VARIoT latest news about IoT security

Google Fixes Nearly 100 Android Security Issues \| WIRED Trust: 5.5 Fetched: Jan. 5, 2024, 9:09 a.m., Published: Dec. 31, 2023, noon	Vulnerabilities: buffer overflow, denial of service, code execution

Affected products

External IDs

vendor:	apple	model:	tvos
vendor:	apple	model:	iphone
vendor:	apple	model:	webkit
vendor:	apple	model:	safari
vendor:	apple	model:	macos
vendor:	apple	model:	watchos
vendor:	google	model:	chrome
vendor:	google	model:	pixel
vendor:	google	model:	android

db:

NVD

ids:

CVE-2023-7024, CVE-2023-40078, CVE-2023-4291, CVE-2023-42890, CVE-2023-40094, CVE-2023-42898, CVE-2023-6702, CVE-2023-42940, CVE-2023-42899, CVE-2023-40088

CVE-2023-45866: Apple Fixes Critical Vulnerabilities in iOS and macOS Trust: 4.75 Fetched: Jan. 3, 2024, 9:57 a.m., Published: Dec. 12, 2023, 11:38 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	macos
vendor:	apple	model:	safari
vendor:	apple	model:	tvos
vendor:	apple	model:	watchos
vendor:	apple	model:	webkit

db:

NVD

ids:

CVE-2023-42883, CVE-2023-42917, CVE-2023-45866, CVE-2023-42890, CVE-2023-42916

CVE-2023-7027 - vulnerability database \| Vulners.com Trust: 3.25 Fetched: Jan. 3, 2024, 9:54 a.m., Published: Jan. 3, 2024, 5:15 a.m.	Vulnerabilities: cross-site scripting

Affected products

External IDs

db:

NVD

ids:

CVE-2023-7027

Cisco IOS and NX-OS Software Locator/ID Separation Protocol ... - vulnerability database \| Vulners.com Related entries in the VARIoT vulnerabilities database: VAR-201603-0281 Trust: 5.75 Fetched: Jan. 3, 2024, 9:49 a.m., Published: Dec. 20, 2023, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	nx-os software
vendor:	cisco	model:	nx-os
vendor:	cisco	model:	nx-os 4.1

db:

NVD

ids:

CVE-2016-1351

24-001 (January 2, 2024) - Threat Encyclopedia Trust: 3.75 Fetched: Jan. 3, 2024, 9:49 a.m., Published: Jan. 2, 2024, midnight	Vulnerabilities: authentication vulnerability, cross-site scripting, resource exhaustion...

Affected products

External IDs

db:

NVD

ids:

CVE-2023-44361, CVE-2023-4137, CVE-2023-5360, CVE-2022-26833, CVE-2023-38039, CVE-2023-40056, CVE-2021-3129

The 35 Most Notorious Hacks History \| Indusface Blog Trust: 4.5 Fetched: Jan. 3, 2024, 9:46 a.m., Published: Dec. 22, 2023, 5:23 a.m.	Vulnerabilities: injection attack, authentication error, access control vulnerability...

Affected products

External IDs

vendor:

apple

model:

icloud

db:

NVD

ids:

CVE-2023-34362, CVE-2021-26857, CVE-2021-27065, CVE-2021-26855, CVE-2021-26858

Intel BIOS Firmware CVE-2021-0187 (INTEL-SA-00717) - vulnerability database \| Vulners.com Trust: 4.25 Fetched: Jan. 3, 2024, 9:46 a.m., Published: Dec. 19, 2023, midnight	Vulnerabilities: improper access control

Affected products

External IDs

db:

NVD

ids:

CVE-2021-0187

Dell Client BIOS Improper Authentication (DSA-2023-342) - vulnerability database \| Vulners.com Trust: 5.25 Fetched: Jan. 3, 2024, 9:46 a.m., Published: Dec. 28, 2023, midnight	Vulnerabilities: input validation vulnerability

Affected products

External IDs

vendor:

dell

model:

bios

Intel BIOS Firmware CVE-2022-26343 (INTEL-SA-00717) - vulnerability database \| Vulners.com Trust: 4.25 Fetched: Jan. 3, 2024, 9:45 a.m., Published: Dec. 19, 2023, midnight	Vulnerabilities: improper access control

Affected products

External IDs

db:

NVD

ids:

CVE-2022-26343

Siemens SCALANCE W1750D Devices Double Free (CVE-2022-4450) - vulnerability database \| Vulners.com Related entries in the VARIoT vulnerabilities database: VAR-202302-0195 Trust: 4.75 Fetched: Jan. 3, 2024, 9:45 a.m., Published: Dec. 19, 2023, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	siemens	model:	scalance
vendor:	siemens	model:	scalance w1750d
vendor:	siemens	model:	w1750d

db:

NVD

ids:

CVE-2022-4450

Debian DSA-5584-1 : bluez - security update - vulnerability database \| Vulners.com Trust: 4.0 Fetched: Jan. 3, 2024, 9:38 a.m., Published: Dec. 21, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

cups

model:

cups

db:

NVD

ids:

CVE-2020-0556, CVE-2023-45866

CVE - Search Results Trust: 3.75 Fetched: Jan. 3, 2024, 9:32 a.m., Published: Jan. 3, 2024, midnight	Vulnerabilities: buffer overflow, denial of service

Affected products

External IDs

db:

NVD

ids:

CVE-2012-5962, CVE-2012-5958, CVE-2021-29462, CVE-2016-8863, CVE-2012-5964, CVE-2020-13848, CVE-2012-5965, CVE-2012-5960, CVE-2012-5959, CVE-2012-5963, CVE-2012-5961, CVE-2016-6255

CVE - CVE-2023-38186 Trust: 3.25 Fetched: Jan. 3, 2024, 9:31 a.m., Published: Jan. 3, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2023-38186

Qualcomm chip vulnerability enables remote attack by voice call \| SC Media Related entries in the VARIoT vulnerabilities database: VAR-202401-0655 Trust: 5.5 Fetched: Jan. 3, 2024, 9:29 a.m., Published: Jan. 2, 2024, 10:11 p.m.	Vulnerabilities: memory corruption, integer overflow, buffer overflow...

Affected products

External IDs

vendor:	motorola	model:	motorola
vendor:	motorola	model:	android
vendor:	samsung	model:	samsung galaxy
vendor:	samsung	model:	mobile
vendor:	samsung	model:	galaxy

db:

NVD

ids:

CVE-2023-33036, CVE-2023-33030, CVE-2023-33025, CVE-2023-33032

How to Minimize Disruption in Network Device Vulnerability Assessment Trust: 3.25 Fetched: Jan. 3, 2024, 9:29 a.m., Published: Jan. 3, 2024, midnight	Vulnerabilities: denial of service

Affected products	External IDs

Dangerous vulnerability in fleet management software seemingly ignored by vendor \| CyberScoop Trust: 5.0 Fetched: Jan. 3, 2024, 9:18 a.m., Published: Dec. 6, 2023, 8:48 p.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2023-6248

CVE-2023-32434 Exploited: PoC Unlocks Full Command of iOS Devices Trust: 5.75 Fetched: Jan. 3, 2024, 9:17 a.m., Published: Jan. 2, 2024, 3 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	macos
vendor:	apple	model:	iphone
vendor:	apple	model:	macbook
vendor:	apple	model:	webkit
vendor:	apple	model:	macbook air

db:

NVD

ids:

CVE-2023-32434, CVE-2023-32439

Worm vs Virus: What's the Difference? - Keeper Security Trust: 3.75 Fetched: Jan. 3, 2024, 9:10 a.m., Published: Jan. 2, 2024, 5:24 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

wifi

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access VPN Unauthorized Access Vulnerability Trust: 5.0 Fetched: Jan. 3, 2024, 9:09 a.m., Published: Oct. 11, 2023, 2:59 p.m.	Vulnerabilities: brute force attack

Affected products

External IDs

vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	firepower management center
vendor:	cisco	model:	firepower threat defense software
vendor:	cisco	model:	ios xr software
vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	firepower
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	nx-os
vendor:	cisco	model:	adaptive security appliance software
vendor:	cisco	model:	clientless ssl vpn
vendor:	cisco	model:	nx-os software
vendor:	cisco	model:	ios xr
vendor:	cisco	model:	ios software
vendor:	cisco	model:	cisco adaptive security appliance software
vendor:	cisco	model:	asa software
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	fxos

Cisco Identity Services Engine Command Injection Vulnerabilities Trust: 4.75 Fetched: Jan. 3, 2024, 9:09 a.m., Published: Nov. 1, 2023, 4 p.m.	Vulnerabilities: command injection

Affected products

External IDs

vendor:	cisco	model:	cisco identity services engine
vendor:	cisco	model:	identity services engine

VARIoT news about IoT security