VARIoT latest news about IoT security

Threat mitigation guidance for server-side ASP.NET Core Blazor \| Microsoft Learn Trust: 3.5 Fetched: Sept. 17, 2023, 9:28 a.m., Published: Feb. 21, 2023, midnight	Vulnerabilities: cross-site scripting, cross-site request forgery, denial of service...

Affected products	External IDs

CVE-2022-42475: Thousands of Unpatched Fortinet Vulnerabilities Exposed \| CIP Blog Related entries in the VARIoT vulnerabilities database: VAR-202212-1132 Trust: 4.0 Fetched: Sept. 17, 2023, 9:27 a.m., Published: Sept. 15, 2023, 6:04 a.m.	Vulnerabilities: buffer overflow

Affected products

External IDs

db:

NVD

ids:

CVE-2022-47966, CVE-2022-42475

HAVE A SAFE RIDE - Cyber Threats in the Automotive Sector Trust: 4.5 Fetched: Sept. 17, 2023, 9:22 a.m., Published: Sept. 3, 2023, midnight	Vulnerabilities: code execution, injection attack, buffer overflow

Affected products

External IDs

vendor:

essential

model:

phone

db:

NVD

ids:

CVE-2023-29389, CVE-2023-29468

Cisco IOS XR Software Image Verification Vulnerability - Cisco Trust: 3.0 Fetched: Sept. 17, 2023, 9:20 a.m., Published: Sept. 13, 2023, 11:34 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	cisco ios xr
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ios xr
vendor:	cisco	model:	ios xr software

CVE.report - ASUS Trust: 3.0 Fetched: Sept. 17, 2023, 9:19 a.m., Published: Sept. 20, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

asus

model:

asus

Cisco IOS XR Software Access Control List Bypass Vulnerability - Cisco Trust: 3.75 Fetched: Sept. 17, 2023, 9:18 a.m., Published: Sept. 13, 2023, 11:34 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	nx-os
vendor:	cisco	model:	ios xr
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	series routers
vendor:	cisco	model:	routers
vendor:	cisco	model:	ios software
vendor:	cisco	model:	ios xr software
vendor:	cisco	model:	series
vendor:	cisco	model:	cisco ios xr
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	nx-os software

db:

NVD

ids:

CVE-2023-20191

Cisco IOS XR Software iPXE Boot Signature Bypass Vulnerability - Cisco Trust: 3.0 Fetched: Sept. 17, 2023, 9:18 a.m., Published: Sept. 13, 2023, 11:34 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	cisco ios xr
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ios xr
vendor:	cisco	model:	ios xr software

Configuring updates of anti-malware databases on Android devices Trust: 3.0 Fetched: Sept. 17, 2023, 9:15 a.m., Published: April 17, 2019, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

android

Cisco IOS XR Software Compression ACL Bypass Vulnerability - Cisco Trust: 3.0 Fetched: Sept. 17, 2023, 9:15 a.m., Published: Sept. 13, 2023, 11:34 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	cisco ios xr
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ios xr
vendor:	cisco	model:	ios xr software

Cisco IOS XR Software Connectivity Fault Management Denial of Service Vulnerability - Cisco Trust: 3.75 Fetched: Sept. 17, 2023, 9:13 a.m., Published: Sept. 13, 2023, 11:34 a.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	ios xe
vendor:	cisco	model:	cisco ios xr
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	nx-os
vendor:	cisco	model:	ios xr
vendor:	cisco	model:	nx-os software
vendor:	cisco	model:	ios software
vendor:	cisco	model:	ios xr software

Patch now! September Microsoft Patch Tuesday includes two actively exploited zero-days Trust: 4.5 Fetched: Sept. 15, 2023, 9:23 a.m., Published: Sept. 13, 2023, 1:33 p.m.	Vulnerabilities: code execution, information disclosure

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	chrome
vendor:	apple	model:	macos

db:

NVD

ids:

CVE-2023-29332, CVE-2023-36802, CVE-2023-36761

Be Cyber Safe \| Neuways \| 14th September \| Weekly Updates Trust: 4.25 Fetched: Sept. 15, 2023, 9:18 a.m., Published: Sept. 14, 2023, 7 a.m.	Vulnerabilities: code execution, buffer overflow

Affected products

External IDs

vendor:	apple	model:	watchos
vendor:	apple	model:	iphone
vendor:	apple	model:	ipad air
vendor:	apple	model:	ipad
vendor:	apple	model:	watch
vendor:	apple	model:	macos

db:

NVD

ids:

CVE-2023-41061, CVE-2023-37450, CVE-2023-41064

Cybersecurity Threat Advisory: New Android zero-day exploit found Trust: 5.75 Fetched: Sept. 15, 2023, 9:18 a.m., Published: Sept. 14, 2023, 6:13 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:

barracuda

model:

barracuda

db:

NVD

ids:

CVE-2023-35674

Have a SAFE ride - Cyber Threats in the Automotive Sector • KELA Cyber Threat Intelligence Trust: 4.5 Fetched: Sept. 15, 2023, 9:17 a.m., Published: Sept. 12, 2023, 1:52 p.m.	Vulnerabilities: code execution, buffer overflow, injection attack

Affected products

External IDs

vendor:

essential

model:

phone

db:

NVD

ids:

CVE-2023-29389, CVE-2023-29468

Security Guide for Cisco Unified Communications Manager, Release 12.5(1) - Security Overview [Cisco Unified Communications Manager (CallManager)] - Cisco Trust: 3.5 Fetched: Sept. 15, 2023, 9:16 a.m., Published: Sept. 12, 2023, 8:46 a.m.	Vulnerabilities: replay attack

Affected products

External IDs

vendor:	cisco	model:	cisco unified communications manager
vendor:	cisco	model:	unified communications
vendor:	cisco	model:	unified communications manager

Exploitation of CVE-2023-4863 in Google Chrome - NHS Digital Trust: 3.75 Fetched: Sept. 15, 2023, 9:09 a.m., Published: Sept. 15, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	google chrome
vendor:	google	model:	chrome

db:

NVD

ids:

CVE-2023-4863

Apple users issued urgent warning over new spyware Trust: 4.0 Fetched: Sept. 13, 2023, 9:31 a.m., Published: Sept. 10, 2023, 2:57 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

iphone

db:

NVD

ids:

CVE-2023-41061, CVE-2023-41064

Apple patches two zero-day flaws abused to install the Pegasus spyware \| TechSpot Trust: 5.5 Fetched: Sept. 13, 2023, 9:30 a.m., Published: Sept. 13, 4070, midnight	Vulnerabilities: buffer overflow, code execution

Affected products

External IDs

vendor:	apple	model:	iphone
vendor:	apple	model:	ipad

db:

NVD

ids:

CVE-2023-41061, CVE-2023-41064

23-039 (September 12, 2023) - Threat Encyclopedia Trust: 4.75 Fetched: Sept. 13, 2023, 9:26 a.m., Published: Sept. 12, 2023, midnight	Vulnerabilities: file upload vulnerability, code execution, denial of service...

Affected products

External IDs

vendor:

zoho

model:

manageengine adselfservice plus

db:

NVD

ids:

CVE-2022-48343, CVE-2023-28342, CVE-2023-36808, CVE-2023-23843, CVE-2020-12641, CVE-2023-29154, CVE-2023-28128, CVE-2023-38119, CVE-2022-44792, CVE-2023-21758

Two Apple issues added by CISA to the catalog of known exploited vulnerabilities Trust: 5.5 Fetched: Sept. 13, 2023, 9:26 a.m., Published: -	Vulnerabilities: buffer overflow, code execution

Affected products

External IDs

vendor:	apple	model:	macos
vendor:	apple	model:	watchos
vendor:	apple	model:	iphone
vendor:	apple	model:	safari
vendor:	apple	model:	ipad

db:

NVD

ids:

CVE-2023-41061, CVE-2023-41064

VARIoT news about IoT security