Sign-up

VARIoT news about IoT security

Critical Bluetooth security flaw discovered in Google, Apple and Linux devices - SiliconANGLE

Trust: 5.5

Fetched: Dec. 10, 2023, 9:29 a.m., Published: Dec. 8, 2023, 12:10 a.m.
 Vulnerabilities: code execution, authentication bypass
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: macos
vendor: google model: pixel
vendor: google model: android
vendor: canonical model: ubuntu
db: NVD ids: CVE-2023-45866

12 Best IP Scanner Tools for Network Management

Trust: 3.75

Fetched: Dec. 10, 2023, 9:29 a.m., Published: March 1, 2018, 11:23 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: delegate model: delegate

Critical Bluetooth flaw could take over Android, Apple, Linux devices | SC Media

Trust: 5.0

Fetched: Dec. 10, 2023, 9:26 a.m., Published: Dec. 7, 2023, 7:57 p.m.
 Vulnerabilities: code execution, authentication bypass
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2023-45866

Android Security Bulletin-December 2023 | Android Open Source Project

Related entries in the VARIoT vulnerabilities database: VAR-202312-2276, VAR-202312-0897, VAR-202312-1066, VAR-202312-1228, VAR-202312-1728, VAR-202312-1919, VAR-202312-0888

Trust: 4.25

Fetched: Dec. 10, 2023, 9:25 a.m., Published: Dec. 10, 2023, midnight
 Vulnerabilities: denial of service, information disclosure, code execution
Affected productsExternal IDs
vendor: huawei model: huawei
vendor: samsung model: note
vendor: samsung model: notes
vendor: samsung model: mobile
vendor: motorola model: motorola
vendor: motorola model: android
vendor: google model: pixel
vendor: google model: android
db: NVD ids: CVE-2023-4272, CVE-2023-33089, CVE-2023-45777, CVE-2023-40083, CVE-2023-28546, CVE-2023-3889, CVE-2023-21215, CVE-2023-40080, CVE-2023-21227, CVE-2023-28551, CVE-2023-40079, CVE-2023-40076, CVE-2023-21163, CVE-2023-45781, CVE-2023-33106, CVE-2023-40089, CVE-2023-32847, CVE-2023-21403, CVE-2023-40098, CVE-2023-21652, CVE-2022-48454, CVE-2023-21164, CVE-2023-45775, CVE-2023-45776, CVE-2023-21162, CVE-2023-21217, CVE-2023-32851, CVE-2023-21263, CVE-2023-35690, CVE-2023-33080, CVE-2023-40088, CVE-2023-40073, CVE-2022-48456, CVE-2023-21394, CVE-2023-40090, CVE-2023-40087, CVE-2023-28550, CVE-2023-33063, CVE-2023-35668, CVE-2023-28586, CVE-2023-33088, CVE-2022-22076, CVE-2023-33022, CVE-2022-48459, CVE-2023-33097, CVE-2023-40096, CVE-2023-45773, CVE-2023-40097, CVE-2023-21401, CVE-2023-40075, CVE-2023-40094, CVE-2022-40507, CVE-2023-33017, CVE-2023-40074, CVE-2023-28587, CVE-2022-48461, CVE-2023-32818, CVE-2023-21662, CVE-2023-21218, CVE-2023-21267, CVE-2023-45866, CVE-2023-40091, CVE-2023-40092, CVE-2023-33098, CVE-2023-21664, CVE-2023-40081, CVE-2023-40078, CVE-2023-40082, CVE-2022-48457, CVE-2023-45774, CVE-2023-40103, CVE-2023-40084, CVE-2023-28585, CVE-2022-48455, CVE-2023-40095, CVE-2022-48458, CVE-2023-32804, CVE-2023-33018, CVE-2023-33054, CVE-2023-33081, CVE-2023-40077, CVE-2023-21216, CVE-2023-21402, CVE-2023-21166, CVE-2023-33107, CVE-2023-32850, CVE-2023-21228, CVE-2023-32848, CVE-2023-45779

