VARIoT latest news about IoT security

August Related entries in the VARIoT vulnerabilities database: VAR-202112-0949, VAR-202307-0110, VAR-202303-2113 Trust: 4.5 Fetched: Aug. 9, 2023, 9:20 a.m., Published: Aug. 4, 2023, 4:08 p.m.	Vulnerabilities: information leakage, input verification vulnerability, privilege escalation

Affected products

External IDs

vendor:	huawei	model:	emui
vendor:	huawei	model:	huawei

db:

NVD

ids:

CVE-2023-21180, CVE-2023-39403, CVE-2023-39389, CVE-2021-40006, CVE-2023-39381, CVE-2023-39405, CVE-2023-21185, CVE-2023-39402, CVE-2023-20985, CVE-2023-39398, CVE-2023-20981, CVE-2023-21202, CVE-2023-22386, CVE-2023-21196, CVE-2023-39390, CVE-2023-21167, CVE-2023-21175, CVE-2023-20986, CVE-2023-39395, CVE-2023-28541, CVE-2023-21193, CVE-2022-42703, CVE-2023-21145, CVE-2023-21199, CVE-2023-39393, CVE-2023-21201, CVE-2023-21246, CVE-2023-39385, CVE-2023-20977, CVE-2023-39401, CVE-2023-39397, CVE-2022-20199, CVE-2023-21172, CVE-2023-21238, CVE-2023-21250, CVE-2023-20987, CVE-2021-46895, CVE-2023-39394, CVE-2023-20980, CVE-2021-0948, CVE-2023-39392, CVE-2023-28542, CVE-2023-21241, CVE-2023-39383, CVE-2023-39399, CVE-2023-20979, CVE-2023-21173, CVE-2023-20983, CVE-2023-20982, CVE-2023-20973, CVE-2023-39386, CVE-2023-20989, CVE-2023-39400, CVE-2023-21168, CVE-2023-39396, CVE-2022-27405, CVE-2023-20988, CVE-2023-39406, CVE-2023-39382, CVE-2023-39388, CVE-2023-39404, CVE-2023-39380, CVE-2023-20990, CVE-2022-27406, CVE-2023-39387, CVE-2023-20918, CVE-2023-39391, CVE-2023-39384, CVE-2023-20974

August Related entries in the VARIoT vulnerabilities database: VAR-202112-0949, VAR-202307-0110, VAR-202303-2113 Trust: 4.5 Fetched: Aug. 9, 2023, 9:20 a.m., Published: Aug. 4, 2023, 4:39 p.m.	Vulnerabilities: information leakage, input verification vulnerability, privilege escalation

Affected products

External IDs

vendor:	huawei	model:	emui
vendor:	huawei	model:	huawei

db:

NVD

ids:

CVE-2023-21180, CVE-2023-39403, CVE-2023-39389, CVE-2021-40006, CVE-2023-39381, CVE-2023-39405, CVE-2023-21185, CVE-2023-39402, CVE-2023-20985, CVE-2023-39398, CVE-2023-20981, CVE-2023-21202, CVE-2023-22386, CVE-2023-21196, CVE-2023-39390, CVE-2023-21167, CVE-2023-21175, CVE-2023-20986, CVE-2023-39395, CVE-2023-28541, CVE-2023-21193, CVE-2022-42703, CVE-2023-21145, CVE-2023-21199, CVE-2023-39393, CVE-2023-21201, CVE-2023-21246, CVE-2023-39385, CVE-2023-20977, CVE-2023-39401, CVE-2023-39397, CVE-2022-20199, CVE-2023-21172, CVE-2023-21238, CVE-2023-21250, CVE-2023-20987, CVE-2021-46895, CVE-2023-39394, CVE-2023-20980, CVE-2021-0948, CVE-2023-39392, CVE-2023-28542, CVE-2023-21241, CVE-2023-39383, CVE-2023-39399, CVE-2023-20979, CVE-2023-21173, CVE-2023-20983, CVE-2023-20982, CVE-2023-20973, CVE-2023-39386, CVE-2023-20989, CVE-2023-39400, CVE-2023-21168, CVE-2023-39396, CVE-2022-27405, CVE-2023-20988, CVE-2023-39406, CVE-2023-39382, CVE-2023-39388, CVE-2023-39404, CVE-2023-39380, CVE-2023-20990, CVE-2022-27406, CVE-2023-39387, CVE-2023-20918, CVE-2023-39391, CVE-2023-39384, CVE-2023-20974

