VARIoT latest news about IoT security

Apple patches another iOS zero-day under attack (CVE-2023-42824) - Help Net Security Trust: 5.5 Fetched: Oct. 8, 2023, 9:56 a.m., Published: Oct. 5, 2023, 10:46 a.m.	Vulnerabilities: buffer overflow, code execution

Affected products

External IDs

vendor:	apple	model:	ipad air
vendor:	apple	model:	iphone
vendor:	apple	model:	ipad

db:

NVD

ids:

CVE-2023-41064, CVE-2023-5217, CVE-2023-41061, CVE-2023-42824, CVE-2023-41991, CVE-2023-41992, CVE-2023-41993

Monthly news - October 2023 - Microsoft Community Hub Trust: 3.75 Fetched: Oct. 8, 2023, 9:54 a.m., Published: Oct. 3, 2023, 10:02 a.m.	Vulnerabilities: memory corruption

Affected products

External IDs

db:

NVD

ids:

CVE-2023-36802

Update your Android devices now! Google patches two actively exploited vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-202312-0888 Trust: 4.75 Fetched: Oct. 8, 2023, 9:54 a.m., Published: Oct. 4, 2023, 2:23 p.m.	Vulnerabilities: buffer overflow

Affected products

External IDs

vendor:	samsung	model:	android phone
vendor:	samsung	model:	notes
vendor:	google	model:	android
vendor:	huawei	model:	huawei

db:

NVD

ids:

CVE-2023-33106, CVE-2023-33107, CVE-2022-22071, CVE-2023-4863, CVE-2023-33063, CVE-2023-4211

Update Chrome now! Google patches another actively exploited vulnerability Trust: 6.0 Fetched: Oct. 8, 2023, 9:53 a.m., Published: Sept. 29, 2023, 10:03 a.m.	Vulnerabilities: buffer overflow

Affected products

External IDs

vendor:

google

model:

chrome

db:

NVD

ids:

CVE-2023-5217

Claroty’s Team82 reveals critical vulnerabilities in ConnectedIO edge routers, device platform - Industrial Cyber Trust: 3.75 Fetched: Oct. 8, 2023, 9:52 a.m., Published: Oct. 4, 2023, 12:06 p.m.	Vulnerabilities: buffer overflow

Affected products

External IDs

vendor:

check point

model:

check point

Vulnerability Summary for the Week of September 25, 2023 \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202309-2716, VAR-202309-2743, VAR-202309-2754, VAR-202309-2668, VAR-202309-2742 Trust: 5.25 Fetched: Oct. 8, 2023, 9:46 a.m., Published: Sept. 25, 2023, midnight	Vulnerabilities: cross-site scripting, code injection, os command injection...

Affected products

External IDs

vendor:	proxmox	model:	mail gateway
vendor:	proxmox	model:	proxmox mail gateway
vendor:	samsung	model:	mobile
vendor:	samsung	model:	samsung mobile
vendor:	samsung	model:	gallery
vendor:	samsung	model:	exynos
vendor:	samsung	model:	note
vendor:	apple	model:	macos
vendor:	google	model:	pixel
vendor:	google	model:	android
vendor:	proxmox server solutions	model:	mail gateway
vendor:	proxmox server solutions	model:	proxmox mail gateway
vendor:	cisco	model:	router
vendor:	cisco	model:	routers
vendor:	cisco	model:	cisco asr 1000 series
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	cisco sd-wan
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	cisco wireless lan controller
vendor:	cisco	model:	sd-wan vmanage
vendor:	cisco	model:	wan manager
vendor:	cisco	model:	access points
vendor:	cisco	model:	asr 1000 series
vendor:	cisco	model:	aireos
vendor:	cisco	model:	series
vendor:	cisco	model:	wireless lan controller
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	asr 1000
vendor:	cisco	model:	sd-wan vmanage software
vendor:	cisco	model:	wireless lan controllers
vendor:	cisco	model:	ios software
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	sd-wan
vendor:	cisco	model:	dna center

db:

NVD

ids:

