Sign-up

VARIoT news about IoT security

The Dirty Pipe Vulnerability - The Dirty Pipe Vulnerability documentation

Related entries in the VARIoT vulnerabilities database: VAR-202203-0043, VAR-201611-0386

Trust: [3.5, []]

Fetched: May 13, 2022, 10:50 a.m., Published: April 5, 2022, midnight
 Vulnerabilities: privilege escalation, heap corruption
Affected productsExternal IDs
db: NVD ids: CVE-2022-0847, CVE-2016-5195

Vulnerabilities found in 250 HP printer models - ARN

Trust: [5.25, []]

Fetched: May 13, 2022, 10:50 a.m., Published: April 7, 2022, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2022-24292, CVE-2022-3942, CVE-2022-24291, CVE-2022-24293

CISA Adds Four Known Exploited Vulnerabilities to Catalog | CISA

Trust: [3.0, []]

Fetched: May 13, 2022, 10:50 a.m., Published: March 11, 2022, midnight
 Vulnerabilities: cross-site scripting, code execution, code injection
Affected productsExternal IDs
db: NVD ids: CVE-2014-6352, CVE-2022-24682, CVE-2017-0222, CVE-2017-8570

Smarter MSP - Helping MSPs Build Better Businesses

Related entries in the VARIoT vulnerabilities database: VAR-202203-0043

Trust: 5.0

Fetched: May 13, 2022, 10:45 a.m., Published: -
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2022-0847, CVE-2022-049

oss-sec: Xen Security Advisory 396 v3 (CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042) - Linux PV device frontends vulnerable to attacks by backends

Trust: 4.75

Fetched: May 13, 2022, 10:45 a.m., Published: -
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2022-23039, CVE-2022-23036, CVE-2022-23042, CVE-2022-23040, CVE-2022-23038, CVE-2022-23041, CVE-2022-23037

Weekly Threat Report 28th January 2022 - NCSC.GOV.UK

Trust: 3.0

Fetched: May 13, 2022, 10:45 a.m., Published: -
 Vulnerabilities: denial of service
Affected productsExternal IDs

Singapore discloses four critical Riverbed flaws • The Register

Trust: 4.5

Fetched: May 13, 2022, 10:45 a.m., Published: -
 Vulnerabilities: code execution, directory traversal
Affected productsExternal IDs
db: NVD ids: CVE-2021-42787, CVE-2021-42786, CVE-2021-42853, CVE-2021-42854

QNAP Warns of OpenSSL Infinite Loop Vulnerability Affecting NAS Devices - on March 30, 2022 at 11:30 pm - STETSON CyberGroup

Trust: [4.0, []]

Fetched: May 13, 2022, 9:12 a.m., Published: March 30, 2022, 11:30 p.m.
 Vulnerabilities: infinite loop vulnerability
Affected productsExternal IDs

FREE and ONLINE SQL injection Scanner with sqlmap

Trust: 4.0

Fetched: May 13, 2022, 8:17 a.m., Published: Dec. 6, 2022, midnight
 Vulnerabilities: code injection, sql injection
Affected productsExternal IDs

Smart home security devices may be vulnerable to smart hackers | William & Mary

Trust: 4.25

Fetched: May 13, 2022, 8:17 a.m., Published: May 13, 2022, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: google model: wifi
vendor: google model: home

New Mirai Variant Exploits NAS Device Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-202003-1707

Trust: 4.5

Fetched: May 13, 2022, 8:17 a.m., Published: May 19, 2022, midnight
 Vulnerabilities: code execution, command injection
Affected productsExternal IDs
vendor: palo alto networks model: palo alto networks
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo model: palo alto networks
vendor: palo model: networks
vendor: palo model: firewall
db: NVD ids: CVE-2020-9054

Article: What is... a Vulnerability | F-Secure

Trust: 3.0

Fetched: May 13, 2022, 8:17 a.m., Published: May 13, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs

SAP Addresses Log4Shell Vulnerability Patching in 20 Applications

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 4.75

Fetched: May 13, 2022, 8:17 a.m., Published: May 20, 2022, midnight
 Vulnerabilities: denial of service, request forgery, code injection...
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228

Log4j under siege, millions of devices vulnerable | Futuralistech.com

Trust: 3.0

Fetched: May 13, 2022, 8:17 a.m., Published: May 13, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: check point model: check point

