VARIoT latest news about IoT security

EOL Sophos firewalls get hotfix for old but still exploited vulnerability (CVE-2022-3236) - Help Net Security Related entries in the VARIoT vulnerabilities database: VAR-202209-1931 Trust: 6.0 Fetched: Jan. 10, 2024, 10:31 a.m., Published: Dec. 13, 2023, 11:03 a.m.	Vulnerabilities: code injection, code execution

Affected products

External IDs

vendor:

sophos

model:

firewall

db:

NVD

ids:

CVE-2022-3236

CVE - CVE-2021-3060 Trust: 3.25 Fetched: Jan. 10, 2024, 10:30 a.m., Published: Jan. 3, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-3060

CISA Issues ICS Advisories for Vulnerabilities Affecting Rockwell Automation, Mitsubishi Electric, and Unitronics Related entries in the VARIoT vulnerabilities database: VAR-202302-0482, VAR-202302-0195, VAR-202309-0672 Trust: 5.5 Fetched: Jan. 10, 2024, 10:29 a.m., Published: Jan. 5, 2024, 10:47 a.m.	Vulnerabilities: buffer overflow, code execution

Affected products

External IDs

vendor:	rockwell	model:	automation factorytalk activation manager
vendor:	rockwell	model:	studio 5000 logix designer
vendor:	rockwell	model:	automation factorytalk
vendor:	rockwell	model:	factorytalk activation
vendor:	rockwell	model:	studio 5000
vendor:	rockwell	model:	factorytalk
vendor:	wibu	model:	codemeter
vendor:	wibu	model:	codemeter runtime
vendor:	wibu-systems	model:	codemeter
vendor:	wibu-systems	model:	codemeter runtime
vendor:	rockwell automation	model:	automation factorytalk activation manager
vendor:	rockwell automation	model:	studio 5000 logix designer
vendor:	rockwell automation	model:	automation factorytalk
vendor:	rockwell automation	model:	factorytalk activation
vendor:	rockwell automation	model:	studio 5000
vendor:	rockwell automation	model:	factorytalk
vendor:	unitronics	model:	visilogic

db:

NVD

ids:

CVE-2022-4304, CVE-2022-4450, CVE-2023-38545, CVE-2023-6448, CVE-2023-0286, CVE-2023-3935

CVE-2023-49252 - vulnerability database \| Vulners.com Related entries in the VARIoT vulnerabilities database: VAR-202401-0195 Trust: 3.25 Fetched: Jan. 10, 2024, 10:28 a.m., Published: Jan. 9, 2024, 10:15 a.m.	Vulnerabilities: denial of service

Affected products

External IDs

db:

NVD

ids:

CVE-2023-49252

What is a Buffer Overflow \| Attack Types and Prevention Methods \| Imperva Trust: 4.5 Fetched: Jan. 10, 2024, 10:28 a.m., Published: Dec. 21, 2023, 9:47 a.m.	Vulnerabilities: buffer overrun, buffer overflow

Affected products

External IDs

vendor:

imperva

model:

web application firewall

Alert: New Vulnerabilities Discovered in QNAP and Kyocera Device Manager - RedPacket Security Trust: 4.75 Fetched: Jan. 10, 2024, 10:27 a.m., Published: Jan. 9, 2024, 1 p.m.	Vulnerabilities: path traversal, cross-site scripting, sql injection...

Affected products

External IDs

vendor:

netatalk

model:

netatalk

db:

NVD

ids:

CVE-2022-43634, CVE-2023-47560, CVE-2023-50916, CVE-2023-41287, CVE-2023-47559, CVE-2023-39296, CVE-2023-41288

CVE - CVE-2020-3452 Related entries in the VARIoT vulnerabilities database: VAR-202007-1057 Trust: 3.25 Fetched: Jan. 10, 2024, 10:27 a.m., Published: Jan. 3, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2020-3452

Shield Your Device: Mitigating Bluetooth Vulnerability Risks Trust: 5.5 Fetched: Jan. 10, 2024, 10:25 a.m., Published: Dec. 21, 2023, 3 p.m.	Vulnerabilities: authentication bypass, code execution

