Sign-up

VARIoT news about IoT security

Critical Vulnerability in FortiOS and FortiProxy (CVE-2022-40684) | NCERT

Related entries in the VARIoT vulnerabilities database: VAR-202210-0198

Trust: 4.0

Fetched: Sept. 17, 2023, 9:35 a.m., Published: Sept. 2, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2022-40684

iPhone Vulnerability Exposes Devices to Pegasus Spyware Attacks

Trust: 3.0

Fetched: Sept. 17, 2023, 9:34 a.m., Published: Sept. 11, 2023, 6:38 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone

CVE-2023-4039: GCC’s -fstack-protector fails to guard dynamic stack allocations on ARM64 | Meta Red Team X

Trust: 5.75

Fetched: Sept. 17, 2023, 9:32 a.m., Published: Sept. 12, 2023, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: canary model: canary
db: NVD ids: CVE-2023-4039, CVE-2018-12886

Activating Your Axonius-hosted (SaaS) Trial - Axonius-as-a-Service Trials

Trust: 3.0

Fetched: Sept. 17, 2023, 9:32 a.m., Published: Sept. 6, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: palo model: networks

Patch Tuesday September 2023: Office NLTM Hash Vulnerability Gets Fix - N-able

Trust: 4.25

Fetched: Sept. 17, 2023, 9:29 a.m., Published: Sept. 13, 2023, 10:57 a.m.
 Vulnerabilities: code execution, information disclosure
Affected productsExternal IDs
vendor: cisco model: firepower
vendor: cisco model: firepower threat defense
vendor: apple model: macos
db: NVD ids: CVE-2023-20269, CVE-2023-36804, CVE-2023-41061, CVE-2023-36796, CVE-2023-36793, CVE-2023-38143, CVE-2023-38148, CVE-2023-4863, CVE-2023-29332, CVE-2023-38142, CVE-2023-36756, CVE-2023-36745, CVE-2023-36744, CVE-2023-26369, CVE-2023-44064, CVE-2023-38144, CVE-2023-36777, CVE-2023-36792, CVE-2023-36802, CVE-2023-38161, CVE-2023-38160, CVE-2023-36761, CVE-2023-38152

Threat mitigation guidance for server-side ASP.NET Core Blazor | Microsoft Learn

Trust: 3.5

Fetched: Sept. 17, 2023, 9:28 a.m., Published: Feb. 21, 2023, midnight
 Vulnerabilities: cross-site scripting, cross-site request forgery, denial of service...
Affected productsExternal IDs

CVE-2022-42475: Thousands of Unpatched Fortinet Vulnerabilities Exposed | CIP Blog

Related entries in the VARIoT vulnerabilities database: VAR-202212-1132

Trust: 4.0

Fetched: Sept. 17, 2023, 9:27 a.m., Published: Sept. 15, 2023, 6:04 a.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2022-47966, CVE-2022-42475

HAVE A SAFE RIDE - Cyber Threats in the Automotive Sector

Trust: 4.5

Fetched: Sept. 17, 2023, 9:22 a.m., Published: Sept. 3, 2023, midnight
 Vulnerabilities: code execution, injection attack, buffer overflow
Affected productsExternal IDs
vendor: essential model: phone
db: NVD ids: CVE-2023-29389, CVE-2023-29468

Cisco IOS XR Software Image Verification Vulnerability - Cisco

Trust: 3.0

Fetched: Sept. 17, 2023, 9:20 a.m., Published: Sept. 13, 2023, 11:34 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco ios xr
vendor: cisco model: cisco ios
vendor: cisco model: ios xr
vendor: cisco model: ios xr software

CVE.report - ASUS

Trust: 3.0

Fetched: Sept. 17, 2023, 9:19 a.m., Published: Sept. 20, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: asus model: asus

