Sign-up

VARIoT news about IoT security

OESIS Framework March 21, 2023 Release - OPSWAT

Related entries in the VARIoT vulnerabilities database: VAR-202209-1490

Trust: 3.0

Fetched: April 5, 2023, 9:27 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-27904, CVE-2023-27903, CVE-2018-18506, CVE-2023-27902, CVE-2023-27898, CVE-2023-27900, CVE-2023-27901, CVE-2023-24930, CVE-2023-27899, CVE-2022-32863

Why medical device vulnerabilities are hard to prioritize - News ITN

Trust: 4.75

Fetched: April 5, 2023, 9:25 a.m., Published: April 3, 2023, 11:57 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-27410

Remediation of Sitecore MVC Device Simulator Vulnerability - Sitecore With Raman

Trust: 3.0

Fetched: April 5, 2023, 9:25 a.m., Published: April 1, 2023, 9:44 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution - Fortify Your SMB

Trust: 5.0

Fetched: April 5, 2023, 9:22 a.m., Published: April 4, 2023, 7:57 a.m.
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs
vendor: google model: android

Disable VoLTE, Wi-Fi calling due to Exynos vulnerability -

Trust: 5.75

Fetched: April 5, 2023, 9:22 a.m., Published: March 16, 2023, 11:10 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: pixel
vendor: vivo model: modems
vendor: vivo model: modem
vendor: samsung model: exynos
vendor: samsung model: mobile
vendor: samsung model: samsung galaxy
vendor: samsung model: galaxy
db: NVD ids: CVE-2023-24033

Sophos: A critical vulnerability in web devices allows code smuggling

Trust: 5.0

Fetched: April 5, 2023, 9:22 a.m., Published: April 4, 2023, 3:04 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: sophos model: sophos web appliance
vendor: sophos model: web appliance
vendor: sophos model: firewall
db: NVD ids: CVE-2020-36692, CVE-2023-1671, CVE-2022-4934

Multiple Software Vulnerabilities Found In Totolink Device | vpnmentor

Related entries in the VARIoT vulnerabilities database: VAR-202108-1782

Trust: 4.75

Fetched: April 5, 2023, 9:21 a.m., Published: March 9, 2023, midnight
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: totolink model: a3002r 1.1.1-b20200824
vendor: totolink model: a3002r
db: NVD ids: CVE-2021-34228

QNAP Patches High-Severity Vulnerability Exists In The Wild - CYREBRO

Trust: 5.25

Fetched: April 5, 2023, 9:21 a.m., Published: April 2, 2023, 1:36 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2023-22809

Suspected China espionage threat actors go after network-security device vulnerabilities - CybersecAsia

Trust: 4.0

Fetched: April 5, 2023, 9:20 a.m., Published: March 27, 2023, 1:51 a.m.
 Vulnerabilities: directory traversal
Affected productsExternal IDs
db: NVD ids: CVE-2022-41328

Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution

Trust: 5.25

Fetched: April 5, 2023, 9:17 a.m., Published: April 1, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android

About the security content of iOS 16.2 and iPadOS 16.2 - Apple Support

Related entries in the VARIoT vulnerabilities database: VAR-202212-1411, VAR-202212-1440, VAR-202212-1466, VAR-202302-1859, VAR-202212-1531, VAR-202212-1523, VAR-202212-1306, VAR-202212-1387, VAR-202212-1533, VAR-202212-1297, VAR-202212-1489, VAR-202212-1560, VAR-202212-1685, VAR-202212-1308, VAR-202212-1532, VAR-202212-1213, VAR-202212-1332, VAR-202212-1559, VAR-202212-1412, VAR-202212-1442, VAR-202212-1516, VAR-202212-1221, VAR-202212-1410, VAR-202212-1325, VAR-202212-1619, VAR-202212-1592, VAR-202212-1530, VAR-202212-1503, VAR-202212-1331, VAR-202212-1751, VAR-202212-1309, VAR-202212-1248, VAR-202212-1488, VAR-202212-1216, VAR-202212-1324, VAR-202212-1441, VAR-202212-1310

