VARIoT latest news about IoT security

Frequently Asked Questions for CitrixBleed (CVE-2023-4966) - Blog \| Tenable® Trust: 4.5 Fetched: Nov. 24, 2023, 9:14 a.m., Published: Nov. 20, 2023, 6:09 p.m.	Vulnerabilities: information disclosure, denial of service

Affected products

External IDs

vendor:	citrix	model:	gateway
vendor:	citrix	model:	netscaler adc
vendor:	citrix	model:	netscaler gateway
vendor:	citrix	model:	netscaler

db:

NVD

ids:

CVE-2023-4966, CVE-2023-49666, CVE-2023-4967

EZVIZ - Creating Easy Smart Homes Trust: 4.75 Fetched: Nov. 24, 2023, 9:14 a.m., Published: Nov. 10, 2023, midnight	Vulnerabilities: authentication bypass

Affected products

External IDs

db:

NVD

ids:

CVE-2023-48121

11 Best Web Security Scanners - 2024 Trust: 3.5 Fetched: Nov. 24, 2023, 9:12 a.m., Published: Nov. 16, 2023, 4:01 a.m.	Vulnerabilities: cross-site scripting, command injection, sql injection...

Affected products	External IDs

5 Biggest IoT Security Issues of 2020 \| Analytics Steps Trust: 3.75 Fetched: Nov. 24, 2023, 9:12 a.m., Published: Nov. 5, 2023, midnight	Vulnerabilities: information leak

Affected products	External IDs

7 Apple Security Breaches, Hacks, and Flaws You Didn't Know About Related entries in the VARIoT vulnerabilities database: VAR-202302-2044, VAR-202208-1294, VAR-202302-2240, VAR-202302-2045 Trust: 5.25 Fetched: Nov. 24, 2023, 9:07 a.m., Published: Nov. 23, 2023, 2 p.m.	Vulnerabilities: code execution, buffer overflow

Affected products

External IDs

vendor:	apple	model:	watch
vendor:	apple	model:	macos
vendor:	apple	model:	iphone
vendor:	apple	model:	ipad
vendor:	apple	model:	webkit

db:

NVD

ids:

CVE-2023-41061, CVE-2023-23520, CVE-2022-32894, CVE-2023-23531, CVE-2023-23530, CVE-2023-41064

hackebds · PyPI Related entries in the VARIoT vulnerabilities database: VAR-201912-1012 Trust: 3.0 Fetched: Nov. 24, 2023, 9:05 a.m., Published: May 24, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2019-17621

Microsoft’s Windows Hello fingerprint authentication has been bypassed - The Verge Trust: 3.75 Fetched: Nov. 24, 2023, 9:04 a.m., Published: Nov. 22, 2023, 12:03 p.m.	Vulnerabilities: authentication bypass, memory corruption

Affected products

External IDs

vendor:

lenovo

model:

thinkpad

Thousands of routers and cameras vulnerable to new 0-day attacks by hostile botnet \| Ars Technica Trust: 3.5 Fetched: Nov. 24, 2023, 9:04 a.m., Published: Nov. 22, 2023, 7:35 p.m.	Vulnerabilities: command injection, code execution

Affected products

External IDs

vendor:

snort

model:

snort

Get vulnerability by ID \| Microsoft Learn Trust: 3.0 Fetched: Nov. 22, 2023, 9:56 a.m., Published: Dec. 18, 2020, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2019-0608

CVE-2023-46604 (Apache ActiveMQ) Vulnerability Exploited to Infect Systems With Cryptominers and Rootkits Trust: 4.75 Fetched: Nov. 22, 2023, 9:56 a.m., Published: Nov. 20, 2023, midnight	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2023-4911, CVE-2023-46604

Fuji Electric Tellus Lite V-Simulator \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202311-1678, VAR-202311-1677, VAR-202311-1679 Trust: 5.5 Fetched: Nov. 22, 2023, 9:51 a.m., Published: Nov. 1, 2023, midnight	Vulnerabilities: code execution, buffer overflow, improper access control

Affected products

External IDs

vendor:	trend	model:	security
vendor:	trend micro	model:	security
vendor:	fuji	model:	v-simulator
vendor:	fuji	model:	tellus lite v-simulator
vendor:	fuji electric	model:	v-simulator
vendor:	fuji electric	model:	tellus lite v-simulator

db:

NVD

ids:

CVE-2023-35127, CVE-2023-5299, CVE-2023-40152

Mitsubishi Electric CNC Series (Update C) - vulnerability database \| Vulners.com Trust: 4.5 Fetched: Nov. 22, 2023, 9:50 a.m., Published: Nov. 21, 2023, noon	Vulnerabilities: buffer overflow, denial of service