Ghostscript Remote Code Execution Vulnerability \| Kroll Trust: 3.75 Fetched: Aug. 9, 2023, 9:19 a.m., Published: July 11, 2023, midnight	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2023-36664

Cisco Secure Email Gateway, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance Cross-Site Scripting Vulnerabilities Trust: 5.25 Fetched: Aug. 9, 2023, 9:19 a.m., Published: July 11, 2023, 4:43 p.m.	Vulnerabilities: cross-site scripting

Affected products	External IDs

KB5028407: How to manage the vulnerability associated with CVE-2023-32019 - Microsoft Support Trust: 4.25 Fetched: Aug. 9, 2023, 9:18 a.m., Published: June 13, 2023, midnight	Vulnerabilities: information disclosure

Affected products

External IDs

db:

NVD

ids:

CVE-2023-32019

Ordr Security Bulletin: MOVEit Vulnerabilities - Ordr Trust: 4.5 Fetched: Aug. 8, 2023, 9:34 a.m., Published: June 19, 2023, 2:37 p.m.	Vulnerabilities: sql injection

Affected products

External IDs

vendor:	ipswitch	model:	moveit transfer
vendor:	check point	model:	check point

db:

NVD

ids:

CVE-2023-34362

Cybersecurity Threat Advisory: Critical PaperCut vulnerability actively exploited Trust: 6.0 Fetched: Aug. 8, 2023, 9:34 a.m., Published: May 9, 2023, 7:47 p.m.	Vulnerabilities: code execution, improper access control, authentication bypass

Affected products

External IDs

vendor:

barracuda

model:

barracuda

db:

NVD

ids:

CVE-2023-27350

iPrint&Scan App Vulnerability on Android™ Devices \| Brother Trust: 4.0 Fetched: Aug. 8, 2023, 9:33 a.m., Published: Aug. 1, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2023-28369

Final OT:ICEFALL vulnerability disclosed affecting Schneider tool Related entries in the VARIoT vulnerabilities database: VAR-202305-2074 Trust: 3.75 Fetched: Aug. 8, 2023, 9:32 a.m., Published: June 21, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

motorola

model:

motorola

db:

NVD

ids:

CVE-2022-46680

DeviceTvmInfoGathering table in the advanced hunting schema \| Microsoft Learn Related entries in the VARIoT vulnerabilities database: VAR-202112-0566 Trust: 3.0 Fetched: Aug. 8, 2023, 9:31 a.m., Published: June 22, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-44228

Zyxel addressed critical flaw CVE-2023-27992 in NAS DevicesSecurity Affairs Related entries in the VARIoT vulnerabilities database: VAR-202305-2285, VAR-202304-2073, VAR-202305-2121 Trust: 5.75 Fetched: Aug. 8, 2023, 9:30 a.m., Published: June 20, 2023, 2:08 p.m.	Vulnerabilities: code execution, command injection, buffer overflow

Affected products

External IDs

vendor:	zyxel	model:	nas540
vendor:	zyxel	model:	nas542
vendor:	zyxel	model:	nas326

db:

NVD

ids:

CVE-2023-33010, CVE-2023-27992, CVE-2023-28771, CVE-2023-33009

Wear OS Security Bulletin-August 2023 \| Android Open Source Project Trust: 5.75 Fetched: Aug. 8, 2023, 9:24 a.m., Published: Aug. 8, 2023, midnight	Vulnerabilities: code execution, information disclosure, denial of service

