851, CVE-2021-23843, CVE-2022-36301, CVE-2022-36302, CVE-2022-32535, CVE-2022-32536, CVE-2022-40183

September 12-19, 2023 CISA KEV Breakdown | 15 New Vulns

Related entries in the VARIoT vulnerabilities database: VAR-201505-0274, VAR-201704-1556, VAR-202206-0324, VAR-202206-0056, VAR-202201-1001, VAR-202303-1844, VAR-202206-0005, VAR-202303-1848, VAR-202206-0393

Trust: 5.25

Fetched: Sept. 20, 2023, 9:08 a.m., Published: Sept. 19, 2023, 11:32 p.m.
 Vulnerabilities: brute force attack, privilege escalation, code execution...
Affected productsExternal IDs
vendor: minio model: minio
vendor: cisco model: firepower
vendor: cisco model: clientless ssl vpn
vendor: cisco model: meeting
vendor: cisco model: adaptive security appliance
vendor: cisco model: firepower threat defense
vendor: google model: home
vendor: google model: google chrome
vendor: google model: chrome
vendor: google model: android
vendor: samsung model: samsung mobile
vendor: samsung model: mobile
vendor: samsung model: notes
vendor: apple model: macos
db: NVD ids: CVE-2014-8361, CVE-2017-6884, CVE-2022-31463, CVE-2023-36802, CVE-2023-36761, CVE-2022-31459, CVE-2022-22265, CVE-2023-20269, CVE-2023-26369, CVE-2020-28343, CVE-2023-28432, CVE-2023-4863, CVE-2022-31462, CVE-2023-28434, CVE-2022-31461, CVE-2023-35674

9 Best Network Scanners for 2023 (Paid & Free)

Trust: 3.5

Fetched: Sept. 20, 2023, 9:07 a.m., Published: April 24, 2020, 7:03 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: solarwinds model: network performance monitor
vendor: paessler model: prtg network monitor

CVE-2023-40221 - vulnerability database | Vulners.com

Trust: 3.75

Fetched: Sept. 19, 2023, 9:20 a.m., Published: Sept. 18, 2023, 8:15 p.m.
 Vulnerabilities: request forgery, cross-site scripting, code injection...
Affected productsExternal IDs
db: NVD ids: CVE-2023-41084, CVE-2023-38582, CVE-2023-39446, CVE-2023-39452, CVE-2023-40221, CVE-2023-41965, CVE-2023-38255

Critical Remote Code Execution Flaw Discovered in Thousands of Juniper Devices - VULNERA

Trust: 4.25

Fetched: Sept. 19, 2023, 9:19 a.m., Published: Sept. 18, 2023, 7:40 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-36845, CVE-2023-36846, CVE-2023-36844, CVE-2023-36847

CVE-2023-38802 PAN-OS: Denial-of-Service (DoS) Vulnerability in BGP Software

Trust: 3.5

Fetched: Sept. 19, 2023, 9:17 a.m., Published: Sept. 13, 2023, 4 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo model: pan-os
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os
db: NVD ids: CVE-2023-38802, CVE-2023-4481, CVE-2023-38283, CVE-2023-40457

ThemeBleed exploit is another reason to patch Windows quickly

Trust: 4.25

Fetched: Sept. 19, 2023, 9:17 a.m., Published: Sept. 18, 2023, 10:44 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-38146

Chrome Releases: Stable Channel Update for Desktop

Trust: 5.0

Fetched: Sept. 19, 2023, 9:14 a.m., Published: Sept. 11, 2023, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: google model: chrome
db: NVD ids: CVE-2023-4863

Electronics | Free Full-Text | Machine-Learning-Based Vulnerability Detection and Classification in Internet of Things Device Security

Trust: 5.0

Fetched: Sept. 19, 2023, 9:12 a.m., Published: Jan. 19, 2023, midnight
 Vulnerabilities: code execution, resource exhaustion, memory corruption...
Affected productsExternal IDs
vendor: schneider model: monitor
vendor: google model: home
vendor: google model: android
vendor: schneider electric model: monitor
vendor: tp-link model: gateway
vendor: treck model: tcp/ip stack
db: NVD ids: CVE-2020-11896, CVE-2020-11901, CVE-2020-11897, CVE-2020-11898

