Sign-up

VARIoT news about IoT security

Apple Rushes to Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones

Trust: 4.5

Fetched: Nov. 15, 2023, 9:33 a.m., Published: Sept. 8, 2023, 11:27 a.m.
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: watchos
db: NVD ids: CVE-2023-41064, CVE-2023-41061, CVE-2023-38606

Cuba Ransomware Exploits Veeam Vulnerability - DeviceSecurity

Trust: 3.75

Fetched: Nov. 15, 2023, 9:29 a.m., Published: Nov. 19, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: blackberry model: blackberry
db: NVD ids: CVE-2023-27532

Researchers Find 34 Windows Drivers Vulnerable to Full Device Takeover

Trust: 3.25

Fetched: Nov. 15, 2023, 9:23 a.m., Published: Nov. 2, 2023, 8:59 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-35841, CVE-2023-20598

Cisco IOS XE Zero-Day Vulnerabilities: Uncovering Over 56,000 Exposed Devices | CIP Blog

Trust: 3.5

Fetched: Nov. 15, 2023, 9:22 a.m., Published: Nov. 10, 2023, 2:07 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco ios
vendor: cisco model: cisco ios xe
vendor: cisco model: ios xe
vendor: cisco model: ios xe software
db: NVD ids: CVE-2023-20198

Over 100,000 Juniper Firewalls Exposed: Beware of the RCE Vulnerability Bug Chain | CIP Blog

Trust: 5.5

Fetched: Nov. 15, 2023, 9:08 a.m., Published: Sept. 1, 2023, 8:54 a.m.
 Vulnerabilities: authentication bypass, code execution
Affected productsExternal IDs
vendor: palo model: firewall
vendor: palo model: networks
db: NVD ids: CVE-2023-27997, CVE-2023-36844, CVE-2023-36846, CVE-2023-36847, CVE-2023-36845

Android Security Bulletin-November 2023 | Android Open Source Project

Related entries in the VARIoT vulnerabilities database: VAR-202311-1527, VAR-202311-0169

Trust: 4.25

Fetched: Nov. 15, 2023, 9:07 a.m., Published: Nov. 15, 2023, midnight
 Vulnerabilities: information disclosure, code execution, denial of service
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
vendor: samsung model: notes
vendor: samsung model: mobile
vendor: huawei model: huawei
vendor: motorola model: motorola
vendor: motorola model: android
db: NVD ids: CVE-2023-40107, CVE-2023-22388, CVE-2023-33056, CVE-2023-40115, CVE-2023-40109, CVE-2023-32832, CVE-2023-40104, CVE-2023-33045, CVE-2023-33061, CVE-2023-40111, CVE-2023-33047, CVE-2023-40112, CVE-2023-40114, CVE-2023-40113, CVE-2023-40110, CVE-2023-28556, CVE-2023-28545, CVE-2023-40106, CVE-2023-40124, CVE-2023-32836, CVE-2023-21111, CVE-2023-20702, CVE-2023-33048, CVE-2023-40105, CVE-2023-28574, CVE-2023-32834, CVE-2023-21103, CVE-2023-40100, CVE-2023-28469, CVE-2023-32837, CVE-2023-24852, CVE-2023-32835, CVE-2023-21671

VMware partners with Intel for easier macOS management - Techzine Europe

Trust: 3.25

Fetched: Nov. 14, 2023, 9:29 a.m., Published: Nov. 14, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs

BIG-IP Vulnerability Alert: Remote Code Execution Risk - Security Boulevard

Related entries in the VARIoT vulnerabilities database: VAR-202205-0394

Trust: 4.75

Fetched: Nov. 14, 2023, 9:27 a.m., Published: Nov. 9, 2023, 9 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2022-1388

CVE-2022-43554 - vulnerability database | Vulners.com

Trust: 4.0

Fetched: Nov. 14, 2023, 9:25 a.m., Published: Nov. 3, 2023, 8:15 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2022-43554

Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices - 443News

Trust: 4.75

Fetched: Nov. 14, 2023, 9:22 a.m., Published: Nov. 5, 2023, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: cisco model: routers
vendor: cisco model: ios xe software
vendor: cisco model: ios xe
db: NVD ids: CVE-2023-20273, CVE-2023-20198

Healthcare Cybersecurity - HIPAA Clicks

Trust: 4.75

Fetched: Nov. 14, 2023, 9:21 a.m., Published: Nov. 13, 2023, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: trend model: security

New Speculative Execution Attack Targeting Apple CPUs Exploiting Safari Vulnerability

Trust: 3.5

Fetched: Nov. 14, 2023, 9:20 a.m., Published: Oct. 27, 2023, 8:13 a.m.
 Vulnerabilities: information leakage
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: safari
vendor: apple model: macos

Vulnerability vs Insecure Wireless Network: Web App Pen Testing Guide

Trust: 3.0

Fetched: Nov. 14, 2023, 9:19 a.m., Published: Nov. 3, 2023, midnight
 Vulnerabilities: privilege escalation, denial of service
Affected productsExternal IDs

Critical Security Alerts: Veeam and QNAP Address Vulnerabilities in Their Software - Security Boulevard

Trust: 5.75

Fetched: Nov. 14, 2023, 9:10 a.m., Published: Nov. 9, 2023, 2:58 p.m.
 Vulnerabilities: command injection, code execution, cross-site scripting
Affected productsExternal IDs
vendor: qnap model: qnap qts
db: NVD ids: CVE-2023-38547, CVE-2023-38548, CVE-2023-23369, CVE-2023-38549, CVE-2023-41723, CVE-2023-23368

ERROR: The request could not be satisfied

Trust: 3.25

Fetched: Nov. 14, 2023, 9:08 a.m., Published: Nov. 1, 2023, midnight
 Vulnerabilities: configuration error
Affected productsExternal IDs

How to Remove Viruses & Malware from Smartphones in 2023

Trust: 3.5

Fetched: Nov. 14, 2023, 9:06 a.m., Published: Dec. 26, 2019, 12:59 p.m.
 Vulnerabilities: weak password
Affected productsExternal IDs
vendor: apple model: icloud
vendor: apple model: itunes
vendor: apple model: iphone
vendor: huawei model: huawei p30
vendor: huawei model: huawei
vendor: google model: android
vendor: google model: home

What Is Network Vulnerability Scanning? Complete Guide

Trust: 4.75

Fetched: Nov. 14, 2023, 9:05 a.m., Published: Oct. 24, 2023, 8:26 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: manageengine model: network configuration manager

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SAML Assertion Hijack Vulnerability - Cisco

Trust: 3.0

Fetched: Nov. 12, 2023, 9:28 a.m., Published: Nov. 11, 2023, 10:05 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: firepower threat defense
vendor: cisco model: firepower
vendor: cisco model: cisco adaptive security appliance software
vendor: cisco model: firepower management center
vendor: cisco model: asa software
vendor: cisco model: adaptive security appliance software
vendor: cisco model: adaptive security appliance
vendor: cisco model: cisco firepower management center
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: firepower threat defense software

Security Advisory for Pre-authentication Buffer Overflow on the CAX30, PSV-2023-0093 - NETGEAR Support

Trust: 4.75

Fetched: Nov. 12, 2023, 9:27 a.m., Published: -
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
vendor: netgear model: orbi

Threat Actors Exploiting Cisco IOS XE Zero-day Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-202103-0773

Trust: 5.5

Fetched: Nov. 12, 2023, 9:20 a.m., Published: Oct. 17, 2023, 12:17 p.m.
 Vulnerabilities: arbitrary command execution, command execution, privilege escalation
Affected productsExternal IDs
vendor: cisco model: ios xe software
vendor: cisco model: ios xe
vendor: cisco model: cisco ios xe
vendor: cisco model: router
vendor: cisco model: cisco ios
vendor: snort model: snort
db: NVD ids: CVE-2023-20198, CVE-2021-1435