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2023-21234, CVE-2023-21229, CVE-2023-21233, CVE-2023-21235, CVE-2023-35689, CVE-2023-21231, CVE-2023-21232, CVE-2023-21230

Cisco Bug: CSCvt55609 - Cisco SD-WAN vEdge Routers Denial of Service Vulnerability Trust: 5.0 Fetched: Aug. 8, 2023, 9:24 a.m., Published: -	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	cisco sd-wan vedge
vendor:	cisco	model:	sd-wan vedge
vendor:	cisco	model:	sd-wan vedge routers
vendor:	cisco	model:	vedge
vendor:	cisco	model:	routers
vendor:	cisco	model:	sd-wan
vendor:	cisco	model:	cisco sd-wan

CVE-2023-35081 - New Ivanti EPMM Vulnerability Trust: 3.0 Fetched: Aug. 8, 2023, 9:18 a.m., Published: July 28, 2023, midnight	Vulnerabilities: authentication bypass

Affected products

External IDs

db:

NVD

ids:

CVE-2023-35078, CVE-2023-35081

CVE-2023-35082 - Vulnerability affecting EPMM and MobileIron Core \| Ivanti Trust: 3.0 Fetched: Aug. 8, 2023, 9:18 a.m., Published: Aug. 7, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2023-35082

2022's most routinely exploited vulnerabilities-history repeats Related entries in the VARIoT vulnerabilities database: VAR-201906-0815, VAR-202112-0566, VAR-202205-1958, VAR-202205-0394, VAR-202206-0004 Trust: 3.5 Fetched: Aug. 8, 2023, 9:18 a.m., Published: Aug. 7, 2023, 5:30 p.m.	Vulnerabilities: code execution, authentication bypass, privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2018-13379, CVE-2021-34523, CVE-2021-26084, CVE-2022-22954, CVE-2021-40539, CVE-2022-22960, CVE-2021-34473, CVE-2021-31207, CVE-2021-44228, CVE-2022-30190, CVE-2022-1388, CVE-2022-26134

CISA adds recently disclosed Apple flaws to its Known Exploited Vulnerabilities catalogSecurity Affairs Trust: 5.5 Fetched: Aug. 6, 2023, 9:13 a.m., Published: June 23, 2023, 11:25 p.m.	Vulnerabilities: command injection, memory corruption, integer overflow...

Affected products

External IDs

vendor:	apple	model:	macos
vendor:	apple	model:	watchos
vendor:	apple	model:	webkit
vendor:	apple	model:	safari

db:

NVD

ids:

CVE-2023-32434, CVE-2020-35730, CVE-2023-27992, CVE-2023-20887, CVE-2023-32435, CVE-2023-20867, CVE-2020-12641, CVE-2021-44026, CVE-2023-32439

Apple Patches Zero Days Used in Targeted iOS Attacks \| Decipher Trust: 5.5 Fetched: Aug. 6, 2023, 9:13 a.m., Published: June 22, 2023, midnight	Vulnerabilities: privilege escalation, integer overflow, memory corruption...

Affected products

External IDs

vendor:	apple	model:	webkit
vendor:	apple	model:	macos

db:

NVD

ids:

CVE-2023-32435, CVE-2023-32434, CVE-2023-32439

Minecraft fans beware: Players and servers at risk from BleedingPipe vulnerability Trust: 3.0 Fetched: Aug. 4, 2023, 9:09 a.m., Published: Aug. 2, 2023, 2:35 p.m.	Vulnerabilities: code execution

Affected products	External IDs

Cisco Secure Web Appliance Content Encoding Filter Bypass Vulnerability Trust: 3.25 Fetched: Aug. 4, 2023, 9:09 a.m., Published: Aug. 3, 2023, 2:03 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

cisco

model:

email security appliance

VARIoT news about IoT security