Sign-up

VARIoT news about IoT security

Multiple Vulnerabilities in Fortinet FortiNAC Could Allow for Arbitrary Code Execution

Trust: 3.25

Fetched: June 25, 2023, 9:15 a.m., Published: June 23, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

Apple Fixes Alarming Spyware Vulnerability On iPhone, iPad, Watch And Mac, Update ASAP | HotHardware

Trust: 5.75

Fetched: June 25, 2023, 9:15 a.m., Published: June 23, 2023, 1:12 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: iphone
vendor: apple model: webkit
vendor: apple model: watch
vendor: apple model: watchos
vendor: apple model: macos
db: NVD ids: CVE-2023-32439, CVE-2023-32435, CVE-2023-32434

Have an iPhone, iPad, or Apple Watch? Update it right now | Digital Trends

Trust: 4.75

Fetched: June 23, 2023, 9:13 a.m., Published: June 22, 2023, 7:56 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: watch
vendor: apple model: watchos
vendor: apple model: webkit
vendor: apple model: ipad
vendor: apple model: iphone
db: NVD ids: CVE-2023-32434

Apple patches exploited zero-days | SC Media

Trust: 5.75

Fetched: June 23, 2023, 9:12 a.m., Published: July 20, 2022, 6 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: ipod touch
vendor: apple model: webkit
vendor: apple model: ipad air
vendor: apple model: macos
vendor: apple model: ipad
vendor: apple model: iphone
db: NVD ids: CVE-2023-32435, CVE-2023-32434, CVE-2023-32439

Cybersecurity Terms: A to Z Glossary | Coursera

Trust: 3.25

Fetched: June 23, 2023, 9:11 a.m., Published: June 15, 2023, midnight
 Vulnerabilities: denial of service, sql injection
Affected productsExternal IDs
vendor: essential model: phone
vendor: google model: wi-fi router

Cisco Duo Two-Factor Authentication for macOS Authentication Bypass Vulnerability

Trust: 4.25

Fetched: June 23, 2023, 9:10 a.m., Published: June 21, 2023, 4:03 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs

CVE-2023-2868: Total Compromise of Physical Barracuda ESG Appliances | Rapid7 Blog

Trust: 4.5

Fetched: June 23, 2023, 9:10 a.m., Published: June 8, 2023, 4:52 p.m.
 Vulnerabilities: remote command injection, command injection
Affected productsExternal IDs
vendor: barracuda model: barracuda
vendor: barracuda model: running
vendor: barracuda model: spam firewall
vendor: barracuda networks model: barracuda
vendor: barracuda networks model: running
vendor: barracuda networks model: spam firewall
db: NVD ids: CVE-2023-2868

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution

Trust: 3.5

Fetched: June 23, 2023, 9:09 a.m., Published: June 21, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

SMB Edge Devices Walloped With Asus, Zyxel Patch Warnings

Related entries in the VARIoT vulnerabilities database: VAR-201812-0337, VAR-202207-2002

Trust: 4.5

Fetched: June 23, 2023, 9:08 a.m., Published: June 21, 2023, 6:30 p.m.
 Vulnerabilities: code execution, command injection, memory corruption
Affected productsExternal IDs
vendor: asus model: routers
vendor: asus model: asus
vendor: asus model: router
db: NVD ids: CVE-2018-1160, CVE-2022-26376, CVE-2022-36327, CVE-2023-27992

CTI Weekly: Zero-Day Vulnerability Exploited by Ransomware Groups & CISA Directive on Network Device Security - Orpheus Cyber

Trust: 3.0

Fetched: June 21, 2023, 9:13 a.m., Published: June 19, 2023, 9:24 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-34362

ASUS urges customers to patch critical router vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-201812-0337, VAR-202207-2002

Trust: 4.5

Fetched: June 21, 2023, 9:12 a.m., Published: -
 Vulnerabilities: code execution, memory corruption
Affected productsExternal IDs
vendor: asuswrt model: routers
vendor: asuswrt model: router
vendor: asuswrt model: asus
vendor: asuswrt model: rt-ax58u
vendor: asuswrt model: rt-ax3000
vendor: asuswrt model: rt-ax86u
vendor: asuswrt model: asuswrt
vendor: asuswrt model: gt-ax11000
vendor: netatalk model: netatalk
vendor: asus model: routers
vendor: asus model: router
vendor: asus model: asus
vendor: asus model: rt-ax58u
vendor: asus model: rt-ax3000
vendor: asus model: rt-ax86u
vendor: asus model: asuswrt
vendor: asus model: gt-ax11000
db: NVD ids: CVE-2018-1160, CVE-2022-26376

