Sign-up

VARIoT news about IoT security

Analysis of Ivanti 0-days, CVE-2023-46805 and CVE-2024-21887 - Atos

Trust: 4.5

Fetched: Jan. 28, 2024, 9:07 a.m., Published: Jan. 23, 2024, 4:52 p.m.
 Vulnerabilities: command execution, code injection, command injection...
Affected productsExternal IDs
db: NVD ids: CVE-2023-46805, CVE-2024-21887

34 Windows Device Drivers Vulnerable to Exploits That Grant Full System Control | Tom's Hardware

Trust: 4.0

Fetched: Jan. 28, 2024, 9:07 a.m., Published: Nov. 3, 2023, 5:13 p.m.
 Vulnerabilities: control bypass
Affected productsExternal IDs
vendor: dell model: bios

PixieFail: Nine flaws in UEFI open-source reference implementation

Trust: 3.5

Fetched: Jan. 26, 2024, 10:05 a.m., Published: Jan. 18, 2024, 11:46 a.m.
 Vulnerabilities: buffer overflow, code execution, session hijacking
Affected productsExternal IDs
db: NVD ids: CVE-2023-45236, CVE-2023-45237, CVE-2023-45235, CVE-2023-45233, CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45234, CVE-2023-45232

Apple patches zero day affecting operating systems for devices, Macs | SC Media

Trust: 5.75

Fetched: Jan. 26, 2024, 9:53 a.m., Published: Jan. 23, 2024, 10:01 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: ipad
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: safari
vendor: apple model: ipad air
vendor: google model: chrome
db: NVD ids: CVE-2024-23222, CVE-2024-23214, CVE-2024-0519, CVE-2024-23206

Distributed Energy Generation Gateway (In)Security - Security News - Trend Micro TH

Trust: 4.75

Fetched: Jan. 26, 2024, 9:53 a.m., Published: -
 Vulnerabilities: default password
Affected productsExternal IDs
vendor: enphase model: envoy
vendor: trend micro model: security
vendor: trend model: security

CISA adds Atlassian Confluence Data Center bug to its Known Exploited Vulnerabilities catalog - Security Affairs

Trust: 4.0

Fetched: Jan. 26, 2024, 9:53 a.m., Published: Jan. 25, 2024, 12:28 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-22527

System BIOS komputerów Dell Precision 7520 i 7720 | Szczegóły sterownika | Dell Polska

Trust: 3.0

Fetched: Jan. 26, 2024, 9:52 a.m., Published: Jan. 26, 7520, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: bios
vendor: dell model: precision 7520

Cisco Unified Communications Products Remote Code Execution Vulnerability

Trust: 3.75

Fetched: Jan. 26, 2024, 9:52 a.m., Published: Jan. 25, 2024, 5:40 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: unity
vendor: cisco model: unified communications
vendor: cisco model: unity connection

Apple Releases First Important Security Updates of 2024 - iOS 17.3 Patches First Zero-Day of the Year

Trust: 5.75

Fetched: Jan. 26, 2024, 9:51 a.m., Published: Jan. 26, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: tvos
vendor: apple model: iphone
vendor: apple model: watchos
vendor: apple model: apple tv
vendor: apple model: webkit
vendor: apple model: watch
db: NVD ids: CVE-2024-23222

WARNING: NEW REMOTE CODE EXECUTION VULNERABILITY IN MULTIPLE CISCO PRODUCTS, PATCH IMMEDIATELY! | Cert

Trust: 5.25

Fetched: Jan. 26, 2024, 9:39 a.m., Published: Jan. 25, 2024, 5:13 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-20253

Cisco Small Business Series Switches Stacked Reload ACL Bypass Vulnerability

Trust: 3.0

Fetched: Jan. 26, 2024, 9:37 a.m., Published: Jan. 24, 2024, 3:52 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: series managed switches
vendor: cisco model: small business
vendor: cisco model: series stackable managed switches
vendor: cisco model: series
vendor: cisco model: small business series
vendor: cisco model: series switches
vendor: cisco model: cisco small business
vendor: cisco model: small business series switches
vendor: cisco model: series smart switches

