VARIoT latest news about IoT security

Janus Vulnerability (CVE-2017-13156) \| by Sandeep Vishwakarma \| InfoSec Write-ups Trust: 3.75 Fetched: Jan. 21, 2024, 9:26 a.m., Published: Nov. 12, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2017-13156

10 of the biggest zero-day attacks of 2023 \| TechTarget Trust: 4.25 Fetched: Jan. 21, 2024, 9:26 a.m., Published: Jan. 10, 2024, midnight	Vulnerabilities: remote command injection, buffer overflow, command injection...

Affected products

External IDs

vendor:	palo	model:	networks
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	netscaler gateway
vendor:	cisco	model:	cisco ios
vendor:	barracuda	model:	barracuda
vendor:	barracuda	model:	running
vendor:	apple	model:	webkit
vendor:	citrix	model:	hypervisor
vendor:	citrix	model:	netscaler
vendor:	citrix	model:	netscaler adc
vendor:	citrix	model:	gateway
vendor:	citrix	model:	netscaler gateway
vendor:	google	model:	chrome
vendor:	palo alto networks	model:	networks
vendor:	trend	model:	security
vendor:	barracuda networks	model:	barracuda
vendor:	barracuda networks	model:	running

db:

NVD

ids:

CVE-2023-34362, CVE-2023-36884, CVE-2023-41064, CVE-2023-20198, CVE-2023-2868, CVE-2023-20867, CVE-2023-41992, CVE-2023-4966, CVE-2023-41991, CVE-2023-41993, CVE-2023-22515, CVE-2023-4863, CVE-2023-36584, CVE-2023-0669, CVE-2023-20273

What's new Trust: 3.75 Fetched: Jan. 21, 2024, 9:24 a.m., Published: April 21, 2019, midnight	Vulnerabilities: weak password

Affected products

External IDs

vendor:

apple

model:

macos

Several vulnerabilities in PAX payment terminals \| CERT Polska Trust: 3.75 Fetched: Jan. 21, 2024, 9:07 a.m., Published: Jan. 15, 2024, midnight	Vulnerabilities: command execution, code execution, parameter injection

Affected products

External IDs

db:

NVD

ids:

CVE-2023-42136, CVE-2023-42134, CVE-2023-42137, CVE-2023-42135, CVE-2023-4818

Cybersecurity: Best Practices For Medical Device Vulnerability Assessments \| Elite Biomedical Solutions Trust: 3.75 Fetched: Jan. 19, 2024, 10:05 a.m., Published: Jan. 2, 2024, midnight	Vulnerabilities: denial of service

Affected products	External IDs

CompTIA Security+ SY0-701 Full Course, Labs, and Study Plan - Trust: 3.0 Fetched: Jan. 19, 2024, 10:04 a.m., Published: Jan. 12, 2024, 9:50 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

wireshark

model:

wireshark

About the security content of iOS 15.7.6 and iPadOS 15.7.6 - Apple Support Trust: 4.25 Fetched: Jan. 19, 2024, 10:04 a.m., Published: July 15, 2006, midnight	Vulnerabilities: code execution, buffer overflow

Affected products

External IDs

vendor:	trend micro	model:	security
vendor:	trend	model:	security
vendor:	apple	model:	ipad air
vendor:	apple	model:	ipod touch
vendor:	apple	model:	ipad
vendor:	apple	model:	iphone
vendor:	apple	model:	webkit

db:

NVD

ids:

CVE-2023-32413, CVE-2023-32398, CVE-2023-32388, CVE-2023-32365, CVE-2023-32408, CVE-2023-28181, CVE-2023-32407, CVE-2023-27940, CVE-2023-23532, CVE-2023-32410, CVE-2023-32391, CVE-2023-28204, CVE-2023-32397, CVE-2023-32425, CVE-2023-32373, CVE-2023-32403, CVE-2023-32412, CVE-2023-32384

Find Vulnerabilities using NMAP Scripts (NSE) Trust: 3.0 Fetched: Jan. 19, 2024, 10:02 a.m., Published: Dec. 19, 2024, midnight	Vulnerabilities: denial of service

Affected products	External IDs

About the security content of iOS 15.5 and iPadOS 15.5 - Apple Support Related entries in the VARIoT vulnerabilities database: VAR-202205-1288, VAR-202205-1299, VAR-202205-1352, VAR-202205-1313, VAR-202209-1788, VAR-202205-1301, VAR-202205-1360, VAR-202205-1324, VAR-202205-1375, VAR-202205-1298, VAR-202205-1311, VAR-202205-1291, VAR-202205-1314, VAR-202205-1327, VAR-202207-1447, VAR-202205-1317, VAR-202205-1292, VAR-202205-1326, VAR-202205-1290, VAR-202205-1329, VAR-202205-1307, VAR-202205-1335, VAR-202205-1294, VAR-202205-1312, VAR-202205-1293, VAR-202205-1295, VAR-202205-1320, VAR-202205-1303, VAR-202205-1359, VAR-202205-1302, VAR-202202-0906, VAR-202205-1284, VAR-202205-1328, VAR-202205-1304, VAR-202205-1289, VAR-202205-1285, VAR-202205-1323, VAR-202205-1319, VAR-202205-1321 Trust: 5.25 Fetched: Jan. 19, 2024, 10:01 a.m., Published: Jan. 15, 2024, midnight	Vulnerabilities: integer overflow, authorization issue, bounds access issue...