Zyxel patches critical vulnerability in NAS devices (CVE-2023-27992) - Help Net Security

Trust: 5.75

Fetched: June 21, 2023, 9:12 a.m., Published: June 20, 2023, 9:52 a.m.
 Vulnerabilities: os command injection, command injection
Affected productsExternal IDs
vendor: zyxel model: nas542
vendor: zyxel model: nas326
vendor: zyxel model: nas540
db: NVD ids: CVE-2023-27992

Zyxel Releases Urgent Security Updates for Critical Vulnerability in NAS Devices

Related entries in the VARIoT vulnerabilities database: VAR-202305-2285, VAR-202305-2121

Trust: 6.0

Fetched: June 21, 2023, 9:12 a.m., Published: June 20, 2023, 12:12 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: zyxel model: nas542
vendor: zyxel model: nas326
vendor: zyxel model: nas540
db: NVD ids: CVE-2023-27992, CVE-2023-33010, CVE-2023-33009

Trend Micro Home Network Security v7.0 Data Collection Notice | Trend Micro Help Center

Trust: 4.25

Fetched: June 20, 2023, 9:16 a.m., Published: June 7, 2023, midnight
 Vulnerabilities: default password, weak password
Affected productsExternal IDs
vendor: trend micro model: security
vendor: trend micro model: home network security
vendor: trend micro model: micro home network security
vendor: trend model: security
vendor: trend model: home network security
vendor: trend model: micro home network security
vendor: google model: home

Siemens SICAM A8000 Devices | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202306-0922, VAR-202306-0924, VAR-202306-0923

Trust: 4.5

Fetched: June 20, 2023, 9:14 a.m., Published: Jan. 10, 2023, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: siemens model: sicam
vendor: siemens model: sicam a8000
db: NVD ids: CVE-2023-33919, CVE-2023-33921, CVE-2023-33920

#StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability | CISA

Trust: 5.25

Fetched: June 20, 2023, 9:13 a.m., Published: June 16, 2023, midnight
 Vulnerabilities: privilege escalation, session hijacking, sql injection
Affected productsExternal IDs
vendor: accellion model: accellion file transfer appliance
vendor: accellion model: file transfer appliance
db: NVD ids: CVE-2023-34362, CVE-2023-0669

Navigating the Fortigate Device Vulnerability: Understanding, Mitigating, and Ensuring Security - SteadFast Solutions

Trust: 5.0

Fetched: June 20, 2023, 9:12 a.m., Published: June 13, 2023, 4:55 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2023-27997

Sensor Intel Series: Top CVEs in May 2023

Trust: 4.25

Fetched: June 20, 2023, 9:12 a.m., Published: June 16, 2023, 8:08 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2022-41040, CVE-2022-24847, CVE-2020-8958, CVE-2021-34473, CVE-2021-26855, CVE-2021-27065

Urgent updates for iPhone - to iOS 16.4.1, and Mac - to macOS 13.3.1 | Kaspersky official blog

Trust: 3.75

Fetched: June 18, 2023, 9:37 a.m., Published: April 16, 2001, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome
vendor: samsung model: mobile
vendor: samsung model: exynos
vendor: apple model: tvos
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: ipad
vendor: apple model: safari
db: NVD ids: CVE-2023-28206, CVE-2023-28205

Memory corruption vulnerability in Mitsubishi PLC could lead to DoS, code execution

Trust: 5.5

Fetched: June 18, 2023, 9:36 a.m., Published: May 26, 2023, 7 p.m.
 Vulnerabilities: buffer overflow, code execution, memory corruption
Affected productsExternal IDs
vendor: snort.org model: snort
vendor: snort model: snort
vendor: mitsubishi electric model: melsec iq-f
vendor: mitsubishi electric model: fx5u
vendor: mitsubishi model: melsec iq-f
vendor: mitsubishi model: fx5u
db: NVD ids: CVE-2023-1424