VARIoT latest news about IoT security

Electronics \| Free Full-Text \| Vulnerabilities’ Assessment and Mitigation Strategies for the Small Linux Server, Onion Omega2 Trust: 3.5 Fetched: Dec. 17, 2023, 9:41 a.m., Published: June 10, 2020, midnight	Vulnerabilities: buffer overflow, denial of service, path traversal...

Affected products	External IDs

Overview of IoT threats in 2023 \| Esystematics Blog Trust: 5.25 Fetched: Dec. 17, 2023, 9:34 a.m., Published: Sept. 21, 2023, 12:07 p.m.	Vulnerabilities: configuration issue

Affected products

External IDs

vendor:	bosch	model:	smart camera
vendor:	trend	model:	security
vendor:	trend micro	model:	security

db:

NVD

ids:

CVE-2022-27593

Hackers Exploit Security Flaw to Target iOS 17 iPhones with ‘Notification Attack’ Trust: 4.5 Fetched: Dec. 17, 2023, 9:31 a.m., Published: Dec. 17, 2023, midnight	Vulnerabilities: code injection

Affected products

External IDs

vendor:	apple	model:	icloud
vendor:	apple	model:	safari
vendor:	apple	model:	watch
vendor:	apple	model:	iphone
vendor:	sophos	model:	mobile
vendor:	essential	model:	phone

db:

NVD

ids:

CVE-2023-119

Kaspersky releases overview of IoT-related threats in 2023 \| Kaspersky Trust: 3.5 Fetched: Dec. 17, 2023, 9:28 a.m., Published: Sept. 21, 2023, 1:23 p.m.	Vulnerabilities: denial of service, default password

Affected products	External IDs

Android Hacking: The libwebp Vulnerability (zero-day/zero-click) \| Esystematics Blog Trust: 5.5 Fetched: Dec. 17, 2023, 9:28 a.m., Published: Oct. 12, 2023, 12:02 a.m.	Vulnerabilities: buffer overflow

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	chrome
vendor:	google	model:	google chrome
vendor:	google	model:	pixel

db:

NVD

ids:

CVE-2023-41064

Phosphorus Releases Mitigation Solutions for Critical Cisco IOS XE Zero-Day Vulnerability - Absolute Fusion - Tech, Gadgets, Gizmos & Lifestyle Trust: 4.25 Fetched: Dec. 17, 2023, 9:26 a.m., Published: Oct. 17, 2023, 8:18 p.m.	Vulnerabilities: default credentials, privilege escalation

Affected products

External IDs

vendor:	cisco	model:	access points
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	routers
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ios xe

db:

NVD

ids:

CVE-2023-20198

Android Hacking: The libwebp Vulnerability (zero-day/zero-click) Trust: 5.5 Fetched: Dec. 17, 2023, 9:18 a.m., Published: Oct. 11, 2023, 3:53 p.m.	Vulnerabilities: buffer overflow

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	chrome
vendor:	google	model:	google chrome
vendor:	google	model:	pixel

db:

NVD

ids:

CVE-2023-41064

41 Open-source and Free Vulnerability Scanners For Pentesting and Web App Security Trust: 4.25 Fetched: Dec. 17, 2023, 9:09 a.m., Published: Nov. 2, 2023, 6:27 a.m.	Vulnerabilities: path traversal, code execution, sql injection...

Affected products

External IDs

vendor:	google	model:	chrome
vendor:	cisco	model:	routers
vendor:	node.js	model:	node.js

What's new in Microsoft Defender for IoT - Microsoft Defender for IoT \| Microsoft Learn Trust: 4.5 Fetched: Dec. 17, 2023, 9:07 a.m., Published: Dec. 6, 2023, midnight	Vulnerabilities: default password

Affected products

External IDs

vendor:	palo	model:	networks
vendor:	palo	model:	firewall
vendor:	aruba	model:	clearpass

New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices - 443News Trust: 5.5 Fetched: Dec. 15, 2023, 10:03 a.m., Published: Dec. 2, 2023, midnight	Vulnerabilities: authentication bypass, code execution

