VARIoT latest news about IoT security

Morphisec Fortifies Capabilities with Next-gen Risk-Based Vulnerability Prioritization Trust: 4.5 Fetched: Dec. 26, 2023, 9:26 a.m., Published: Dec. 12, 2023, midnight	Vulnerabilities: code injection

Affected products

External IDs

vendor:	google	model:	google chrome
vendor:	google	model:	chrome

db:

NVD

ids:

CVE-2023-4863

Ubiquiti fixes massive bug that allowed users to view others' security cameras \| TechSpot Trust: 3.25 Fetched: Dec. 26, 2023, 9:24 a.m., Published: Dec. 26, 4070, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

ubiquiti

model:

unifi

The potential cyber security risks of smart devices \| TechRadar Trust: 3.25 Fetched: Dec. 26, 2023, 9:22 a.m., Published: Dec. 25, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	blackberry	model:	blackberry
vendor:	blackberry	model:	link
vendor:	apple	model:	watch
vendor:	essential	model:	phone
vendor:	tp-link	model:	routers
vendor:	tp-link	model:	gateway
vendor:	google	model:	google home
vendor:	google	model:	wifi
vendor:	google	model:	home
vendor:	google	model:	android

UPnP flaw exposes millions of network devices to attacks over the Internet \| Ars Technica Related entries in the VARIoT vulnerabilities database: VAR-202006-0391 Trust: 4.5 Fetched: Dec. 26, 2023, 9:21 a.m., Published: June 11, 2020, 10:30 a.m.	Vulnerabilities: request forgery, denial of service

Affected products

External IDs

vendor:	asus	model:	asus
vendor:	asus	model:	routers
vendor:	asus	model:	router
vendor:	zyxel	model:	vmg8324-b10a
vendor:	huawei	model:	huawei
vendor:	huawei	model:	hg255s
vendor:	broadcom	model:	adsl
vendor:	broadcom	model:	linux
vendor:	tp-link	model:	routers
vendor:	cisco	model:	routers
vendor:	cisco	model:	router
vendor:	cisco	model:	series
vendor:	samsung	model:	printer
vendor:	samsung	model:	printers
vendor:	samsung	model:	tv
vendor:	d-link	model:	router

db:

NVD

ids:

CVE-2020-12695

Apple releases urgent security fix for iPhone and Mac devices \| TechRadar Related entries in the VARIoT vulnerabilities database: VAR-202202-0109, VAR-202201-0561, VAR-202201-0554 Trust: 3.75 Fetched: Dec. 26, 2023, 9:09 a.m., Published: Feb. 11, 2022, 1:35 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	mac os
vendor:	apple	model:	ipad
vendor:	apple	model:	iphone
vendor:	apple	model:	macos
vendor:	apple	model:	ipod touch
vendor:	apple	model:	ipad air

db:

NVD

ids:

CVE-2022-22620, CVE-2022-22587, CVE-2022-22594

Assessing the Security of Wireless Communication in Solar Energy Trust: 3.75 Fetched: Dec. 24, 2023, 10:25 a.m., Published: Dec. 4, 2023, midnight	Vulnerabilities: denial of service

Affected products	External IDs

Kyocera Device Manager CVE-2023-50196 Vulnerability Solution Update \| Kyocera Document Solutions America Trust: 4.75 Fetched: Dec. 24, 2023, 10:24 a.m., Published: Dec. 24, 2050, midnight	Vulnerabilities: information leakage, traversal attack, path traversal

Affected products

External IDs

db:

NVD

ids:

CVE-2023-50916, CVE-2023-50196

Bug or Feature? Hidden Web Application Vulnerabilities Uncovered Trust: 4.5 Fetched: Dec. 24, 2023, 10:17 a.m., Published: Dec. 15, 2023, 11:08 a.m.	Vulnerabilities: sql injection, injection attack, privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2019-0211

Samsung Cyber Attack: 5 Safety Tips for Samsung Users Facing High Cyber Attack Risks \| Cybersecurity News, Times Now Trust: 3.0 Fetched: Dec. 24, 2023, 10:16 a.m., Published: Dec. 5, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	samsung	model:	galaxy
vendor:	samsung	model:	samsung galaxy

