Sign-up

VARIoT news about IoT security

New vulnerability gives MacOS users a 'Migraine' | SC Media

Trust: 4.0

Fetched: June 6, 2023, 9:10 a.m., Published: July 20, 2022, 6 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2023-32369

Major firewall maker alerts customers to vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202203-1898, VAR-202305-2121, VAR-202305-2285, VAR-202304-2073

Trust: 5.75

Fetched: June 6, 2023, 9:09 a.m., Published: June 5, 2023, 7:47 a.m.
 Vulnerabilities: buffer overflow, command execution, code execution...
Affected productsExternal IDs
vendor: zyxel model: zywall
db: NVD ids: CVE-2022-0342, CVE-2023-33009, CVE-2023-33010, CVE-2023-28771

Technical Advisory - Multiple Vulnerabilities in Faronics Insight (CVE-2023-28344, CVE-2023-28345, CVE-2023-28346, CVE-2023-28347, CVE-2023-28348, CVE-2023-28349, CVE-2023-28350, CVE-2023-28351, CVE-2023-28352, CVE-2023-28353) | NCC Group Research Blog | Making the world safer and more secure

Trust: 3.5

Fetched: June 4, 2023, 9:05 a.m., Published: May 30, 2023, 1 a.m.
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-28348, CVE-2023-28352, CVE-2023-28347, CVE-2023-28345, CVE-2023-28353, CVE-2023-28344, CVE-2023-28351, CVE-2023-28350, CVE-2023-28346, CVE-2023-28349

UNVEILING HIDDEN VULNERABILITIES: NMAP FOR WEB APPLICATION TESTING AND IOT DEVICE SECURITY

Trust: 3.5

Fetched: June 4, 2023, 9:04 a.m., Published: May 25, 2023, midnight
 Vulnerabilities: sql injection, cross-site scripting, default credentials
Affected productsExternal IDs

"Beautiful Cookie Consent Banner" WordPress plugin vulnerability: Update now!

Trust: 3.0

Fetched: June 2, 2023, 9:11 a.m., Published: May 25, 2023, 8:04 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs

Barracuda Networks patches zero-day vulnerability in Email Security Gateway

Trust: 5.25

Fetched: June 2, 2023, 9:11 a.m., Published: -
 Vulnerabilities: command injection, remote command injection
Affected productsExternal IDs
vendor: barracuda networks model: barracuda
vendor: barracuda model: barracuda
db: NVD ids: CVE-2023-2868

Widespread Exploitation of Zyxel Network Devices | Rapid7 Blog

Related entries in the VARIoT vulnerabilities database: VAR-202304-2073, VAR-202305-2285, VAR-202305-2121

Trust: 4.75

Fetched: June 2, 2023, 9:11 a.m., Published: May 31, 2023, 2:11 p.m.
 Vulnerabilities: buffer overflow, command injection
Affected productsExternal IDs
vendor: zyxel model: zywall
db: NVD ids: CVE-2023-28771, CVE-2023-33010, CVE-2023-33009

Zyxel vulnerability under 'widespread' exploitation | TechTarget

Related entries in the VARIoT vulnerabilities database: VAR-202304-2073

Trust: 4.75

Fetched: June 2, 2023, 9:10 a.m., Published: June 1, 2023, midnight
 Vulnerabilities: command injection, os command injection, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-28771

Cybersecurity Terms: A to Z Glossary | Coursera

Trust: 3.25

Fetched: June 2, 2023, 9:09 a.m., Published: May 17, 2023, midnight
 Vulnerabilities: sql injection, denial of service
Affected productsExternal IDs
vendor: essential model: phone
vendor: google model: wi-fi router

Critical Zyxel vulnerability is being actively exploited - Techzine Europe

Related entries in the VARIoT vulnerabilities database: VAR-202304-2073

Trust: 5.75

Fetched: June 2, 2023, 9:08 a.m., Published: June 1, 2023, 11:09 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: zyxel model: nas540
vendor: zyxel model: nas542
vendor: zyxel model: nas326
vendor: zyxel model: zywall
db: NVD ids: CVE-2023-28771

