Sign-up

VARIoT news about IoT security

About the security content of iOS 15.7.3 and iPadOS 15.7.3 - Apple Support

Related entries in the VARIoT vulnerabilities database: VAR-202301-1707, VAR-202301-1717, VAR-202301-1713, VAR-202301-1710, VAR-202301-1706

Trust: 3.75

Fetched: Jan. 28, 2024, 10:05 a.m., Published: July 15, 2003, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: ipad air
vendor: apple model: ipod touch
vendor: apple model: ipad
db: NVD ids: CVE-2023-23498, CVE-2023-23503, CVE-2023-23505, CVE-2023-23504, CVE-2023-23500

CVE-2024-23630 - vulnerability database | Vulners.com

Trust: 6.25

Fetched: Jan. 28, 2024, 9:58 a.m., Published: Jan. 26, 2024, 12:15 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: motorola model: motorola
db: NVD ids: CVE-2024-23630

Zero-click attacks: everything you need to know | TSC

Trust: 3.25

Fetched: Jan. 28, 2024, 9:56 a.m., Published: Jan. 18, 2024, noon
 Vulnerabilities: memory corruption, cross-site request forgery, request forgery...
Affected productsExternal IDs
vendor: rapid model: scada
vendor: apple model: iphone
vendor: essential model: phone

CVE-2024-23625 - vulnerability database | Vulners.com

Trust: 5.0

Fetched: Jan. 28, 2024, 9:54 a.m., Published: Jan. 26, 2024, 12:15 a.m.
 Vulnerabilities: command execution, command injection
Affected productsExternal IDs
vendor: d-link model: dap-1650
db: NVD ids: CVE-2024-23625

Vulnerability • InfoTech & InfoSec News

Trust: 4.0

Fetched: Jan. 28, 2024, 9:53 a.m., Published: Jan. 26, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: tvos
vendor: apple model: safari
vendor: apple model: macos
db: NVD ids: CVE-2024-23222

SVR hackers breach Microsoft, steal emails from the security team

Trust: 4.5

Fetched: Jan. 28, 2024, 9:53 a.m., Published: Jan. 22, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: palo model: networks
vendor: trend model: security
vendor: trend model: data loss prevention
vendor: trend micro model: security
vendor: trend micro model: data loss prevention
vendor: google model: chrome
vendor: google model: home
vendor: google model: wifi
vendor: palo alto networks model: networks
vendor: apple model: macos
db: NVD ids: CVE-2023-46805, CVE-2024-21887, CVE-2023-34048, CVE-2024-0517, CVE-2024-22195

AlmaLinux 9 : grub2 (ALSA-2024:0468) - vulnerability database | Vulners.com

Trust: 4.75

Fetched: Jan. 28, 2024, 9:42 a.m., Published: Jan. 26, 2024, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: alsa model: alsa
db: NVD ids: CVE-2023-4001

Cisco Unified Communications Products Remote Code Execution ... - vulnerability database | Vulners.com

Trust: 5.25

Fetched: Jan. 28, 2024, 9:42 a.m., Published: Jan. 24, 2024, 4 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: unified communications

8 BEST Web Vulnerability Scanning Tools

Trust: 3.25

Fetched: Jan. 28, 2024, 9:34 a.m., Published: Jan. 8, 2024, midnight
 Vulnerabilities: cross-site scripting, sql injection
Affected productsExternal IDs
vendor: snort model: snort
vendor: essential model: phone

Cisco Unified Communications Products Remote Code Execution Vulnerability

Trust: 3.75

Fetched: Jan. 28, 2024, 9:34 a.m., Published: Jan. 26, 2024, 9:01 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: unity
vendor: cisco model: unified communications
vendor: cisco model: unity connection

China-linked APT UNC3886 exploits VMware zero-day since 2021

Trust: 4.0

Fetched: Jan. 28, 2024, 9:33 a.m., Published: Jan. 19, 2024, 7:32 p.m.
 Vulnerabilities: command execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-20867, CVE-2023-34048

Apple TV < 17.3 Multiple Vulnerabilities (HT214055) - vulnerability database | Vulners.com

