VARIoT latest news about IoT security

Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability Trust: 6.0 Fetched: Dec. 6, 2023, 9:47 a.m., Published: Nov. 29, 2023, 4:27 a.m.	Vulnerabilities: integer overflow

Affected products

External IDs

vendor:	google	model:	chrome
vendor:	google	model:	google chrome

db:

NVD

ids:

CVE-2023-4762, CVE-2023-2136, CVE-2023-6345

Intel releases microcode update to fix dangerous vulnerability - SamMobile Trust: 3.25 Fetched: Dec. 6, 2023, 9:44 a.m., Published: Nov. 15, 2023, 2:50 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2023-23583

Without SIP Security, Call Data Is An Open Book to Hackers Trust: 4.75 Fetched: Dec. 6, 2023, 9:43 a.m., Published: Nov. 18, 2023, 2 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

ringcentral

model:

ringcentral

84 Must-Know Data Breach Statistics [2023] Trust: 3.5 Fetched: Dec. 6, 2023, 9:42 a.m., Published: -	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	trend	model:	security
vendor:	symantec	model:	web security

PowerShell Is Affected By 2 Critical Vulnerabilities Published In November HTMD Blog Trust: 3.5 Fetched: Dec. 6, 2023, 9:41 a.m., Published: Sept. 21, 2023, 8:56 a.m.	Vulnerabilities: code execution, denial of service, information disclosure

Affected products

External IDs

db:

NVD

ids:

CVE-2023-36796, CVE-2023-36013, CVE-2023-36799, CVE-2023-36049, CVE-2023-36792, CVE-2023-36793, CVE-2023-36794

Cyber Security: Mobile application security MCQs Trust: 3.5 Fetched: Dec. 6, 2023, 9:41 a.m., Published: Nov. 29, 2023, 9:46 a.m.	Vulnerabilities: cross-site scripting, code injection

Affected products	External IDs

Apple issues emergency security updates for iPhones and Macs - protect yourself now \| Tom's Guide Trust: 5.75 Fetched: Dec. 6, 2023, 9:40 a.m., Published: Nov. 30, 2023, 9:51 p.m.	Vulnerabilities: memory corruption

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	chrome
vendor:	apple	model:	webkit
vendor:	apple	model:	macos
vendor:	apple	model:	iphone
vendor:	apple	model:	ipad
vendor:	apple	model:	safari
vendor:	apple	model:	ipad air

db:

NVD

ids:

CVE-2023-42917, CVE-2023-42916

System BIOS komputerów Dell Inspiron 7405 2 w 1 \| Szczegóły sterownika \| Dell Polska Trust: 3.25 Fetched: Dec. 6, 2023, 9:38 a.m., Published: Feb. 6, 7405, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

dell

model:

bios

System BIOS komputerów Dell Inspiron 7405 2 w 1 \| Szczegóły sterownika \| Dell Polska Trust: 3.25 Fetched: Dec. 6, 2023, 9:37 a.m., Published: Feb. 6, 7405, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

dell

model:

bios

Cisco Secure Client Software Denial of Service Vulnerabilities - Cisco Trust: 5.0 Fetched: Dec. 6, 2023, 9:37 a.m., Published: Nov. 28, 2023, 7:06 a.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	anyconnect secure mobility client
vendor:	cisco	model:	cisco anyconnect secure mobility client

System BIOS komputerów Dell Inspiron 7405 2 w 1 \| Szczegóły sterownika \| Dell Polska Trust: 3.25 Fetched: Dec. 6, 2023, 9:37 a.m., Published: Feb. 6, 7405, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

dell

model:

bios

iOS 17.1.2-Update Now Warning Issued To All iPhone Users Trust: 3.5 Fetched: Dec. 6, 2023, 9:36 a.m., Published: Dec. 2, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	webkit
vendor:	apple	model:	iphone
vendor:	apple	model:	safari

db:

NVD

ids:

CVE-2023-42917, CVE-2023-42916

Forescout Vedere Labs discloses 21 new vulnerabilities affecting OT/IoT routers - Forescout Trust: 5.25 Fetched: Dec. 6, 2023, 9:35 a.m., Published: Dec. 5, 2023, 6:01 p.m.	Vulnerabilities: code execution, denial of service, default credentials

Affected products

External IDs

vendor:	sierra	model:	aleos
vendor:	sierra wireless	model:	aleos

db:

NVD

ids:

CVE-2023-40464, CVE-2023-41101, CVE-2023-40461

Security Bulletin Trellix Data Loss Prevention Endpoint for Windows 11.10 fixes one vulnerability (CVE-2023-4814) Trust: 3.75 Fetched: Dec. 6, 2023, 9:33 a.m., Published: Dec. 11, 2023, midnight	Vulnerabilities: privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2023-4814

Knowledge Article View - Thales Customer Support Related entries in the VARIoT vulnerabilities database: VAR-201404-0008, VAR-200310-0080, VAR-201409-1156, VAR-201507-0348, VAR-201808-0959, VAR-201412-0271, VAR-202112-0562, VAR-201405-0244, VAR-201410-1418, VAR-201406-0137, VAR-201801-0826, VAR-201602-0004, VAR-201601-0029, VAR-201605-0077, VAR-201406-0117, VAR-201411-0154, VAR-202203-1506, VAR-200310-0072, VAR-201504-0247, VAR-202302-0482, VAR-201605-0078, VAR-201406-0142, VAR-202112-0566, VAR-201501-0338, VAR-201805-0963, VAR-201808-0958, VAR-201406-0445, VAR-201801-1711, VAR-202302-0195, VAR-201808-0957, VAR-201501-0737, VAR-201710-0668, VAR-201801-1712 Trust: 4.25 Fetched: Dec. 6, 2023, 9:31 a.m., Published: -	Vulnerabilities: code execution, security feature bypass, feature bypass...

