Sign-up

VARIoT news about IoT security

Critical Zyxel NAS vulnerabilities patched, update quickly! - Help Net Security

Trust: 5.5

Fetched: Dec. 3, 2023, 9:44 a.m., Published: Dec. 1, 2023, 11:21 a.m.
 Vulnerabilities: authentication vulnerability, code execution, command injection
Affected productsExternal IDs
vendor: zyxel model: nas542
vendor: zyxel model: nas326
db: NVD ids: CVE-2023-4474, CVE-2023-35138, CVE-2023-35137, CVE-2023-27992, CVE-2023-4473, CVE-2023-37928, CVE-2023-37927

Zyxel warns about new critical vulnerabilities found in its NAS devices | TechSpot

Trust: 4.5

Fetched: Dec. 3, 2023, 9:43 a.m., Published: Dec. 3, 4070, midnight
 Vulnerabilities: command execution, command injection
Affected productsExternal IDs
vendor: zyxel model: nas542
vendor: zyxel model: nas326
db: NVD ids: CVE-2023-4474, CVE-2023-35138, CVE-2023-35137, CVE-2023-4473, CVE-2023-37928, CVE-2023-37927

Delta Electronics InfraSuite Device Master Device-Gateway Des - vulnerability database | Vulners.com

Trust: 5.25

Fetched: Dec. 3, 2023, 9:37 a.m., Published: Nov. 30, 2023, midnight
 Vulnerabilities: path traversal, code execution
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2023-47207, CVE-2023-39226, CVE-2023-47279, CVE-2023-46690

Update your iPhone now - Apple just fixed a big iOS 17 flaw | TechRadar

Trust: 4.0

Fetched: Dec. 3, 2023, 9:36 a.m., Published: Dec. 1, 2023, 11:30 a.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: webkit
vendor: apple model: safari
vendor: apple model: macos
vendor: apple model: ipad air
vendor: apple model: ipad

Mitsubishi Electric FA Engineering Software Products | CISA

Trust: 4.75

Fetched: Dec. 3, 2023, 9:35 a.m., Published: Dec. 1, 2023, midnight
 Vulnerabilities: information disclosure, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-5247

Understanding Mobile Device Vulnerability: Protecting Your Digital Life

Trust: 3.0

Fetched: Dec. 3, 2023, 9:31 a.m., Published: Nov. 29, 2023, 2:43 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone

BLUFFS: new Bluetooth vulnerability discovered that affects most devices - gHacks Tech News

Trust: 3.75

Fetched: Dec. 3, 2023, 9:31 a.m., Published: Nov. 30, 2023, 8:29 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: pixel
db: NVD ids: CVE-2023-24023

PTC KEPServerEx | CISA

Trust: 5.5

Fetched: Dec. 3, 2023, 9:30 a.m., Published: Dec. 1, 2023, midnight
 Vulnerabilities: code execution, buffer overflow, improper validation
Affected productsExternal IDs
vendor: rockwell automation model: kepserver enterprise
vendor: rockwell model: kepserver enterprise
db: NVD ids: CVE-2023-5909, CVE-2023-5908

Apple's Latest Crucial Updates Keep Your Devices Safe From Web Threats

Trust: 4.5

Fetched: Dec. 3, 2023, 9:30 a.m., Published: Dec. 1, 2023, 11:38 a.m.
 Vulnerabilities: memory corruption, code execution
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: webkit
vendor: apple model: ipad
vendor: apple model: ipad air
db: NVD ids: CVE-2023-42917, CVE-2023-42916

Yokogawa STARDOM | CISA

Trust: 4.25

Fetched: Dec. 3, 2023, 9:30 a.m., Published: Dec. 1, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: yokogawa model: stardom
db: NVD ids: CVE-2023-5915

Apple warns billions of users of actively exploited zero-day vulnerability | Macworld