Trust: 3.5

Fetched: Jan. 28, 2024, 9:31 a.m., Published: Jan. 25, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: apple tv
vendor: apple model: apple_tv
db: NVD ids: CVE-2024-23213, CVE-2024-23210, CVE-2024-23223, CVE-2024-23215, CVE-2024-23218, CVE-2024-23206, CVE-2024-23212, CVE-2024-23222, CVE-2024-23208

Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202110-1691, VAR-202206-0004, VAR-202104-0768, VAR-202007-1393, VAR-202205-0394, VAR-202112-0566, VAR-202110-1690, VAR-202202-0171

Trust: 5.25

Fetched: Jan. 28, 2024, 9:29 a.m., Published: Jan. 28, 2023, midnight
 Vulnerabilities: directory traversal, command execution, path traversal...
Affected productsExternal IDs
vendor: buffalo model: buffalo wsr-2533dhp3
vendor: buffalo model: wsr-2533dhp3
vendor: buffalo model: wsr-2533dhpl2-bk
vendor: buffalo model: buffalo wsr-2533dhpl2
vendor: buffalo model: wsr-2533dhp3-bk
vendor: buffalo model: wsr-2533dhpl2
vendor: pulse model: secure pulse connect secure
vendor: pulse secure model: pulse connect secure
vendor: pulse secure model: connect secure
vendor: citrix model: sd-wan
vendor: citrix model: gateway
vendor: citrix model: sd-wan wanop
vendor: citrix model: application delivery controller
vendor: netapp model: cloud backup
vendor: netapp model: netapp cloud backup
vendor: zoho model: manageengine adselfservice plus
vendor: cisco model: sd-wan
vendor: cisco model: hyperflex hx data platform
vendor: cisco model: hyperflex
vendor: cisco model: technical support
vendor: cisco model: cisco hyperflex
db: NVD ids: CVE-2021-42237, CVE-2021-26084, CVE-2021-26854, CVE-2019-19781, CVE-2021-41773, CVE-2019-11510, CVE-2021-27078, CVE-2021-27065, CVE-2021-22205, CVE-2021-1497, CVE-2021-26412, CVE-2021-26857, CVE-2022-26134, CVE-2021-40539, CVE-2021-26858, CVE-2021-20090, CVE-2021-26855, CVE-2021-36260, CVE-2020-5902, CVE-2022-1388, CVE-2021-22005, CVE-2021-44228, CVE-2021-42013, CVE-2022-24112

Mirai Botnet Attack IoT Devices via CVE-2020-5902

Related entries in the VARIoT vulnerabilities database: VAR-202007-1393

Trust: 3.5

Fetched: Jan. 28, 2024, 9:29 a.m., Published: July 28, 2020, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
vendor: trend model: home network security
vendor: trend micro model: security
vendor: trend micro model: home network security
db: NVD ids: CVE-2020-5902

2023 Apple & iOS Vulnerabilities from CISA (Quick Reference)

Related entries in the VARIoT vulnerabilities database: VAR-202210-1624, VAR-202302-1097, VAR-202209-0759, VAR-202108-1164, VAR-202203-1579, VAR-201504-0081, VAR-201608-0186, VAR-201608-0188, VAR-201912-0546, VAR-202002-1163, VAR-202108-2057, VAR-202010-1228, VAR-201904-1459, VAR-202104-0612, VAR-201608-0187, VAR-201912-0480, VAR-201912-0613, VAR-202108-1137, VAR-201912-0473, VAR-202006-1646, VAR-202208-1294, VAR-202202-0109, VAR-201409-0487, VAR-201912-0474, VAR-202201-0561, VAR-202208-1345, VAR-202203-1580, VAR-202212-1751, VAR-202108-2051

