VARIoT latest news about IoT security

Apple Addresses First Zero-Day Exploit of the Year Impacting Multiple Devices - VULNERA Trust: 5.0 Fetched: Jan. 24, 2024, 10:09 a.m., Published: Jan. 22, 2024, 7:20 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	webkit
vendor:	apple	model:	ipad
vendor:	apple	model:	macos
vendor:	apple	model:	iphone
vendor:	apple	model:	tvos

db:

NVD

ids:

CVE-2023-42917, CVE-2024-23222, CVE-2023-42916

Apple fixes actively exploited WebKit zero-day (CVE-2024-23222) - Help Net Security Trust: 5.0 Fetched: Jan. 24, 2024, 10:09 a.m., Published: Jan. 23, 2024, 11:35 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	webkit
vendor:	apple	model:	ipad
vendor:	apple	model:	safari
vendor:	apple	model:	watch
vendor:	apple	model:	tvos
vendor:	apple	model:	apple tv
vendor:	apple	model:	iphone
vendor:	apple	model:	watchos
vendor:	apple	model:	ipad air
vendor:	apple	model:	macos

db:

NVD

ids:

CVE-2023-42917, CVE-2024-23222, CVE-2023-42916

System BIOS komputera Dell XPS 13 9310 \| Szczegóły sterownika \| Dell Polska Trust: 3.25 Fetched: Jan. 24, 2024, 10:09 a.m., Published: Jan. 16, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

dell

model:

bios

System BIOS komputerów Dell Inspiron 5400/5401/7700 AIO \| Szczegóły sterownika \| Dell Polska Trust: 3.25 Fetched: Jan. 24, 2024, 10:03 a.m., Published: Jan. 17, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

dell

model:

bios

Alienware Aurora R15 AMD System BIOS \| Szczegóły sterownika \| Dell Polska Trust: 3.25 Fetched: Jan. 24, 2024, 10:03 a.m., Published: Jan. 24, 2024, 3 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

dell

model:

bios

Alienware Aurora R15 AMD System BIOS \| Szczegóły sterownika \| Dell Polska Trust: 3.25 Fetched: Jan. 24, 2024, 10:03 a.m., Published: Jan. 24, 2024, 3 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

dell

model:

bios

New Security Updates Fix First Apple Zero-Day Vulnerability of the Year - Lansweeper Trust: 4.75 Fetched: Jan. 24, 2024, 10:03 a.m., Published: Feb. 15, 2023, 7:39 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	ipad
vendor:	apple	model:	safari
vendor:	apple	model:	watch
vendor:	apple	model:	tvos
vendor:	apple	model:	apple tv
vendor:	apple	model:	ipod touch
vendor:	apple	model:	iphone
vendor:	apple	model:	watchos
vendor:	apple	model:	ipad air
vendor:	apple	model:	macos

db:

NVD

ids:

CVE-2024-23222

24-005 (January 23, 2024) - Threat Encyclopedia Trust: 4.5 Fetched: Jan. 24, 2024, 9:57 a.m., Published: Jan. 23, 2024, midnight	Vulnerabilities: code injection, command injection, cross-site scripting...

Affected products

External IDs

vendor:	trend micro	model:	security
vendor:	trend	model:	security

db:

NVD

ids:

CVE-2023-52328, CVE-2023-22274, CVE-2023-36812, CVE-2023-46731, CVE-2023-25826, CVE-2023-43661, CVE-2023-52330, CVE-2023-6553, CVE-2023-52327, CVE-2023-22527, CVE-2023-22275, CVE-2023-38886

Cisco SD-WAN Solution Improper Access Control Vulnerability Trust: 4.75 Fetched: Jan. 24, 2024, 9:52 a.m., Published: Jan. 23, 2024, 9:31 p.m.	Vulnerabilities: improper access control, access control vulnerability

Affected products

External IDs

vendor:	cisco	model:	cisco sd-wan
vendor:	cisco	model:	sd-wan solution
vendor:	cisco	model:	sd-wan

Critical Ivanti VPN flaws are being widely exploited - here’s how to protect yourself \| ITPro Trust: 3.5 Fetched: Jan. 24, 2024, 9:51 a.m., Published: Jan. 23, 2024, 9 p.m.	Vulnerabilities: authentication bypass, command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2024-21887, CVE-2023-46805

Apple users urged to install update on devices to fix vulnerability \| The Straits Times Trust: 3.0 Fetched: Jan. 24, 2024, 9:36 a.m., Published: Jan. 23, 2024, 12:05 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	webkit
vendor:	apple	model:	ipad
vendor:	apple	model:	safari
vendor:	apple	model:	apple tv
vendor:	apple	model:	iphone
vendor:	apple	model:	ipad air
vendor:	apple	model:	macos

How To Tell If Your Wi-Fi Is Hacked (And What To Do) Related entries in the VARIoT vulnerabilities database: VAR-201812-0337 Trust: 5.0 Fetched: Jan. 24, 2024, 9:35 a.m., Published: Jan. 4, 2024, midnight	Vulnerabilities: default password, default credentials, code execution

