VARIoT latest news about IoT security

Samsung Phones High-Risk: Government has 'warning' for Galaxy S23, other Samsung smartphone users - Times of India Trust: 3.5 Fetched: Dec. 19, 2023, 9:21 a.m., Published: Dec. 16, 2023, 5:43 p.m.	Vulnerabilities: improper access control, input validation vulnerability, access control flaw...

Affected products

External IDs

vendor:	samsung	model:	galaxy
vendor:	samsung	model:	note
vendor:	samsung	model:	knox

Mandiant Discloses Critical Vulnerability Affecting Millions of IoT Devices \| Mandiant Trust: 4.5 Fetched: Dec. 19, 2023, 9:15 a.m., Published: Dec. 25, 2023, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	watch
vendor:	google	model:	home
vendor:	wireshark	model:	wireshark

db:

NVD

ids:

CVE-2021-28372

SCATTERED SPIDER Attempts to Avoid Detection with Bring-Your-Own-Driver Tactic Related entries in the VARIoT vulnerabilities database: VAR-201708-0246 Trust: 4.5 Fetched: Dec. 19, 2023, 9:14 a.m., Published: Jan. 10, 2023, 8:27 a.m.	Vulnerabilities: control bypass

Affected products

External IDs

vendor:	palo alto networks	model:	networks
vendor:	palo	model:	networks

db:

NVD

ids:

CVE-2015-2291

Inside the Smart Home: IoT Device Threats and Attack Scenarios - Security News Trust: 3.25 Fetched: Dec. 19, 2023, 9:13 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	trend	model:	security
vendor:	trend micro	model:	security

URGENT/11 \| Armis Related entries in the VARIoT vulnerabilities database: VAR-201908-0704, VAR-201908-0713, VAR-201908-0703, VAR-201908-0706, VAR-201908-0702, VAR-201908-0705, VAR-201908-0699, VAR-201908-0715, VAR-201908-0712, VAR-201908-0714, VAR-201908-0701 Trust: 5.25 Fetched: Dec. 19, 2023, 9:12 a.m., Published: Aug. 22, 2023, 1:59 p.m.	Vulnerabilities: code execution, memory corruption, information leak...

Affected products

External IDs

vendor:	samsung	model:	note
vendor:	samsung	model:	printers
vendor:	samsung	model:	printer
vendor:	siemens	model:	nucleus rtos
vendor:	siemens	model:	nucleus
vendor:	rockwell	model:	arena
vendor:	nats	model:	server
vendor:	snort	model:	snort
vendor:	rockwell automation	model:	arena

db:

NVD

ids:

CVE-2019-12263, CVE-2019-12256, CVE-2019-12262, CVE-2019-12265, CVE-2019-12261, CVE-2019-12264, CVE-2019-12259, CVE-2019-12258, CVE-2019-12255, CVE-2019-12257, CVE-2019-12260

Phosphorus’s Cyber-Physical System (CPS) Protection Trust: 3.75 Fetched: Dec. 17, 2023, 10:17 a.m., Published: Dec. 7, 2023, midnight	Vulnerabilities: default credentials

Affected products

External IDs

vendor:

trend

model:

security

System BIOS komputerów Dell Inspiron 5415/5515 i Vostro 5415/5515 \| Szczegóły sterownika \| Dell Polska Trust: 3.25 Fetched: Dec. 17, 2023, 10:17 a.m., Published: Dec. 12, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

dell

model:

bios

New Critical RCE Vulnerability Discovered in Apache Struts 2 - Patch Now Related entries in the VARIoT vulnerabilities database: VAR-201703-0755 Trust: 5.0 Fetched: Dec. 17, 2023, 10:16 a.m., Published: Dec. 12, 2023, 5:23 a.m.	Vulnerabilities: path traversal, code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2023-50164, CVE-2017-5638

Samsung phones on high-risk security alert. What government advisory means for users Trust: 3.0 Fetched: Dec. 17, 2023, 10:15 a.m., Published: Dec. 15, 2023, 4:55 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

samsung

model:

galaxy

Identify and remediate vulnerabilities for CVE-2022-27509 Related entries in the VARIoT vulnerabilities database: VAR-202207-2009 Trust: 3.0 Fetched: Dec. 17, 2023, 10:14 a.m., Published: Dec. 12, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2022-27509

Rising Security Weaknesses in the Automotive Industry and What It Can Do on the Road Ahead - Security News Trust: 3.5 Fetched: Dec. 17, 2023, 10:12 a.m., Published: -	Vulnerabilities: sql injection, integer overflow

Affected products

External IDs

vendor:	trend micro	model:	security
vendor:	trend	model:	security

Red Hat Keycloak - Security Vulnerabilities in 2023 Trust: 5.25 Fetched: Dec. 17, 2023, 10:11 a.m., Published: Dec. 17, 2023, midnight	Vulnerabilities: authentication bypass, path traversal, replay attack...

