Sign-up

VARIoT news about IoT security

OS Security Updates Plug Image and Wallet Vulnerabilities Exploited by Pegasus Spyware - TidBITS

Trust: 3.75

Fetched: Oct. 3, 2023, 9:21 a.m., Published: Sept. 7, 2023, 6:44 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: watchos

People's Republic of China-Linked Cyber Actors Hide in Router Firmware | CISA

Trust: 3.5

Fetched: Oct. 3, 2023, 9:13 a.m., Published: -
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: cisco model: ios command-line interface
vendor: cisco model: cisco ios command-line interface
vendor: cisco model: cisco routers
vendor: cisco model: cisco ios
vendor: cisco model: routers
vendor: cisco model: router

Export software vulnerabilities assessment per device | Microsoft Learn

Trust: 3.5

Fetched: Oct. 3, 2023, 9:10 a.m., Published: June 4, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: google chrome
db: NVD ids: CVE-2020-15992, CVE-2020-16011, CVE-2020-26971

Vulnerable Arm GPU drivers under active exploitation. Patches may not be available | Ars Technica

Trust: 3.75

Fetched: Oct. 3, 2023, 9:09 a.m., Published: Oct. 2, 2023, 7:37 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: xiaomi model: redmi
vendor: oneplus model: one
vendor: google model: android
vendor: google model: pixel
vendor: motorola model: android
vendor: motorola model: motorola
vendor: asus model: asus
vendor: samsung model: note
vendor: samsung model: mobile
db: NVD ids: CVE-2023-34970, CVE-2023-4211, CVE-2023-33200

Latest Trend in Mac Vulnerabilities and How to Efficiently Address Them | Qualys Security Blog

Trust: 3.5

Fetched: Oct. 1, 2023, 9:43 a.m., Published: Sept. 29, 2023, 5:43 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: macos
vendor: trend model: security
db: NVD ids: CVE-2023-38606, CVE-2023-37450

iOS 16.6.1 and iOS 17.0 | Threat Intelligence

Trust: 5.5

Fetched: Oct. 1, 2023, 9:43 a.m., Published: June 16, 2001, midnight
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: ipad
vendor: apple model: iphone
db: NVD ids: CVE-2023-41992, CVE-2023-41993, CVE-2023-41991

Vulnerability methods and properties | Microsoft Learn

Trust: 3.0

Fetched: Oct. 1, 2023, 9:42 a.m., Published: Dec. 18, 2020, midnight
 Vulnerabilities: denial of service, privilege escalation
Affected productsExternal IDs

Exploring the Vulnerabilities Smart Thermostats and Cybercrime

Trust: 4.25

Fetched: Oct. 1, 2023, 9:41 a.m., Published: Sept. 23, 2023, midnight
 Vulnerabilities: denial of service, default password, weak password...
Affected productsExternal IDs
vendor: ecobee model: smart thermostat

New Zero-Day Vulnerability Detected | Addigy

Trust: 3.75

Fetched: Oct. 1, 2023, 9:40 a.m., Published: Sept. 29, 2023, 2:44 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome
vendor: apple model: macos
db: NVD ids: CVE-2023-5129, CVE-2023-4863

What You Need to Know About the libwebp Exploit - Security Boulevard

Trust: 3.75

Fetched: Oct. 1, 2023, 9:40 a.m., Published: Sept. 28, 2023, 11:54 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: home
vendor: google model: google chrome
vendor: google model: chrome
vendor: apple model: macos
db: NVD ids: CVE-2023-41064, CVE-2023-4863, CVE-2023-5129

Operating Systems Don't Defend Memory - Shavi Tech

Trust: 3.0

Fetched: Oct. 1, 2023, 9:33 a.m., Published: Sept. 5, 2023, 5:10 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos

CVE-2023-20253 | Tenable®

Related entries in the VARIoT vulnerabilities database: VAR-202309-2716

Trust: 6.0

Fetched: Oct. 1, 2023, 9:33 a.m., Published: Sept. 27, 2023, midnight
 Vulnerabilities: improper access control
Affected productsExternal IDs
vendor: cisco model: sd-wan
vendor: cisco model: sd-wan vmanage
vendor: cisco model: cisco sd-wan
vendor: cisco model: router
db: NVD ids: CVE-2023-20253

Vulnerability Scanning Process and Workflow Guide

Trust: 3.0

Fetched: Oct. 1, 2023, 9:32 a.m., Published: Oct. 3, 2023, midnight
 Vulnerabilities: cross-site scripting, sql injection
Affected productsExternal IDs

Cisco Issues Warning Regarding IOS and IOS XE Software Vulnerability Following Attempts at Exploitation

Related entries in the VARIoT vulnerabilities database: VAR-202309-2716, VAR-202309-2668, VAR-202309-2742

Trust: 5.75

Fetched: Oct. 1, 2023, 9:32 a.m., Published: Oct. 3, 2023, midnight
 Vulnerabilities: system crash, information disclosure
Affected productsExternal IDs
vendor: cisco model: ios xe software
vendor: cisco model: sd-wan
vendor: cisco model: ios xe
vendor: cisco model: wan manager
vendor: cisco model: catalyst
db: NVD ids: CVE-2023-20109, CVE-2023-20253, CVE-2023-20262, CVE-2023-20034, CVE-2023-20254, CVE-2023-20252

CVE-2023-20251 | Tenable®

Trust: 6.0

Fetched: Oct. 1, 2023, 9:30 a.m., Published: Sept. 27, 2023, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: wireless lan controller
vendor: cisco model: aireos
vendor: cisco model: cisco wireless lan controller
db: NVD ids: CVE-2023-20251

Let's Talk About the Serious Vulnerability on Your Computer and Phone: Libwebp

Trust: 3.75

Fetched: Oct. 1, 2023, 9:30 a.m., Published: Oct. 3, 2023, midnight
 Vulnerabilities: integer overflow
Affected productsExternal IDs
vendor: google model: android
vendor: google model: chrome

CVE-2023-20223 | Tenable®

Trust: 4.25

Fetched: Oct. 1, 2023, 9:27 a.m., Published: Sept. 27, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: dna center
db: NVD ids: CVE-2023-20223

WebP 0-Day: How to Identify Apps Vulnerable to CVE-2023-5129

Trust: 4.75

Fetched: Oct. 1, 2023, 9:27 a.m., Published: Sept. 27, 2023, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: google model: android
vendor: google model: chrome
db: NVD ids: CVE-2023-5129, CVE-2023-4863

Cisco Access Point Software Uncontrolled Resource Consumption Vulnerability - Cisco

Trust: 5.0

Fetched: Oct. 1, 2023, 9:27 a.m., Published: Sept. 27, 2023, 11:47 a.m.
 Vulnerabilities: resource consumption vulnerability
Affected productsExternal IDs
vendor: cisco model: wireless controller
vendor: cisco model: catalyst 9800
vendor: cisco model: mobility express
vendor: cisco model: wireless lan controller
vendor: cisco model: catalyst

Video Encoding Library Leaves Chrome, Firefox and More Open to Zero-Day Attack

Trust: 5.5

Fetched: Oct. 1, 2023, 9:26 a.m., Published: Sept. 29, 2023, 7:12 p.m.
 Vulnerabilities: heap corruption, buffer overflow
Affected productsExternal IDs
vendor: google model: android
vendor: google model: google chrome
vendor: google model: chrome
db: NVD ids: CVE-2023-5217