Phosphorus' CPS Protection Platform Matches CISA Mitigation Guidance for Misconfiguration Risks Trust: 4.75 Fetched: Dec. 24, 2023, 10:01 a.m., Published: Dec. 7, 2023, 1 p.m.	Vulnerabilities: default credentials

Affected products

External IDs

vendor:

trend

model:

security

CVE-2023-46156 - vulnerability database \| Vulners.com Related entries in the VARIoT vulnerabilities database: VAR-202312-0259 Trust: 4.25 Fetched: Dec. 24, 2023, 9:55 a.m., Published: Dec. 12, 2023, 12:15 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

db:

NVD

ids:

CVE-2023-46156

Ivanti Patches 13 Critical Security Flaws in Avalanche Enterprise Mobile Device Management Solution - VULNERA Trust: 5.5 Fetched: Dec. 24, 2023, 9:54 a.m., Published: Dec. 20, 2023, 6:03 p.m.	Vulnerabilities: denial of service, code execution, memory corruption...

Affected products

External IDs

vendor:	trend micro	model:	security
vendor:	trend	model:	security

db:

NVD

ids:

CVE-2023-32560, CVE-2023-35081, CVE-2023-35078

What Is Spoofing & How to Prevent Spoofing Attacks in 2023? Trust: 4.5 Fetched: Dec. 24, 2023, 9:48 a.m., Published: Sept. 25, 2021, 9:29 a.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	avira	model:	antivirus
vendor:	google	model:	home
vendor:	google	model:	android
vendor:	google	model:	chrome

KB5033372 for Windows 10 version 21H2 and 22H2 Trust: 5.0 Fetched: Dec. 24, 2023, 9:47 a.m., Published: Dec. 19, 2023, 5:40 p.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2023-205885, CVE-2023-356418, CVE-2023-356288, CVE-2023-356308, CVE-2023-20588

Devices (and ransomware) are everywhere: How endpoint security must adapt \| SC Media Trust: 4.75 Fetched: Dec. 24, 2023, 9:47 a.m., Published: Nov. 30, 2023, 6 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	sophos	model:	firewall
vendor:	sophos	model:	endpoint protection
vendor:	rising	model:	antivirus

OWASP Mobile Top 10 2023 Vulnerabilities \| Indusface Blog Trust: 3.5 Fetched: Dec. 24, 2023, 9:45 a.m., Published: Dec. 7, 2023, 12:03 p.m.	Vulnerabilities: sql injection, cross-site scripting, command injection

Affected products

External IDs

vendor:

essential

model:

phone

Ivanti Urges Customers to Patch 13 Critical Vulnerabilities - Infosecurity Magazine Trust: 3.75 Fetched: Dec. 24, 2023, 9:44 a.m., Published: Dec. 21, 2023, 10:30 a.m.	Vulnerabilities: buffer overflow, code execution, memory corruption

Affected products

External IDs

db:

NVD

ids:

CVE-2023-35081, CVE-2023-35078

iOS 17.2.1 is live - why you should install this surprise iPhone update right now \| Tom's Guide Trust: 3.75 Fetched: Dec. 24, 2023, 9:43 a.m., Published: Dec. 20, 2023, 5:31 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	ipad
vendor:	apple	model:	macos
vendor:	apple	model:	iphone

db:

NVD

ids:

CVE-2023-42940

HIGH: Open IPP Report \| The Shadowserver Foundation Trust: 3.0 Fetched: Dec. 24, 2023, 9:43 a.m., Published: Dec. 12, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

cups

model:

cups

Intel Management Engine Flaws Leave Millions of PCs Exposed \| WIRED Trust: 3.75 Fetched: Dec. 24, 2023, 9:41 a.m., Published: Nov. 21, 2017, 4:10 a.m.	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:	lenovo	model:	updates
vendor:	lenovo	model:	system

VARIoT news about IoT security