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	pixel
vendor:	apple	model:	macos

db:

NVD

ids:

CVE-2023-45866

Important: bluez - vulnerability database \| Vulners.com Trust: 4.0 Fetched: Jan. 10, 2024, 10:25 a.m., Published: Jan. 3, 2024, 9:04 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

cups

model:

cups

db:

NVD

ids:

CVE-2023-45866

24-002 (January 9, 2024) - Threat Encyclopedia Trust: 4.0 Fetched: Jan. 10, 2024, 10:24 a.m., Published: Jan. 9, 2024, midnight	Vulnerabilities: denial of service, input validation vulnerability, cross-site scripting...

Affected products

External IDs

db:

NVD

ids:

CVE-2023-46604, CVE-2023-51467, CVE-2023-26256, CVE-2023-44324, CVE-2023-26255, CVE-2023-39265, CVE-2023-40176, CVE-2023-46214, CVE-2023-6360, CVE-2023-33226, CVE-2023-45138, CVE-2023-32247, CVE-2023-39469

Is 2gb Raspberry Pi Enough for Home Assistant? - ByRetreat Trust: 3.5 Fetched: Jan. 10, 2024, 10:18 a.m., Published: Dec. 21, 2023, 8:47 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

home assistant

model:

home assistant

CVE - CVE-2023-33975 Trust: 3.25 Fetched: Jan. 10, 2024, 10:13 a.m., Published: Jan. 3, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2023-33975

Alert: New Vulnerabilities Discovered in QNAP and Kyocera De... - vulnerability database \| Vulners.com Trust: 4.75 Fetched: Jan. 10, 2024, 10:13 a.m., Published: Jan. 9, 2024, 9:52 a.m.	Vulnerabilities: path traversal, cross-site scripting, sql injection...

Affected products

External IDs

vendor:

netatalk

model:

netatalk

db:

NVD

ids:

CVE-2022-43634, CVE-2023-47560, CVE-2023-50916, CVE-2023-41287, CVE-2023-47559, CVE-2023-39296, CVE-2023-41288

Attackers could use vulnerabilities in Bosch Rexroth nutrunners to disrupt automotive production - Help Net Security Trust: 3.75 Fetched: Jan. 10, 2024, 10 a.m., Published: Jan. 9, 2024, 3:45 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	bosch rexroth	model:	nexo
vendor:	bosch	model:	nexo

db:

NVD

ids:

CVE-2023-48266, CVE-2023-48242, CVE-2023-48257

CVE - Search Results Related entries in the VARIoT vulnerabilities database: VAR-201811-0477, VAR-201801-1128, VAR-201811-0470, VAR-201803-1708, VAR-201810-1125, VAR-202204-0692 Trust: 5.25 Fetched: Jan. 10, 2024, 9:58 a.m., Published: Jan. 3, 2024, midnight	Vulnerabilities: security feature bypass, path traversal, untrusted search path...

Affected products

External IDs

vendor:	ansible	model:	ansible
vendor:	zoho	model:	manageengine applications manager

db:

NVD

ids:

CVE-2018-8200, CVE-2017-8746, CVE-2017-11823, CVE-2021-31838, CVE-2017-0007, CVE-2022-31180, CVE-2018-8415, CVE-2018-18603, CVE-2017-0215, CVE-2020-9326, CVE-2021-21270, CVE-2021-28927, CVE-2018-8327, CVE-2020-10962, CVE-2017-0216, CVE-2019-1000, CVE-2020-16886, CVE-2018-8217, CVE-2016-0321, CVE-2023-1203, CVE-2022-32973, CVE-2018-8222, CVE-2022-45184, CVE-2022-41076, CVE-2018-20146, CVE-2019-1373, CVE-2018-0786, CVE-2018-20753, CVE-2019-0588, CVE-2022-26788, CVE-2023-40581, CVE-2022-26355, CVE-2023-49213, CVE-2018-8212, CVE-2017-0218, CVE-2018-8204, CVE-2018-18748, CVE-2022-45183, CVE-2018-8256, CVE-2018-8492, CVE-2018-0875, CVE-2017-8715, CVE-2021-42098, CVE-2015-2108, CVE-2018-8216, CVE-2021-41022, CVE-2023-29299, CVE-2017-8565, CVE-2018-6668, CVE-2023-39520, CVE-2018-8292, CVE-2020-0951, CVE-2018-8215, CVE-2017-0219, CVE-2022-39327, CVE-2020-29552, CVE-2018-8211, CVE-2022-24765, CVE-2018-8201, CVE-2018-8221, CVE-2022-22744, CVE-2018-7890, CVE-2017-0173, CVE-2021-43896, CVE-2023-36013, CVE-2018-16859, CVE-2022-48323

New JavaScript malware targets 50K bank users worldwide Trust: 5.5 Fetched: Jan. 10, 2024, 9:52 a.m., Published: Jan. 3, 2024, midnight	Vulnerabilities: buffer overflow, code execution

Affected products

External IDs

vendor:	google	model:	chrome
vendor:	apple	model:	safari
vendor:	apple	model:	macos
vendor:	apple	model:	watch

db:

NVD

ids:

CVE-2023-7024, CVE-2023-35384, CVE-2023-23397, CVE-2023-36710

Path Traversal Bug Besets Popular Kyocera Office Printers Trust: 4.0 Fetched: Jan. 10, 2024, 9:52 a.m., Published: Jan. 5, 2024, midnight	Vulnerabilities: path traversal

Affected products

External IDs

db:

NVD

ids:

CVE-2023-50916

High-severity RCE among 6 bugs added to CISA's exploited vulnerability catalog \| SC Media Related entries in the VARIoT vulnerabilities database: VAR-202210-1176 Trust: 4.5 Fetched: Jan. 10, 2024, 9:52 a.m., Published: Jan. 9, 2024, 4:10 p.m.	Vulnerabilities: access control vulnerability, improper access control, command injection...

Affected products

External IDs

vendor:	apple	model:	iphone
vendor:	d-link	model:	dsl-2750b

db:

NVD

ids:

CVE-2023-2754, CVE-2023-41990, CVE-2023-23752, CVE-2023-29300, CVE-2023-38203, CVE-2016-20017

Technical Tip: How to detect IoT device vulnerabil... - Fortinet Community Trust: 3.25 Fetched: Jan. 10, 2024, 9:51 a.m., Published: Jan. 9, 2024, 4:43 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	samsung	model:	galaxy
vendor:	samsung	model:	note
vendor:	essential	model:	phone

A security expert's guide to the top-exploited vulnerabilities \| Cybersecurity Dive Related entries in the VARIoT vulnerabilities database: VAR-202007-1393, VAR-201906-0815, VAR-202008-0193, VAR-202008-0248, VAR-202007-0079 Trust: 5.25 Fetched: Jan. 10, 2024, 9:50 a.m., Published: Aug. 4, 2021, midnight	Vulnerabilities: privilege escalation, path traversal, code execution

Affected products

External IDs

vendor:	accellion	model:	accellion file transfer appliance
vendor:	accellion	model:	file transfer appliance

db:

NVD

ids:

CVE-2020-5902, CVE-2018-13379, CVE-2019-11510, CVE-2021-26857, CVE-2021-27101, CVE-2019-11580, CVE-2021-26855, CVE-2021-21985, CVE-2019-18935, CVE-2019-5591, CVE-2021-27103, CVE-2021-22900, CVE-2021-22894, CVE-2018-7600, CVE-2021-26858, CVE-2019-0604, CVE-2021-22899, CVE-2020-0787, CVE-2021-22893, CVE-2021-27104, CVE-2020-1472, CVE-2021-27102, CVE-2017-11882, CVE-2020-15505, CVE-2020-12812, CVE-2021-27065, CVE-2019-19781

VARIoT news about IoT security