Sign-up

VARIoT news about IoT security

Binarly Discloses Multiple Firmware Vulnerabilities in Qualcomm and Lenovo ARM-based Devices - Silicon UK

Related entries in the VARIoT vulnerabilities database: VAR-202301-0521

Trust: 4.25

Fetched: Jan. 15, 2023, 9:23 a.m., Published: Jan. 9, 2023, 6:43 p.m.
 Vulnerabilities: code execution, information disclosure, memory leak...
Affected productsExternal IDs
vendor: lenovo model: system
vendor: lenovo model: thinkpad
vendor: lenovo model: updates
db: NVD ids: CVE-2022-4432, CVE-2022-40518, CVE-2022-4434, CVE-2022-40519, CVE-2022-40520, CVE-2022-4435, CVE-2022-4433, CVE-2022-40516, CVE-2022-40517

Researcher Details Lexmark Printer "Zero-Day" Vulnerability

Trust: 3.5

Fetched: Jan. 15, 2023, 9:20 a.m., Published: Jan. 13, 2023, 9:39 a.m.
 Vulnerabilities: file upload bug, code execution, privilege escalation
Affected productsExternal IDs
vendor: lexmark international model: lexmark printer
vendor: lexmark international model: printer
vendor: lexmark model: lexmark printer
vendor: lexmark model: printer

Microsoft Sharepoint Server - Security Vulnerabilities in 2023

Trust: 3.75

Fetched: Jan. 15, 2023, 9:17 a.m., Published: Jan. 15, 2023, midnight
 Vulnerabilities: authentication bypass, information disclosure, memory corruption...
Affected productsExternal IDs
db: NVD ids: CVE-2021-34467, CVE-2022-38008, CVE-2020-17016, CVE-2021-43876, CVE-2022-22716, CVE-2023-21743, CVE-2021-26418, CVE-2020-16952, CVE-2020-16950, CVE-2020-17125, CVE-2021-1717, CVE-2020-16944, CVE-2021-40483, CVE-2021-31173, CVE-2021-34520, CVE-2022-29108, CVE-2021-42309, CVE-2020-17015, CVE-2021-40487, CVE-2020-17122, CVE-2022-44690, CVE-2020-17123, CVE-2020-16932, CVE-2021-38651, CVE-2021-27076, CVE-2021-1716, CVE-2022-38053, CVE-2021-31964, CVE-2020-17115, CVE-2021-31948, CVE-2020-16929, CVE-2021-28450, CVE-2022-21840, CVE-2021-31965, CVE-2022-41037, CVE-2021-31963, CVE-2022-24472, CVE-2020-16979, CVE-2022-44693, CVE-2022-41062, CVE-2021-40482, CVE-2021-40486, CVE-2022-21987, CVE-2020-17121, CVE-2020-1338, CVE-2021-1715, CVE-2023-21742, CVE-2021-40484, CVE-2021-38652, CVE-2021-1726, CVE-2022-41036, CVE-2020-16941, CVE-2021-34519, CVE-2022-35823, CVE-2021-36940, CVE-2022-21837, CVE-2020-16953, CVE-2022-41122, CVE-2021-31966, CVE-2020-16946, CVE-2021-24104, CVE-2020-17017, CVE-2021-31171, CVE-2020-16942, CVE-2021-43242, CVE-2020-17120, CVE-2020-16931, CVE-2021-34517, CVE-2022-21968, CVE-2022-41061, CVE-2020-16945, CVE-2022-41103, CVE-2021-1719, CVE-2020-17127, CVE-2021-1641, CVE-2023-21744, CVE-2021-24071, CVE-2020-17061, CVE-2021-28474, CVE-2022-41060, CVE-2021-27052, CVE-2020-16951, CVE-2020-16948, CVE-2020-17060, CVE-2020-17118, CVE-2022-41038, CVE-2022-37961, CVE-2021-28478, CVE-2021-31181, CVE-2021-41344, CVE-2021-42320, CVE-2021-31950, CVE-2021-24066, CVE-2020-17089, CVE-2020-1218, CVE-2021-28453, CVE-2020-16930, CVE-2021-31172, CVE-2022-30159, CVE-2021-42294, CVE-2021-1707, CVE-2022-30157, CVE-2021-1712, CVE-2022-30172, CVE-2022-30171, CVE-2021-34468, CVE-2022-38009, CVE-2021-26420, CVE-2022-22005, CVE-2020-17129, CVE-2020-17128, CVE-2021-24072, CVE-2022-30158