Multiple Vulnerabilities in Sierra AirLink Cellular Routers - NHS Digital

Trust: 5.5

Fetched: Dec. 10, 2023, 9:25 a.m., Published: Dec. 10, 2023, midnight
 Vulnerabilities: denial of service, code execution, cross-site scripting...
Affected productsExternal IDs
vendor: sierra model: aleos
db: NVD ids: CVE-2023-40464, CVE-2023-40461, CVE-2023-41101, CVE-2023-38316, CVE-2023-40463, CVE-2023-40458, CVE-2023-40459, CVE-2023-40460, CVE-2023-40462

Security Advisory for Multiple Vulnerabilities on Multiple Products, PSV-2021-0327 - NETGEAR Support

Related entries in the VARIoT vulnerabilities database: VAR-202203-1668, VAR-202203-1671

Trust: 3.75

Fetched: Dec. 10, 2023, 9:23 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: mesh model: mesh
vendor: netgear model: r7100lg
vendor: netgear model: router
vendor: netgear model: r8000p
vendor: netgear model: r6700v3
vendor: netgear model: rax15
vendor: netgear model: r6400
vendor: netgear model: rax20
vendor: netgear model: orbi
vendor: netgear model: r8000
vendor: netgear model: r7000
vendor: netgear model: rax50
vendor: netgear model: r6400v2
vendor: netgear model: rs400
vendor: netgear model: lax20
vendor: netgear model: r7000p
vendor: netgear model: mr60
vendor: netgear model: r8500
vendor: netgear model: r6900p
vendor: netgear model: rax48
vendor: netgear model: r7900p
vendor: netgear model: r7850
vendor: netgear model: rax45
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2022-27642, CVE-2022-27647

Moxa NPort Device Vulnerabilities (Update A) | CISA

Related entries in the VARIoT vulnerabilities database: VAR-201702-0596, VAR-201702-0594, VAR-201702-0593, VAR-201702-0860, VAR-201702-0597, VAR-201702-0862, VAR-201702-0595, VAR-201702-0851

Trust: 5.25

Fetched: Dec. 10, 2023, 9:22 a.m., Published: March 21, 2017, midnight
 Vulnerabilities: buffer overflow, code execution, cross-site request forgery...
Affected productsExternal IDs
vendor: moxa model: nport 5100a series
vendor: moxa model: nport
vendor: moxa model: nport p5150a
vendor: moxa model: nport 5200a series
vendor: moxa model: nport 5150ai-m12
vendor: moxa model: nport 5600 series
vendor: moxa model: nport 5250ai-m12
vendor: moxa model: nport 5600-8-dt
vendor: moxa model: nport 5200a
vendor: moxa model: nport 5400 series
vendor: moxa model: nport 5100a
vendor: moxa model: nport 5200 series
vendor: moxa model: nport 5110
vendor: moxa model: nport 5600-8-dtl
vendor: moxa model: nport 5600-8-dtl series
vendor: moxa model: nport 5450ai-m12
vendor: moxa model: nport ia5450a
vendor: moxa model: nport 5130
db: NVD ids: CVE-2016-9369, CVE-2016-9366, CVE-2016-9365, CVE-2016-9361, CVE-2016-9371, CVE-2016-9363, CVE-2016-9367, CVE-2016-9348

JCP | Free Full-Text | Security Perception of IoT Devices in Smart Homes

Trust: 3.25

Fetched: Dec. 10, 2023, 9:21 a.m., Published: Feb. 14, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: home assistant model: home assistant
vendor: google model: google home
vendor: google model: home

Top Vulnerabilities Exploited in VPNs in 2020 - SOCRadar® Cyber Intelligence Inc.