Affected products

External IDs

vendor:	gemalto	model:	idprime.net
vendor:	gemalto	model:	sentinel ldk
vendor:	gemalto	model:	sentinel ldk rte
vendor:	sentinel	model:	ldk rte
vendor:	node.js	model:	node.js
vendor:	infineon	model:	rsa library

db:

NVD

ids:

CVE-2010-5298, CVE-2017-0147, CVE-2023-38546, CVE-2021-3011, CVE-2003-0681, CVE-2017-0146, CVE-2014-6271, CVE-2016-0800, CVE-2016-0703, CVE-2015-1793, CVE-2022-3602, CVE-2015-5464, CVE-2018-3615, CVE-2015-7967, CVE-2015-7961, CVE-2008-4250, CVE-2023-29017, CVE-2022-22963, CVE-2014-8730, CVE-2021-45046, CVE-2022-4203, CVE-2014-0198, CVE-2014-3566, CVE-2014-0195, CVE-2017-5715, CVE-2015-7547, CVE-2023-38545, CVE-2018-7183, CVE-2023-0401, CVE-2016-0777, CVE-2016-2107, CVE-2014-3470, CVE-2014-6324, CVE-2022-22965, CVE-2003-0694, CVE-2015-2808, CVE-2022-4304, CVE-2016-2108, CVE-2014-0221, CVE-2021-44228, CVE-2015-0204, CVE-2023-0216, CVE-2017-3622, CVE-2018-3639, CVE-2015-7596, CVE-2018-3620, CVE-2022-22950, CVE-2023-0217, CVE-2017-11427, CVE-2022-3706, CVE-2021-4034, CVE-2017-3623, CVE-2023-0286, CVE-2015-7598, CVE-2014-0224, CVE-2017-5754, CVE-2022-4450, CVE-2023-0215, CVE-2018-8340, CVE-2009-3103, CVE-2018-3646, CVE-2015-0235, CVE-2015-0291, CVE-2017-15361, CVE-2017-5753

Weekly Vulnerability Recap - October 2, 2023 - Cloudflare DDoS Exploit Related entries in the VARIoT vulnerabilities database: VAR-202309-2742 Trust: 5.5 Fetched: Dec. 6, 2023, 9:30 a.m., Published: Oct. 2, 2023, 8:44 p.m.	Vulnerabilities: cross-site request forgery, directory traversal, command injection...

Affected products

External IDs

vendor:	google	model:	chrome
vendor:	xiaomi	model:	redmi
vendor:	motorola	model:	motorola
vendor:	cisco	model:	wan manager
vendor:	cisco	model:	sd-wan vmanage
vendor:	cisco	model:	sd-wan
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	cisco ios
vendor:	samsung	model:	galaxy
vendor:	samsung	model:	mobile
vendor:	samsung	model:	mobile phones
vendor:	samsung	model:	samsung galaxy

db:

NVD

ids:

CVE-2023-42115, CVE-2023-5217, CVE-2023-20252, CVE-2023-40044, CVE-2023-24955, CVE-2023-29357

About the security content of iOS 16.7.2 and iPadOS 16.7.2 - Apple Support Trust: 5.25 Fetched: Dec. 6, 2023, 9:30 a.m., Published: July 16, 2002, midnight	Vulnerabilities: code execution, user interface issue

Affected products

External IDs

vendor:	apple	model:	webkit
vendor:	apple	model:	ipad air
vendor:	apple	model:	safari
vendor:	apple	model:	mdnsresponder
vendor:	apple	model:	iphone
vendor:	apple	model:	ipad

db:

NVD

ids:

CVE-2023-40449, CVE-2023-32359, CVE-2023-41983, CVE-2023-42846, CVE-2023-42849, CVE-2023-40408, CVE-2023-40446, CVE-2023-41977, CVE-2023-40423, CVE-2023-41254, CVE-2023-42852, CVE-2023-40447, CVE-2023-40413, CVE-2023-41976, CVE-2023-40416, CVE-2023-41997, CVE-2023-42841, CVE-2023-41982

Apple issues emergency patches for 3 zero-day bugs \| TechTarget Trust: 3.75 Fetched: Dec. 6, 2023, 9:29 a.m., Published: Sept. 22, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	webkit
vendor:	apple	model:	ipad air
vendor:	apple	model:	iphone
vendor:	apple	model:	ipad

db:

NVD

ids:

CVE-2023-41992, CVE-2023-41991, CVE-2023-41061, CVE-2023-41993, CVE-2023-41064

Cisco IOS XE zero-day facing mass exploitation \| TechTarget Trust: 3.75 Fetched: Dec. 6, 2023, 9:29 a.m., Published: Oct. 17, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	ios xe
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	cisco ios

db:

NVD

ids:

CVE-2023-20198

Cisco Discloses ‘Critical’ Zero-Day Vulnerability In IOS XE \| CRN Trust: 6.25 Fetched: Dec. 6, 2023, 9:29 a.m., Published: Oct. 16, 2023, 12:33 p.m.	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:

cisco

model:

ios xe

db:

NVD

ids:

CVE-2023-20198

VARIoT news about IoT security