Sign-up

VARIoT news about IoT security

About the security content of iOS 17.1.2 and iPadOS 17.1.2 - Apple Support

Trust: 5.5

Fetched: Dec. 5, 2023, 9:18 a.m., Published: Jan. 17, 2002, midnight
 Vulnerabilities: code execution, memory corruption
Affected productsExternal IDs
vendor: apple model: ipad air
vendor: apple model: iphone
vendor: apple model: ipad
vendor: apple model: webkit
db: NVD ids: CVE-2023-42916, CVE-2023-42917

LogoFAIL: UEFI Vulnerabilities Expose Devices to Stealth Malware Attacks

Trust: 3.75

Fetched: Dec. 5, 2023, 9:17 a.m., Published: Dec. 4, 2023, 6:53 a.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: lenovo model: bios
vendor: lenovo model: system

Software Fix Availability for Cisco IOS XE Software Web UI Privilege Escalation Vulnerability - CVE-2023-20198 - Cisco

Trust: 4.75

Fetched: Dec. 5, 2023, 9:13 a.m., Published: Nov. 19, 2023, 7:01 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: cisco model: ios xe software
vendor: cisco model: cisco ios xe
vendor: cisco model: cisco ios
vendor: cisco model: catalyst
vendor: cisco model: router
vendor: cisco model: ios xe
vendor: cisco model: series switch
vendor: cisco model: catalyst 9800
vendor: cisco model: series
db: NVD ids: CVE-2023-20198

CVE-2023-6345 in Chrome, Edge, ChromeOS, and Android | Lookout Threat Intelligence

Trust: 3.75

Fetched: Dec. 5, 2023, 9:04 a.m., Published: Dec. 4, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: android
vendor: google model: google chrome
db: NVD ids: CVE-2023-6345

Apple's iPhone, iPad, and Mac Devices Get Security Patches for Critical Vulnerabilities | US Newsper

Trust: 3.0

Fetched: Dec. 3, 2023, 10:08 a.m., Published: Dec. 1, 2023, 12:44 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: iphone

CISA Directs Urgent Patching for Exploited Juniper Networking Device Vulnerabilities - Cyber Security News

Trust: 4.0

Fetched: Dec. 3, 2023, 10:08 a.m., Published: Dec. 3, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-47246, CVE-2023-36851, CVE-2023-36845, CVE-2023-36847, CVE-2023-36844

Google Chrome Zero-Day Vulnerability (CVE-2023-6345): Patch Your Browser Now

Trust: 5.75

Fetched: Dec. 3, 2023, 10:07 a.m., Published: Nov. 28, 2023, midnight
 Vulnerabilities: use after free, integer overflow
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome
db: NVD ids: CVE-2023-6346, CVE-2023-6345, CVE-2023-6351, CVE-2023-6348, CVE-2023-6350, CVE-2023-6347

November 14, 2023-KB5032339 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2 - Microsoft Support

Trust: 3.0

Fetched: Dec. 3, 2023, 10:04 a.m., Published: Nov. 14, 2023, midnight
 Vulnerabilities: feature bypass, security feature bypass
Affected productsExternal IDs
db: NVD ids: CVE-2023-36049, CVE-2023-36560

Apple Addresses Exploited Zero-Day Vulnerabilities with Emergency Security Update: CVE-2023-42916, CVE-2023-42917

Trust: 5.75

Fetched: Dec. 3, 2023, 10:02 a.m., Published: Dec. 1, 2023, 9:48 a.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: webkit
vendor: apple model: ipad
vendor: apple model: ipad air
db: NVD ids: CVE-2023-42917, CVE-2023-42916

Remote Credential Guard - Windows Security | Microsoft Learn

Trust: 3.0

Fetched: Dec. 3, 2023, 10:01 a.m., Published: Nov. 17, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: delegate model: delegate

Apple Patch Fixes Two Zero Day Vulnerabilities In Emergency Updates CVE-2023-42916 CVE-2023-42917 HTMD Blog

