Sign-up

VARIoT news about IoT security

2022's most routinely exploited vulnerabilities-history repeats

Related entries in the VARIoT vulnerabilities database: VAR-201906-0815, VAR-202112-0566, VAR-202205-1958, VAR-202205-0394, VAR-202206-0004

Trust: 3.5

Fetched: Aug. 8, 2023, 9:18 a.m., Published: Aug. 7, 2023, 5:30 p.m.
 Vulnerabilities: code execution, authentication bypass, privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2018-13379, CVE-2021-34523, CVE-2021-26084, CVE-2022-22954, CVE-2021-40539, CVE-2022-22960, CVE-2021-34473, CVE-2021-31207, CVE-2021-44228, CVE-2022-30190, CVE-2022-1388, CVE-2022-26134

CISA adds recently disclosed Apple flaws to its Known Exploited Vulnerabilities catalogSecurity Affairs

Trust: 5.5

Fetched: Aug. 6, 2023, 9:13 a.m., Published: June 23, 2023, 11:25 p.m.
 Vulnerabilities: command injection, memory corruption, integer overflow...
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: watchos
vendor: apple model: webkit
vendor: apple model: safari
db: NVD ids: CVE-2023-32434, CVE-2020-35730, CVE-2023-27992, CVE-2023-20887, CVE-2023-32435, CVE-2023-20867, CVE-2020-12641, CVE-2021-44026, CVE-2023-32439

Apple Patches Zero Days Used in Targeted iOS Attacks | Decipher

Trust: 5.5

Fetched: Aug. 6, 2023, 9:13 a.m., Published: June 22, 2023, midnight
 Vulnerabilities: privilege escalation, integer overflow, memory corruption...
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: macos
db: NVD ids: CVE-2023-32435, CVE-2023-32434, CVE-2023-32439

Minecraft fans beware: Players and servers at risk from BleedingPipe vulnerability

Trust: 3.0

Fetched: Aug. 4, 2023, 9:09 a.m., Published: Aug. 2, 2023, 2:35 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

Cisco Secure Web Appliance Content Encoding Filter Bypass Vulnerability

Trust: 3.25

Fetched: Aug. 4, 2023, 9:09 a.m., Published: Aug. 3, 2023, 2:03 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: email security appliance

How IT Device Discovery Can Identify Your Network's Assets and Vulnerabilities | Ivanti

Trust: 3.0

Fetched: Aug. 4, 2023, 9:08 a.m., Published: June 22, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs

Fortinet Patches Critical RCE Vulnerability in FortiNAC - SecurityWeek

Related entries in the VARIoT vulnerabilities database: VAR-202306-1795

Trust: 6.0

Fetched: Aug. 2, 2023, 9:26 a.m., Published: June 26, 2023, midnight
 Vulnerabilities: command injection, code execution
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2023-33300, CVE-2023-33299

Nova Scotia Health Patient Data Stolen via MOVEit Vulnerability - First Health Advisory

Trust: 5.0

Fetched: Aug. 2, 2023, 9:25 a.m., Published: Aug. 3, 2023, midnight
 Vulnerabilities: sql injection
Affected productsExternal IDs
db: NVD ids: CVE-2023-34362

Cisco Identity Services Engine Command Injection Vulnerabilities

Trust: 6.0

Fetched: Aug. 2, 2023, 9:25 a.m., Published: May 17, 2023, 3:53 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: cisco model: identity services engine
vendor: cisco model: cisco identity services engine
db: NVD ids: CVE-2023-20164, CVE-2023-20163

KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932 - Microsoft Support

Trust: 3.75

Fetched: Aug. 2, 2023, 9:24 a.m., Published: May 9, 2023, midnight
 Vulnerabilities: feature bypass, security feature bypass
Affected productsExternal IDs
db: NVD ids: CVE-2023-24932