Trust: 5.25

Fetched: April 5, 2023, 9:16 a.m., Published: April 16, 2023, midnight
 Vulnerabilities: code execution, integer overflow, memory corruption...
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: iphone
vendor: apple model: safari
vendor: apple model: itunes
vendor: apple model: watch
vendor: apple model: webkit
vendor: apple model: ipad air
vendor: trend micro model: security
vendor: trend model: security
db: NVD ids: CVE-2022-42867, CVE-2022-42846, CVE-2022-46698, CVE-2022-46705, CVE-2022-42855, CVE-2022-42852, CVE-2022-42850, CVE-2022-32943, CVE-2022-46700, CVE-2022-42844, CVE-2022-46696, CVE-2022-46689, CVE-2022-46716, CVE-2022-46694, CVE-2022-42862, CVE-2022-46691, CVE-2022-46703, CVE-2022-42837, CVE-2022-46692, CVE-2022-42864, CVE-2022-46699, CVE-2022-46690, CVE-2022-42865, CVE-2022-42849, CVE-2022-46717, CVE-2022-42859, CVE-2022-42842, CVE-2022-46702, CVE-2022-42843, CVE-2022-42848, CVE-2022-42863, CVE-2022-42861, CVE-2022-42856, CVE-2022-46695, CVE-2022-42851, CVE-2022-46693, CVE-2022-42845, CVE-2022-42840, CVE-2022-42866, CVE-2022-46720, CVE-2022-46701

Nexx Smart Home Device Vulnerabilities Allow Unauthorized Access

Related entries in the VARIoT vulnerabilities database: VAR-202212-1132

Trust: 4.0

Fetched: April 5, 2023, 9:14 a.m., Published: April 5, 2023, 7:13 a.m.
 Vulnerabilities: input validation vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2023-1750, CVE-2023-1749, CVE-2023-1752, CVE-2022-42475, CVE-2023-1751, CVE-2023-1748

Cisco Access Point Software Denial of Service Vulnerability

Trust: 5.0

Fetched: April 5, 2023, 9:14 a.m., Published: March 22, 2023, 3:49 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: mobility express
vendor: cisco model: series wireless controller
vendor: cisco model: wireless controller
vendor: cisco model: wireless lan controller
vendor: cisco model: catalyst
vendor: cisco model: series
vendor: cisco model: catalyst 9800

Nexx Smart Home Device | CISA

Trust: 3.75

Fetched: April 5, 2023, 9:13 a.m., Published: March 9, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-1750, CVE-2023-1749, CVE-2023-1752, CVE-2023-1751, CVE-2023-1748

Cisco IOS XE Software Privilege Escalation Vulnerability

Trust: 4.0

Fetched: April 5, 2023, 9:12 a.m., Published: March 24, 2023, 7:59 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: cisco model: ios xe software
vendor: cisco model: cisco ios xe
vendor: cisco model: cisco ios
vendor: cisco model: ios xe

Vulnerability Alert: How a Benchmark Test Uncovered Vulnerabilities in Over 80,000 QNAP Devices - Global Security Mag Online

Trust: 3.75

Fetched: April 5, 2023, 9:11 a.m., Published: April 4, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2022-27598, CVE-2022-27597

Why medical device vulnerabilities are hard to prioritize | TechTarget

Trust: 4.75

Fetched: April 5, 2023, 9:10 a.m., Published: Sept. 5, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-27410

Spyware Vendors Caught Exploiting Zero-Day Vulnerabilities on Android and iOS Devices

Trust: 3.25

Fetched: April 2, 2023, 9:21 a.m., Published: March 29, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

OESIS Framework March 28, 2023 Release - OPSWAT

Related entries in the VARIoT vulnerabilities database: VAR-201902-0445, VAR-201803-2160

Trust: 3.75

Fetched: April 2, 2023, 9:20 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco systems model: webex
vendor: cisco model: webex
db: NVD ids: CVE-2023-22883, CVE-2023-1530, CVE-2023-1534, CVE-2023-24578, CVE-2023-25738, CVE-2019-1798, CVE-2023-25737, CVE-2023-25745, CVE-2023-25733, CVE-2023-25729, CVE-2019-1677, CVE-2023-25741, CVE-2023-1532, CVE-2023-25743, CVE-2023-25734, CVE-2023-1531, CVE-2019-11068, CVE-2023-1529, CVE-2023-25735, CVE-2018-4844, CVE-2023-25740, CVE-2023-0767, CVE-2023-25134, CVE-2023-25744, CVE-2023-24577, CVE-2019-16168, CVE-2023-28155, CVE-2023-25731, CVE-2023-25732, CVE-2023-25736, CVE-2023-25739, CVE-2023-25742, CVE-2023-1533, CVE-2023-1528, CVE-2023-25730, CVE-2023-25728, CVE-2019-12383, CVE-2023-24579, CVE-2022-42331

The Hacker News on Twitter: "🚨 #Google's TAG reveals commercial spyware vendors exploited zero-day vulnerabilities on #Android & iOS devices last year. Learn more: https://t.co/35jrXhzEjU These highly targeted campaigns put dissidents, journalists, & human rights workers at risk. #infosec #cybersecurity" / Twitter

Trust: 3.25

Fetched: April 2, 2023, 9:20 a.m., Published: April 2, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android