How to lock out your ex-partner from your smart home | Malwarebytes

Trust: 3.5

Fetched: Jan. 26, 2024, 9:32 a.m., Published: Jan. 24, 2024, 2:55 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: home
vendor: google model: android

Best Wordpress Security & Vulnerability Scanners In 2024 [LIST]

Trust: 5.5

Fetched: Jan. 26, 2024, 9:30 a.m., Published: July 26, 2021, 11:40 a.m.
 Vulnerabilities: code injection, sql injection, header injection...
Affected productsExternal IDs
vendor: trend model: security

CSA urge Apple users to urgently update their device software to prevent hacker attacks - Singapore News

Trust: 5.0

Fetched: Jan. 26, 2024, 9:24 a.m., Published: Jan. 24, 2024, 9:40 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: ipad
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: safari
vendor: apple model: apple tv
vendor: apple model: tvos
vendor: apple model: ipad air
db: NVD ids: CVE-2024-23222

Apple patches 1st in-the-wild exploited bug of 2024 in macOS Sonoma 14.3, iOS 17.3 and more - The Mac Security Blog

Trust: 3.25

Fetched: Jan. 26, 2024, 9:17 a.m., Published: Jan. 25, 2024, 7:44 a.m.
 Vulnerabilities: memory corruption, code execution, authentication issue
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: ipad
vendor: apple model: macbook
vendor: apple model: macbook pro
vendor: apple model: webkit
vendor: apple model: icloud
vendor: apple model: iphone
vendor: apple model: imac
vendor: apple model: safari
vendor: apple model: apple tv
vendor: apple model: tvos
vendor: apple model: watchos
vendor: apple model: ipod touch
vendor: apple model: watch
vendor: apple model: ipad air

Why You Need a Data-Driven Approach to Vulnerability Management | MSSP Alert

Trust: 3.5

Fetched: Jan. 26, 2024, 9:16 a.m., Published: Jan. 24, 2024, 7 p.m.
 Vulnerabilities: information exposure
Affected productsExternal IDs
vendor: trend model: antivirus
vendor: trend model: security

Update now! Apple releases patch for zero-day vulnerability | Malwarebytes

Trust: 5.0

Fetched: Jan. 26, 2024, 9:16 a.m., Published: Jan. 24, 2024, 10:37 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: ipad
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: safari
vendor: apple model: apple tv
vendor: apple model: tvos
vendor: apple model: ipod touch
vendor: apple model: watch
vendor: apple model: ipad air
db: NVD ids: CVE-2024-23222

Android 'API breaking' vulnerability leaks device data, allows user tracking | ZDNET

Trust: 5.5

Fetched: Jan. 26, 2024, 9:14 a.m., Published: Jan. 3, 2024, midnight
 Vulnerabilities: information disclosure
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: wifi
vendor: google model: android
db: NVD ids: CVE-2018-9489

Apple iOS < 17.3 Multiple Vulnerabilities (HT214059) | Tenable®

Trust: 3.0

Fetched: Jan. 24, 2024, 10:15 a.m., Published: Jan. 17, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-23211, CVE-2024-23215, CVE-2024-23219, CVE-2024-23214, CVE-2024-23222, CVE-2024-23206, CVE-2024-23204, CVE-2024-23207, CVE-2024-23210, CVE-2024-23223, CVE-2024-23208, CVE-2024-23213, CVE-2024-23218, CVE-2024-23217, CVE-2024-23212, CVE-2024-23203

Apple Addresses First Zero-Day Exploit of the Year Impacting Multiple Devices - VULNERA

Trust: 5.0

Fetched: Jan. 24, 2024, 10:09 a.m., Published: Jan. 22, 2024, 7:20 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: ipad
vendor: apple model: macos
vendor: apple model: iphone
vendor: apple model: tvos
db: NVD ids: CVE-2023-42917, CVE-2024-23222, CVE-2023-42916