Affected products

External IDs

db:

NVD

ids:

CVE-2023-33460, CVE-2022-2479, CVE-2022-24795, CVE-2023-3346, CVE-2017-16516

Configuring a malware scan on Android devices Trust: 3.0 Fetched: Nov. 22, 2023, 9:43 a.m., Published: April 22, 2019, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

android

Smart TVs, Refrigerators Used in Internet-of-Things Cyberattack Trust: 3.5 Fetched: Nov. 22, 2023, 9:41 a.m., Published: Sept. 17, 2023, 2:59 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	trend	model:	security
vendor:	google	model:	home

8 Key IoT Security Challenges and Proven Solutions from the Field Trust: 5.25 Fetched: Nov. 22, 2023, 9:38 a.m., Published: Nov. 3, 2023, midnight	Vulnerabilities: denial of service, default credentials

Affected products

External IDs

vendor:	google	model:	home
vendor:	essential	model:	phone

Protecting Kaspersky Endpoint Security for Android against removal Trust: 3.25 Fetched: Nov. 22, 2023, 9:35 a.m., Published: April 22, 2019, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

samsung

model:

mobile

Controlling user access to the features of iOS devices Trust: 3.25 Fetched: Nov. 22, 2023, 9:31 a.m., Published: April 22, 2019, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

icloud

Vulnerability Summary for the Week of October 9, 2023 \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202310-1918, VAR-202310-1699, VAR-202310-2320, VAR-202310-2590, VAR-202310-2079, VAR-202310-0438, VAR-202310-2290, VAR-202310-2564, VAR-202310-2081, VAR-202310-2114, VAR-202310-0178, VAR-202310-2393, VAR-202310-2391, VAR-202310-0764 Trust: 4.25 Fetched: Nov. 22, 2023, 9:19 a.m., Published: Oct. 9, 2023, midnight	Vulnerabilities: information exposure, denial of service, privilege escalation...

Affected products

External IDs

vendor:	nodejs	model:	node.js
vendor:	broadcom	model:	linux
vendor:	zebra technologies	model:	zt410
vendor:	zebra technologies	model:	ztc zt410-203dpi zpl
vendor:	rockwell	model:	automation panelview
vendor:	rockwell	model:	factorytalk
vendor:	rockwell	model:	factorytalk linx
vendor:	rockwell	model:	automation panelview plus
vendor:	rockwell	model:	factorytalk_linx
vendor:	google	model:	android
vendor:	google	model:	wifi
vendor:	node.js	model:	node.js
vendor:	huawei	model:	huawei
vendor:	huawei	model:	nice
vendor:	zebra	model:	zt410
vendor:	zebra	model:	ztc zt410-203dpi zpl
vendor:	xiaomi	model:	browser
vendor:	citrix	model:	netscaler gateway
vendor:	citrix	model:	gateway
vendor:	citrix	model:	netscaler adc
vendor:	citrix	model:	netscaler
vendor:	d-link	model:	router
vendor:	rockwell_automation	model:	automation panelview
vendor:	rockwell_automation	model:	factorytalk
vendor:	rockwell_automation	model:	factorytalk linx
vendor:	rockwell_automation	model:	automation panelview plus
vendor:	rockwell_automation	model:	factorytalk_linx
vendor:	zabbix	model:	zabbix
vendor:	igor	model:	nginx
vendor:	rockwell automation	model:	automation panelview
vendor:	rockwell automation	model:	factorytalk
vendor:	rockwell automation	model:	factorytalk linx
vendor:	rockwell automation	model:	automation panelview plus
vendor:	rockwell automation	model:	factorytalk_linx
vendor:	netapp	model:	snapcenter server
vendor:	netapp	model:	snapcenter

db:

NVD

ids:

CVE-2023-44392, CVE-2023-5579, CVE-2023-26319, CVE-2023-5449, CVE-2023-35660, CVE-2023-44103, CVE-2023-42663, CVE-2022-43740, CVE-2023-40833, CVE-2023-36841, CVE-2023-44178, CVE-2023-32976, CVE-2023-29464, CVE-2023-32974, CVE-2023-36478, CVE-2023-40682, CVE-2023-5557, CVE-2023-26220, CVE-2023-27516, CVE-2023-44186, CVE-2023-41261, CVE-2023-43896, CVE-2023-33303, CVE-2023-44100, CVE-2023-1943, CVE-2023-37538, CVE-2023-45267, CVE-2023-43661, CVE-2023-23632, CVE-2023-4966, CVE-2023-44188, CVE-2023-45176, CVE-2023-31096, CVE-2023-27315, CVE-2023-30801, CVE-2023-32634, CVE-2023-4257, CVE-2023-34356, CVE-2023-45106, CVE-2023-5582, CVE-2023-27313, CVE-2023-5535, CVE-2023-45648, CVE-2023-45011, CVE-2023-44111, CVE-2023-45396, CVE-2023-27395, CVE-2023-45108, CVE-2023-44399, CVE-2023-42752, CVE-2023-45467, CVE-2023-44094, CVE-2020-27213, CVE-2023-41263, CVE-2023-45391, CVE-2023-45863, CVE-2023-43148, CVE-2023-5459, CVE-2023-45862, CVE-2023-39999, CVE-2022-32755, CVE-2023-45068, CVE-2023-26320, CVE-2022-43868, CVE-2023-44177, CVE-2022-44758, CVE-2023-44203, CVE-2023-41262, CVE-2023-45109, CVE-2023-44198, CVE-2023-22325, CVE-2023-45142, CVE-2023-45052, CVE-2023-44184, CVE-2023-4517, CVE-2023-23737, CVE-2023-28381, CVE-2023-44175, CVE-2023-45466, CVE-2023-44193, CVE-2023-5580, CVE-2023-32275, CVE-2023-45132, CVE-2023-32723, CVE-2023-45393, CVE-2023-41843, CVE-2023-5554, CVE-2023-45129, CVE-2023-4936, CVE-2023-44191, CVE-2023-27380, CVE-2023-44997, CVE-2023-45162, CVE-2023-45194, CVE-2023-5497, CVE-2023-29453, CVE-2023-40367, CVE-2023-32970, CVE-2023-5499, CVE-2023-31192, CVE-2023-44961, CVE-2023-42189, CVE-2023-45855, CVE-2023-36839, CVE-2023-45048, CVE-2023-45103, CVE-2023-44201, CVE-2023-22392, CVE-2023-3781, CVE-2023-30154, CVE-2023-35024, CVE-2023-45270, CVE-2023-27316, CVE-2023-5240, CVE-2023-44689, CVE-2023-44197, CVE-2023-5573, CVE-2023-39960, CVE-2023-45130, CVE-2023-5562, CVE-2023-4263, CVE-2023-42795, CVE-2023-45511, CVE-2023-38000, CVE-2023-5564, CVE-2023-44998, CVE-2023-44962, CVE-2023-45269, CVE-2023-34975, CVE-2022-33161, CVE-2023-5563, CVE-2023-45468, CVE-2023-36843, CVE-2023-22308, CVE-2023-45312, CVE-2023-35193, CVE-2023-45853, CVE-2023-43079, CVE-2023-41680, CVE-2023-44109, CVE-2023-45133, CVE-2023-44204, CVE-2023-44095, CVE-2023-5572, CVE-2023-45674, CVE-2023-28635, CVE-2023-40829, CVE-2023-45208, CVE-2023-41681, CVE-2023-44196, CVE-2023-44199, CVE-2023-5578, CVE-2023-32721, CVE-2023-41304, CVE-2023-44101, CVE-2023-5581, CVE-2022-42451, CVE-2023-44185, CVE-2023-44981, CVE-2023-45268, CVE-2023-5409, CVE-2023-44190, CVE-2023-27312, CVE-2023-44192, CVE-2023-34354, CVE-2023-32124, CVE-2023-45510, CVE-2023-37536, CVE-2023-30148, CVE-2023-44096, CVE-2023-45465, CVE-2022-33165, CVE-2023-45107, CVE-2023-45348, CVE-2023-39325, CVE-2023-43149, CVE-2023-41881, CVE-2023-23581, CVE-2023-44093, CVE-2023-41882, CVE-2023-40142, CVE-2023-42792, CVE-2023-44182, CVE-2023-5463, CVE-2023-45102, CVE-2023-4829, CVE-2023-45143, CVE-2023-25774, CVE-2023-44102, CVE-2023-42298, CVE-2023-4957, CVE-2023-45852, CVE-2023-38817, CVE-2023-44181, CVE-2023-4990, CVE-2023-43789, CVE-2023-40141, CVE-2023-4499, CVE-2023-26318, CVE-2023-32724, CVE-2023-4562, CVE-2023-41682, CVE-2023-4309, CVE-2023-44097, CVE-2023-44194, CVE-2023-5462, CVE-2023-5571, CVE-2023-5556, CVE-2023-44176, CVE-2023-5495, CVE-2023-5555, CVE-2022-44757, CVE-2023-45276, CVE-2023-41131, CVE-2023-44195, CVE-2023-35662, CVE-2023-30994, CVE-2023-35194, CVE-2023-42780, CVE-2023-32722, CVE-2023-43271, CVE-2023-5072, CVE-2023-42138, CVE-2023-27314, CVE-2023-44104, CVE-2023-42477, CVE-2023-34976, CVE-2023-45060, CVE-2023-45058, CVE-2023-35661, CVE-2023-44183, CVE-2023-44189, CVE-2023-43641, CVE-2023-42794, CVE-2023-5496, CVE-2023-45138, CVE-2023-35649, CVE-2023-43147, CVE-2023-44187, CVE-2023-45856, CVE-2023-45063, CVE-2023-44037, CVE-2023-41836, CVE-2023-45464, CVE-2023-32973, CVE-2023-26155, CVE-2023-45463