Trust: 4.5

Fetched: Dec. 3, 2023, 9:30 a.m., Published: Dec. 1, 2023, midnight
 Vulnerabilities: memory corruption, code execution
Affected productsExternal IDs
vendor: google model: chrome
vendor: apple model: safari
vendor: apple model: iphone
vendor: apple model: watchos
vendor: apple model: macos
vendor: apple model: tvos
vendor: apple model: webkit
vendor: apple model: ipad
db: NVD ids: CVE-2023-42917, CVE-2023-42916

161 Cybersecurity Statistics and Trends [updated 2023]

Trust: 4.25

Fetched: Dec. 3, 2023, 9:29 a.m., Published: -
 Vulnerabilities: sql injection, denial of service
Affected productsExternal IDs
vendor: google model: home
vendor: google model: android
vendor: sophos model: mobile
vendor: cisco model: guard
vendor: check point model: check point

IoT Device Vulnerabilities - Kindus

Trust: 4.75

Fetched: Dec. 3, 2023, 9:28 a.m., Published: Nov. 27, 2023, 11:54 a.m.
 Vulnerabilities: sql injection
Affected productsExternal IDs
vendor: codesys model: codesys
vendor: codesys model: web server
vendor: codesys model: control

Delta Electronics DOPSoft | CISA

Trust: 5.5

Fetched: Dec. 3, 2023, 9:26 a.m., Published: Dec. 1, 2023, midnight
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
vendor: delta electronics model: electronics dopsoft
vendor: delta electronics model: dopsoft
vendor: trend model: security
vendor: trend micro model: security
vendor: delta model: electronics dopsoft
vendor: delta model: dopsoft
db: NVD ids: CVE-2023-5944

IASC | Free Full-Text | Design the IoT Botnet Defense Process for Cybersecurity in Smart City

Trust: 3.25

Fetched: Dec. 3, 2023, 9:22 a.m., Published: Sept. 11, 2023, midnight
 Vulnerabilities: command execution, buffer overflow, privilege escalation...
Affected productsExternal IDs

The Far-Reaching Consequences of LogoFAIL | Binarly - AI -Powered Firmware Supply Chain Security Platform

Trust: 4.25

Fetched: Dec. 3, 2023, 9:20 a.m., Published: Nov. 29, 2023, midnight
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
vendor: lenovo model: system
vendor: lenovo model: bios
db: NVD ids: CVE-2022-21894, CVE-2023-24932

Export software vulnerabilities assessment per device | Microsoft Learn

Trust: 3.5

Fetched: Dec. 3, 2023, 9:16 a.m., Published: June 4, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome
db: NVD ids: CVE-2020-15992, CVE-2020-16011, CVE-2020-26971

IntelĀ® Management Engine Critical Firmware Update (Intel-SA-00086)

Related entries in the VARIoT vulnerabilities database: VAR-201711-0650, VAR-201711-0647, VAR-201711-0648, VAR-201711-0644, VAR-201711-0646, VAR-201711-0651, VAR-201711-0649, VAR-201711-0645

Trust: 3.0

Fetched: Dec. 3, 2023, 9:15 a.m., Published: Nov. 20, 2017, 5:21 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2017-5711, CVE-2017-5708, CVE-2017-5709, CVE-2017-5705, CVE-2017-5707, CVE-2017-5712, CVE-2017-5710, CVE-2017-5706

Zyxel security advisory for authentication bypass and command injection vulnerabilities in NAS products | Zyxel Networks

Trust: 4.75

Fetched: Dec. 3, 2023, 9:07 a.m., Published: Dec. 7, 2023, midnight
 Vulnerabilities: authentication bypass, authentication vulnerability, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2023-4474, CVE-2023-35138, CVE-2023-35137, CVE-2023-4473, CVE-2023-37928, CVE-2023-37927

Google researchers report critical 0-days in Chrome and all Apple OSes | Ars Technica

Trust: 4.75

Fetched: Dec. 3, 2023, 9:07 a.m., Published: Dec. 1, 2023, 12:38 a.m.
 Vulnerabilities: integer overflow
Affected productsExternal IDs
vendor: google model: chrome
vendor: apple model: safari
vendor: apple model: macos
vendor: apple model: webkit
db: NVD ids: CVE-2023-6345, CVE-2023-42917, CVE-2023-42916