Sign-up

VARIoT news about IoT security

New Go-based Botnet Exploiting Exploiting Dozens of IoT Vulnerabilities to Expand its Network

Trust: 3.0

Fetched: Dec. 16, 2022, 9:20 a.m., Published: Dec. 7, 2022, 4:03 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: d-link model: dns-320

CISA Alert: Veeam Backup and Replication Vulnerabilities Being Exploited in Attacks - PlanetJon Network

Trust: 3.75

Fetched: Dec. 16, 2022, 9:20 a.m., Published: Dec. 16, 2022, 5:45 a.m.
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2022-26501, CVE-2022-26500

The Biggest Vulnerabilities To Your Website Security 2022

Trust: 3.5

Fetched: Dec. 16, 2022, 9:18 a.m., Published: Dec. 15, 2022, 7:38 a.m.
 Vulnerabilities: cross-site scripting, sql injection
Affected productsExternal IDs

Security researcher shows off kernel vulnerability on iPhone 14 running iOS 16.1.2

Trust: 3.0

Fetched: Dec. 16, 2022, 9:17 a.m., Published: Dec. 11, 2022, 4:50 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution

Trust: 3.5

Fetched: Dec. 16, 2022, 9:17 a.m., Published: Dec. 14, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

APT5 Exploits Zero-Day Vulnerability on Citrix ADC and Gateway Devices

Trust: 4.75

Fetched: Dec. 16, 2022, 9:15 a.m., Published: Dec. 14, 2022, 10:43 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: citrix model: gateway
db: NVD ids: CVE-2022-27518

Apple Fixes Actively Exploited iPhone Zero-Day Vulnerability - Infosecurity Magazine

Related entries in the VARIoT vulnerabilities database: VAR-202212-1751

Trust: 5.0

Fetched: Dec. 16, 2022, 9:15 a.m., Published: Dec. 14, 2022, 4 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: safari
vendor: apple model: webkit
db: NVD ids: CVE-2022-42856

Apple Patches Vulnerability Being “Actively Exploited” in iPhones

Related entries in the VARIoT vulnerabilities database: VAR-202212-1751

Trust: 5.75

Fetched: Dec. 16, 2022, 9:15 a.m., Published: Dec. 15, 2022, 11:43 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: ipod touch
vendor: apple model: ipad air
vendor: apple model: iphone
vendor: apple model: ipad
vendor: apple model: webkit
db: NVD ids: CVE-2022-42856

Vulnerability vs. Threat vs. Risk vs… "Other" - Forescout

Trust: 3.75

Fetched: Dec. 16, 2022, 9:13 a.m., Published: Nov. 2, 2022, 7:04 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs

Dozen High-Severity Vulnerabilities Patched in F5 Products | SecurityWeek.Com

Related entries in the VARIoT vulnerabilities database: VAR-202205-0394

Trust: 3.75

Fetched: Dec. 16, 2022, 9:11 a.m., Published: Dec. 16, 2022, midnight
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2022-1388

Exposure score in Defender Vulnerability Management | Microsoft Learn

Trust: 3.0

Fetched: Dec. 16, 2022, 9:11 a.m., Published: Sept. 27, 2022, 11:22 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security

Cisco Secure Email and Web Manager Multiple Vulnerabilities (c... | Tenable®

Trust: 3.25

Fetched: Dec. 14, 2022, 9:26 a.m., Published: Dec. 1, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-20868, CVE-2022-20867

Arm’s Mali GPU driver flaws remain unpatched on Android devices

Trust: 3.5

Fetched: Dec. 14, 2022, 9:24 a.m., Published: Dec. 6, 2022, 7 a.m.
 Vulnerabilities: address disclosure, code execution, memory corruption
Affected productsExternal IDs
vendor: samsung model: android phone
vendor: samsung model: galaxy
vendor: samsung model: samsung galaxy
vendor: google model: pixel
vendor: google model: android

Critical vulnerabilities in Citrix Gateway and Application Delivery Controller devices | Mirage News

Trust: 6.0

Fetched: Dec. 14, 2022, 9:23 a.m., Published: Dec. 13, 2022, 1:05 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: citrix model: application delivery controller
vendor: citrix model: gateway
db: NVD ids: CVE-2022-27518

Android security update fixes more than 80 security vulnerabilities - including four critical | ZDNET

Related entries in the VARIoT vulnerabilities database: VAR-202212-0619

Trust: 6.0

Fetched: Dec. 14, 2022, 9:21 a.m., Published: -
 Vulnerabilities: information disclosure
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2022-20411, CVE-2022-20472, CVE-2022-20498, CVE-2022-20473, CVE-2022-23960, CVE-2022-20502, CVE-2022-20496

New Actively Exploited Zero-Day Vulnerability Discovered in Apple Products

Related entries in the VARIoT vulnerabilities database: VAR-202212-1751, VAR-202202-0109, VAR-202201-0561, VAR-202210-1624, VAR-202203-1579, VAR-202201-0554, VAR-202209-0759, VAR-202203-1580, VAR-202208-1294, VAR-202208-1345

Trust: 4.75

Fetched: Dec. 14, 2022, 9:21 a.m., Published: Dec. 14, 2022, 3:44 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome
vendor: apple model: macos
vendor: apple model: tvos
vendor: apple model: safari
vendor: apple model: icloud
vendor: apple model: webkit
db: NVD ids: CVE-2022-42856, CVE-2022-22620, CVE-2022-22587, CVE-2022-42827, CVE-2022-22674, CVE-2022-22594, CVE-2022-32917, CVE-2022-22675, CVE-2022-32894, CVE-2022-32893

Top 10 Hardware Vulnerabilities MSPs Should Watch Out For - inSOC

Trust: 3.75

Fetched: Dec. 14, 2022, 9:20 a.m., Published: Dec. 13, 2022, 5:34 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security

Cybercriminals Selling Access to Networks Compromised via Recent Fortinet Vulnerability | SecurityWeek.Com

Related entries in the VARIoT vulnerabilities database: VAR-202210-0198

Trust: 5.0

Fetched: Dec. 14, 2022, 9:20 a.m., Published: Dec. 14, 2022, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2022-40684

Vulnerability with public PoC affects Cisco IP phones, fix unavailable (CVE-2022-20968) - Help Net Security

Related entries in the VARIoT vulnerabilities database: VAR-202212-0864

Trust: 3.75

Fetched: Dec. 14, 2022, 9:18 a.m., Published: Dec. 12, 2022, 10:10 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: ip phone 8821
vendor: cisco model: ip phones
vendor: cisco model: ip phone 8800
vendor: cisco model: ip phone
vendor: cisco model: series ip phones
vendor: cisco model: series
vendor: cisco model: wireless ip phone 8821
vendor: cisco model: ip phone 7800 series
vendor: cisco model: voice vlan
vendor: cisco model: ip phone 8800 series
vendor: cisco model: ip phone 7800
vendor: cisco model: link layer discovery protocol
db: NVD ids: CVE-2022-20968

Access Denied

Trust: 3.25

Fetched: Dec. 14, 2022, 9:12 a.m., Published: Dec. 18, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: citrix model: gateway