Vulnerability Summary for the Week of September 18, 2023 \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202309-2445, VAR-202309-2527, VAR-202309-1119, VAR-202309-2116, VAR-202309-2529, VAR-202309-1787, VAR-202309-2195, VAR-202309-0777, VAR-202309-1523, VAR-202309-1767, VAR-202309-1522, VAR-202309-2275, VAR-202309-2381, VAR-202309-2098, VAR-202309-2274, VAR-202309-1784, VAR-202309-2366, VAR-202309-2442, VAR-202309-1870, VAR-202309-1521 Trust: 6.25 Fetched: Nov. 22, 2023, 9:15 a.m., Published: Sept. 18, 2023, midnight	Vulnerabilities: weak password, denial of service, default password...

Affected products

External IDs

vendor:	mitsubishi	model:	coreos
vendor:	windriver	model:	linux
vendor:	windriver	model:	river vxworks
vendor:	windriver	model:	vxworks
vendor:	juplink	model:	rx4-1500
vendor:	apple	model:	macos
vendor:	apple	model:	safari
vendor:	apple	model:	cups
vendor:	trend	model:	security
vendor:	trend	model:	worry-free business security
vendor:	trend	model:	worry-free business security services
vendor:	trend micro	model:	security
vendor:	trend micro	model:	worry-free business security
vendor:	trend micro	model:	worry-free business security services
vendor:	node.js	model:	node.js
vendor:	samsung	model:	samsung mobile
vendor:	samsung	model:	note
vendor:	samsung	model:	notes
vendor:	samsung	model:	mobile
vendor:	samsung	model:	exynos
vendor:	mitsubishi electric corporation	model:	coreos
vendor:	coreos	model:	linux
vendor:	nozomi	model:	guardian
vendor:	nozomi	model:	networks guardian
vendor:	d-link	model:	dir-823g
vendor:	d-link	model:	router
vendor:	d-link	model:	dir-816
vendor:	d-link	model:	dir-806
vendor:	d-link	model:	dir-816 a2
vendor:	tp-link	model:	tl-er5120g
vendor:	tp-link	model:	er5120g
vendor:	netatalk	model:	netatalk
vendor:	tplink	model:	tl-er5120g
vendor:	tplink	model:	er5120g
vendor:	trendmicro	model:	security
vendor:	trendmicro	model:	worry-free business security
vendor:	trendmicro	model:	worry-free business security services
vendor:	mitsubishi_electric	model:	coreos
vendor:	nagios	model:	nagios xi
vendor:	mitsubishi electric	model:	coreos
vendor:	cups	model:	cups
vendor:	tenda	model:	router

db:

NVD

ids:

CVE-2023-42821, CVE-2023-31012, CVE-2019-19450, CVE-2023-43128, CVE-2023-42451, CVE-2023-43134, CVE-2023-43144, CVE-2023-26143, CVE-2023-43766, CVE-2023-43238, CVE-2023-25529, CVE-2023-37410, CVE-2023-32186, CVE-2023-38356, CVE-2023-23364, CVE-2023-4236, CVE-2023-34195, CVE-2023-43115, CVE-2023-43130, CVE-2023-40989, CVE-2023-43373, CVE-2023-40018, CVE-2023-43633, CVE-2023-41374, CVE-2023-43470, CVE-2022-4039, CVE-2023-42807, CVE-2023-32182, CVE-2023-42526, CVE-2023-36109, CVE-2023-43241, CVE-2023-43371, CVE-2023-43477, CVE-2023-4088, CVE-2023-43201, CVE-2023-43478, CVE-2023-43204, CVE-2023-43765, CVE-2023-2163, CVE-2023-42464, CVE-2023-43635, CVE-2023-39677, CVE-2023-43137, CVE-2022-3874, CVE-2023-32184, CVE-2023-43620, CVE-2023-41993, CVE-2023-41179, CVE-2023-25525, CVE-2023-38039, CVE-2023-38507, CVE-2023-42810, CVE-2023-31009, CVE-2023-34575, CVE-2023-5009, CVE-2023-37279, CVE-2023-43375, CVE-2023-42321, CVE-2023-34577, CVE-2023-42798, CVE-2023-43783, CVE-2023-31015, CVE-2023-43138, CVE-2023-43764, CVE-2023-43236, CVE-2023-41375, CVE-2023-43468, CVE-2023-40934, CVE-2023-42387, CVE-2023-42328, CVE-2023-43497, CVE-2023-4096, CVE-2019-17626, CVE-2023-43197, CVE-2023-43202, CVE-2023-43200, CVE-2023-31010, CVE-2023-43270, CVE-2023-41484, CVE-2023-43274, CVE-2023-42450, CVE-2023-43206, CVE-2023-3932, CVE-2023-0829, CVE-2023-42805, CVE-2023-25530, CVE-2023-34967, CVE-2023-42482, CVE-2023-22513, CVE-2023-0462, CVE-2023-41387, CVE-2023-38351, CVE-2023-4152, CVE-2023-5002, CVE-2023-31013, CVE-2023-31008, CVE-2023-39675, CVE-2023-5042, CVE-2023-43760, CVE-2023-43636, CVE-2023-43207, CVE-2023-42320, CVE-2023-42793, CVE-2023-34319, CVE-2023-34576, CVE-2023-41027, CVE-2023-42280, CVE-2023-43129, CVE-2023-42279, CVE-2023-42322, CVE-2023-38887, CVE-2023-4094, CVE-2023-4504, CVE-2023-43496, CVE-2023-40619, CVE-2023-0118, CVE-2023-42523, CVE-2023-42443, CVE-2023-42524, CVE-2023-38352, CVE-2023-43198, CVE-2023-32187, CVE-2023-31719, CVE-2023-43761, CVE-2023-41029, CVE-2023-25534, CVE-2023-5074, CVE-2023-43242, CVE-2023-43235, CVE-2023-38888, CVE-2023-42147, CVE-2023-3892, CVE-2023-43631, CVE-2023-38886, CVE-2023-43762, CVE-2023-40933, CVE-2023-43767, CVE-2023-43469, CVE-2023-38343, CVE-2023-31718, CVE-2023-41030, CVE-2023-43630, CVE-2023-25533, CVE-2022-3596, CVE-2023-42457, CVE-2023-25531, CVE-2023-42444, CVE-2023-43632, CVE-2023-31717, CVE-2023-32649, CVE-2023-43199, CVE-2023-36562, CVE-2023-4853, CVE-2023-0773, CVE-2023-41890, CVE-2023-42456, CVE-2023-42660, CVE-2023-2262, CVE-2023-4760, CVE-2023-29245, CVE-2023-23362, CVE-2023-43237, CVE-2023-31716, CVE-2015-8371, CVE-2023-38355, CVE-2023-25532, CVE-2023-43374, CVE-2023-42520, CVE-2023-43239, CVE-2023-4092, CVE-2020-14496, CVE-2023-23363, CVE-2023-43500, CVE-2023-43669, CVE-2023-43637, CVE-2023-42522, CVE-2023-43634, CVE-2023-31011, CVE-2023-40043, CVE-2023-43203, CVE-2023-43240, CVE-2023-42335, CVE-2023-41929, CVE-2023-43619, CVE-2023-43338, CVE-2023-25528, CVE-2023-42521, CVE-2023-31808, CVE-2023-41902, CVE-2023-42447, CVE-2023-5016, CVE-2023-36319, CVE-2023-43135, CVE-2023-25527, CVE-2015-5467, CVE-2023-41992, CVE-2023-38346, CVE-2023-4291, CVE-2023-5068, CVE-2023-41031, CVE-2023-41595, CVE-2023-42525, CVE-2023-43196, CVE-2023-3341, CVE-2023-38354, CVE-2023-43498, CVE-2023-42331

IoT Device Security Concepts: Comprehensive Overview Trust: 3.5 Fetched: Nov. 21, 2023, 9:34 a.m., Published: Nov. 13, 2023, 11:51 a.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	paloaltonetworks	model:	networks
vendor:	essential	model:	phone

VARIoT news about IoT security