Sign-up

VARIoT news about IoT security

Zyxel addresses critical firewall, VPN flaws | SC Media

Related entries in the VARIoT vulnerabilities database: VAR-202305-2121, VAR-202305-2285, VAR-202304-2073

Trust: 6.0

Fetched: June 6, 2023, 9:12 a.m., Published: July 20, 2022, 6 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: zyxel model: zywall
db: NVD ids: CVE-2023-33009, CVE-2023-33010, CVE-2023-28771

10 Best Open-Source Vulnerability Scanners for 2023

Trust: 3.25

Fetched: June 6, 2023, 9:11 a.m., Published: May 16, 2023, 4:30 p.m.
 Vulnerabilities: sql injection, file enumeration, cross-site scripting...
Affected productsExternal IDs
vendor: google model: home
vendor: google model: android

Google releases June 2023 Android Security Bulletin and Google Device Images | Rapid Meta

Related entries in the VARIoT vulnerabilities database: VAR-202301-0521

Trust: 5.5

Fetched: June 6, 2023, 9:10 a.m., Published: June 5, 2023, 10:28 p.m.
 Vulnerabilities: denial of service, privilege escalation, information disclosure...
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2022-33264, CVE-2023-21128, CVE-2022-46781, CVE-2023-21669, CVE-2022-40533, CVE-2021-0945, CVE-2023-21131, CVE-2023-21130, CVE-2023-21127, CVE-2023-21123, CVE-2023-21101, CVE-2023-21105, CVE-2022-22706, CVE-2023-21628, CVE-2023-21656, CVE-2023-21126, CVE-2023-21137, CVE-2022-40521, CVE-2023-21136, CVE-2023-21142, CVE-2023-21144, CVE-2023-21658, CVE-2022-22060, CVE-2021-0701, CVE-2023-21121, CVE-2023-21122, CVE-2023-21139, CVE-2022-48438, CVE-2023-21135, CVE-2023-21115, CVE-2022-48392, CVE-2022-40523, CVE-2022-48391, CVE-2022-40529, CVE-2022-40517, CVE-2023-21108, CVE-2023-21143, CVE-2022-33257, CVE-2023-21659, CVE-2022-40536, CVE-2023-21661, CVE-2023-21670, CVE-2022-33251, CVE-2022-33292, CVE-2023-21120, CVE-2022-40520, CVE-2023-21141, CVE-2023-21657, CVE-2023-21138, CVE-2022-28349, CVE-2023-21095, CVE-2022-40538, CVE-2022-48390, CVE-2022-40516, CVE-2023-21129, CVE-2023-21124

New vulnerability gives MacOS users a 'Migraine' | SC Media

Trust: 4.0

Fetched: June 6, 2023, 9:10 a.m., Published: July 20, 2022, 6 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2023-32369

Major firewall maker alerts customers to vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202203-1898, VAR-202305-2121, VAR-202305-2285, VAR-202304-2073

Trust: 5.75

Fetched: June 6, 2023, 9:09 a.m., Published: June 5, 2023, 7:47 a.m.
 Vulnerabilities: buffer overflow, command execution, code execution...
Affected productsExternal IDs
vendor: zyxel model: zywall
db: NVD ids: CVE-2022-0342, CVE-2023-33009, CVE-2023-33010, CVE-2023-28771

Technical Advisory - Multiple Vulnerabilities in Faronics Insight (CVE-2023-28344, CVE-2023-28345, CVE-2023-28346, CVE-2023-28347, CVE-2023-28348, CVE-2023-28349, CVE-2023-28350, CVE-2023-28351, CVE-2023-28352, CVE-2023-28353) | NCC Group Research Blog | Making the world safer and more secure

Trust: 3.5

Fetched: June 4, 2023, 9:05 a.m., Published: May 30, 2023, 1 a.m.
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-28348, CVE-2023-28352, CVE-2023-28347, CVE-2023-28345, CVE-2023-28353, CVE-2023-28344, CVE-2023-28351, CVE-2023-28350, CVE-2023-28346, CVE-2023-28349

UNVEILING HIDDEN VULNERABILITIES: NMAP FOR WEB APPLICATION TESTING AND IOT DEVICE SECURITY

Trust: 3.5

Fetched: June 4, 2023, 9:04 a.m., Published: May 25, 2023, midnight
 Vulnerabilities: sql injection, cross-site scripting, default credentials
Affected productsExternal IDs

"Beautiful Cookie Consent Banner" WordPress plugin vulnerability: Update now!