Affected products

External IDs

vendor:	nodejs	model:	node.js
vendor:	node.js	model:	node.js

db:

NVD

ids:

CVE-2020-1758, CVE-2019-10199, CVE-2019-3868, CVE-2021-3754, CVE-2019-10170, CVE-2018-14637, CVE-2022-1466, CVE-2019-14832, CVE-2022-3782, CVE-2020-35509, CVE-2021-3827, CVE-2020-14302, CVE-2020-14389, CVE-2019-10201, CVE-2022-4137, CVE-2020-10776, CVE-2020-1698, CVE-2018-14657, CVE-2020-1717, CVE-2022-0225, CVE-2021-3461, CVE-2019-10169, CVE-2020-1725, CVE-2020-10686, CVE-2019-14837, CVE-2019-10157, CVE-2021-20323, CVE-2020-27838, CVE-2020-10734, CVE-2018-14655, CVE-2018-10894, CVE-2020-1724, CVE-2019-14910, CVE-2022-1970, CVE-2023-0264, CVE-2022-1245, CVE-2021-20195, CVE-2021-20202, CVE-2020-1694, CVE-2019-14820, CVE-2019-3875, CVE-2020-14366, CVE-2020-1744, CVE-2022-3916, CVE-2020-27826, CVE-2020-10770, CVE-2020-10758, CVE-2020-14359, CVE-2019-14909, CVE-2022-4361, CVE-2020-1718, CVE-2018-14658, CVE-2020-1697, CVE-2018-10912, CVE-2021-3632, CVE-2021-4133, CVE-2021-3513, CVE-2023-4918, CVE-2022-2668, CVE-2021-20222, CVE-2020-1727, CVE-2020-1714, CVE-2020-1728, CVE-2021-3637, CVE-2017-12160, CVE-2022-1438, CVE-2021-3856, CVE-2021-20262, CVE-2022-1274, CVE-2023-1664

How Are DDoS Attacks Related to the Internet of Things \| CitizenSide Trust: 4.5 Fetched: Dec. 17, 2023, 10:10 a.m., Published: Dec. 12, 2023, 10:01 p.m.	Vulnerabilities: denial of service, default credentials

Affected products	External IDs

Why has Indian govt issued high-risk warning against Samsung phones [Dos and Don'ts] - IBTimes India Trust: 4.5 Fetched: Dec. 17, 2023, 10:08 a.m., Published: Dec. 14, 2023, 12:14 p.m.	Vulnerabilities: memory corruption, integer overflow, improper access control

Affected products

External IDs

vendor:	google	model:	android
vendor:	samsung	model:	galaxy
vendor:	samsung	model:	samsung galaxy
vendor:	samsung	model:	knox

System BIOS do komputerów Alienware m15/m17 R4 \| Szczegóły sterownika \| Dell Polska Trust: 3.25 Fetched: Dec. 17, 2023, 10:08 a.m., Published: Dec. 8, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

dell

model:

bios

iOS 17.2 comes with these 10 important security fixes - 9to5Mac Trust: 4.5 Fetched: Dec. 17, 2023, 10:07 a.m., Published: Dec. 11, 2023, 6:50 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	tvos
vendor:	apple	model:	ipad air
vendor:	apple	model:	watchos
vendor:	apple	model:	webkit
vendor:	apple	model:	macos
vendor:	apple	model:	ipad
vendor:	apple	model:	safari
vendor:	apple	model:	iphone

db:

NVD

ids:

CVE-2023-42923, CVE-2023-42914, CVE-2023-42883, CVE-2023-42898, CVE-2023-42899, CVE-2023-42922, CVE-2023-42890, CVE-2023-42919, CVE-2023-42884, CVE-2023-42897, CVE-2023-42927

Government issues high-risk alert for Apple and Samsung products, cites multiple vulnerabilities \| Technology News - The Indian Express Trust: 4.75 Fetched: Dec. 17, 2023, 10:07 a.m., Published: Dec. 16, 2023, 8:27 a.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	samsung	model:	mobile
vendor:	samsung	model:	samsung mobile
vendor:	apple	model:	tvos
vendor:	apple	model:	safari
vendor:	apple	model:	watchos
vendor:	apple	model:	macos

Apple's Emergency Updates Fix 2 New Zero-Day Vulnerabilities - Lansweeper Trust: 5.5 Fetched: Dec. 17, 2023, 10:07 a.m., Published: Feb. 15, 2023, 7:39 a.m.	Vulnerabilities: memory corruption, code execution

Affected products

External IDs

vendor:	apple	model:	ipad air
vendor:	apple	model:	safari
vendor:	apple	model:	webkit
vendor:	apple	model:	macos
vendor:	apple	model:	ipad

db:

NVD

ids:

CVE-2023-42916, CVE-2023-42917

Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws Trust: 5.0 Fetched: Dec. 17, 2023, 10:06 a.m., Published: Dec. 12, 2023, 6:44 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	tvos
vendor:	apple	model:	safari
vendor:	apple	model:	watchos
vendor:	apple	model:	iphone
vendor:	apple	model:	webkit
vendor:	apple	model:	macos

db:

NVD

ids:

CVE-2023-42883, CVE-2023-45866, CVE-2023-42890, CVE-2023-42916, CVE-2023-42917

Decoding CVE-2023-50164: Unveiling the Apache Struts File Upload Exploit Related entries in the VARIoT vulnerabilities database: VAR-201703-0755 Trust: 5.25 Fetched: Dec. 17, 2023, 10:06 a.m., Published: Dec. 15, 2023, midnight	Vulnerabilities: path traversal, code execution

Affected products

External IDs

vendor:	trend micro	model:	deep security
vendor:	trend micro	model:	security
vendor:	trend	model:	deep security
vendor:	trend	model:	security

db:

NVD

ids:

CVE-2023-50164, CVE-2017-5638

VARIoT news about IoT security