Multiple Vulnerabilities in Qualcomm and Lenovo ARM-based Devices

Related entries in the VARIoT vulnerabilities database: VAR-202301-0521

Trust: 4.25

Fetched: Jan. 15, 2023, 9:16 a.m., Published: Jan. 15, 2023, midnight
 Vulnerabilities: code execution, information disclosure, buffer overflow
Affected productsExternal IDs
vendor: lenovo model: system
vendor: lenovo model: thinkpad
vendor: lenovo model: updates
db: NVD ids: CVE-2022-4432, CVE-2022-40518, CVE-2022-4434, CVE-2022-40519, CVE-2022-40520, CVE-2022-4435, CVE-2022-4433, CVE-2022-40516, CVE-2022-40517, CVE-2022-3431, CVE-2022-3430

What are Zero-day Exploits and Vulnerabilities?

Trust: 3.25

Fetched: Jan. 15, 2023, 9:15 a.m., Published: Feb. 3, 2022, noon
 Vulnerabilities: denial of service, privilege escalation
Affected productsExternal IDs
vendor: apple model: webkit
vendor: google model: google chrome
vendor: google model: chrome

ETIC Telecom Remote Access Server (RAS) | CISA

Trust: 4.75

Fetched: Jan. 15, 2023, 9:12 a.m., Published: Jan. 1, 2023, midnight
 Vulnerabilities: path traversal, privilege escalation, directory traversal
Affected productsExternal IDs
db: NVD ids: CVE-2022-40981, CVE-2022-41607, CVE-2022-3703

Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Vulnerabilities

Trust: 3.0

Fetched: Jan. 15, 2023, 9:12 a.m., Published: Jan. 11, 2023, 3:47 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: service management
vendor: cisco model: rv016
vendor: cisco model: cisco small business
vendor: cisco model: rv082
vendor: cisco model: small business
vendor: cisco model: rv042g
vendor: cisco model: rv042
vendor: cisco model: routers

InHand Networks InRouter | CISA

Trust: 4.5

Fetched: Jan. 15, 2023, 9:11 a.m., Published: -
 Vulnerabilities: improper access control, command injection, code execution...
Affected productsExternal IDs
db: NVD ids: CVE-2023-22601, CVE-2023-22598, CVE-2023-22597, CVE-2023-22599, CVE-2023-22600

11 BEST Web Vulnerability Scanner (Website Scanning Tools)

Trust: 4.25

Fetched: Jan. 13, 2023, 9:27 a.m., Published: Dec. 23, 2022, 5:58 a.m.
 Vulnerabilities: injection attack, cross-site scripting, sql injection
Affected productsExternal IDs
vendor: zoho model: manageengine vulnerability manager plus
vendor: tripwire model: ip360
vendor: google model: android

Apple Devices Have a Significant Vulnerability (So Here’s How to Fix It) - Phila Communications Blog | Philadelphia, PA | Phila Communications

Trust: 3.0

Fetched: Jan. 13, 2023, 9:27 a.m., Published: Jan. 10, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos

China cyberwar: Beijing’s dominance in IoT & smart technology & vulnerabilities for India

Trust: 3.75

Fetched: Jan. 13, 2023, 9:26 a.m., Published: Jan. 13, 2042, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: huawei model: huawei

CVE-2022-43389: OS Command Injection Vulnerability in Zyxel CPE devices - Haxf4rall

Trust: 5.0

Fetched: Jan. 13, 2023, 9:26 a.m., Published: Jan. 12, 2023, 1:23 a.m.
 Vulnerabilities: os command injection, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2022-43389

6 Search Engines Hackers Often Use to Find Vulnerabilities - AnonyViet - English Version

Trust: 3.75

Fetched: Jan. 13, 2023, 9:25 a.m., Published: Jan. 10, 2023, 8:29 a.m.
 Vulnerabilities: directory traversal, request forgery, sql injection
Affected productsExternal IDs
vendor: google model: wifi

Critical vulnerabilities in Siemens PLC devices could allow bypass of protected boot features (CVE-2022-38773) - Help Net Security