A critical security flaw is affecting Zyxel firewall devices - here's what you need to know | TechRadar

Related entries in the VARIoT vulnerabilities database: VAR-202304-2073, VAR-202305-2285, VAR-202305-2121

Trust: 5.75

Fetched: June 2, 2023, 9:07 a.m., Published: June 1, 2023, 4:25 p.m.
 Vulnerabilities: buffer overflow, command injection, denial of service...
Affected productsExternal IDs
vendor: zyxel model: zywall
db: NVD ids: CVE-2023-28771, CVE-2023-33010, CVE-2023-33009

Zyxel patches vulnerability in NAS devices (CVE-2023-27988) - Help Net Security

Trust: 5.75

Fetched: June 2, 2023, 9:07 a.m., Published: May 31, 2023, 11:47 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: zyxel model: nas540
vendor: zyxel model: nas542
vendor: zyxel model: nas326
db: NVD ids: CVE-2023-27988

New Android & Google Device Vulnerability Reward Program

Trust: 3.0

Fetched: May 31, 2023, 9:15 a.m., Published: May 18, 2023, 8:17 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

Old Wine in the New Bottle: Mirai Variant Targets Multiple IoT Devices

Related entries in the VARIoT vulnerabilities database: VAR-202304-0813

Trust: 4.25

Fetched: May 31, 2023, 9:14 a.m., Published: May 25, 2023, 6 a.m.
 Vulnerabilities: arbitrary command execution, command injection, command execution...
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: tenda model: router
db: NVD ids: CVE-2023-26802, CVE-2023-26801, CVE-2023-27076

New macOS vulnerability, Migraine, could bypass System Integrity Protection | Microsoft Security Blog

Related entries in the VARIoT vulnerabilities database: VAR-202108-2056

Trust: 5.75

Fetched: May 31, 2023, 9:13 a.m., Published: May 30, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2021-30892, CVE-2023-32369

Textbook ‘NTP Textbox’ Vulnerability in Zyxel’s NAS326, NAS540, and NAS542 Devices | Sternum

Trust: 5.5

Fetched: May 31, 2023, 9:13 a.m., Published: May 30, 2023, 8:47 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: zyxel model: nas326
vendor: zyxel model: nas542
vendor: zyxel model: nas540
db: NVD ids: CVE-2023-27988

Barracuda Email Security Gateway Appliance (ESG) Vulnerability

Trust: 4.25

Fetched: May 31, 2023, 9:06 a.m., Published: May 30, 2023, 8:27 p.m.
 Vulnerabilities: command injection, remote command injection
Affected productsExternal IDs
vendor: barracuda model: barracuda
vendor: barracuda networks model: barracuda
db: NVD ids: CVE-2023-28681, CVE-2023-2868

Serious Unpatched Vulnerability Uncovered in Popular Belkin Wemo Smart Plugs

Trust: 5.75

Fetched: May 30, 2023, 9:09 a.m., Published: May 17, 2023, 10:17 a.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: wemo model: mini smart plug
db: NVD ids: CVE-2023-27217

CISA Adds Three Known Exploited Vulnerabilities to Catalog | CISA

Related entries in the VARIoT vulnerabilities database: VAR-201609-0325, VAR-200412-0177

Trust: 4.75

Fetched: May 30, 2023, 9:08 a.m., Published: May 26, 2023, midnight
 Vulnerabilities: information disclosure
Affected productsExternal IDs
vendor: samsung model: mobile
vendor: samsung model: mobile devices
vendor: samsung model: note
vendor: samsung model: samsung mobile
vendor: cisco model: ios xr
vendor: cisco model: ios xe
vendor: cisco model: cisco ios
db: NVD ids: CVE-2016-6415, CVE-2023-21492, CVE-2004-1464

Zyxel patches two critical vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202305-2285, VAR-202305-2121, VAR-202205-0957

Trust: 5.75

Fetched: May 30, 2023, 9:07 a.m., Published: -
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
vendor: zyxel model: zywall
db: NVD ids: CVE-2023-33010, CVE-2023-33009, CVE-2022-30525