CVE-2023-20253, CVE-2023-43720, CVE-2023-5221, CVE-2023-5111, CVE-2023-43734, CVE-2023-5313, CVE-2023-5172, CVE-2023-44127, CVE-2023-43729, CVE-2023-20223, CVE-2023-5293, CVE-2023-5267, CVE-2023-43702, CVE-2023-20202, CVE-2023-3413, CVE-2023-43711, CVE-2023-44124, CVE-2023-44276, CVE-2023-43710, CVE-2023-43735, CVE-2023-38872, CVE-2023-5261, CVE-2023-43728, CVE-2023-41666, CVE-2023-32458, CVE-2023-43646, CVE-2023-43715, CVE-2023-5285, CVE-2023-43731, CVE-2023-5004, CVE-2023-43723, CVE-2023-43740, CVE-2023-20109, CVE-2023-44123, CVE-2023-5318, CVE-2023-43708, CVE-2023-43656, CVE-2023-0833, CVE-2023-4532, CVE-2023-5262, CVE-2023-5297, CVE-2023-3920, CVE-2023-44216, CVE-2023-5280, CVE-2023-44122, CVE-2023-44466, CVE-2023-33972, CVE-2023-43944, CVE-2023-43909, CVE-2023-43664, CVE-2023-5277, CVE-2023-20226, CVE-2023-43660, CVE-2023-20179, CVE-2023-39308, CVE-2023-5278, CVE-2023-5112, CVE-2023-41661, CVE-2023-5223, CVE-2023-43192, CVE-2023-30961, CVE-2023-43654, CVE-2023-5269, CVE-2023-5195, CVE-2023-41655, CVE-2023-5184, CVE-2023-5169, CVE-2023-43725, CVE-2023-5260, CVE-2023-44121, CVE-2023-43733, CVE-2023-43652, CVE-2023-20231, CVE-2023-43713, CVE-2023-5279, CVE-2023-44469, CVE-2023-5273, CVE-2023-43730, CVE-2023-5301, CVE-2023-41663, CVE-2023-5317, CVE-2023-43320, CVE-2023-43655, CVE-2023-5197, CVE-2023-43706, CVE-2023-43721, CVE-2023-5286, CVE-2023-5257, CVE-2023-41662, CVE-2023-43719, CVE-2023-5159, CVE-2023-26145, CVE-2023-41444, CVE-2022-47187, CVE-2023-44464, CVE-2023-20186, CVE-2023-5256, CVE-2023-43044, CVE-2023-43154, CVE-2023-5157, CVE-2023-5304, CVE-2023-43663, CVE-2023-41658, CVE-2023-5296, CVE-2023-43645, CVE-2023-44125, CVE-2023-43722, CVE-2023-5272, CVE-2023-32477, CVE-2023-43726, CVE-2023-5303, CVE-2023-5215, CVE-2022-4245, CVE-2023-5288, CVE-2023-41687, CVE-2023-43657, CVE-2023-43650, CVE-2023-43717, CVE-2023-5270, CVE-2023-20251, CVE-2023-44128, CVE-2023-43727, CVE-2023-43707, CVE-2023-40026, CVE-2023-5258, CVE-2023-42818, CVE-2023-5053, CVE-2023-43714, CVE-2023-43732, CVE-2023-38871, CVE-2023-5271, CVE-2023-20227, CVE-2022-4956, CVE-2023-43191, CVE-2023-38873, CVE-2023-5321, CVE-2023-5193, CVE-2023-43716, CVE-2023-5289, CVE-2023-5170, CVE-2023-4065, CVE-2023-38870, CVE-2023-3917, CVE-2023-42822, CVE-2023-20268, CVE-2023-4066, CVE-2023-5171, CVE-2023-43704, CVE-2023-4129, CVE-2023-42756, CVE-2023-44129, CVE-2023-41657, CVE-2020-10770, CVE-2023-5259, CVE-2023-43703, CVE-2023-43718, CVE-2023-5319, CVE-2023-5282, CVE-2023-2233, CVE-2023-3979, CVE-2023-5198, CVE-2023-43233, CVE-2023-26147, CVE-2023-5196, CVE-2023-44080, CVE-2023-5222, CVE-2023-5183, CVE-2023-5194, CVE-2023-5281, CVE-2023-3906, CVE-2023-3024, CVE-2022-47186, CVE-2023-5294, CVE-2023-26218, CVE-2023-5265, CVE-2023-5264, CVE-2023-5276, CVE-2023-5305, CVE-2023-5316, CVE-2023-38874, CVE-2023-26148, CVE-2023-44273, CVE-2023-20187, CVE-2023-44275, CVE-2023-43314, CVE-2023-5300, CVE-2023-20262, CVE-2023-43662, CVE-2023-3922, CVE-2023-20034, CVE-2023-39410, CVE-2023-26149, CVE-2023-43775, CVE-2023-44488, CVE-2023-0989, CVE-2023-20176, CVE-2023-5268, CVE-2023-26146, CVE-2023-5320, CVE-2023-5283, CVE-2023-5227, CVE-2023-43705, CVE-2023-44126, CVE-2023-43724, CVE-2023-44270, CVE-2023-5207, CVE-2023-41911, CVE-2023-3914, CVE-2023-5263, CVE-2023-5284, CVE-2023-5302, CVE-2022-35908, CVE-2022-4244, CVE-2023-3775, CVE-2023-30591, CVE-2023-43709, CVE-2023-43825, CVE-2023-5266, CVE-2023-5298, CVE-2023-43651, CVE-2023-20252, CVE-2023-5077, CVE-2023-43712, CVE-2023-3115, CVE-2023-38877, CVE-2023-40307