Android Security Bulletin-June 2023 | Android Open Source Project

Related entries in the VARIoT vulnerabilities database: VAR-202301-0521

Trust: 4.25

Fetched: Aug. 2, 2023, 9:23 a.m., Published: June 2, 2023, midnight
 Vulnerabilities: information disclosure, denial of service, code execution
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
vendor: motorola model: motorola
vendor: motorola model: android
vendor: samsung model: mobile
vendor: samsung model: notes
vendor: samsung model: note
vendor: huawei model: huawei
db: NVD ids: CVE-2022-40516, CVE-2023-21137, CVE-2022-33264, CVE-2023-21095, CVE-2023-21120, CVE-2022-40538, CVE-2023-21135, CVE-2023-21127, CVE-2022-22060, CVE-2023-21124, CVE-2023-21115, CVE-2022-28349, CVE-2022-22706, CVE-2023-21101, CVE-2023-21143, CVE-2023-21658, CVE-2023-21128, CVE-2021-0701, CVE-2021-0945, CVE-2022-48390, CVE-2022-48391, CVE-2023-21141, CVE-2022-33251, CVE-2023-21142, CVE-2022-40517, CVE-2022-46781, CVE-2023-21105, CVE-2022-33257, CVE-2023-21131, CVE-2022-48438, CVE-2023-21122, CVE-2023-21129, CVE-2022-48392, CVE-2023-21130, CVE-2022-40523, CVE-2023-21661, CVE-2022-40533, CVE-2022-40520, CVE-2023-21121, CVE-2023-21628, CVE-2023-21108, CVE-2022-40536, CVE-2023-21139, CVE-2022-40521, CVE-2023-21659, CVE-2023-21138, CVE-2023-21123, CVE-2023-21144, CVE-2023-21126, CVE-2022-40529, CVE-2023-21136

Vulnerabilities in Medtronics Paceart Optima Cardiac Device Data Workflow System | UCSF IT

Trust: 3.25

Fetched: Aug. 2, 2023, 9:23 a.m., Published: Aug. 1, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

Enphase Envoy (Update A) | CISA

Trust: 5.5

Fetched: Aug. 2, 2023, 9:22 a.m., Published: July 13, 2023, midnight
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
vendor: enphase energy model: envoy
vendor: enphase model: envoy
db: NVD ids: CVE-2023-33869

Android Security Bulletin-July 2023 | Android Open Source Project

Related entries in the VARIoT vulnerabilities database: VAR-202307-0076

Trust: 4.25

Fetched: Aug. 2, 2023, 9:21 a.m., Published: July 2, 2023, midnight
 Vulnerabilities: information disclosure, denial of service, code execution
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: wifi
vendor: google model: android
vendor: motorola model: motorola
vendor: motorola model: android
vendor: samsung model: mobile
vendor: samsung model: notes
vendor: samsung model: note
vendor: huawei model: huawei
db: NVD ids: CVE-2023-26083, CVE-2023-21145, CVE-2021-0948, CVE-2023-21254, CVE-2023-21245, CVE-2023-21250, CVE-2023-21243, CVE-2023-21255, CVE-2023-21087, CVE-2023-21241, CVE-2023-21262, CVE-2023-21248, CVE-2023-21247, CVE-2023-21246, CVE-2022-28350, CVE-2023-21629, CVE-2023-22667, CVE-2023-20754, CVE-2023-20942, CVE-2023-28147, CVE-2023-21256, CVE-2023-20910, CVE-2023-21240, CVE-2023-21257, CVE-2022-42703, CVE-2022-27406, CVE-2023-20918, CVE-2023-25012, CVE-2023-21251, CVE-2023-21631, CVE-2023-21249, CVE-2023-21239, CVE-2022-27405, CVE-2023-20755, CVE-2023-21238, CVE-2023-2136, CVE-2021-29256

Ivanti warns of second vulnerability used in attacks on Norway gov’t

Trust: 3.0

Fetched: Aug. 2, 2023, 9:21 a.m., Published: July 30, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-35078, CVE-2023-35081

Cisco phone adapters vulnerable to RCE attacks, no fix available

Trust: 3.75

Fetched: Aug. 2, 2023, 9:20 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: series
vendor: cisco model: spa112
db: NVD ids: CVE-2023-20126

Apple Patches Zero-Day Flaws - Spiceworks

Trust: 5.5

Fetched: Aug. 2, 2023, 9:20 a.m., Published: June 26, 2023, 12:20 p.m.
 Vulnerabilities: memory corruption, integer overflow, code execution
Affected productsExternal IDs
vendor: apple model: watchos
vendor: apple model: macos
vendor: apple model: webkit
vendor: apple model: safari
vendor: apple model: iphone
db: NVD ids: CVE-2023-32435, CVE-2023-32434, CVE-2023-32439

Cisco Unified Communications Manager Denial of Service Vulnerability - Cisco

Trust: 5.0

Fetched: Aug. 2, 2023, 9:19 a.m., Published: June 7, 2023, 11:25 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: unified communications manager
vendor: cisco model: cisco unified communications manager
vendor: cisco model: unified communications

Media Coverage | The Shadowserver Foundation

Related entries in the VARIoT vulnerabilities database: VAR-202304-2073

Trust: 3.0

Fetched: Aug. 2, 2023, 9:19 a.m., Published: July 13, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-28771

Siemens SIMOTION | CISA

Trust: 3.5

Fetched: Aug. 2, 2023, 9:18 a.m., Published: Jan. 10, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: simotion
vendor: siemens model: simotion p320
db: NVD ids: CVE-2023-27465