Affected products

External IDs

vendor:	tp-link	model:	routers
vendor:	asus	model:	router
vendor:	asus	model:	asus
vendor:	asus	model:	routers

db:

NVD

ids:

CVE-2018-1160

IoT Vulnerabilities and the IoT Security Crisis \| IoT Now News & Reports Trust: 4.75 Fetched: Jan. 24, 2024, 9:32 a.m., Published: Oct. 1, 2021, 9:43 a.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

rapid

model:

scada

2020 Unit 42 IoT Threat Report 2020 Unit 42 IoT Threat Report Trust: 3.5 Fetched: Jan. 24, 2024, 9:32 a.m., Published: March 10, 2020, 10 a.m.	Vulnerabilities: default credentials

Affected products

External IDs

vendor:	palo	model:	networks
vendor:	trend	model:	security
vendor:	palo alto networks	model:	networks

More connected, less secure: Addressing IoT and OT threats to the enterprise \| CIO Trust: 3.75 Fetched: Jan. 24, 2024, 9:25 a.m., Published: Nov. 14, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

trend

model:

security

Security vulnerability in KYOCERA Device Manager - The Recycler - 12/01/2024 Trust: 3.25 Fetched: Jan. 23, 2024, 10:22 a.m., Published: Jan. 12, 2024, 1:10 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2023-50916

Severe Bluetooth Vulnerability Puts Android, Linux, macOS, and iOS Devices at Risk - Protergo Cyber Security \| Indonesia Trust: 5.5 Fetched: Jan. 23, 2024, 10:21 a.m., Published: Jan. 15, 2024, 1:30 a.m.	Vulnerabilities: code execution, authentication bypass

Affected products

External IDs

vendor:	google	model:	android
vendor:	apple	model:	macos

db:

NVD

ids:

CVE-2023-45866

CVE - Search Results Trust: 3.5 Fetched: Jan. 23, 2024, 10:17 a.m., Published: Jan. 3, 2024, midnight	Vulnerabilities: resource injection, cross-site scripting, improper access control...

Affected products

External IDs

db:

NVD

ids:

CVE-2022-39330, CVE-2021-37629, CVE-2021-32654, CVE-2021-22905, CVE-2021-41166, CVE-2017-0887, CVE-2018-3762, CVE-2023-32318, CVE-2018-3780, CVE-2020-8182, CVE-2023-28999, CVE-2021-41179, CVE-2024-22400, CVE-2023-26482, CVE-2020-8122, CVE-2023-28848, CVE-2022-29243, CVE-2021-32679, CVE-2019-15613, CVE-2023-39952, CVE-2023-30539, CVE-2023-28997, CVE-2022-31024, CVE-2024-22212, CVE-2023-45150, CVE-2019-5452, CVE-2020-8279, CVE-2023-48306, CVE-2023-25150, CVE-2022-41882, CVE-2021-32658, CVE-2018-3763, CVE-2018-3761, CVE-2016-9463, CVE-2022-41971, CVE-2023-32074, CVE-2022-39333, CVE-2023-28647, CVE-2023-28847, CVE-2023-25816, CVE-2023-35173, CVE-2022-29160, CVE-2020-8120, CVE-2020-8295, CVE-2023-28645, CVE-2021-37631, CVE-2022-29163, CVE-2021-32695, CVE-2021-37617, CVE-2021-32766, CVE-2021-32694, CVE-2021-32678, CVE-2019-15612, CVE-2019-15619, CVE-2017-0891, CVE-2021-32703, CVE-2023-25161, CVE-2023-23942, CVE-2022-39338, CVE-2021-32800, CVE-2023-48308, CVE-2023-25162, CVE-2020-8294, CVE-2021-32748, CVE-2016-9464, CVE-2024-22401, CVE-2023-25820, CVE-2020-8183, CVE-2022-35931, CVE-2023-45148, CVE-2024-22404, CVE-2023-31145, CVE-2022-39211, CVE-2023-45149, CVE-2023-39955, CVE-2016-9459, CVE-2020-8293, CVE-2018-16464, CVE-2023-28845, CVE-2022-24887, CVE-2020-8259, CVE-2020-8235, CVE-2023-39954, CVE-2020-8119, CVE-2022-39210, CVE-2020-8180, CVE-2020-8139, CVE-2017-0885, CVE-2020-8227, CVE-2022-39334, CVE-2021-32728, CVE-2017-0893, CVE-2023-22471, CVE-2020-8155, CVE-2023-32320, CVE-2023-28834, CVE-2022-41926, CVE-2019-15616, CVE-2022-35932, CVE-2017-0884, CVE-2021-32801, CVE-2023-49791, CVE-2020-8121, CVE-2020-8140, CVE-2023-39958, CVE-2023-28643, CVE-2017-0888, CVE-2019-5476, CVE-2023-48304, CVE-2021-39220, CVE-2021-32734, CVE-2023-25818, CVE-2023-28644, CVE-2023-22470, CVE-2022-31119, CVE-2023-25817, CVE-2023-33183, CVE-2024-22213, CVE-2021-32688, CVE-2019-15622, CVE-2017-0895, CVE-2021-22912, CVE-2023-29000, CVE-2023-28646, CVE-2019-15624, CVE-2019-5453, CVE-2018-16463, CVE-2019-15621, CVE-2023-35927, CVE-2022-24888, CVE-2023-48239, CVE-2022-39331, CVE-2021-32707, CVE-2021-22913, CVE-2021-32652, CVE-2021-43863, CVE-2019-15623, CVE-2019-5449, CVE-2020-8133, CVE-2021-22877, CVE-2022-31118, CVE-2019-5455, CVE-2022-24741, CVE-2023-45660, CVE-2020-8202, CVE-2022-39329, CVE-2020-8224, CVE-2018-3764, CVE-2020-8150, CVE-2021-41178, CVE-2023-48301, CVE-2021-41180, CVE-2021-37628, CVE-2021-29438, CVE-2022-24889, CVE-2021-39224, CVE-2019-18214, CVE-2017-9286, CVE-2023-28835, CVE-2021-41181, CVE-2021-32705, CVE-2022-24890, CVE-2021-32653, CVE-2021-22906, CVE-2017-0883, CVE-2016-9465, CVE-2022-24838, CVE-2024-22402, CVE-2020-8280, CVE-2017-0894, CVE-2020-8296, CVE-2020-8179, CVE-2022-24885, CVE-2020-8181, CVE-2023-35172, CVE-2019-15618, CVE-2019-15617, CVE-2022-31132, CVE-2020-8278, CVE-2023-30540, CVE-2018-3775, CVE-2016-9467, CVE-2019-15611, CVE-2024-22403, CVE-2023-28998, CVE-2021-32656, CVE-2023-22473, CVE-2018-16467, CVE-2019-5454, CVE-2023-39963, CVE-2023-23944, CVE-2022-39346, CVE-2021-41233, CVE-2021-39223, CVE-2023-28833, CVE-2020-8118, CVE-2019-5450, CVE-2018-16465, CVE-2023-49782, CVE-2022-39212, CVE-2020-8230, CVE-2021-32657, CVE-2023-35928, CVE-2020-8189, CVE-2020-8152, CVE-2021-39225, CVE-2023-49790, CVE-2022-39364, CVE-2023-25821, CVE-2023-25579, CVE-2021-32733, CVE-2018-3776, CVE-2018-16466, CVE-2022-39332, CVE-2021-39221, CVE-2021-22879, CVE-2019-12739, CVE-2023-31128, CVE-2022-41970, CVE-2021-41256, CVE-2021-22915, CVE-2020-8236, CVE-2020-8297, CVE-2020-8117, CVE-2019-15620, CVE-2016-9468, CVE-2021-32725, CVE-2020-8281, CVE-2023-48305, CVE-2021-41177, CVE-2021-32689, CVE-2021-32802, CVE-2023-26041, CVE-2020-8223, CVE-2016-9466, CVE-2022-31131, CVE-2023-32319, CVE-2023-39953, CVE-2023-22469, CVE-2018-3781, CVE-2017-0890, CVE-2016-7419, CVE-2023-22472, CVE-2022-36075, CVE-2021-32680, CVE-2016-9461, CVE-2021-32741, CVE-2023-39960, CVE-2023-48303, CVE-2023-33184, CVE-2023-48314, CVE-2022-31014, CVE-2021-22896, CVE-2020-8156, CVE-2023-25160, CVE-2022-24906, CVE-2021-22878, CVE-2017-0936, CVE-2021-32655, CVE-2021-37630, CVE-2023-45151, CVE-2023-23943, CVE-2020-8229, CVE-2019-5451, CVE-2021-41239, CVE-2023-39959, CVE-2020-8173, CVE-2023-35171, CVE-2023-25159, CVE-2021-22895, CVE-2016-9462, CVE-2023-28844, CVE-2023-39962, CVE-2022-24886, CVE-2020-8225, CVE-2023-49792, CVE-2023-39961, CVE-2021-41241, CVE-2022-36074, CVE-2020-8138, CVE-2016-9460, CVE-2021-32727, CVE-2022-29159, CVE-2022-31120, CVE-2017-0892, CVE-2023-48307, CVE-2017-0886, CVE-2021-32782, CVE-2023-48302, CVE-2021-32676, CVE-2023-33182, CVE-2020-8154, CVE-2021-39222, CVE-2023-39957, CVE-2022-41968, CVE-2022-39339, CVE-2022-41969, CVE-2021-32726

TALOS-2023-1851 \|\| Cisco Talos Intelligence Group - Comprehensive Threat Intelligence Trust: 5.5 Fetched: Jan. 23, 2024, 10:15 a.m., Published: Jan. 8, 2024, midnight	Vulnerabilities: directory traversal, path traversal

Affected products

External IDs

vendor:

manageengine

model:

opmanager

db:

NVD

ids:

CVE-2023-47211

Sea Turtle Cyber Espionage Campaign Targets Dutch IT and Telecom Companies Trust: 3.0 Fetched: Jan. 23, 2024, 10:13 a.m., Published: Jan. 6, 2024, 8:19 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

cisco

model:

nexus

VARIoT news about IoT security