VARIoT latest news about IoT security

PoC Published for Fortinet Vulnerability as Mass Exploitation Attempts Begin \| SecurityWeek.Com Related entries in the VARIoT vulnerabilities database: VAR-202210-0198 Trust: 5.75 Fetched: Nov. 18, 2022, 9:11 a.m., Published: Nov. 18, 2022, midnight	Vulnerabilities: authentication bypass

Affected products

External IDs

vendor:

fortigate

model:

fortios

db:

NVD

ids:

CVE-2022-40684

Cisco Secure Web Appliance Content Encoding Filter Bypass Vulnerability - Cisco Trust: 3.0 Fetched: Nov. 18, 2022, 9:11 a.m., Published: Oct. 21, 2022, 8:37 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	asyncos
vendor:	cisco	model:	web security appliance
vendor:	cisco	model:	cisco web security appliance
vendor:	cisco	model:	cisco asyncos
vendor:	cisco	model:	asyncos software

CISA reveals cyber security vulnerabilities in Siemens, Hitachi Energy, Johnson Controls, Delta Electronics - Industrial Cyber Trust: 5.25 Fetched: Nov. 18, 2022, 9:10 a.m., Published: Oct. 26, 2022, 8:12 a.m.	Vulnerabilities: sql injection, authentication bypass, authentication vulnerability...

Affected products

External IDs

vendor:	trend micro	model:	security
vendor:	trend	model:	security
vendor:	delta	model:	diaenergie
vendor:	delta electronics	model:	diaenergie

Appliance mode iControl REST vulnerability CVE-2022-41800 Related entries in the VARIoT vulnerabilities database: VAR-202211-1118 Trust: 4.0 Fetched: Nov. 18, 2022, 9:10 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:

mesh

model:

mesh

db:

NVD

ids:

CVE-2022-41800

New OpenSSL Vulnerabilities (CVE-2022-3602 and CVE-2022-3786) Are a Big Deal for IoT Devices, How Can You Stay Protected? : IOT Trust: 3.25 Fetched: Nov. 16, 2022, 9:29 a.m., Published: March 16, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2022-3786, CVE-2022-3602

Project Zero: A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain Related entries in the VARIoT vulnerabilities database: VAR-201910-0902 Trust: 5.25 Fetched: Nov. 16, 2022, 9:21 a.m., Published: Nov. 4, 2022, midnight	Vulnerabilities: code execution, memory corruption, information leak

Affected products

External IDs

vendor:	google	model:	pixel
vendor:	google	model:	android
vendor:	google	model:	chrome
vendor:	samsung	model:	samsung firmware
vendor:	samsung	model:	note
vendor:	samsung	model:	notes
vendor:	samsung	model:	exynos
vendor:	apple	model:	watch

db:

NVD

ids:

CVE-2021-25337, CVE-2021-25370, CVE-2021-25369, CVE-2019-2215

Vulnerability Spotlight: Vulnerabilities in Abode Systems home security kit could allow attacker to take over cameras, remotely disable them Related entries in the VARIoT vulnerabilities database: VAR-202210-1549, VAR-202210-1547 Trust: 5.5 Fetched: Nov. 16, 2022, 9:20 a.m., Published: Oct. 20, 2022, 1:27 p.m.	Vulnerabilities: heap corruption, authentication bypass, memory corruption...

Affected products

External IDs

vendor:	google	model:	google home
vendor:	google	model:	home
vendor:	snort	model:	snort
vendor:	cisco	model:	firepower management center
vendor:	cisco	model:	series
vendor:	cisco	model:	firepower
vendor:	snort.org	model:	snort

db:

NVD

ids:

CVE-2022-27804, CVE-2022-35244, CVE-2022-27805, CVE-2022-32775, CVE-2022-33189, CVE-2022-30541, CVE-2022-30603, CVE-2022-29472, CVE-2022-29475, CVE-2022-29477, CVE-2022-33192, CVE-2022-32773, CVE-2022-33195, CVE-2022-32574, CVE-2022-32586

Cisco Identity Services Engine Cross-Site Scripting Vulnerability - Cisco Trust: 5.0 Fetched: Nov. 16, 2022, 9:19 a.m., Published: Nov. 15, 2022, 6:59 a.m.	Vulnerabilities: cross-site scripting

Affected products

External IDs

vendor:	cisco	model:	cisco identity services engine
vendor:	cisco	model:	identity services engine

Aiphone Intercom System Vulnerability Allows Hackers to Open Doors \| SecurityWeek.Com Trust: 5.0 Fetched: Nov. 16, 2022, 9:18 a.m., Published: Nov. 16, 2022, midnight	Vulnerabilities: information disclosure