Cisco IOS XR Software Access Control List Bypass Vulnerability - Cisco

Trust: 3.75

Fetched: Sept. 17, 2023, 9:18 a.m., Published: Sept. 13, 2023, 11:34 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco ios
vendor: cisco model: nx-os
vendor: cisco model: ios xr
vendor: cisco model: ios xe
vendor: cisco model: series routers
vendor: cisco model: routers
vendor: cisco model: ios software
vendor: cisco model: ios xr software
vendor: cisco model: series
vendor: cisco model: cisco ios xr
vendor: cisco model: ios xe software
vendor: cisco model: nx-os software
db: NVD ids: CVE-2023-20191

Cisco IOS XR Software iPXE Boot Signature Bypass Vulnerability - Cisco

Trust: 3.0

Fetched: Sept. 17, 2023, 9:18 a.m., Published: Sept. 13, 2023, 11:34 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco ios xr
vendor: cisco model: cisco ios
vendor: cisco model: ios xr
vendor: cisco model: ios xr software

Configuring updates of anti-malware databases on Android devices

Trust: 3.0

Fetched: Sept. 17, 2023, 9:15 a.m., Published: April 17, 2019, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

Cisco IOS XR Software Compression ACL Bypass Vulnerability - Cisco

Trust: 3.0

Fetched: Sept. 17, 2023, 9:15 a.m., Published: Sept. 13, 2023, 11:34 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco ios xr
vendor: cisco model: cisco ios
vendor: cisco model: ios xr
vendor: cisco model: ios xr software

Cisco IOS XR Software Connectivity Fault Management Denial of Service Vulnerability - Cisco

Trust: 3.75

Fetched: Sept. 17, 2023, 9:13 a.m., Published: Sept. 13, 2023, 11:34 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: ios xe
vendor: cisco model: cisco ios xr
vendor: cisco model: cisco ios
vendor: cisco model: ios xe software
vendor: cisco model: nx-os
vendor: cisco model: ios xr
vendor: cisco model: nx-os software
vendor: cisco model: ios software
vendor: cisco model: ios xr software

Patch now! September Microsoft Patch Tuesday includes two actively exploited zero-days

Trust: 4.5

Fetched: Sept. 15, 2023, 9:23 a.m., Published: Sept. 13, 2023, 1:33 p.m.
 Vulnerabilities: code execution, information disclosure
Affected productsExternal IDs
vendor: google model: android
vendor: google model: chrome
vendor: apple model: macos
db: NVD ids: CVE-2023-29332, CVE-2023-36802, CVE-2023-36761

Be Cyber Safe | Neuways | 14th September | Weekly Updates

Trust: 4.25

Fetched: Sept. 15, 2023, 9:18 a.m., Published: Sept. 14, 2023, 7 a.m.
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
vendor: apple model: watchos
vendor: apple model: iphone
vendor: apple model: ipad air
vendor: apple model: ipad
vendor: apple model: watch
vendor: apple model: macos
db: NVD ids: CVE-2023-41061, CVE-2023-37450, CVE-2023-41064

Cybersecurity Threat Advisory: New Android zero-day exploit found

Trust: 5.75

Fetched: Sept. 15, 2023, 9:18 a.m., Published: Sept. 14, 2023, 6:13 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: barracuda model: barracuda
db: NVD ids: CVE-2023-35674

Have a SAFE ride - Cyber Threats in the Automotive Sector • KELA Cyber Threat Intelligence

Trust: 4.5

Fetched: Sept. 15, 2023, 9:17 a.m., Published: Sept. 12, 2023, 1:52 p.m.
 Vulnerabilities: code execution, buffer overflow, injection attack
Affected productsExternal IDs
vendor: essential model: phone
db: NVD ids: CVE-2023-29389, CVE-2023-29468

Security Guide for Cisco Unified Communications Manager, Release 12.5(1) - Security Overview [Cisco Unified Communications Manager (CallManager)] - Cisco

Trust: 3.5

Fetched: Sept. 15, 2023, 9:16 a.m., Published: Sept. 12, 2023, 8:46 a.m.
 Vulnerabilities: replay attack
Affected productsExternal IDs
vendor: cisco model: cisco unified communications manager
vendor: cisco model: unified communications
vendor: cisco model: unified communications manager