Sign-up

VARIoT news about IoT security

Microsoft Office and Windows HTML Remote Code Execution Vulnerability - NHS Digital

Trust: 3.0

Fetched: July 16, 2023, 9:17 a.m., Published: July 16, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

Urgent warning issued to everyone with an Apple iPhone | Tech News | Metro News

Trust: 3.75

Fetched: July 16, 2023, 9:16 a.m., Published: July 11, 2023, 12:57 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macbook
vendor: apple model: macbook pro
vendor: apple model: imac
vendor: apple model: apple tv
vendor: apple model: safari
vendor: apple model: ipad air
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: macbook air
vendor: apple model: webkit
vendor: apple model: tvos
vendor: apple model: ipad
db: NVD ids: CVE-2023-37450

Barracuda Networks Releases Update to Address ESG Vulnerability | CISA

Trust: 3.75

Fetched: July 16, 2023, 9:16 a.m., Published: July 13, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: barracuda networks model: barracuda
vendor: barracuda model: barracuda
db: NVD ids: CVE-2023-2868

The ins and outs of BlueTrust, a Bluetooth vulnerability

Trust: 3.5

Fetched: July 16, 2023, 9:14 a.m., Published: June 23, 2023, 10:49 a.m.
 Vulnerabilities: device impersonation, brute force attack
Affected productsExternal IDs
vendor: broadcom model: linux

A Vulnerability in Cisco SD-WAN vManage Could Allow for Security Mechanism Bypass

Trust: 3.0

Fetched: July 14, 2023, 9:15 a.m., Published: July 12, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: sd-wan
vendor: cisco model: cisco sd-wan
vendor: cisco model: sd-wan vmanage

​Siemens SIMATIC MV500 Devices | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202206-1157, VAR-202302-0195, VAR-202302-0482, VAR-202206-1106, VAR-202206-1186

Trust: 5.25

Fetched: July 14, 2023, 9:14 a.m., Published: March 8, 2023, midnight
 Vulnerabilities: denial of service, information leak, information disclosure...
Affected productsExternal IDs
vendor: siemens model: simatic mv500
vendor: siemens model: simatic
vendor: cisco model: series
vendor: broadcom model: linux
db: NVD ids: CVE-2022-42328, CVE-2022-21166, CVE-2022-4450, CVE-2022-4304, CVE-2022-21123, CVE-2022-32296, CVE-2023-0286, CVE-2022-42329, CVE-2023-0215, CVE-2022-1012, CVE-2022-21125, CVE-2022-0812, CVE-2022-3643

Finding Rockwell Automation Allen-Bradley Communication Modules Affected by CVE-2023-3595 and CVE-2023-3596 in OT Environments - Blog | Tenable®

Related entries in the VARIoT vulnerabilities database: VAR-202307-1042, VAR-202307-1163

Trust: 4.25

Fetched: July 14, 2023, 9:14 a.m., Published: July 12, 2023, 11:58 a.m.
 Vulnerabilities: code execution, denial of service
Affected productsExternal IDs
vendor: rockwell automation model: controllogix
vendor: rockwell automation model: automation integrated architecture builder
vendor: rockwell automation model: automation allen-bradley controllogix
vendor: rockwell automation model: rslinx
vendor: rockwell automation model: integrated architecture builder
vendor: rockwell automation model: studio 5000
vendor: rockwell model: controllogix
vendor: rockwell model: automation integrated architecture builder
vendor: rockwell model: automation allen-bradley controllogix
vendor: rockwell model: rslinx
vendor: rockwell model: integrated architecture builder
vendor: rockwell model: studio 5000
vendor: rapid model: scada
db: NVD ids: CVE-2023-3596, CVE-2023-3595

Fortinet warns of critical RCE flaw in FortiOS, FortiProxy devices

Trust: 4.75

Fetched: July 14, 2023, 9:12 a.m., Published: -
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2023-27997, CVE-2023-33308