Affected products

External IDs

db:

NVD

ids:

CVE-2022-40903

Research, News, and Perspectives Related entries in the VARIoT vulnerabilities database: VAR-201912-0499 Trust: 3.5 Fetched: Nov. 16, 2022, 9:10 a.m., Published: Aug. 5, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	trend	model:	security
vendor:	trend micro	model:	security

db:

NVD

ids:

CVE-2019-8561

Cybersecurity researcher discovers a way to bypass the lock screen on Pixel devices - ACOM TOUCH IT SOLUTION Trust: 3.5 Fetched: Nov. 15, 2022, 9:25 a.m., Published: Nov. 15, 2022, 12:31 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	pixel
vendor:	google	model:	home
vendor:	google	model:	android

db:

NVD

ids:

CVE-2022-20465

Vulnerability device scanning block using XG firewall - Discussions - Sophos Firewall - Sophos Community Trust: 3.0 Fetched: Nov. 15, 2022, 9:21 a.m., Published: Nov. 1, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

sophos

model:

xg firewall

Vulnerability in Safari, iOS 16.1 could let hackers steal users’ sensitive data, says Cert-In - . Trust: 3.75 Fetched: Nov. 15, 2022, 9:20 a.m., Published: Oct. 26, 2022, 9:17 a.m.	Vulnerabilities: improper validation, use after free, improper memory handling...

Affected products

External IDs

vendor:	apple	model:	webkit
vendor:	apple	model:	ipad air
vendor:	apple	model:	macos
vendor:	apple	model:	iphone
vendor:	apple	model:	ipad
vendor:	apple	model:	safari

Vulnerability News \| Cybersecurity Dive Trust: 4.5 Fetched: Nov. 15, 2022, 9:20 a.m., Published: Nov. 14, 2022, midnight	Vulnerabilities: authentication bypass, request forgery, code execution

Affected products

External IDs

vendor:	palo	model:	networks
vendor:	palo	model:	firewall
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	firewall

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SNMP Denial of Service Vulnerability - Cisco Trust: 4.0 Fetched: Nov. 15, 2022, 9:12 a.m., Published: Nov. 9, 2022, 1:37 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	adaptive security appliance software
vendor:	cisco	model:	asa software
vendor:	cisco	model:	cisco firepower management center
vendor:	cisco	model:	firepower
vendor:	cisco	model:	firepower management center
vendor:	cisco	model:	firepower threat defense software
vendor:	cisco	model:	cisco adaptive security appliance software

Apple users advised to immediately update software for macOS, iPhone and iPad: SingCERT - CNA Trust: 3.5 Fetched: Nov. 13, 2022, 9:25 a.m., Published: Nov. 19, 2022, midnight	Vulnerabilities: code execution, memory corruption

Affected products

External IDs

vendor:	apple	model:	ipad air
vendor:	apple	model:	ipad
vendor:	apple	model:	macbook
vendor:	apple	model:	iphone
vendor:	apple	model:	macos

Citrix ADC, Gateway vulnerabilities addressed \| SC Media Trust: 3.0 Fetched: Nov. 13, 2022, 9:25 a.m., Published: Nov. 11, 2022, 7:30 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

citrix

model:

gateway

New Lenovo Notebook Models Affected By UEFI Firmware Vulnerabilities - Infosecurity Magazine Trust: 4.0 Fetched: Nov. 13, 2022, 9:25 a.m., Published: Nov. 10, 2022, 5 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	lenovo	model:	bios
vendor:	lenovo	model:	yoga
vendor:	lenovo	model:	system
vendor:	lenovo	model:	notebook

db:

NVD

ids:

CVE-2022-3432, CVE-2022-3430, CVE-2022-3431

CISA Warns of Critical Vulnerabilities in 3 Industrial Control System Software - info database \| Vulners Related entries in the VARIoT vulnerabilities database: VAR-202211-0095 Trust: 5.75 Fetched: Nov. 13, 2022, 9:24 a.m., Published: Nov. 4, 2022, 10:01 a.m.	Vulnerabilities: path traversal, file upload issue, directory traversal...

Affected products

External IDs

vendor:

nokia

model:

impact

db:

NVD

ids:

CVE-2022-2969, CVE-2022-2484, CVE-2022-3703, CVE-2022-2482, CVE-2022-41607, CVE-2022-40981, CVE-2022-2483

Access Denied Trust: 3.25 Fetched: Nov. 13, 2022, 9:23 a.m., Published: Nov. 13, 4017, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

chrome

VARIoT news about IoT security