Trust: 3.0

Fetched: June 2, 2023, 9:11 a.m., Published: May 25, 2023, 8:04 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs

Barracuda Networks patches zero-day vulnerability in Email Security Gateway

Trust: 5.25

Fetched: June 2, 2023, 9:11 a.m., Published: -
 Vulnerabilities: command injection, remote command injection
Affected productsExternal IDs
vendor: barracuda networks model: barracuda
vendor: barracuda model: barracuda
db: NVD ids: CVE-2023-2868

Widespread Exploitation of Zyxel Network Devices | Rapid7 Blog

Related entries in the VARIoT vulnerabilities database: VAR-202304-2073, VAR-202305-2285, VAR-202305-2121

Trust: 4.75

Fetched: June 2, 2023, 9:11 a.m., Published: May 31, 2023, 2:11 p.m.
 Vulnerabilities: buffer overflow, command injection
Affected productsExternal IDs
vendor: zyxel model: zywall
db: NVD ids: CVE-2023-28771, CVE-2023-33010, CVE-2023-33009

Zyxel vulnerability under 'widespread' exploitation | TechTarget

Related entries in the VARIoT vulnerabilities database: VAR-202304-2073

Trust: 4.75

Fetched: June 2, 2023, 9:10 a.m., Published: June 1, 2023, midnight
 Vulnerabilities: command injection, os command injection, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-28771

Cybersecurity Terms: A to Z Glossary | Coursera

Trust: 3.25

Fetched: June 2, 2023, 9:09 a.m., Published: May 17, 2023, midnight
 Vulnerabilities: sql injection, denial of service
Affected productsExternal IDs
vendor: essential model: phone
vendor: google model: wi-fi router

Critical Zyxel vulnerability is being actively exploited - Techzine Europe

Related entries in the VARIoT vulnerabilities database: VAR-202304-2073

Trust: 5.75

Fetched: June 2, 2023, 9:08 a.m., Published: June 1, 2023, 11:09 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: zyxel model: nas540
vendor: zyxel model: nas542
vendor: zyxel model: nas326
vendor: zyxel model: zywall
db: NVD ids: CVE-2023-28771

A critical security flaw is affecting Zyxel firewall devices - here's what you need to know | TechRadar

Related entries in the VARIoT vulnerabilities database: VAR-202304-2073, VAR-202305-2285, VAR-202305-2121

Trust: 5.75

Fetched: June 2, 2023, 9:07 a.m., Published: June 1, 2023, 4:25 p.m.
 Vulnerabilities: buffer overflow, command injection, denial of service...
Affected productsExternal IDs
vendor: zyxel model: zywall
db: NVD ids: CVE-2023-28771, CVE-2023-33010, CVE-2023-33009

Zyxel patches vulnerability in NAS devices (CVE-2023-27988) - Help Net Security

Trust: 5.75

Fetched: June 2, 2023, 9:07 a.m., Published: May 31, 2023, 11:47 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: zyxel model: nas540
vendor: zyxel model: nas542
vendor: zyxel model: nas326
db: NVD ids: CVE-2023-27988

New Android & Google Device Vulnerability Reward Program

Trust: 3.0

Fetched: May 31, 2023, 9:15 a.m., Published: May 18, 2023, 8:17 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

Old Wine in the New Bottle: Mirai Variant Targets Multiple IoT Devices

Trust: 4.25

Fetched: May 31, 2023, 9:14 a.m., Published: May 25, 2023, 6 a.m.
 Vulnerabilities: arbitrary command execution, command injection, command execution...
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: tenda model: router
db: NVD ids: CVE-2023-26802, CVE-2023-26801, CVE-2023-27076

New macOS vulnerability, Migraine, could bypass System Integrity Protection | Microsoft Security Blog

Related entries in the VARIoT vulnerabilities database: VAR-202108-2056

Trust: 5.75

Fetched: May 31, 2023, 9:13 a.m., Published: May 30, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2021-30892, CVE-2023-32369

Textbook ‘NTP Textbox’ Vulnerability in Zyxel’s NAS326, NAS540, and NAS542 Devices | Sternum

Trust: 5.5

Fetched: May 31, 2023, 9:13 a.m., Published: May 30, 2023, 8:47 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: zyxel model: nas326
vendor: zyxel model: nas542
vendor: zyxel model: nas540
db: NVD ids: CVE-2023-27988

Barracuda Email Security Gateway Appliance (ESG) Vulnerability

Trust: 4.25

Fetched: May 31, 2023, 9:06 a.m., Published: May 30, 2023, 8:27 p.m.
 Vulnerabilities: command injection, remote command injection
Affected productsExternal IDs
vendor: barracuda model: barracuda
vendor: barracuda networks model: barracuda
db: NVD ids: CVE-2023-28681, CVE-2023-2868