Related entries in the VARIoT vulnerabilities database: VAR-201905-0764, VAR-202006-1087, VAR-201912-0830, VAR-202007-0403, VAR-202010-1187, VAR-201906-0815, VAR-201912-0828, VAR-201906-0818, VAR-201912-0829

Trust: 5.5

Fetched: Dec. 10, 2023, 9:19 a.m., Published: Dec. 13, 2020, 1:15 p.m.
 Vulnerabilities: memory corruption, directory traversal, session hijacking...
Affected productsExternal IDs
vendor: cisco systems model: series routers
vendor: cisco systems model: ios xe software
vendor: cisco systems model: catalyst 9800
vendor: cisco systems model: sd-wan
vendor: cisco systems model: catalyst
vendor: cisco systems model: router
vendor: cisco systems model: vpn client
vendor: cisco systems model: ios xe
vendor: cisco systems model: cisco ios xe
vendor: cisco systems model: netscaler gateway
vendor: cisco systems model: integrated services routers
vendor: cisco systems model: series
vendor: cisco systems model: series integrated services routers
vendor: cisco systems model: access points
vendor: cisco systems model: routers
vendor: cisco systems model: cisco ios
vendor: citrix model: sd-wan
vendor: citrix model: secure gateway
vendor: citrix model: netscaler gateway
vendor: citrix model: hypervisor
vendor: citrix model: gateway
vendor: citrix model: xenserver
vendor: citrix model: application delivery controller
vendor: citrix model: sd-wan wanop
vendor: citrix model: netscaler adc
vendor: citrix model: netscaler
vendor: cisco model: series routers
vendor: cisco model: ios xe software
vendor: cisco model: catalyst 9800
vendor: cisco model: sd-wan
vendor: cisco model: catalyst
vendor: cisco model: router
vendor: cisco model: vpn client
vendor: cisco model: ios xe
vendor: cisco model: cisco ios xe
vendor: cisco model: netscaler gateway
vendor: cisco model: integrated services routers
vendor: cisco model: series
vendor: cisco model: series integrated services routers
vendor: cisco model: access points
vendor: cisco model: routers
vendor: cisco model: cisco ios
vendor: palo model: palo alto networks globalprotect
vendor: palo model: networks globalprotect
vendor: palo model: ssl vpn
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo model: pan-os
vendor: goahead model: webserver
vendor: pulse secure model: pulse policy secure
vendor: pulse secure model: connect secure
vendor: pulse secure model: pulse connect secure
vendor: pulse secure model: policy secure
vendor: moxa model: edr-g903 series
vendor: moxa model: edr-g903
vendor: sonicwall model: sonicos
vendor: sonicwall model: remote access
vendor: sonicwall model: sonicosv
vendor: sonicwall model: sma100
vendor: sonicwall model: ssl vpn
vendor: pulse model: secure pulse policy secure
vendor: palo alto networks model: palo alto networks globalprotect
vendor: palo alto networks model: networks globalprotect
vendor: palo alto networks model: ssl vpn
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: pan-os
db: NVD ids: CVE-2018-13383, CVE-2020-3220, CVE-2019-7483, CVE-2020-14511, CVE-2020-5135, CVE-2018-13379, CVE-2019-7481, CVE-2019-19781, CVE-2019-11539, CVE-2018-13382, CVE-2020-2050, CVE-2019-7482, CVE-2020-2005, CVE-2019-11510, CVE-2019-1579

The top 5 most routinely exploited vulnerabilities of 2021

Related entries in the VARIoT vulnerabilities database: VAR-202112-0562, VAR-202112-0566

Trust: 5.5

Fetched: Dec. 10, 2023, 9:19 a.m., Published: April 28, 2022, 5 p.m.
 Vulnerabilities: feature bypass, authentication bypass, code execution...
Affected productsExternal IDs
vendor: zoho model: manageengine adselfservice plus
db: NVD ids: CVE-2021-26084, CVE-2021-26858, CVE-2021-45046, CVE-2021-40539, CVE-2021-34473, CVE-2021-26857, CVE-2021-27065, CVE-2021-26855, CVE-2021-31207, CVE-2021-34523, CVE-2021-44228, CVE-2021-2685

St. Jude Medical finally patches vulnerable medical IoT devices | TechTarget

Trust: 3.75

Fetched: Dec. 10, 2023, 9:18 a.m., Published: Jan. 13, 2017, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: home
db: NVD ids: CVE-2016-7201, CVE-2016-7200

CVE-2022-41099 - Security Update Guide - Microsoft - BitLocker Security Feature Bypass Vulnerability

Trust: 3.25

Fetched: Dec. 10, 2023, 9:17 a.m., Published: -
 Vulnerabilities: security feature bypass, feature bypass
Affected productsExternal IDs
db: NVD ids: CVE-2022-41099

Solutions - Cisco SAFE Overview Guide - Cisco

Trust: 3.25

Fetched: Dec. 10, 2023, 9:15 a.m., Published: Oct. 9, 2023, 10:27 a.m.
 Vulnerabilities: denial of service, privilege escalation
Affected productsExternal IDs
vendor: cisco model: intrusion prevention system
vendor: cisco model: firepower
vendor: cisco model: catalyst
vendor: cisco model: router
vendor: cisco model: meraki mx
vendor: cisco model: umbrella
vendor: cisco model: wireless lan controller
vendor: cisco model: nexus
vendor: cisco model: vpn concentrator
vendor: cisco model: identity services engine
vendor: cisco model: routers
vendor: cisco model: wireless controller

Nearly Every Windows and Linux Device Vulnerable To New LogoFAIL Firmware Attack - Slashdot

Trust: 4.75

Fetched: Dec. 10, 2023, 9:14 a.m., Published: Dec. 30, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: lenovo model: updates
vendor: lenovo model: system
vendor: lenovo model: bios
vendor: dell model: bios
db: NVD ids: CVE-2023-39539, CVE-2023-39538, CVE-2023-5058, CVE-2023-40238

Pixel Update Bulletin-December 2023 | Android Open Source Project

Trust: 4.25

Fetched: Dec. 10, 2023, 9:10 a.m., Published: Dec. 10, 2023, midnight
 Vulnerabilities: denial of service, information disclosure, code execution
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
db: NVD ids: CVE-2023-48405, CVE-2023-48422, CVE-2023-22383, CVE-2023-33041, CVE-2023-48403, CVE-2023-48398, CVE-2023-48401, CVE-2023-48399, CVE-2023-48411, CVE-2023-41111, CVE-2023-48410, CVE-2023-28580, CVE-2023-48420, CVE-2023-48407, CVE-2023-48408, CVE-2023-48415, CVE-2023-33024, CVE-2023-28575, CVE-2023-48413, CVE-2023-48423, CVE-2023-48402, CVE-2023-48409, CVE-2023-48416, CVE-2023-48421, CVE-2023-48397, CVE-2023-48406, CVE-2023-28579, CVE-2023-21634, CVE-2023-48414, CVE-2023-48412, CVE-2023-22668, CVE-2023-37366, CVE-2023-48404

Bluetooth vulnerability affects Android, Apple and Linux devices - Techzine Europe

Trust: 3.75

Fetched: Dec. 10, 2023, 9:08 a.m., Published: Dec. 8, 2023, 1:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: macos
vendor: google model: android
vendor: canonical model: ubuntu
db: NVD ids: CVE-2023-45866

Apple and some Linux distros are open to Bluetooth attack • The Register

Trust: 5.75

Fetched: Dec. 10, 2023, 9:06 a.m., Published: -
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: apple model: macos
vendor: google model: pixel
vendor: google model: android
vendor: canonical model: ubuntu
db: NVD ids: CVE-2023-45866

Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs

Trust: 4.75

Fetched: Dec. 8, 2023, 9:50 a.m., Published: Dec. 5, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: samsung model: note
vendor: samsung model: flow
vendor: lenovo model: system
vendor: lenovo model: bios firmware
vendor: lenovo model: bios
vendor: lenovo model: updates
db: NVD ids: CVE-2023-39539, CVE-2023-40238, CVE-2023-39538, CVE-2023-5058

The Windows November 2023 security updates are now available - gHacks Tech News

Trust: 4.0

Fetched: Dec. 8, 2023, 9:48 a.m., Published: Nov. 14, 2023, 6:44 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-36397, CVE-2023-36400

CVE-2023-45866 - vulnerability database | Vulners.com

Trust: 4.25

Fetched: Dec. 8, 2023, 9:48 a.m., Published: Dec. 7, 2023, 12:35 p.m.
 Vulnerabilities: authentication bypass, code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: google model: android
db: NVD ids: CVE-2020-0556, CVE-2023-45866