Trust: 5.5

Fetched: Jan. 28, 2024, 9:28 a.m., Published: Jan. 28, 2023, midnight
 Vulnerabilities: memory corruption, input validation vulnerability, information disclosure...
Affected productsExternal IDs
vendor: apple model: apple tv
vendor: apple model: watchos
vendor: apple model: webkit
vendor: apple model: safari
vendor: apple model: tvos
vendor: apple model: macos
db: NVD ids: CVE-2022-42827, CVE-2023-23529, CVE-2022-32917, CVE-2023-32409, CVE-2021-31010, CVE-2023-41064, CVE-2022-22674, CVE-2015-1130, CVE-2016-4655, CVE-2016-4657, CVE-2023-41991, CVE-2019-8526, CVE-2023-42824, CVE-2023-32434, CVE-2023-32435, CVE-2023-28205, CVE-2020-3837, CVE-2021-30883, CVE-2020-9907, CVE-2018-4344, CVE-2023-28206, CVE-2021-1789, CVE-2023-37450, CVE-2023-32439, CVE-2016-4656, CVE-2023-41061, CVE-2019-8506, CVE-2023-28204, CVE-2023-38606, CVE-2019-8605, CVE-2021-30983, CVE-2023-41992, CVE-2019-7286, CVE-2023-41993, CVE-2020-9859, CVE-2022-32894, CVE-2022-22620, CVE-2014-4404, CVE-2023-32373, CVE-2019-7287, CVE-2022-22587, CVE-2022-32893, CVE-2022-22675, CVE-2022-42856, CVE-2021-30900

The increase in vulnerabilities is the reason why device vulnerability management is important

Trust: 3.75

Fetched: Jan. 28, 2024, 9:27 a.m., Published: Dec. 11, 2022, 11:30 p.m.
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs

Kaspersky unknown hardware 'feature' used in iPhone attacks • The Register

Trust: 4.75

Fetched: Jan. 28, 2024, 9:17 a.m., Published: -
 Vulnerabilities: feature bypass
Affected productsExternal IDs
vendor: apple model: iphone
db: NVD ids: CVE-2023-38606

CVE - Search Results

Related entries in the VARIoT vulnerabilities database: VAR-201703-0607, VAR-201903-0591, VAR-201708-0554, VAR-202208-0759, VAR-201311-0297