Related entries in the VARIoT vulnerabilities database: VAR-202301-0605

Trust: 3.75

Fetched: Jan. 13, 2023, 9:24 a.m., Published: Jan. 12, 2023, 3:29 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: simatic s7-1500
vendor: siemens model: cpu 1516pro-2 pn
vendor: siemens model: simatic s7-1500 cpu 1511-1 pn
vendor: siemens model: cpu 1513r-1 pn
vendor: siemens model: cpu 1516pro f-2 pn
vendor: siemens model: cpu 1513f-1 pn
vendor: siemens model: cpu 1515f-2
vendor: siemens model: cpu 1513-1 pn
vendor: siemens model: cpu 1512sp f-1 pn
vendor: siemens model: simatic s7-1500 cpu
vendor: siemens model: simatic s7-1500 cpu 1511f-1 pn
vendor: siemens model: simatic s7-1500 cpu 1517-3 pn
vendor: siemens model: cpu 1512c-1 pn
vendor: siemens model: cpu 1515-2
vendor: siemens model: s7-1500 cpu
vendor: siemens model: cpu 1512sp-1 pn
vendor: siemens model: cpu 1511c-1 pn
vendor: siemens model: cpu 1515t-2 pn
vendor: siemens model: simatic s7-1500 cpu 1518
vendor: siemens model: simatic s7-1500 cpu 1515f-2 pn
vendor: siemens model: cpu 1515r-2 pn
vendor: siemens model: simatic s7-1500 cpu 1513-1 pn
vendor: siemens model: simatic s7-1500 cpu 1515-2 pn
vendor: siemens model: simatic
vendor: siemens model: cpu 1516-3
vendor: siemens model: simatic s7-1500 cpu 1516-3 pn
vendor: siemens model: cpu 1515tf-2 pn
vendor: siemens model: cpu 1516f-3
vendor: siemens model: simatic s7-1500 cpu 1513f-1 pn
vendor: siemens model: simatic s7-1500 cpu 1512c
vendor: siemens model: simatic s7-1500 cpu 1518-4 pn
vendor: siemens model: cpu 1513pro f-2 pn
vendor: siemens model: simatic s7-1500 cpu 1511c
db: NVD ids: CVE-2022-38773

Old vulnerabilities in Cisco products actively exploited in the wildSecurity Affairs

Related entries in the VARIoT vulnerabilities database: VAR-201803-1387, VAR-201803-1369, VAR-201802-0594, VAR-201709-0655

Trust: 4.75

Fetched: Jan. 13, 2023, 9:24 a.m., Published: Dec. 19, 2022, 9:07 p.m.
 Vulnerabilities: buffer overflow, command injection
Affected productsExternal IDs
vendor: cisco model: routers
vendor: cisco model: cisco ios
vendor: cisco model: hyperflex
vendor: cisco model: cisco hyperflex
vendor: cisco model: ios software
vendor: cisco model: nx-os
vendor: cisco model: rv132w
vendor: cisco model: ios xe
vendor: cisco model: ios xe software
vendor: cisco model: rv134w
vendor: cisco model: cisco ios xe
db: NVD ids: CVE-2018-0171, CVE-2021-1497, CVE-2018-0147, CVE-2018-0125, CVE-2017-12240

Cisco BroadWorks Application Delivery Platform, Application Server, and Xtended Services Platform Cross-Site Scripting Vulnerability

Trust: 4.25

Fetched: Jan. 13, 2023, 9:21 a.m., Published: Jan. 11, 2023, 3:47 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs

Vulnerability Management as a Service (VMaaS): Ultimate Guide

Trust: 3.5

Fetched: Jan. 13, 2023, 9:20 a.m., Published: Dec. 16, 2022, 2:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: antivirus
vendor: trend model: security
vendor: trend model: internet security

Update now! Patch Tuesday January 2023 includes one actively exploited vulnerability

Trust: 5.5

Fetched: Jan. 13, 2023, 9:20 a.m., Published: Jan. 12, 2023, 1:51 p.m.
 Vulnerabilities: security feature bypass, feature bypass
Affected productsExternal IDs
vendor: google model: android
vendor: cisco model: ip phone
vendor: cisco model: ip phone 7800
db: NVD ids: CVE-2023-21563, CVE-2023-21743, CVE-2023-21674

New OpenSSL Vulnerabilities Are a Bigger Deal for IoT, but Our Customers Are Protected

Trust: 3.75

Fetched: Jan. 13, 2023, 9:19 a.m., Published: Jan. 4, 2023, midnight
 Vulnerabilities: memory corruption, denial of service, buffer overflow...
Affected productsExternal IDs
db: NVD ids: CVE-2022-3786, CVE-2022-3602

Onboard to the Microsoft Defender for Endpoint service | Microsoft Learn

Trust: 3.0

Fetched: Jan. 13, 2023, 9:19 a.m., Published: Dec. 6, 2022, 12:10 a.m.
 Vulnerabilities: configuration attack
Affected productsExternal IDs