Sign-up

VARIoT news about IoT security

Cisco Small Business 200, 300, and 500 Series Switches Web-Based Management Stored Cross-Site Scripting Vulnerability

Trust: 4.0

Fetched: July 4, 2023, 9:19 a.m., Published: June 7, 2023, 3:56 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: cisco model: small business 300 series managed switches
vendor: cisco model: series
vendor: cisco model: series managed switches
vendor: cisco model: 500 series stackable managed switches
vendor: cisco model: 200 series smart switches
vendor: cisco model: cisco small business
vendor: cisco model: series switches
vendor: cisco model: small business 500 series stackable managed switches
vendor: cisco model: series smart switches
vendor: cisco model: series stackable managed switches
vendor: cisco model: small business
vendor: cisco model: 300 series managed switches

IoT Security - Securing Smart Cities and Critical Infrastructure | UncleSp1d3r Blog

Trust: 3.25

Fetched: July 4, 2023, 9:18 a.m., Published: June 30, 2023, midnight
 Vulnerabilities: default credentials, denial of service, information disclosure...
Affected productsExternal IDs

Mobile Vulnerability Assessment: Tools and Techniques

Trust: 3.0

Fetched: July 2, 2023, 9:14 a.m., Published: July 3, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: blackberry model: blackberry

23-027 (June 27, 2023) - Threat Encyclopedia

Trust: 4.75

Fetched: July 2, 2023, 9:13 a.m., Published: June 27, 2023, midnight
 Vulnerabilities: denial of service, information disclosure, directory traversal...
Affected productsExternal IDs
vendor: solarwinds model: network performance monitor
db: NVD ids: CVE-2023-27350, CVE-2022-36957, CVE-2023-2825, CVE-2023-32247, CVE-2023-27293, CVE-2021-42847, CVE-2022-38108, CVE-2021-28169, CVE-2023-21758

Zero-Day Alert: Apple Releases Patches for Actively Exploited Flaws in iOS, macOS, and Safari

Related entries in the VARIoT vulnerabilities database: VAR-202302-1097

Trust: 5.5

Fetched: July 2, 2023, 9:12 a.m., Published: June 22, 2023, 6:56 a.m.
 Vulnerabilities: code execution, memory corruption, integer overflow
Affected productsExternal IDs
vendor: apple model: watchos
vendor: apple model: watch
vendor: apple model: macos
vendor: apple model: ipad
vendor: apple model: ipod touch
vendor: apple model: iphone
vendor: apple model: webkit
vendor: apple model: ipad air
vendor: apple model: safari
db: NVD ids: CVE-2023-28204, CVE-2023-32409, CVE-2023-32373, CVE-2023-23529, CVE-2023-28205, CVE-2023-32434, CVE-2023-32435, CVE-2023-28206, CVE-2023-32439

CISA Adds Eight Known Exploited Vulnerabilities to Catalog | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202003-0963, VAR-202103-1332, VAR-201912-1012, VAR-202110-0167, VAR-202110-0169

Trust: 4.5

Fetched: July 2, 2023, 9:12 a.m., Published: -
 Vulnerabilities: input validation vulnerability, command execution, command injection
Affected productsExternal IDs
vendor: d-link model: dir-859
vendor: d-link model: dwl-2600ap
vendor: d-link model: router
vendor: samsung model: note
vendor: samsung model: samsung mobile
vendor: samsung model: mobile
vendor: samsung model: mobile devices
db: NVD ids: CVE-2021-25395, CVE-2019-20500, CVE-2021-25372, CVE-2019-17621, CVE-2021-25371, CVE-2021-25487, CVE-2021-25394, CVE-2021-25489

Apple, Google, and MOVEit Just Patched Serious Security Flaws | WIRED

Trust: 5.75

Fetched: July 2, 2023, 9:11 a.m., Published: June 30, 2023, 11 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: watchos
vendor: apple model: macos
vendor: apple model: iphone
vendor: apple model: webkit
vendor: apple model: safari
vendor: google model: android
db: NVD ids: CVE-2023-32031, CVE-2023-21108, CVE-2023-28310, CVE-2023-32434, CVE-2023-21130, CVE-2022-22706, CVE-2023-29357, CVE-2023-32435, CVE-2023-32439

Information Disclosure Vulnerability in Bosch IP cameras | Bosch PSIRT

Trust: 6.5

Fetched: June 30, 2023, 9:16 a.m., Published: June 3, 2023, midnight
 Vulnerabilities: information disclosure
Affected productsExternal IDs
vendor: bosch model: cpp7.3
vendor: bosch model: cpp13
vendor: bosch model: ip cameras
vendor: bosch model: bosch ip cameras
vendor: bosch model: cpp7
vendor: bosch model: cpp4
vendor: bosch model: cpp6
db: NVD ids: CVE-2022-41677