Trust: 4.25

Fetched: Dec. 3, 2023, 10 a.m., Published: Dec. 1, 2023, 7:29 a.m.
 Vulnerabilities: memory corruption, code execution
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: webkit
vendor: apple model: safari
vendor: apple model: macos
vendor: apple model: ipad air
vendor: apple model: ipad
db: NVD ids: CVE-2023-42917, CVE-2023-42916

Apple devices vulnerable to new Bluetooth security hole attack | Macworld

Trust: 3.75

Fetched: Dec. 3, 2023, 9:59 a.m., Published: Dec. 1, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: ipad
db: NVD ids: CVE-2023-24023

PSA: You should update your iPhone, iPad, or Mac now | TechSpot

Trust: 5.5

Fetched: Dec. 3, 2023, 9:58 a.m., Published: Dec. 3, 4070, midnight
 Vulnerabilities: memory corruption, code execution, integer overflow
Affected productsExternal IDs
vendor: google model: chrome
vendor: apple model: iphone
vendor: apple model: webkit
vendor: apple model: safari
vendor: apple model: macos
vendor: apple model: ipad air
vendor: apple model: ipad
db: NVD ids: CVE-2023-42917, CVE-2023-6350, CVE-2023-42916

System BIOS w wersji R5 do komputerów Alienware m15 | Szczegóły sterownika | Dell Polska

Trust: 3.25

Fetched: Dec. 3, 2023, 9:56 a.m., Published: Dec. 10, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: bios

Vulnerabilities in Adobe Acrobat, Microsoft Excel could lead to arbitrary code execution

Trust: 5.5

Fetched: Dec. 3, 2023, 9:56 a.m., Published: Nov. 22, 2023, 5 p.m.
 Vulnerabilities: memory corruption, code execution, heap corruption
Affected productsExternal IDs
vendor: snort.org model: snort
vendor: snort model: snort
db: NVD ids: CVE-2023-36041, CVE-2023-44372, CVE-2023-44336, CVE-2023-28379, CVE-2023-28391, CVE-2023-31247, CVE-2023-27882, CVE-2023-25181, CVE-2023-24585

CISA reveals how LockBit hacked Boeing via Citrix Bleed | Computer Weekly

Trust: 5.75

Fetched: Dec. 3, 2023, 9:53 a.m., Published: Nov. 22, 2023, midnight
 Vulnerabilities: session hijacking
Affected productsExternal IDs
vendor: citrix model: netscaler gateway
vendor: citrix model: gateway
vendor: citrix model: netscaler
db: NVD ids: CVE-2023-4966

Synology Camera Critical Vulnerabilities Patched: Upgrade Immediately

Trust: 4.25

Fetched: Dec. 3, 2023, 9:52 a.m., Published: Nov. 21, 2023, midnight
 Vulnerabilities: default administrator password
Affected productsExternal IDs

S’pore Authorities Urge Apple Users to Update Their Software Immediately Due to Latest Vulnerabilities - Goody Feed

Trust: 3.5

Fetched: Dec. 3, 2023, 9:52 a.m., Published: Dec. 2, 2023, 8:09 a.m.
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
vendor: samsung model: notes
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: ipad air
vendor: apple model: watchos
vendor: apple model: watch
vendor: apple model: ipad

CISA, FBI warn of LockBit attacks on Citrix Bleed | TechTarget

Trust: 3.5

Fetched: Dec. 3, 2023, 9:51 a.m., Published: Nov. 21, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
vendor: citrix model: netscaler adc
vendor: citrix model: netscaler gateway
vendor: citrix model: gateway
vendor: citrix model: netscaler
db: NVD ids: CVE-2023-4966

Heart failure patients monitoring using IoT-based remote monitoring system | Scientific Reports

Trust: 3.5

Fetched: Dec. 3, 2023, 9:48 a.m., Published: Nov. 6, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: home
vendor: google model: android
vendor: google model: wifi
vendor: samsung model: mobile