VARIoT latest news about IoT security

Computer Vulnerability \| Most Common Security Vulnerabilities Trust: 3.75 Fetched: Dec. 25, 2022, 9:14 a.m., Published: Oct. 11, 2022, 10:19 a.m.	Vulnerabilities: os command injection, cross-site scripting, path traversal...

Affected products	External IDs

ICS/OT/SCADA Impacting Vulnerability - Microsoft to Force DCOM Patch in March, Could Shutdown ICS/OT/SCADA Devices \| WaterISAC Trust: 3.75 Fetched: Dec. 23, 2022, 9:20 a.m., Published: Dec. 22, 2022, 7:46 p.m.	Vulnerabilities: feature bypass, security feature bypass

Affected products	External IDs

Samsung updates Galaxy S10 series to December security patch Trust: 3.75 Fetched: Dec. 23, 2022, 9:19 a.m., Published: Dec. 13, 2022, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	google	model:	android
vendor:	samsung	model:	galaxy s10
vendor:	samsung	model:	galaxy
vendor:	samsung	model:	samsung galaxy

New Actively Exploited Zero-Day Vulnerability Discovered in Apple Products - info database \| Vulners Related entries in the VARIoT vulnerabilities database: VAR-202201-0561, VAR-202201-0554, VAR-202208-1294, VAR-202209-0759, VAR-202202-0109, VAR-202203-1579, VAR-202208-1345, VAR-202210-1624, VAR-202212-1751, VAR-202203-1580 Trust: 4.75 Fetched: Dec. 23, 2022, 9:18 a.m., Published: Dec. 14, 2022, 3:44 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	macos
vendor:	apple	model:	webkit
vendor:	apple	model:	tvos
vendor:	apple	model:	icloud
vendor:	apple	model:	safari
vendor:	google	model:	chrome
vendor:	google	model:	google chrome

db:

NVD

ids:

CVE-2022-22587, CVE-2022-22594, CVE-2022-32894, CVE-2022-32917, CVE-2022-22620, CVE-2022-22674, CVE-2022-32893, CVE-2022-42827, CVE-2022-42856, CVE-2022-22675

Running in Place: Staying Afloat With Language-Level Vulnerability Management - CPO Magazine Trust: 3.0 Fetched: Dec. 23, 2022, 9:17 a.m., Published: Dec. 11, 2022, 10:52 a.m.	Vulnerabilities: privilege escalation

Affected products	External IDs

Chinese State Hackers Exploit Zero-Day Vulnerabilities in Citrix Networking Equipment \| Robinson+Cole Data Privacy + Security Insider - JDSupra Trust: 3.75 Fetched: Dec. 23, 2022, 9:17 a.m., Published: Dec. 19, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	citrix	model:	application delivery controller
vendor:	citrix	model:	gateway

db:

NVD

ids:

CVE-2022-27518

Fortinet Heap-Based Buffer Overflow Vulnerability - Lansweeper Trust: 4.0 Fetched: Dec. 23, 2022, 9:16 a.m., Published: Dec. 13, 2022, 3:31 p.m.	Vulnerabilities: buffer overflow

Affected products	External IDs

Cisco Reports Critical IP Phone Vulnerability \| The VeriCom Group Related entries in the VARIoT vulnerabilities database: VAR-202212-0864 Trust: 4.5 Fetched: Dec. 23, 2022, 9:14 a.m., Published: -	Vulnerabilities: code execution, denial of service

Affected products

External IDs

vendor:	cisco	model:	link layer discovery protocol
vendor:	cisco	model:	ip phone
vendor:	cisco	model:	ip phone 7800
vendor:	cisco	model:	series

db:

NVD

ids:

CVE-2022-20968

New and Actively Exploited Zero-Day Vulnerability discovered in Multiple Apple Devices - TecSec Services Ltd Related entries in the VARIoT vulnerabilities database: VAR-202212-1751 Trust: 3.75 Fetched: Dec. 23, 2022, 9:11 a.m., Published: Dec. 22, 2022, 2:44 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	webkit
vendor:	apple	model:	ipad
vendor:	apple	model:	safari
vendor:	apple	model:	iphone
vendor:	apple	model:	macos
vendor:	apple	model:	icloud

db:

NVD

ids:

CVE-2022-42856

Security Flaws in AMI BMC Can Expose Many Data Centers, Clouds to Attacks \| SecurityWeek.Com Trust: 4.5 Fetched: Dec. 23, 2022, 9:11 a.m., Published: Dec. 23, 2022, midnight	Vulnerabilities: default credentials, code execution

Affected products

External IDs

vendor:	lenovo	model:	system
vendor:	asus	model:	bmc firmware
vendor:	asus	model:	asus
vendor:	huawei	model:	huawei

db:

NVD

ids:

CVE-2022-40259, CVE-2022-40242

Security Advisory: Asus M25 NAS Vulnerability - ONEKEY Trust: 4.75 Fetched: Dec. 23, 2022, 9:10 a.m., Published: Dec. 1, 2022, 9:25 a.m.	Vulnerabilities: command injection