Cisco Duo Two-Factor Authentication for macOS Authentication Bypass Vulnerability

Trust: 4.25

Fetched: June 30, 2023, 9:15 a.m., Published: June 21, 2023, 4:03 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs

2217798 - (CVE-2023-36664) CVE-2023-36664 ghostscript: vulnerable to OS command injection due to mishandles permission validation for pipe devices

Trust: 4.0

Fetched: June 30, 2023, 9:14 a.m., Published: June 27, 2023, 6:45 a.m.
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
db: NVD ids: CVE-2023-36664

Delta Electronics InfraSuite Device Master | CISA

Trust: 5.25

Fetched: June 30, 2023, 9:14 a.m., Published: March 7, 2023, midnight
 Vulnerabilities: improper access control, privilege escalation
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2023-34347, CVE-2023-34316, CVE-2023-30765

Why vulnerability scanners fail at cyber asset management | runZero

Trust: 4.75

Fetched: June 28, 2023, 9:09 a.m., Published: June 28, 2023, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: ubiquiti model: unifi

CVE-2023-33299: Critical Remote Code Execution Vulnerability in FortiNAC - Blog | TenableĀ®

Related entries in the VARIoT vulnerabilities database: VAR-202306-1795, VAR-202302-1271

Trust: 3.75

Fetched: June 28, 2023, 9:08 a.m., Published: June 23, 2023, 10:07 p.m.
 Vulnerabilities: code execution, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2023-33300, CVE-2023-33299, CVE-2022-39952

Vulnerabilities in Cisco IOS Networking Devices

Related entries in the VARIoT vulnerabilities database: VAR-201803-1387

Trust: 3.5

Fetched: June 27, 2023, 9:15 a.m., Published: June 23, 2023, 4:37 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco ios
vendor: cisco model: tftp server
vendor: cisco model: ios xe
vendor: cisco model: routers
vendor: cisco model: router
db: NVD ids: CVE-2018-0171

Several bugs added to CISA vulnerability catalog | SC Media

Trust: 4.25

Fetched: June 27, 2023, 9:15 a.m., Published: March 7, 2023, 7 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2020-12641, CVE-2023-20887, CVE-2021-44026, CVE-2016-0165, CVE-2020-35730, CVE-2016-9079

U.S. Cybersecurity Agency Adds 6 Flaws to Known Exploited Vulnerabilities Catalog

Related entries in the VARIoT vulnerabilities database: VAR-202212-1442

Trust: 5.75

Fetched: June 27, 2023, 9:15 a.m., Published: June 24, 2023, 3:30 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: icloud
vendor: apple model: macos
db: NVD ids: CVE-2023-20887, CVE-2022-46690, CVE-2023-20867, CVE-2023-27992, CVE-2023-2911, CVE-2023-2828, CVE-2023-32435, CVE-2023-32434, CVE-2023-2829, CVE-2023-32439

2023 OSSRA deep dive: High-risk vulnerabilities | Synopsys

Related entries in the VARIoT vulnerabilities database: VAR-201409-1156, VAR-201404-0592, VAR-201703-0755

Trust: 3.5

Fetched: June 27, 2023, 9:14 a.m., Published: June 26, 2023, 3:44 p.m.
 Vulnerabilities: sql injection, code execution, buffer overflow...
Affected productsExternal IDs
db: NVD ids: CVE-2014-6271, CVE-2014-0160, CVE-2017-5638, CVE-2018-7600

Cyber Security Agency of Singapore urges Apple users to update devices to fix multiple security vulnerabilities | Malay Mail

Trust: 4.0

Fetched: June 25, 2023, 9:16 a.m., Published: June 24, 2023, 7:48 a.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: iphone
vendor: apple model: ipad air

Cybersecurity Terms: A to Z Glossary | Coursera

Trust: 3.25

Fetched: June 25, 2023, 9:15 a.m., Published: June 15, 2023, midnight
 Vulnerabilities: sql injection, denial of service
Affected productsExternal IDs
vendor: google model: wi-fi router
vendor: essential model: phone

Multiple Vulnerabilities in Fortinet FortiNAC Could Allow for Arbitrary Code Execution

Trust: 3.25

Fetched: June 25, 2023, 9:15 a.m., Published: June 23, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs