Sign-up

VARIoT news about IoT security

Patch Now: Apple's iOS, iPadOS, macOS, and Safari Under Attack with New Zero-Day Flaw

Related entries in the VARIoT vulnerabilities database: VAR-202302-1169, VAR-202212-1751, VAR-202302-1097

Trust: 5.75

Fetched: Feb. 19, 2023, 9:22 a.m., Published: Feb. 14, 2023, 4:44 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: webkit
vendor: apple model: safari
vendor: apple model: macos
vendor: apple model: iphone
vendor: apple model: ipad air
db: NVD ids: CVE-2023-23514, CVE-2022-42856, CVE-2023-23529

Vulnerability scanner for Windows | Intruder

Trust: 4.25

Fetched: Feb. 19, 2023, 9:21 a.m., Published: May 19, 2023, midnight
 Vulnerabilities: request forgery, code execution
Affected productsExternal IDs
vendor: trend model: security
vendor: trend model: antivirus
db: NVD ids: CVE-2022-41040, CVE-2021-36934, CVE-2022-41082

Critical RCE Vulnerability Discovered in ClamAV Open Source Antivirus Software

Related entries in the VARIoT vulnerabilities database: VAR-202302-1598, VAR-202302-1614, VAR-202302-1452

Trust: 5.5

Fetched: Feb. 19, 2023, 9:21 a.m., Published: Feb. 3, 2023, midnight
 Vulnerabilities: code execution, privilege escalation, information leak...
Affected productsExternal IDs
vendor: clamav model: clamav
vendor: google model: nexus
vendor: cisco model: management appliance
vendor: cisco model: nexus
vendor: cisco model: advanced malware protection
vendor: cisco model: clamav
vendor: cisco model: email security appliance
db: NVD ids: CVE-2023-20009, CVE-2023-20075, CVE-2023-20032, CVE-2023-20014, CVE-2023-20052

Flaws in industrial wireless IoT solutions can give attackers deep access into OT networks | CSO Online

Related entries in the VARIoT vulnerabilities database: VAR-201905-0851

Trust: 4.5

Fetched: Feb. 19, 2023, 9:20 a.m., Published: Feb. 10, 2023, midnight
 Vulnerabilities: default credentials, command injection, code execution
Affected productsExternal IDs
vendor: moxa model: device manager
db: NVD ids: CVE-2022-46649, CVE-2018-4061

Microsoft delivers 75-count box of patches for Tuesday • The Register

Related entries in the VARIoT vulnerabilities database: VAR-202302-1401, VAR-202302-1442, VAR-202302-1249, VAR-202302-1373, VAR-202302-1474, VAR-202302-1440, VAR-202302-1219, VAR-202302-1616, VAR-202302-1348, VAR-202302-1248, VAR-202302-1349

Trust: 4.5

Fetched: Feb. 19, 2023, 9:19 a.m., Published: -
 Vulnerabilities: code execution, denial of service, input validation bug...
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
vendor: trend model: security
vendor: apple model: webkit
vendor: apple model: safari
vendor: apple model: macos
vendor: trend micro model: security
db: NVD ids: CVE-2022-38056, CVE-2022-41614, CVE-2021-33104, CVE-2022-21163, CVE-2022-41314, CVE-2022-36287, CVE-2022-27677, CVE-2022-30339, CVE-2022-36416, CVE-2022-27672, CVE-2022-27234, CVE-2022-36369, CVE-2022-21216, CVE-2022-36382, CVE-2022-27808, CVE-2022-29523, CVE-2022-38090, CVE-2022-33196, CVE-2022-36397

Patch Tuesday - February 2023 | Rapid7 Blog

Related entries in the VARIoT vulnerabilities database: VAR-202002-0458, VAR-202302-1035

Trust: 3.75

Fetched: Feb. 19, 2023, 9:19 a.m., Published: Feb. 15, 2023, 12:41 a.m.
 Vulnerabilities: code execution, denial of service, feature bypass...
Affected productsExternal IDs
db: NVD ids: CVE-2023-23379, CVE-2023-21808, CVE-2023-21802, CVE-2023-21717, CVE-2023-21687, CVE-2023-21692, CVE-2023-21720, CVE-2023-21693, CVE-2023-21777, CVE-2023-23377, CVE-2023-21689, CVE-2023-21553, CVE-2023-21797, CVE-2023-21685, CVE-2023-21700, CVE-2023-21697, CVE-2023-21778, CVE-2023-21688, CVE-2023-21707, CVE-2023-21573, CVE-2023-21812, CVE-2023-21799, CVE-2023-21820, CVE-2023-21572, CVE-2023-21813, CVE-2023-21822, CVE-2023-21528, CVE-2023-21800, CVE-2023-21570, CVE-2023-21564, CVE-2023-21571, CVE-2023-21801, CVE-2019-15126, CVE-2023-21811, CVE-2023-21568, CVE-2023-23376, CVE-2023-23374, CVE-2023-21567, CVE-2023-21684, CVE-2023-21714, CVE-2023-23390, CVE-2023-21710, CVE-2023-21722, CVE-2023-23381, CVE-2023-21817, CVE-2023-21721, CVE-2023-21705, CVE-2023-21718, CVE-2023-21706, CVE-2023-21701, CVE-2023-21805, CVE-2023-21819, CVE-2023-21529, CVE-2023-21686, CVE-2023-21804, CVE-2023-21691, CVE-2023-21809, CVE-2023-21806, CVE-2023-21713, CVE-2023-21803, CVE-2023-21815, CVE-2023-21716, CVE-2023-21703, CVE-2023-21704, CVE-2023-21694, CVE-2023-21818, CVE-2023-21566, CVE-2023-21699, CVE-2023-21816, CVE-2023-21798, CVE-2023-21690, CVE-2023-21695, CVE-2023-21823, CVE-2023-21715, CVE-2023-21794, CVE-2023-21807, CVE-2023-23382, CVE-2023-23378, CVE-2023-21702

Security Bulletin: Vulnerability in IP Quorum affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Trust: 3.0

Fetched: Feb. 19, 2023, 9:18 a.m., Published: Feb. 17, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-39167

What is Vulnerability Management? | Kaseya

Trust: 3.0

Fetched: Feb. 19, 2023, 9:17 a.m., Published: Jan. 12, 2023, 6:58 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs

Mirai Variant V3G4 Targets 13 Vulnerabilities to Infect IoT Devices -

Related entries in the VARIoT vulnerabilities database: VAR-201505-0363, VAR-202002-1447, VAR-201705-3255, VAR-202006-1056, VAR-202206-0004

Trust: 4.75

Fetched: Feb. 17, 2023, 9:31 a.m., Published: Feb. 16, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: draytek model: vigor
vendor: palo model: networks
vendor: palo alto networks model: networks
db: NVD ids: CVE-2022-4257, CVE-2014-9727, CVE-2019-15107, CVE-2020-8515, CVE-2017-5173, CVE-2022-36267, CVE-2020-15415, CVE-2012-4869, CVE-2022-26134

New Open Source OT Security Tool Helps Address Impact of Upcoming Microsoft Patch - SecurityWeek

Trust: 4.75

Fetched: Feb. 17, 2023, 9:30 a.m., Published: Jan. 25, 2023, 2:22 p.m.
 Vulnerabilities: feature bypass, security feature bypass
Affected productsExternal IDs
vendor: siemens model: pcs 7
db: NVD ids: CVE-2021-26414

Qnap-NAS: Critical vulnerability allows malicious code to be injected - SPIXNET C2S

Trust: 4.25

Fetched: Feb. 17, 2023, 9:29 a.m., Published: Feb. 6, 2023, 4:53 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: qnap model: photo station
db: NVD ids: CVE-2022-27596

Apple releases security fix for iPhone and Mac zero-day flaw, so update now | TechRadar

Related entries in the VARIoT vulnerabilities database: VAR-202302-1097, VAR-202302-1169