Multiple Vulnerabilities in Cisco Catalyst SD-WAN Manager Could Allow for Unauthorized Access Trust: 3.0 Fetched: Oct. 8, 2023, 9:43 a.m., Published: May 8, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	catalyst
vendor:	cisco	model:	sd-wan
vendor:	cisco	model:	wan manager

Home Security Devices: Attack, Vulnerabilities, and Threats. Trust: 4.0 Fetched: Oct. 8, 2023, 9:39 a.m., Published: Oct. 3, 2023, midnight	Vulnerabilities: information leakage, denial of service

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	home
vendor:	google	model:	wifi
vendor:	tp-link	model:	gateway
vendor:	trendnet	model:	ip camera

Logitech wireless USB dongles vulnerable to new hijacking flaws \| ZDNET Related entries in the VARIoT vulnerabilities database: VAR-201906-0443, VAR-201906-0441, VAR-201906-0444, VAR-201906-0701, VAR-201906-0442 Trust: 3.5 Fetched: Oct. 8, 2023, 9:34 a.m., Published: Oct. 15, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	logitech	model:	r500
vendor:	logitech	model:	unifying
vendor:	logitech	model:	logitech unifying dongle
vendor:	logitech	model:	unifying dongle

db:

NVD

ids:

CVE-2019-13054, CVE-2019-13052, CVE-2019-13055, CVE-2016-10761, CVE-2019-13053

The real dangers of vulnerable IoT devices \| Infosec Trust: 3.0 Fetched: Oct. 8, 2023, 9:30 a.m., Published: Sept. 15, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-31251

Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells \| CISA Trust: 4.25 Fetched: Oct. 8, 2023, 9:20 a.m., Published: Sept. 6, 2023, midnight	Vulnerabilities: code execution, privilege escalation

Affected products

External IDs

vendor:	citrix	model:	netscaler gateway
vendor:	citrix	model:	application delivery controller
vendor:	citrix	model:	gateway
vendor:	citrix	model:	netscaler
vendor:	citrix	model:	netscaler adc

db:

NVD

ids:

CVE-2023-3467, CVE-2023-3519, CVE-2023-3466

Pixel Update Bulletin-September 2023 \| Android Open Source Project Trust: 4.5 Fetched: Oct. 8, 2023, 9:17 a.m., Published: Sept. 8, 2023, midnight	Vulnerabilities: code execution, denial of service, information disclosure

Affected products

External IDs

vendor:	google	model:	pixel
vendor:	google	model:	android

db:

NVD

ids:

CVE-2023-4211

16 New CODESYS SDK Flaws Expose OT Environments to Remote Attacks Trust: 5.5 Fetched: Oct. 8, 2023, 9:13 a.m., Published: Aug. 11, 2023, 5:20 a.m.	Vulnerabilities: replay attack, buffer overflow, code execution

Affected products

External IDs

vendor:	codesys	model:	control
vendor:	codesys	model:	codesys

db:

NVD

ids:

CVE-2022-47378, CVE-2022-47385, CVE-2022-47390, CVE-2022-47382, CVE-2022-47383, CVE-2022-47393, CVE-2022-47387, CVE-2022-47389, CVE-2022-47380, CVE-2022-47388, CVE-2022-47379, CVE-2022-47381, CVE-2022-47391, CVE-2019-9013, CVE-2022-47384, CVE-2022-47386, CVE-2022-47392

High severity vulnerability found in libcurl and curl (October 2023) \| Snyk Trust: 3.75 Fetched: Oct. 6, 2023, 10 a.m., Published: Oct. 6, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

macos

db:

NVD

ids:

CVE-2023-38546, CVE-2020-19909, CVE-2023-38545

Browser companies patch critical zero-day vulnerability \| TechTarget Trust: 5.75 Fetched: Oct. 6, 2023, 10 a.m., Published: Sept. 13, 2023, midnight	Vulnerabilities: buffer overflow

Affected products

External IDs

vendor:	google	model:	google chrome
vendor:	google	model:	chrome

db:

NVD

ids:

CVE-2023-4863, CVE-2023-41061, CVE-2023-41064

Exim finally fixes 3 out of 6 vulnerabilities Trust: 3.0 Fetched: Oct. 6, 2023, 10 a.m., Published: Oct. 5, 2023, 12:32 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2023-42118, CVE-2023-42117, CVE-2023-42115, CVE-2023-42114, CVE-2023-42116, CVE-2023-42219

Exim SMTP Zero-day Flaw Let Attackers Execute Remote Code Trust: 3.75 Fetched: Oct. 6, 2023, 9:59 a.m., Published: Oct. 5, 2023, 5:25 a.m.	Vulnerabilities: information disclosure, buffer overflow, improper validation...

Affected products

External IDs

db:

NVD

ids:

CVE-2023-42118, CVE-2023-42117, CVE-2023-42115, CVE-2023-42114, CVE-2023-42119, CVE-2023-42116

Security risks in the hardware and software supply chains. Patches and proofs-of-concept. A look at recent incidents hitting major corporations. Online surveillance and social credit in Russia. Trust: 4.25 Fetched: Oct. 6, 2023, 9:54 a.m., Published: Oct. 1, 2023, midnight	Vulnerabilities: buffer overflow, privilege escalation, code execution

Affected products

External IDs

vendor:	palo	model:	networks
vendor:	google	model:	home
vendor:	google	model:	android
vendor:	google	model:	google chrome
vendor:	google	model:	chrome
vendor:	cisco	model:	series
vendor:	cisco	model:	router
vendor:	palo alto networks	model:	networks
vendor:	apple	model:	macos
vendor:	apple	model:	iphone

db:

NVD

ids:

CVE-2023-42824, CVE-2023-5217

Update now! Apple patches vulnerabilities on iPhone and iPad Trust: 5.75 Fetched: Oct. 6, 2023, 9:54 a.m., Published: -	Vulnerabilities: heap corruption, buffer overflow, code execution

Affected products

External IDs

vendor:	apple	model:	ipad air
vendor:	apple	model:	iphone
vendor:	apple	model:	ipad

db:

NVD

ids:

CVE-2023-42824, CVE-2023-5217

CVE-2023-20101: A Critical Security Vulnerability in Cisco Emergency Responder Trust: 3.75 Fetched: Oct. 6, 2023, 9:52 a.m., Published: May 6, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	emergency responder software
vendor:	cisco	model:	emergency responder
vendor:	cisco	model:	cisco emergency responder
vendor:	cisco	model:	cisco emergency responder software

db:

NVD

ids:

CVE-2023-20101

VARIoT news about IoT security