Sign-up

VARIoT news about IoT security

Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices - BU-CERT

Trust: 4.75

Fetched: Jan. 31, 2023, 9:18 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo model: networks

QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates | Vumetric Cyber Portal

Trust: 4.75

Fetched: Jan. 31, 2023, 9:18 a.m., Published: Jan. 31, 2023, midnight
 Vulnerabilities: sql injection, code injection
Affected productsExternal IDs
db: NVD ids: CVE-2022-27596

CVE-2022-27596: QNAP Patches Critical Vulnerability in QNAP devices

Trust: 3.0

Fetched: Jan. 31, 2023, 9:17 a.m., Published: Jan. 30, 2023, 10:02 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-27596

QNAP NAS Devices at Risk of Remote Malicious Code Injection | Black Hat Ethical Hacking

Trust: 3.25

Fetched: Jan. 31, 2023, 9:17 a.m., Published: Jan. 31, 2023, 8:29 a.m.
 Vulnerabilities: code injection
Affected productsExternal IDs

Latest iPhone bug threatens new and old models | Popular Science

Related entries in the VARIoT vulnerabilities database: VAR-202212-1751

Trust: 3.75

Fetched: Jan. 31, 2023, 9:17 a.m., Published: Jan. 30, 2023, 6 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: webkit
vendor: apple model: ipad
vendor: apple model: ipad air
vendor: apple model: ipod touch
vendor: apple model: watchos
vendor: apple model: tvos
vendor: apple model: iphone
db: NVD ids: CVE-2022-42856

Many ICS flaws remain unpatched as attacks against critical infrastructure rise - Reseller News

Trust: 3.5

Fetched: Jan. 31, 2023, 9:16 a.m., Published: Jan. 31, 2023, midnight
 Vulnerabilities: buffer overflow, memory corruption, code execution...
Affected productsExternal IDs
vendor: trend model: security

Update vRealize now! VMware patches critical RCE vulnerabilities

Trust: 5.0

Fetched: Jan. 31, 2023, 9:16 a.m., Published: Jan. 28, 2023, 5:37 p.m.
 Vulnerabilities: code execution, path traversal, information disclosure...
Affected productsExternal IDs
db: NVD ids: CVE-2022-31704, CVE-2022-31706, CVE-2022-31702

Mandiant detects suspected Chinese BOLDMOVE hackers exploiting FortiOS vulnerability across federal entities - Industrial Cyber

Related entries in the VARIoT vulnerabilities database: VAR-202212-1132

Trust: 3.75

Fetched: Jan. 31, 2023, 9:14 a.m., Published: Jan. 23, 2023, 9:37 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2022-49475, CVE-2022-42475

OT:Icefall Continues With Vulnerabilities in Festo, Codesys Products - SecurityWeek

Trust: 3.75

Fetched: Jan. 31, 2023, 9:14 a.m., Published: Nov. 30, 2022, 9:57 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: codesys model: runtime
vendor: codesys model: codesys
db: NVD ids: CVE-2022-4048, CVE-2022-22515, CVE-2022-31806, CVE-2022-3079, CVE-2022-3270

Third-Party Vulnerability LibSSH Authentication Bypass

Trust: 4.25

Fetched: Jan. 31, 2023, 9:13 a.m., Published: Jan. 19, 2023, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2018-10933

Cybercriminals Selling Access to Networks Compromised via Recent Fortinet Vulnerability - SecurityWeek

Related entries in the VARIoT vulnerabilities database: VAR-202210-0198

Trust: 5.0

Fetched: Jan. 31, 2023, 9:12 a.m., Published: Nov. 29, 2022, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2022-40684

Fortinet Patches High-Severity Authentication Bypass Vulnerability in FortiOS - SecurityWeek

Related entries in the VARIoT vulnerabilities database: VAR-202212-0781, VAR-202212-0808, VAR-202212-0704

Trust: 4.0

Fetched: Jan. 31, 2023, 9:12 a.m., Published: Dec. 7, 2022, 2:25 p.m.
 Vulnerabilities: information disclosure, authentication bypass, sql injection
Affected productsExternal IDs
db: NVD ids: CVE-2022-33876, CVE-2022-35843, CVE-2022-33875

Realtek flaw accounted for 40% of attempts between August and December | SC Media

Trust: 5.5

Fetched: Jan. 31, 2023, 9:11 a.m., Published: Jan. 30, 2023, 11:34 p.m.
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
vendor: palo model: networks
db: NVD ids: CVE-2021-35394

Top 8 Cyber Security Vulnerabilities - Check Point Software

Trust: 3.5

Fetched: Jan. 31, 2023, 9:11 a.m., Published: Jan. 11, 2023, 5:43 p.m.
 Vulnerabilities: buffer overflow, denial of service, sql injection...
Affected productsExternal IDs
vendor: check point model: check point

Critical Vulnerability Impacts Over 120 Lexmark Printers - SecurityWeek

Trust: 6.0

Fetched: Jan. 31, 2023, 9:10 a.m., Published: Jan. 27, 2023, midnight
 Vulnerabilities: request forgery
Affected productsExternal IDs
vendor: lexmark model: printer
db: NVD ids: CVE-2023-23560

Cisco Working on Patch for Publicly Disclosed IP Phone Vulnerability - SecurityWeek

Related entries in the VARIoT vulnerabilities database: VAR-202212-0864

Trust: 4.5

Fetched: Jan. 31, 2023, 9:10 a.m., Published: Dec. 9, 2022, 12:52 p.m.
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: cisco model: ip phone
vendor: cisco model: identity services engine
vendor: cisco model: series
vendor: cisco model: ip phones
db: NVD ids: CVE-2022-20968

Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices

Trust: 5.5

Fetched: Jan. 31, 2023, 9:10 a.m., Published: Jan. 30, 2023, 9:30 a.m.
 Vulnerabilities: code execution, command injection
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo model: networks
vendor: asus model: asus
db: NVD ids: CVE-2021-35394

Benefits Of Making Your Website Mobile-Friendly | WebGeek

Trust: 3.75

Fetched: Jan. 29, 2023, 9:10 a.m., Published: Jan. 27, 2023, 8:21 a.m.
 Vulnerabilities: code injection, request forgery, cross-site scripting...
Affected productsExternal IDs

Apple users with certain old iPhone, iPad devices should install this security update - 1010 WCSI

Trust: 3.75

Fetched: Jan. 29, 2023, 9:09 a.m., Published: Jan. 26, 2023, 9:25 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: ipod touch
vendor: apple model: iphone
vendor: apple model: ipad air

Arm Vulnerability Allows Code Execution on Pixel 6 Devices

Trust: 6.0

Fetched: Jan. 29, 2023, 9:09 a.m., Published: Jan. 25, 2023, 3:12 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2022-38181