Sign-up

VARIoT news about IoT security

Internet of Things | Protect Your Connected Devices with Holm Security

Trust: 3.25

Fetched: Aug. 2, 2023, 9:16 a.m., Published: May 2, 2019, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs

Zimbra issues awaited patch for actively exploited vulnerability

Trust: 5.0

Fetched: Aug. 1, 2023, 9:31 a.m., Published: July 28, 2023, 6:32 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2023-38750, CVE-2023-0464

New high-severity Ivanti bug reported, second in a week | SC Media

Trust: 4.0

Fetched: Aug. 1, 2023, 9:30 a.m., Published: July 31, 2023, 12:58 p.m.
 Vulnerabilities: path traversal
Affected productsExternal IDs
db: NVD ids: CVE-2023-35081, CVE-2023-35078

Operation Triangulation: iOS devices targeted with previously unknown malware | Securelist

Trust: 3.25

Fetched: Aug. 1, 2023, 9:28 a.m., Published: Jan. 1, 2050, midnight
 Vulnerabilities: privilege escalation, code execution
Affected productsExternal IDs
vendor: apple model: icloud
vendor: apple model: itunes
vendor: apple model: macos
vendor: apple model: webkit

ETIC Telecom Remote Access Server (RAS) (Update A) | CISA

Trust: 4.75

Fetched: Aug. 1, 2023, 9:28 a.m., Published: July 27, 2023, midnight
 Vulnerabilities: privilege escalation, directory traversal, path traversal
Affected productsExternal IDs
db: NVD ids: CVE-2022-3703, CVE-2022-40981, CVE-2022-41607

Lessons Learned from OT:ICEFALL - New Vulnerabilities and Insights on OT Security Design and Patching - Forescout

Related entries in the VARIoT vulnerabilities database: VAR-202306-1706, VAR-202305-2074, VAR-201507-0039, VAR-202306-1705

Trust: 3.5

Fetched: Aug. 1, 2023, 9:27 a.m., Published: June 15, 2023, 3:33 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: schneider model: modbus
vendor: schneider electric model: modbus
vendor: wago model: bacnet/ip
vendor: wago model: ethernet
vendor: codesys model: control
vendor: codesys model: runtime
vendor: codesys model: codesys
db: NVD ids: CVE-2023-1619, CVE-2022-46680, CVE-2015-5374, CVE-2023-1620

Responding to remote service appliance vulnerabilities with Sumo Logic | Sumo Logic

Trust: 3.5

Fetched: Aug. 1, 2023, 9:27 a.m., Published: Aug. 2, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: barracuda model: barracuda
vendor: barracuda model: running
vendor: trend model: security
db: NVD ids: CVE-2023-27997, CVE-2023-35708, CVE-2023-2868

Medtronic Fixes Critical Flaw in Cardiac Device Data System | Decipher

Trust: 4.75

Fetched: Aug. 1, 2023, 9:26 a.m., Published: June 30, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-31222

Threat activity and vulnerabilities in Indonesia, Malaysia, Philippines, and Thailand | APNIC Blog

Related entries in the VARIoT vulnerabilities database: VAR-202212-1132, VAR-201707-1052, VAR-201711-0635, VAR-201803-1048

Trust: 5.0

Fetched: Aug. 1, 2023, 9:25 a.m., Published: June 15, 2023, 4:46 a.m.
 Vulnerabilities: denial of service, code execution, buffer overflow
Affected productsExternal IDs
vendor: ubiquiti model: unifi
vendor: mikrotik model: routers
vendor: mikrotik model: router
vendor: fiberhome model: routers
vendor: fiberhome model: router
vendor: tp-link model: routers
vendor: tp-link model: gateway
vendor: cisco model: routers
vendor: cisco model: cisco routers
vendor: cisco model: router
vendor: huawei model: huawei
vendor: huawei model: huawei home gateway
db: NVD ids: CVE-2021-21974, CVE-2022-42475, CVE-2023-22952, CVE-2021-21972, CVE-2017-6736, CVE-2017-16959, CVE-2019-5544, CVE-2022-37042, CVE-2017-17215, CVE-2020-3992, CVE-2022-40734, CVE-2022-27925

Zyxel Urges Customers to Patch Firewalls Against Exploited Vulnerabilities - SecurityWeek

Related entries in the VARIoT vulnerabilities database: VAR-202305-2285, VAR-202304-2073, VAR-202305-2121