Trust: 5.25

Fetched: Jan. 28, 2024, 9:15 a.m., Published: Jan. 3, 2024, midnight
 Vulnerabilities: memory corruption, directory traversal, address corruption...
Affected productsExternal IDs
vendor: lenovo model: system
vendor: lenovo model: bios
vendor: lenovo model: desktop
vendor: hewlett packard enterprise model: moonshot
vendor: hewlett packard enterprise model: switches
vendor: hewlett packard enterprise model: integrity
vendor: hewlett packard model: moonshot
vendor: hewlett packard model: switches
vendor: hewlett packard model: integrity
vendor: cisco model: nx-os software
vendor: cisco model: guard
vendor: cisco model: nexus 9500
vendor: cisco model: series switches
vendor: cisco model: nexus
vendor: cisco model: 1000v
vendor: cisco model: nexus 7000
vendor: cisco model: cisco nexus 1000v switch
vendor: cisco model: cisco nx-os
vendor: cisco model: nexus 1000v switch
vendor: cisco model: nexus 3000
vendor: cisco model: nexus 1000v
vendor: cisco model: virtual security gateway
vendor: cisco model: nx-os
vendor: cisco model: series
db: NVD ids: CVE-2017-8707, CVE-2022-34696, CVE-2022-22713, CVE-2021-26416, CVE-2020-1040, CVE-2019-0715, CVE-2019-1310, CVE-2010-3960, CVE-2018-8439, CVE-2022-22712, CVE-2019-0712, CVE-2015-2534, CVE-2019-0714, CVE-2017-0179, CVE-2022-22008, CVE-2021-40461, CVE-2022-24490, CVE-2018-0888, CVE-2017-0180, CVE-2019-0550, CVE-2019-0928, CVE-2019-0721, CVE-2023-36908, CVE-2019-1309, CVE-2018-0965, CVE-2022-44682, CVE-2017-0097, CVE-2021-25140, CVE-2020-0751, CVE-2020-0617, CVE-2017-8714, CVE-2019-0551, CVE-2017-0109, CVE-2020-1243, CVE-2014-0148, CVE-2019-1398, CVE-2023-36407, CVE-2021-26867, CVE-2022-29106, CVE-2019-1254, CVE-2019-0723, CVE-2017-0095, CVE-2017-0184, CVE-2017-0178, CVE-2019-1599, CVE-2021-42274, CVE-2018-8437, CVE-2017-8712, CVE-2018-8219, CVE-2016-0090, CVE-2019-1470, CVE-2017-8704, CVE-2017-0182, CVE-2017-0051, CVE-2020-0909, CVE-2017-8664, CVE-2017-8706, CVE-2020-1032, CVE-2019-0710, CVE-2022-41094, CVE-2017-0099, CVE-2011-1872, CVE-2022-21847, CVE-2020-1043, CVE-2018-8490, CVE-2022-21900, CVE-2018-0957, CVE-2017-0212, CVE-2020-17040, CVE-2017-0096, CVE-2021-33758, CVE-2022-23257, CVE-2019-0720, CVE-2021-25139, CVE-2020-16891, CVE-2019-1471, CVE-2017-0162, CVE-2018-8434, CVE-2021-28476, CVE-2024-20700, CVE-2021-37841, CVE-2021-28314, CVE-2017-0163, CVE-2016-0089, CVE-2019-0709, CVE-2017-0169, CVE-2017-0098, CVE-2021-28444, CVE-2019-0695, CVE-2018-0959, CVE-2017-3753, CVE-2021-1692, CVE-2018-0961, CVE-2010-0026, CVE-2018-8218, CVE-2017-0074, CVE-2017-0075, CVE-2012-5532, CVE-2019-1397, CVE-2019-1230, CVE-2019-0711, CVE-2017-8713, CVE-2019-0722, CVE-2016-4440, CVE-2016-0088, CVE-2020-1036, CVE-2020-1080, CVE-2018-0885, CVE-2017-0183, CVE-2020-17095, CVE-2019-0886, CVE-2021-28441, CVE-2020-1041, CVE-2019-0718, CVE-2019-1399, CVE-2022-23268, CVE-2022-21975, CVE-2024-20699, CVE-2019-0635, CVE-2021-31977, CVE-2017-8711, CVE-2017-0021, CVE-2022-21901, CVE-2022-24537, CVE-2020-1042, CVE-2022-30223, CVE-2021-38672, CVE-2023-36427, CVE-2022-24539, CVE-2021-42284, CVE-2019-0966, CVE-2017-0185, CVE-2022-35751, CVE-2019-0965, CVE-2022-30163, CVE-2022-37979, CVE-2021-30178, CVE-2023-36406, CVE-2018-0964, CVE-2015-2361, CVE-2022-21905, CVE-2018-8435, CVE-2021-1691, CVE-2020-6102, CVE-2017-0168, CVE-2022-22042, CVE-2019-0713, CVE-2017-0076, CVE-2013-5556, CVE-2020-6100, CVE-2022-26783, CVE-2023-23411, CVE-2019-0719, CVE-2017-0193, CVE-2017-8623, CVE-2020-24623, CVE-2017-0181, CVE-2012-2669, CVE-2022-38015, CVE-2015-2362, CVE-2022-26785, CVE-2020-1047, CVE-2013-3898, CVE-2020-0904, CVE-2018-8489, CVE-2021-33755, CVE-2022-21995, CVE-2019-0690, CVE-2020-0917, CVE-2020-0918, CVE-2020-0910, CVE-2019-0620, CVE-2018-8438, CVE-2019-1389, CVE-2023-32013, CVE-2020-0661, CVE-2019-0717, CVE-2021-1704, CVE-2020-0890, CVE-2022-24466, CVE-2021-43246, CVE-2020-6101, CVE-2017-0186, CVE-2023-36408, CVE-2019-0701, CVE-2022-22009, CVE-2015-1647, CVE-2020-6103, CVE-2018-8436, CVE-2021-34450

High-Severity Flaws Uncovered in Bosch Thermostats and Smart Nutrunners

Trust: 4.75

Fetched: Jan. 28, 2024, 9:14 a.m., Published: Jan. 15, 2024, 8:16 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: bosch model: nexo
vendor: bosch model: iot gateway
db: NVD ids: CVE-2023-49722

Critical RCE Vulnerability in Cisco Unified Communications with Risk of Root Access (CVE-2024-20253) - SOCRadar® Cyber Intelligence Inc.

Trust: 6.0

Fetched: Jan. 28, 2024, 9:13 a.m., Published: Jan. 26, 2024, 11:48 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: unity connection
vendor: cisco model: unified communications manager im & presence service
vendor: cisco model: unified contact center express
vendor: cisco model: virtualized voice browser
vendor: cisco model: unity
vendor: cisco model: unified communications
vendor: cisco model: unified communications manager session management edition
vendor: cisco model: unified communications manager
db: NVD ids: CVE-2024-20253