Affected products

External IDs

vendor:	trend micro	model:	security
vendor:	trend	model:	security
vendor:	apple	model:	ipad
vendor:	apple	model:	ipod touch
vendor:	apple	model:	safari
vendor:	apple	model:	ipad air
vendor:	apple	model:	iphone
vendor:	apple	model:	webkit

db:

NVD

ids:

CVE-2022-26775, CVE-2022-26700, CVE-2015-4142, CVE-2022-26708, CVE-2022-26716, CVE-2022-32790, CVE-2022-26731, CVE-2022-26776, CVE-2022-26745, CVE-2022-26726, CVE-2022-26751, CVE-2022-26744, CVE-2022-26709, CVE-2022-26719, CVE-2022-26739, CVE-2022-32781, CVE-2022-26762, CVE-2022-26740, CVE-2022-26702, CVE-2022-26766, CVE-2022-26703, CVE-2022-26771, CVE-2022-26714, CVE-2022-26736, CVE-2022-22673, CVE-2022-26757, CVE-2022-26764, CVE-2022-26763, CVE-2022-26701, CVE-2022-26704, CVE-2022-26706, CVE-2022-23308, CVE-2022-22677, CVE-2022-26737, CVE-2022-26717, CVE-2022-26738, CVE-2022-26760, CVE-2022-26711, CVE-2022-26710, CVE-2022-26765

CISA adds Chrome and Citrix NetScaler to its Known Exploited Vulnerabilities catalog Related entries in the VARIoT vulnerabilities database: VAR-202401-1629, VAR-202401-2573 Trust: 5.5 Fetched: Jan. 19, 2024, 10:01 a.m., Published: Jan. 18, 2024, 7:07 p.m.	Vulnerabilities: memory access vulnerability, code injection, heap corruption...

Affected products

External IDs

vendor:	google	model:	chrome
vendor:	citrix	model:	netscaler gateway
vendor:	citrix	model:	gateway
vendor:	citrix	model:	netscaler
vendor:	citrix	model:	netscaler adc

db:

NVD

ids:

CVE-2023-6549, CVE-2024-0519, CVE-2023-6548

A Vulnerability in Cisco Unity Connection Could Allow for Arbitrary Code Execution Trust: 5.0 Fetched: Jan. 19, 2024, 9:55 a.m., Published: Jan. 11, 2024, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	cisco	model:	cisco unity
vendor:	cisco	model:	unity connection
vendor:	cisco	model:	cisco unity connection
vendor:	cisco	model:	unity

Distributed Energy Generation Gateway (In)Security - Security News Trust: 5.0 Fetched: Jan. 19, 2024, 9:55 a.m., Published: -	Vulnerabilities: default password

Affected products

External IDs

vendor:

enphase

model:

envoy

GrapheneOS: The privacy-focused Android fork explained Trust: 3.5 Fetched: Jan. 19, 2024, 9:49 a.m., Published: June 16, 2022, 10 a.m.	Vulnerabilities: memory corruption

Affected products

External IDs

vendor:	google	model:	pixel
vendor:	google	model:	home
vendor:	google	model:	android

System BIOS komputerów Alienware x15/x17 R1 \| Szczegóły sterownika \| Dell Polska Trust: 3.25 Fetched: Jan. 19, 2024, 9:49 a.m., Published: Jan. 10, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

dell

model:

bios

Dell XPS 8960 System BIOS \| Szczegóły sterownika \| Dell Polska Trust: 3.25 Fetched: Jan. 19, 2024, 9:49 a.m., Published: Jan. 19, 8960, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

dell

model:

bios

10 Critical Web Injection Attacks in 2024 (Risks & Mitigation) Trust: 3.5 Fetched: Jan. 19, 2024, 9:48 a.m., Published: Jan. 1, 2024, 8:01 a.m.	Vulnerabilities: request forgery, code injection, arbitrary command execution...

Affected products	External IDs

A new vulnerability affecting Apple, AMD, and Qualcomm GPUs could expose AI data \| TechSpot Trust: 3.5 Fetched: Jan. 19, 2024, 9:42 a.m., Published: Jan. 19, 4070, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	macbook air
vendor:	apple	model:	iphone
vendor:	apple	model:	macbook

db:

NVD

ids:

CVE-2023-4969

A big potential security flaw was just spotted in Apple chips and it all has to do with AI development - “LeftoverLocals” vulnerability could give hackers data from GPU local memory \| iMore Trust: 3.0 Fetched: Jan. 19, 2024, 9:41 a.m., Published: Jan. 18, 2024, 10:56 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	macbook air
vendor:	apple	model:	ipad
vendor:	apple	model:	ipad air
vendor:	apple	model:	iphone
vendor:	apple	model:	macbook

System BIOS komputera Dell XPS 9305 \| Szczegóły sterownika \| Dell Polska Trust: 3.25 Fetched: Jan. 19, 2024, 9:41 a.m., Published: Jan. 19, 9305, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

dell

model:

bios

Cutting Edge: Suspected APT Targets Ivanti Connect Secure VPN in New Zero-Day Exploitation \| Mandiant Trust: 5.25 Fetched: Jan. 19, 2024, 9:40 a.m., Published: Jan. 22, 2024, midnight	Vulnerabilities: arbitrary command execution, command injection, authentication bypass...

Affected products

External IDs

vendor:	google	model:	home
vendor:	pulse secure	model:	policy secure
vendor:	pulse secure	model:	connect secure

db:

NVD

ids:

CVE-2024-21887, CVE-2023-46805

VARIoT news about IoT security