Trust: 4.75

Fetched: Aug. 1, 2023, 9:24 a.m., Published: June 5, 2023, 12:41 p.m.
 Vulnerabilities: code execution, command execution
Affected productsExternal IDs
vendor: zyxel model: zywall
db: NVD ids: CVE-2023-33010, CVE-2023-28771, CVE-2023-33009

Vulnerability Sync - Network Configuration Manager

Trust: 3.25

Fetched: Aug. 1, 2023, 9:24 a.m., Published: Aug. 3, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: manageengine model: network configuration manager

New vulnerability gives MacOS users a 'Migraine' | SC Media

Trust: 4.0

Fetched: Aug. 1, 2023, 9:23 a.m., Published: May 31, 2023, 5:33 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2023-32369

Android Security Updates Patch 3 Exploited Vulnerabilities - SecurityWeek

Trust: 5.5

Fetched: Aug. 1, 2023, 9:22 a.m., Published: July 6, 2023, midnight
 Vulnerabilities: privilege escalation, integer overflow, code execution...
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: pixel
vendor: google model: android
db: NVD ids: CVE-2021-29256, CVE-2023-21250, CVE-2023-26083, CVE-2023-2136

Windows 11 Phone Link feature may make your iPhone vulnerable

Trust: 3.0

Fetched: Aug. 1, 2023, 9:22 a.m., Published: May 22, 2023, 3:54 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone

Critical Home, Business Router Vulnerability Exploited

Related entries in the VARIoT vulnerabilities database: VAR-202305-0900

Trust: 6.5

Fetched: Aug. 1, 2023, 9:21 a.m., Published: May 22, 2023, 9:22 a.m.
 Vulnerabilities: default password, command injection, code injection...
Affected productsExternal IDs
vendor: cisco model: routers
vendor: cisco model: industrial router
vendor: cisco model: router
vendor: tp-link model: routers
vendor: tp-link model: wr940n
vendor: tenda model: tenda router
vendor: tenda model: router
vendor: tenda model: ac23
db: NVD ids: CVE-2023-2645, CVE-2023-2649

How to Fix CVE-2022-20968- Stack Overflow Vulnerability in Cisco IP Phones? - The Sec Master

Related entries in the VARIoT vulnerabilities database: VAR-202212-0864

Trust: 4.5

Fetched: Aug. 1, 2023, 9:21 a.m., Published: May 3, 2023, 10:30 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: ip phone 8800
vendor: cisco model: ip phone 7800 series
vendor: cisco model: ip phone 8821
vendor: cisco model: ip phone
vendor: cisco model: wireless ip phone 8821
vendor: cisco model: series
vendor: cisco model: ip phones
vendor: cisco model: cisco ip phone firmware
vendor: cisco model: ip phone 8800 series
vendor: cisco model: ip phone 7800
db: NVD ids: CVE-2022-20968, CVE-2022-20986

Samsung Phone Flaws Added to CISA 'Must Patch' List Likely Exploited by Spyware Vendor - SecurityWeek

Related entries in the VARIoT vulnerabilities database: VAR-202103-1332, VAR-202110-0167, VAR-202110-0169

Trust: 5.5

Fetched: Aug. 1, 2023, 9:20 a.m., Published: July 3, 2023, midnight
 Vulnerabilities: code execution, format string bug, bounds access vulnerability
Affected productsExternal IDs
vendor: d-link model: router
vendor: samsung model: mobile
vendor: samsung model: mobile devices
vendor: samsung model: samsung mobile
vendor: google model: android
db: NVD ids: CVE-2021-25395, CVE-2023-21492, CVE-2021-25372, CVE-2021-25487, CVE-2021-25489, CVE-2021-25371, CVE-2021-25394

Cisco Unified Communications Manager Denial of Service Vulnerability

Trust: 5.0

Fetched: Aug. 1, 2023, 9:20 a.m., Published: June 7, 2023, 3:56 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: unified communications
vendor: cisco model: cisco unified communications manager
vendor: cisco model: unified communications manager

CISA adds Samsung and D-link bugs to its Known Exploited Vulnerabilities catalogSecurity Affairs

Trust: 3.0

Fetched: Aug. 1, 2023, 9:20 a.m., Published: July 3, 2023, 1:26 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: note

Western Digital Blocks Unpatched Devices From Cloud Services - SecurityWeek

Trust: 5.0

Fetched: Aug. 1, 2023, 9:19 a.m., Published: June 19, 2023, midnight
 Vulnerabilities: information disclosure, resource consumption flaw, replay attack...
Affected productsExternal IDs
db: NVD ids: CVE-2022-36327