Affected products

External IDs

vendor:	google	model:	android
vendor:	apple	model:	macos

db:

NVD

ids:

CVE-2023-45866

Agent Racoon Backdoor Targets Organizations in Middle East, Africa, and U.S. Trust: 3.5 Fetched: Dec. 15, 2023, 10:02 a.m., Published: Dec. 2, 2023, 8:29 a.m.	Vulnerabilities: command execution

Affected products

External IDs

vendor:	palo alto networks	model:	networks
vendor:	palo	model:	networks

Top 10 SMB Security Vulnerabilities \| Coro Cybersecurity Trust: 4.5 Fetched: Dec. 15, 2023, 10:02 a.m., Published: Dec. 6, 2023, 6:37 p.m.	Vulnerabilities: command injection

Affected products

External IDs

vendor:	trend	model:	security
vendor:	trend	model:	antivirus

Microsoft Warns of Kremlin-Backed APT28 Exploiting Critical Outlook Vulnerability Trust: 4.5 Fetched: Dec. 15, 2023, 10:01 a.m., Published: Dec. 5, 2023, 6:59 a.m.	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:	check point	model:	check point
vendor:	palo alto networks	model:	networks
vendor:	palo	model:	networks

db:

NVD

ids:

CVE-2023-38831, CVE-2023-23397

System BIOS do komputerów Alienware m15/m17 R3 \| Szczegóły sterownika \| Dell Polska Trust: 3.25 Fetched: Dec. 15, 2023, 10 a.m., Published: Dec. 8, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

dell

model:

bios

How to hack Android, macOS, iOS, and Linux through a Bluetooth vulnerability \| Kaspersky official blog Trust: 3.5 Fetched: Dec. 15, 2023, 9:59 a.m., Published: Jan. 15, 2050, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	android
vendor:	apple	model:	iphone
vendor:	apple	model:	watchos
vendor:	apple	model:	macos
vendor:	apple	model:	tvos

db:

NVD

ids:

CVE-2023-45866, CVE-2020-0556

23-056 (December 14, 2023) - Threat Encyclopedia Trust: 3.25 Fetched: Dec. 15, 2023, 9:59 a.m., Published: Dec. 14, 2023, midnight	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2023-50164

CVE-2023-46604 (Apache ActiveMQ) Vulnerability Exploited to Infect Systems With Cryptominers and Rootkits Trust: 4.75 Fetched: Dec. 15, 2023, 9:59 a.m., Published: Nov. 20, 2023, midnight	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2023-46604, CVE-2023-4911

Zyxel warns of critical security vulnerabilities in NAS devices \| Born's Tech and Windows World Trust: 5.5 Fetched: Dec. 15, 2023, 9:58 a.m., Published: Dec. 1, 2023, 11:02 p.m.	Vulnerabilities: authentication vulnerability, command injection

Affected products

External IDs

vendor:	zyxel	model:	nas542
vendor:	zyxel	model:	nas326

db:

NVD

ids:

CVE-2023-35138, CVE-2023-37928, CVE-2023-4473, CVE-2023-35137, CVE-2023-37927, CVE-2023-4474

System BIOS komputera Dell Precision Rack 7910 \| Szczegóły sterownika \| Dell Polska Trust: 3.25 Fetched: Dec. 15, 2023, 9:57 a.m., Published: Dec. 15, 7910, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

dell

model:

bios

Apple Patches Actively Exploited WebKit Zero-Day Vulnerabilities in Emergency Update \| Technology & Science News, Times Now Trust: 4.75 Fetched: Dec. 15, 2023, 9:57 a.m., Published: Dec. 12, 2023, 2:31 p.m.	Vulnerabilities: memory corruption

Affected products

External IDs

vendor:	apple	model:	ipad air
vendor:	apple	model:	apple tv
vendor:	apple	model:	iphone
vendor:	apple	model:	webkit
vendor:	apple	model:	watch
vendor:	apple	model:	watchos
vendor:	apple	model:	tvos
vendor:	apple	model:	ipad
vendor:	apple	model:	safari

db:

NVD

ids:

CVE-2023-42917, CVE-2023-42916

VARIoT news about IoT security