WordPress plugin exploit puts over 90,000 sites at risk | IT PRO

Trust: 3.0

Fetched: May 13, 2022, 8:17 a.m., Published: May 13, 2022, midnight
 Vulnerabilities: access control vulnerability
Affected productsExternal IDs

Smart Yet Flawed: IoT Device Vulnerabilities Explained - Security News

Related entries in the VARIoT vulnerabilities database: VAR-202003-1707

Trust: 4.25

Fetched: May 13, 2022, 8:16 a.m., Published: Aug. 5, 2022, midnight
 Vulnerabilities: default credentials, denial of service
Affected productsExternal IDs
vendor: trend model: security
vendor: trend model: home network security
vendor: sonos model: sonos
vendor: trend micro model: security
vendor: trend micro model: home network security
vendor: serve model: serve
db: NVD ids: CVE-2020-9054

FireEye, CISA Warn of Critical IoT Device Vulnerability

Trust: 3.75

Fetched: May 13, 2022, 8:16 a.m., Published: May 19, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: watch
db: NVD ids: CVE-2021-28372

Critical macOS vulnerability found to bypass SIP restrictions | IT PRO

Related entries in the VARIoT vulnerabilities database: VAR-202108-2056

Trust: 3.75

Fetched: May 13, 2022, 8:16 a.m., Published: May 13, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2021-30892

NetUSB flaw exposes millions of routers to remote code execution | IT PRO

Related entries in the VARIoT vulnerabilities database: VAR-202112-2341

Trust: 4.5

Fetched: May 13, 2022, 8:16 a.m., Published: May 13, 2022, midnight
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: tp-link model: routers
vendor: d-link model: router
vendor: kcodes model: netusb
vendor: netgear model: router
db: NVD ids: CVE-2021-45608

Vulnerability - Definition

Related entries in the VARIoT vulnerabilities database: VAR-201808-0959, VAR-201710-0214, VAR-201710-0974, VAR-201801-1711, VAR-201501-0338, VAR-201905-0711, VAR-201709-0464, VAR-201905-0710, VAR-201710-0975, VAR-201505-0233, VAR-201409-1156, VAR-201801-0826, VAR-201912-0572, VAR-201710-0207, VAR-201710-0212, VAR-201703-0755, VAR-201710-0209, VAR-201410-1418, VAR-201905-0709, VAR-201404-0592, VAR-201409-1155, VAR-201710-0206, VAR-201808-0958, VAR-201710-0213, VAR-201710-0208, VAR-201710-0211, VAR-201905-1248, VAR-201801-1712, VAR-201808-0957

Trust: 4.75

Fetched: May 13, 2022, 8:16 a.m., Published: Aug. 5, 2022, midnight
 Vulnerabilities: denial of service, code execution, privilege escalation...
Affected productsExternal IDs
vendor: dram model: dram
db: NVD ids: CVE-2018-3615, CVE-2018-1002105, CVE-2019-0708, CVE-2017-13086, CVE-2015-3827, CVE-2017-13087, CVE-2017-0144, CVE-2015-1538, CVE-2017-5754, CVE-2015-3864, CVE-2015-3826, CVE-2019-1069, CVE-2015-0204, CVE-2018-12130, CVE-2017-14315, CVE-2015-3824, CVE-2017-8628, CVE-2018-12127, CVE-2017-13088, CVE-2015-3828, CVE-2015-4000, CVE-2014-6271, CVE-2017-5715, CVE-2019-8635, CVE-2017-13080, CVE-2017-0781, CVE-2017-13079, CVE-2017-5638, CVE-2017-13082, CVE-2017-0147, CVE-2017-1000251, CVE-2015-3829, CVE-2014-3566, CVE-2019-5736, CVE-2017-0146, CVE-2015-6602, CVE-2017-1000250, CVE-2018-12126, CVE-2014-0160, CVE-2014-7169, CVE-2017-13077, CVE-2018-3620, CVE-2017-0782, CVE-2017-0016, CVE-2017-13084, CVE-2017-0785, CVE-2017-13081, CVE-2017-13078, CVE-2015-1539, CVE-2019-1208, CVE-2019-11091, CVE-2018-7600, CVE-2017-5753, CVE-2017-11882, CVE-2017-0783, CVE-2018-3646