VARIoT latest news about IoT security

St. Jude Medical finally patches vulnerable medical IoT devices \| TechTarget Trust: 3.75 Fetched: Dec. 10, 2023, 9:18 a.m., Published: Jan. 13, 2017, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

home

db:

NVD

ids:

CVE-2016-7201, CVE-2016-7200

CVE-2022-41099 - Security Update Guide - Microsoft - BitLocker Security Feature Bypass Vulnerability Trust: 3.25 Fetched: Dec. 10, 2023, 9:17 a.m., Published: -	Vulnerabilities: security feature bypass, feature bypass

Affected products

External IDs

db:

NVD

ids:

CVE-2022-41099

Solutions - Cisco SAFE Overview Guide - Cisco Trust: 3.25 Fetched: Dec. 10, 2023, 9:15 a.m., Published: Oct. 9, 2023, 10:27 a.m.	Vulnerabilities: denial of service, privilege escalation

Affected products

External IDs

vendor:	cisco	model:	intrusion prevention system
vendor:	cisco	model:	firepower
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	router
vendor:	cisco	model:	meraki mx
vendor:	cisco	model:	umbrella
vendor:	cisco	model:	wireless lan controller
vendor:	cisco	model:	nexus
vendor:	cisco	model:	vpn concentrator
vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	routers
vendor:	cisco	model:	wireless controller

Nearly Every Windows and Linux Device Vulnerable To New LogoFAIL Firmware Attack - Slashdot Trust: 4.75 Fetched: Dec. 10, 2023, 9:14 a.m., Published: Dec. 30, 2023, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	lenovo	model:	updates
vendor:	lenovo	model:	system
vendor:	lenovo	model:	bios
vendor:	dell	model:	bios

db:

NVD

ids:

CVE-2023-39539, CVE-2023-39538, CVE-2023-5058, CVE-2023-40238

Pixel Update Bulletin-December 2023 \| Android Open Source Project Trust: 4.25 Fetched: Dec. 10, 2023, 9:10 a.m., Published: Dec. 10, 2023, midnight	Vulnerabilities: denial of service, information disclosure, code execution

Affected products

External IDs

vendor:	google	model:	pixel
vendor:	google	model:	android

db:

NVD

ids:

CVE-2023-48405, CVE-2023-48422, CVE-2023-22383, CVE-2023-33041, CVE-2023-48403, CVE-2023-48398, CVE-2023-48401, CVE-2023-48399, CVE-2023-48411, CVE-2023-41111, CVE-2023-48410, CVE-2023-28580, CVE-2023-48420, CVE-2023-48407, CVE-2023-48408, CVE-2023-48415, CVE-2023-33024, CVE-2023-28575, CVE-2023-48413, CVE-2023-48423, CVE-2023-48402, CVE-2023-48409, CVE-2023-48416, CVE-2023-48421, CVE-2023-48397, CVE-2023-48406, CVE-2023-28579, CVE-2023-21634, CVE-2023-48414, CVE-2023-48412, CVE-2023-22668, CVE-2023-37366, CVE-2023-48404

Bluetooth vulnerability affects Android, Apple and Linux devices - Techzine Europe Trust: 3.75 Fetched: Dec. 10, 2023, 9:08 a.m., Published: Dec. 8, 2023, 1:15 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	iphone
vendor:	apple	model:	macos
vendor:	google	model:	android
vendor:	canonical	model:	ubuntu

db:

NVD

ids:

CVE-2023-45866

Apple and some Linux distros are open to Bluetooth attack • The Register Trust: 5.75 Fetched: Dec. 10, 2023, 9:06 a.m., Published: -	Vulnerabilities: authentication bypass

Affected products

External IDs

vendor:	apple	model:	macos
vendor:	google	model:	pixel
vendor:	google	model:	android
vendor:	canonical	model:	ubuntu

db:

NVD

ids:

CVE-2023-45866

Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs Trust: 4.75 Fetched: Dec. 8, 2023, 9:50 a.m., Published: Dec. 5, 2023, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	samsung	model:	note
vendor:	samsung	model:	flow
vendor:	lenovo	model:	system
vendor:	lenovo	model:	bios firmware
vendor:	lenovo	model:	bios
vendor:	lenovo	model:	updates

db:

NVD

ids:

CVE-2023-39539, CVE-2023-40238, CVE-2023-39538, CVE-2023-5058

The Windows November 2023 security updates are now available - gHacks Tech News Trust: 4.0 Fetched: Dec. 8, 2023, 9:48 a.m., Published: Nov. 14, 2023, 6:44 p.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2023-36397, CVE-2023-36400

CVE-2023-45866 - vulnerability database \| Vulners.com Trust: 4.25 Fetched: Dec. 8, 2023, 9:48 a.m., Published: Dec. 7, 2023, 12:35 p.m.	Vulnerabilities: authentication bypass, code execution

Affected products

External IDs

vendor:	apple	model:	macos
vendor:	google	model:	android

db:

NVD

ids:

CVE-2020-0556, CVE-2023-45866

Forescout uncovers 21 Sierra Wireless router vulnerabilities \| TechTarget Trust: 4.25 Fetched: Dec. 8, 2023, 9:47 a.m., Published: Dec. 6, 2023, midnight	Vulnerabilities: cross-site scripting, code execution

Affected products

External IDs

vendor:	cisco	model:	cisco routers
vendor:	cisco	model:	routers
vendor:	cisco	model:	router
vendor:	sierra wireless	model:	aleos
vendor:	sierra	model:	aleos

db:

NVD

ids:

CVE-2023-41101

IoT Cybersecurity in 2023: Importance & Tips To Deal With Attacks Trust: 3.25 Fetched: Dec. 8, 2023, 9:46 a.m., Published: Dec. 8, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	tesla	model:	model
vendor:	google	model:	wifi router
vendor:	google	model:	wifi
vendor:	delegate	model:	delegate

Bluetooth Security Vulnerability Puts Mobile and PC Devices at Risk Trust: 5.75 Fetched: Dec. 8, 2023, 9:43 a.m., Published: Dec. 7, 2023, 10:53 p.m.	Vulnerabilities: authentication bypass

Affected products

External IDs

vendor:

apple

model:

macos

db:

NVD

ids:

CVE-2023-45866

New BLUFFS Bluetooth Attack Expose Devices to Adversary-in-the-Middle Attacks Trust: 5.0 Fetched: Dec. 8, 2023, 9:42 a.m., Published: Dec. 4, 2023, 1:16 p.m.	Vulnerabilities: device impersonation

Affected products

External IDs

vendor:

apple

model:

macos

db:

NVD

ids:

CVE-2023-24023

Common Network Security Vulnerabilities \| Cobalt Trust: 3.5 Fetched: Dec. 8, 2023, 9:41 a.m., Published: Dec. 8, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

essential

model:

phone

Government issues an ‘important’ warning for Android devices, here’s what users can do - Times of India Related entries in the VARIoT vulnerabilities database: VAR-202312-1927, VAR-202312-1066, VAR-202312-1919, VAR-202312-0897, VAR-202312-1228, VAR-202312-1728, VAR-202312-0888, VAR-202312-2276 Trust: 6.0 Fetched: Dec. 8, 2023, 9:40 a.m., Published: Dec. 7, 2023, 5:10 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2023-33022, CVE-2023-32818, CVE-2023-40082, CVE-2023-40103, CVE-2023-40091, CVE-2023-45773, CVE-2023-3889, CVE-2023-21215, CVE-2023-40088, CVE-2022-48455, CVE-2023-40081, CVE-2023-32847, CVE-2023-35690, CVE-2023-21162, CVE-2023-32850, CVE-2023-28587, CVE-2023-45774, CVE-2023-21228, CVE-2023-33092, CVE-2023-21218, CVE-2023-28588, CVE-2023-45775, CVE-2022-22076, CVE-2023-33087, CVE-2023-40094, CVE-2023-21402, CVE-2023-45779, CVE-2023-33080, CVE-2022-40507, CVE-2023-33018, CVE-2023-21664, CVE-2023-40083, CVE-2023-21163, CVE-2023-32848, CVE-2023-40090, CVE-2023-40084, CVE-2023-40080, CVE-2023-33054, CVE-2023-21403, CVE-2022-48454, CVE-2023-33063, CVE-2023-45781, CVE-2023-21216, CVE-2023-40078, CVE-2023-28551, CVE-2023-28550, CVE-2023-21267, CVE-2023-21394, CVE-2023-21662, CVE-2023-40073, CVE-2023-40097, CVE-2022-48459, CVE-2023-32804, CVE-2023-40096, CVE-2023-40076, CVE-2023-35668, CVE-2023-40098, CVE-2023-21164, CVE-2023-21652, CVE-2023-45776, CVE-2023-28586, CVE-2023-33098, CVE-2023-33081, CVE-2023-21166, CVE-2023-33107, CVE-2023-40087, CVE-2023-33089, CVE-2022-48456, CVE-2023-21217, CVE-2023-28546, CVE-2023-32851, CVE-2023-45866, CVE-2022-48458, CVE-2023-40092, CVE-2023-21263, CVE-2023-40079, CVE-2023-33079, CVE-2022-48461, CVE-2023-40074, CVE-2023-40077, CVE-2023-21227, CVE-2023-45777, CVE-2023-4272, CVE-2023-40089, CVE-2022-48457, CVE-2023-40075, CVE-2023-33097, CVE-2023-28585, CVE-2023-21401, CVE-2023-33106, CVE-2023-33053, CVE-2023-40095, CVE-2023-33017, CVE-2023-33088

Android phones can be taken over remotely - update when you can \| Malwarebytes Trust: 5.5 Fetched: Dec. 8, 2023, 9:40 a.m., Published: Dec. 7, 2023, 12:07 p.m.	Vulnerabilities: use after free, code execution

Affected products

External IDs

vendor:	google	model:	pixel
vendor:	google	model:	android

db:

NVD

ids:

CVE-2023-40088, CVE-2023-40077

Sierra router vulnerabilities pose hacking risk for critical infrastructure \| SC Media Trust: 4.5 Fetched: Dec. 8, 2023, 9:39 a.m., Published: Dec. 6, 2023, 9:13 p.m.	Vulnerabilities: authentication bypass, buffer overflow, code execution

Affected products

External IDs

vendor:	sierra wireless	model:	aleos
vendor:	sierra	model:	aleos

db:

NVD

ids:

CVE-2023-41101

Critical Bluetooth Flaw Exposes Android, Apple & Linux Devices to Takeover Trust: 3.5 Fetched: Dec. 8, 2023, 9:38 a.m., Published: Dec. 5, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	iphone
vendor:	apple	model:	macos
vendor:	apple	model:	macbook pro
vendor:	apple	model:	macbook
vendor:	apple	model:	macbook air
vendor:	google	model:	pixel
vendor:	google	model:	android
vendor:	google	model:	nexus
vendor:	canonical	model:	ubuntu
vendor:	canonical	model:	ubuntu linux

db:

NVD

ids:

CVE-2023-45866, CVE-2023-42929

Finding LogoFAIL: The Dangers of Image Parsing During System Boot \| Binarly - AI -Powered Firmware Supply Chain Security Platform Trust: 4.25 Fetched: Dec. 8, 2023, 9:31 a.m., Published: Dec. 6, 2023, midnight	Vulnerabilities: memory corruption, integer overflow, buffer overflow...

Affected products

External IDs

vendor:	dell	model:	bios
vendor:	lenovo	model:	system
vendor:	lenovo	model:	bios

db:

NVD

ids:

CVE-2023-24932, CVE-2022-21894

VARIoT news about IoT security