Trust: 5.5

Fetched: Feb. 17, 2023, 9:29 a.m., Published: Feb. 14, 2023, 10:29 a.m.
 Vulnerabilities: use after free, code execution
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: ipad
vendor: apple model: ipad air
vendor: apple model: iphone
vendor: apple model: webkit
db: NVD ids: CVE-2023-23529, CVE-2023-23514

Threat Advisory: Critical Vulnerability in QNAP Devices Allowing Remote Attackers to Inject Malicious Code - Enterprotect

Trust: 4.25

Fetched: Feb. 17, 2023, 9:29 a.m., Published: Jan. 30, 2023, 10:45 p.m.
 Vulnerabilities: sql injection
Affected productsExternal IDs
db: NVD ids: CVE-2022-27596

CVE-2022-44563: Huawei Recovery Update Zip ToC-ToU Vulnerability - taszk.io labs

Related entries in the VARIoT vulnerabilities database: VAR-202211-0371

Trust: 5.75

Fetched: Feb. 17, 2023, 9:29 a.m., Published: Feb. 16, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: huawei model: mate
vendor: huawei model: mate 30 pro
vendor: huawei model: mate 30
vendor: huawei model: huawei
vendor: huawei model: emui
vendor: huawei model: huawei mate
db: NVD ids: CVE-2022-44563

Command injection vulnerability affects Cisco devices. GRU wiper malware active against Ukraine, again. The WEF’s Cybersecurity Outlook for 2023.

Related entries in the VARIoT vulnerabilities database: VAR-202302-0213

Trust: 5.25

Fetched: Feb. 17, 2023, 9:28 a.m., Published: Feb. 17, 2023, midnight
 Vulnerabilities: code execution, remote command injection, command injection
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo alto networks model: networks
vendor: cisco model: ic3000
vendor: cisco model: routers
vendor: cisco model: industrial isrs
vendor: cisco model: series
vendor: cisco model: ir510 wpan
db: NVD ids: CVE-2023-20076, CVE-2021-35394

Mirai Variant V3G4 Targets 13 IoT Vulnerabilities - Vulnera

Related entries in the VARIoT vulnerabilities database: VAR-201505-0363, VAR-202002-1447, VAR-201705-3255, VAR-202006-1056, VAR-202206-0004

Trust: 5.75

Fetched: Feb. 17, 2023, 9:28 a.m., Published: Feb. 16, 2023, 1:56 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo model: networks
db: NVD ids: CVE-2022-4257, CVE-2014-9727, CVE-2019-15107, CVE-2020-8515, CVE-2017-5173, CVE-2022-36267, CVE-2020-15415, CVE-2012-4869, CVE-2022-26134

Critical Infrastructure at Risk from New Vulnerabilities Found in Wireless IIoT Devices - Patabook Technology

Related entries in the VARIoT vulnerabilities database: VAR-202301-0630, VAR-202301-0629

Trust: 4.75

Fetched: Feb. 17, 2023, 9:27 a.m., Published: Feb. 10, 2023, 4:36 a.m.
 Vulnerabilities: information disclosure, command injection, privilege escalation...
Affected productsExternal IDs
vendor: siemens model: automation license manager
db: NVD ids: CVE-2022-43513, CVE-2022-43514, CVE-2022-46650, CVE-2022-46649, CVE-2022-3703, CVE-2022-40981, CVE-2022-41607

iOS 16.3.1 squashes some bugs but introduces a problem for some

Trust: 3.75

Fetched: Feb. 17, 2023, 9:27 a.m., Published: Feb. 15, 2023, 4:50 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android
vendor: google model: chrome
vendor: apple model: icloud
vendor: apple model: iphone

Update your Apple products due to security vulnerabilities - Information Technology

Trust: 3.0

Fetched: Feb. 17, 2023, 9:26 a.m., Published: Feb. 14, 2023, 8:29 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: ipad
vendor: apple model: ipad air
vendor: apple model: iphone

Wireless IIoT Device Vulnerabilities Pose Risk to Critical Infrastructure - BlazeGuard

Trust: 3.0

Fetched: Feb. 17, 2023, 9:26 a.m., Published: Feb. 16, 2023, 5 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: automation license manager