Apple Issues Urgent Patch for Zero-Day Flaw Targeting iOS, iPadOS, macOS, and Safari

Trust: 4.75

Fetched: July 12, 2023, 9:09 a.m., Published: July 11, 2023, 4:08 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: macos
vendor: apple model: iphone
vendor: apple model: webkit
db: NVD ids: CVE-2023-37450

23-030 (July 11, 2023) - Threat Encyclopedia

Trust: 4.5

Fetched: July 12, 2023, 9:09 a.m., Published: July 11, 2023, midnight
 Vulnerabilities: cross-site scripting, memory corruption, code execution...
Affected productsExternal IDs
vendor: trend micro model: security
vendor: solarwinds model: network performance monitor
vendor: trend model: security
db: NVD ids: CVE-2022-43769, CVE-2022-43939, CVE-2022-32742, CVE-2023-29154, CVE-2023-0241, CVE-2023-27372, CVE-2023-34225, CVE-2023-32532, CVE-2023-24954, CVE-2021-26411, CVE-2023-33157, CVE-2022-47504, CVE-2023-32529

Threat Actors Exploit Progress Telerik Vulnerabilities in Multiple U.S. Government IIS Servers | CISA

Trust: 3.5

Fetched: July 12, 2023, 9:07 a.m., Published: June 15, 2023, midnight
 Vulnerabilities: brute force attack, privilege escalation, application crash...
Affected productsExternal IDs
db: NVD ids: CVE-2019-18935, CVE-2017-11317, CVE-2017-9248, CVE-2017-11357

Industrial firms potentially vulnerable to attacks using PiiGAB flaws | SC Media

Trust: 4.0

Fetched: July 12, 2023, 9:06 a.m., Published: July 20, 2022, 6 p.m.
 Vulnerabilities: cross-site scripting, request forgery, cross-site request forgery...
Affected productsExternal IDs

12 Types of Vulnerability Scans (+ When to Run Each) | eSP

Trust: 3.5

Fetched: July 12, 2023, 9:05 a.m., Published: July 7, 2023, 10:16 p.m.
 Vulnerabilities: cross-site scripting, privilege escalation, request forgery...
Affected productsExternal IDs

Actively exploited vulnerability threatens hundreds of solar power stations | Ars Technica

Trust: 3.5

Fetched: July 12, 2023, 9:05 a.m., Published: July 5, 2023, 8:21 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo alto networks model: networks
db: NVD ids: CVE-2023-293333, CVE-2023-23333, CVE-2022-29303

DSA-2023-162: Security Update for Dell iDRAC9 Heimdal Vulnerability | Dell Polska

Trust: 3.5

Fetched: July 9, 2023, 9:13 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell emc model: idrac9
vendor: dell model: idrac9
db: NVD ids: CVE-2022-44640

Warning issued over vulnerability in cardiac device monitoring software

Trust: 5.25

Fetched: July 9, 2023, 9:13 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-31222

How to Use FAIR Analysis to Quantify Risk from the MOVEit Vulnerability - Security Boulevard

Trust: 4.5

Fetched: July 9, 2023, 9:13 a.m., Published: July 5, 2023, 1:34 p.m.
 Vulnerabilities: sql injection
Affected productsExternal IDs
vendor: accellion model: file transfer appliance
vendor: accellion model: accellion file transfer appliance
db: NVD ids: CVE-2023-35036, CVE-2023-35708, CVE-2023-34362

Urgent Android warning to fix ‘critical’ Google danger that lets hacker enter your phone ‘even if you don’t do anything’ | The US Sun

Trust: 5.0

Fetched: July 9, 2023, 9:12 a.m., Published: July 6, 2023, 3:45 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2023-21250

The URL you requested has been blocked

Trust: 3.5

Fetched: July 9, 2023, 9:12 a.m., Published: July 5, 2051, 8:23 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-29303, CVE-2022-40881

Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution

Trust: 5.25

Fetched: July 9, 2023, 9:12 a.m., Published: July 5, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android