CISA Adds Eight Known Exploited Vulnerabilities to Catalog | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202206-0393, VAR-201704-1556, VAR-201505-0274, VAR-202206-0056, VAR-202206-0005, VAR-202201-1001, VAR-202206-0324

Trust: 4.5

Fetched: Sept. 19, 2023, 9:09 a.m., Published: Sept. 15, 2023, midnight
 Vulnerabilities: authentication vulnerability, input validation vulnerability, command injection...
Affected productsExternal IDs
vendor: samsung model: samsung mobile
vendor: samsung model: mobile
vendor: samsung model: mobile devices
vendor: samsung model: note
vendor: zyxel model: emg2926
vendor: realtek model: realtek sdk
db: NVD ids: CVE-2022-31461, CVE-2017-6884, CVE-2014-8361, CVE-2022-31459, CVE-2022-31462, CVE-2022-22265, CVE-2022-31463, CVE-2021-3129

10 SaaS Web Vulnerability Scanner for Continuous Security

Trust: 3.5

Fetched: Sept. 17, 2023, 9:37 a.m., Published: Jan. 28, 2017, 12:45 p.m.
 Vulnerabilities: code execution, file inclusion, os command injection...
Affected productsExternal IDs

Vulnerability management for Azure Kubernetes Service - Azure Kubernetes Service | Microsoft Learn

Trust: 3.5

Fetched: Sept. 17, 2023, 9:35 a.m., Published: March 17, 2023, midnight
 Vulnerabilities: sql injection, cross-site scripting, buffer overflow
Affected productsExternal IDs
vendor: canonical model: ubuntu

Critical Vulnerability in FortiOS and FortiProxy (CVE-2022-40684) | NCERT

Related entries in the VARIoT vulnerabilities database: VAR-202210-0198

Trust: 4.0

Fetched: Sept. 17, 2023, 9:35 a.m., Published: Sept. 2, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2022-40684

iPhone Vulnerability Exposes Devices to Pegasus Spyware Attacks

Trust: 3.0

Fetched: Sept. 17, 2023, 9:34 a.m., Published: Sept. 11, 2023, 6:38 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone

CVE-2023-4039: GCC’s -fstack-protector fails to guard dynamic stack allocations on ARM64 | Meta Red Team X

Trust: 5.75

Fetched: Sept. 17, 2023, 9:32 a.m., Published: Sept. 12, 2023, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: canary model: canary
db: NVD ids: CVE-2023-4039, CVE-2018-12886

Activating Your Axonius-hosted (SaaS) Trial - Axonius-as-a-Service Trials

Trust: 3.0

Fetched: Sept. 17, 2023, 9:32 a.m., Published: Sept. 6, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: palo model: networks

Patch Tuesday September 2023: Office NLTM Hash Vulnerability Gets Fix - N-able

Trust: 4.25

Fetched: Sept. 17, 2023, 9:29 a.m., Published: Sept. 13, 2023, 10:57 a.m.
 Vulnerabilities: code execution, information disclosure
Affected productsExternal IDs
vendor: cisco model: firepower
vendor: cisco model: firepower threat defense
vendor: apple model: macos
db: NVD ids: CVE-2023-20269, CVE-2023-36804, CVE-2023-41061, CVE-2023-36796, CVE-2023-36793, CVE-2023-38143, CVE-2023-38148, CVE-2023-4863, CVE-2023-29332, CVE-2023-38142, CVE-2023-36756, CVE-2023-36745, CVE-2023-36744, CVE-2023-26369, CVE-2023-44064, CVE-2023-38144, CVE-2023-36777, CVE-2023-36792, CVE-2023-36802, CVE-2023-38161, CVE-2023-38160, CVE-2023-36761, CVE-2023-38152