Affected products

External IDs

vendor:

asus

model:

asus

OESIS Framework December 06, 2022 Release - OPSWAT Related entries in the VARIoT vulnerabilities database: VAR-201903-0177, VAR-201907-0116, VAR-201903-0183, VAR-201903-0185, VAR-201903-0187, VAR-201903-0184 Trust: 3.75 Fetched: Dec. 21, 2022, 9:29 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	android
vendor:	quick heal	model:	quick heal
vendor:	palo alto networks	model:	networks
vendor:	symantec	model:	antivirus
vendor:	symantec	model:	norton
vendor:	palo	model:	networks
vendor:	quick heal technologies	model:	quick heal

db:

NVD

ids:

CVE-2018-16472, CVE-2022-3370, CVE-2022-4191, CVE-2019-6522, CVE-2022-4262, CVE-2019-5457, CVE-2022-4192, CVE-2020-25598, CVE-2022-4181, CVE-2022-4194, CVE-2022-4180, CVE-2022-4178, CVE-2022-4193, CVE-2020-3481, CVE-2022-3373, CVE-2019-6557, CVE-2019-5444, CVE-2022-4189, CVE-2022-4172, CVE-2022-4176, CVE-2022-4144, CVE-2019-6561, CVE-2022-3725, CVE-2020-15852, CVE-2022-4175, CVE-2019-6565, CVE-2022-4195, CVE-2022-4184, CVE-2022-4187, CVE-2022-4190, CVE-2022-4188, CVE-2022-4177, CVE-2022-4179, CVE-2022-4183, CVE-2019-6559, CVE-2022-4186, CVE-2022-4174, CVE-2022-4182, CVE-2017-2599

Update X.org Server 21.1.5 and Xwayland 22.1.6 with elimination of 6 vulnerabilities \| Altus Intel Trust: 3.0 Fetched: Dec. 21, 2022, 9:28 a.m., Published: Dec. 14, 2022, 6:18 a.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2022-46343, CVE-2022-46340, CVE-2022-46283, CVE-2022-46342, CVE-2022-46344, CVE-2022-46341

Update now! Google patches Android vulnerability that allows remote code execution over Bluetooth : spixnet_gmbh_official Trust: 4.5 Fetched: Dec. 21, 2022, 9:23 a.m., Published: March 21, 2022, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:

google

model:

android

Cisco Reports Critical IP Phone Vulnerability \| Absolute Computer Systems LLC Related entries in the VARIoT vulnerabilities database: VAR-202212-0864 Trust: 4.5 Fetched: Dec. 21, 2022, 9:22 a.m., Published: -	Vulnerabilities: denial of service, code execution

Affected products

External IDs

vendor:	cisco	model:	series
vendor:	cisco	model:	ip phone 7800
vendor:	cisco	model:	ip phone
vendor:	cisco	model:	link layer discovery protocol

db:

NVD

ids:

CVE-2022-20968

Apple iPhone and iPad users, here’s why you should install the latest update on your devices - Times of India Trust: 4.75 Fetched: Dec. 21, 2022, 9:21 a.m., Published: Dec. 21, 2063, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	apple	model:	safari
vendor:	apple	model:	ipad
vendor:	apple	model:	iphone
vendor:	apple	model:	itunes
vendor:	apple	model:	ipad air
vendor:	apple	model:	webkit

NSA says Chinese hackers are actively attacking flaw in widely used networking device - CyberScoop - JN-66 Data Analytics Trust: 4.75 Fetched: Dec. 21, 2022, 9:21 a.m., Published: Dec. 14, 2022, 12:15 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:

citrix

model:

application delivery controller

Cisco Reports Critical IP Phone Vulnerability \| Chicago Microsystems, Inc. \| IT Support Services in Chicago and Lake County, IL Related entries in the VARIoT vulnerabilities database: VAR-202212-0864 Trust: 4.5 Fetched: Dec. 21, 2022, 9:20 a.m., Published: -	Vulnerabilities: denial of service, code execution

Affected products

External IDs

vendor:	cisco	model:	series
vendor:	cisco	model:	ip phone 7800
vendor:	cisco	model:	ip phone
vendor:	cisco	model:	link layer discovery protocol

db:

NVD

ids:

CVE-2022-20968

Apple users urged to update devices after cyber attacks on iPads and older iPhones , Latest Tech News - The New Paper Trust: 3.0 Fetched: Dec. 21, 2022, 9:20 a.m., Published: Dec. 15, 2022, 9:10 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	safari
vendor:	apple	model:	ipad
vendor:	apple	model:	iphone
vendor:	apple	model:	ipod touch
vendor:	apple	model:	webkit
vendor:	apple	model:	ipad air

Hackers Score Nearly $1M at Device-Focused Pwn2Own Contest Trust: 3.75 Fetched: Dec. 21, 2022, 9:19 a.m., Published: Dec. 13, 2022, 3:10 p.m.	Vulnerabilities: memory corruption

Affected products

External IDs

vendor:	tp-link	model:	routers
vendor:	lexmark	model:	printer
vendor:	lexmark	model:	lexmark printer
vendor:	trend	model:	security
vendor:	samsung	model:	galaxy
vendor:	samsung	model:	mobile
vendor:	samsung	model:	samsung galaxy
vendor:	samsung	model:	printer
vendor:	samsung	model:	printers
vendor:	trend micro	model:	security

VARIoT news about IoT security