Sign-up

VARIoT news about IoT security

Apple Data Breaches: Full Timeline Through 2022

Trust: 3.5

Fetched: Nov. 20, 2022, 9:15 a.m., Published: Oct. 3, 2022, 5:48 p.m.
 Vulnerabilities: brute force attack
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: ipad
vendor: apple model: webkit
vendor: apple model: safari
vendor: apple model: icloud
vendor: apple model: iphone

Products, Solutions, and Services - Cisco

Trust: 3.25

Fetched: Nov. 20, 2022, 9:11 a.m., Published: Nov. 16, 2022, 2:44 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: technical support

New Lenovo Notebook Models Affected By UEFI Firmware Vulnerabilities | IT Security News

Trust: 4.0

Fetched: Nov. 18, 2022, 9:18 a.m., Published: Nov. 10, 2022, 5:46 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: lenovo model: yoga
vendor: lenovo model: notebook

High Severity Vulnerabilities Reported in F5 BIG-IP and BIG-IQ Devices - Cypro

Related entries in the VARIoT vulnerabilities database: VAR-202210-1013

Trust: 4.0

Fetched: Nov. 18, 2022, 9:17 a.m., Published: Nov. 17, 2022, 6:58 a.m.
 Vulnerabilities: buffer overrun, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2022-3786, CVE-2022-22241, CVE-2022-3602

High Severity Vulnerabilities Reported in F5 BIG-IP and BIG-IQ Devices - iHash

Related entries in the VARIoT vulnerabilities database: VAR-202211-1118, VAR-202211-1139

Trust: 5.0

Fetched: Nov. 18, 2022, 9:16 a.m., Published: Nov. 17, 2022, 6:58 a.m.
 Vulnerabilities: request forgery, security bypass, code execution...
Affected productsExternal IDs
db: NVD ids: CVE-2022-41800, CVE-2022-41622

Google Pixel Smartphone Vulnerability Allows Users to Bypass Lock Screen

Trust: 3.5

Fetched: Nov. 18, 2022, 9:16 a.m., Published: Nov. 17, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2022-20465

New Vulnerabilities Tuesday 15 November - CND News and Blog

Trust: 4.75

Fetched: Nov. 18, 2022, 9:14 a.m., Published: Nov. 15, 2022, midnight
 Vulnerabilities: arbitrary command execution, authentication vulnerability, command execution...
Affected productsExternal IDs
vendor: phoenix contact model: mguard

High Severity Vulnerabilities Reported in F5 BIG-IP and BIG-IQ Devices

Related entries in the VARIoT vulnerabilities database: VAR-202211-1118, VAR-202211-1139

Trust: 5.0

Fetched: Nov. 18, 2022, 9:12 a.m., Published: Nov. 17, 2022, 6:58 a.m.
 Vulnerabilities: request forgery, security bypass, code execution...
Affected productsExternal IDs
db: NVD ids: CVE-2022-41800, CVE-2022-41622

PoC Published for Fortinet Vulnerability as Mass Exploitation Attempts Begin | SecurityWeek.Com

Related entries in the VARIoT vulnerabilities database: VAR-202210-0198

Trust: 5.75

Fetched: Nov. 18, 2022, 9:11 a.m., Published: Nov. 18, 2022, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2022-40684

Cisco Secure Web Appliance Content Encoding Filter Bypass Vulnerability - Cisco

Trust: 3.0

Fetched: Nov. 18, 2022, 9:11 a.m., Published: Oct. 21, 2022, 8:37 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: asyncos
vendor: cisco model: web security appliance
vendor: cisco model: cisco web security appliance
vendor: cisco model: cisco asyncos
vendor: cisco model: asyncos software

CISA reveals cyber security vulnerabilities in Siemens, Hitachi Energy, Johnson Controls, Delta Electronics - Industrial Cyber

Trust: 5.25

Fetched: Nov. 18, 2022, 9:10 a.m., Published: Oct. 26, 2022, 8:12 a.m.
 Vulnerabilities: sql injection, authentication bypass, authentication vulnerability...
Affected productsExternal IDs
vendor: trend micro model: security
vendor: trend model: security
vendor: delta model: diaenergie
vendor: delta electronics model: diaenergie

Appliance mode iControl REST vulnerability CVE-2022-41800

Related entries in the VARIoT vulnerabilities database: VAR-202211-1118

Trust: 4.0

Fetched: Nov. 18, 2022, 9:10 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: mesh model: mesh
db: NVD ids: CVE-2022-41800

New OpenSSL Vulnerabilities (CVE-2022-3602 and CVE-2022-3786) Are a Big Deal for IoT Devices, How Can You Stay Protected? : IOT

Trust: 3.25

Fetched: Nov. 16, 2022, 9:29 a.m., Published: March 16, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-3786, CVE-2022-3602

Project Zero: A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain

Related entries in the VARIoT vulnerabilities database: VAR-201910-0902

Trust: 5.25

Fetched: Nov. 16, 2022, 9:21 a.m., Published: Nov. 4, 2022, midnight
 Vulnerabilities: code execution, memory corruption, information leak
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
vendor: google model: chrome
vendor: samsung model: samsung firmware
vendor: samsung model: note
vendor: samsung model: notes
vendor: samsung model: exynos
vendor: apple model: watch
db: NVD ids: CVE-2021-25337, CVE-2021-25370, CVE-2021-25369, CVE-2019-2215

Vulnerability Spotlight: Vulnerabilities in Abode Systems home security kit could allow attacker to take over cameras, remotely disable them

Related entries in the VARIoT vulnerabilities database: VAR-202210-1549, VAR-202210-1547

Trust: 5.5

Fetched: Nov. 16, 2022, 9:20 a.m., Published: Oct. 20, 2022, 1:27 p.m.
 Vulnerabilities: heap corruption, authentication bypass, memory corruption...
Affected productsExternal IDs
vendor: google model: google home
vendor: google model: home
vendor: snort model: snort
vendor: cisco model: firepower management center
vendor: cisco model: series
vendor: cisco model: firepower
vendor: snort.org model: snort
db: NVD ids: CVE-2022-27804, CVE-2022-35244, CVE-2022-27805, CVE-2022-32775, CVE-2022-33189, CVE-2022-30541, CVE-2022-30603, CVE-2022-29472, CVE-2022-29475, CVE-2022-29477, CVE-2022-33192, CVE-2022-32773, CVE-2022-33195, CVE-2022-32574, CVE-2022-32586

Cisco Identity Services Engine Cross-Site Scripting Vulnerability - Cisco

Trust: 5.0

Fetched: Nov. 16, 2022, 9:19 a.m., Published: Nov. 15, 2022, 6:59 a.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: cisco model: cisco identity services engine
vendor: cisco model: identity services engine

Aiphone Intercom System Vulnerability Allows Hackers to Open Doors | SecurityWeek.Com

Trust: 5.0

Fetched: Nov. 16, 2022, 9:18 a.m., Published: Nov. 16, 2022, midnight
 Vulnerabilities: information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2022-40903

Research, News, and Perspectives

Related entries in the VARIoT vulnerabilities database: VAR-201912-0499

Trust: 3.5

Fetched: Nov. 16, 2022, 9:10 a.m., Published: Aug. 5, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2019-8561

Cybersecurity researcher discovers a way to bypass the lock screen on Pixel devices - ACOM TOUCH IT SOLUTION

Trust: 3.5

Fetched: Nov. 15, 2022, 9:25 a.m., Published: Nov. 15, 2022, 12:31 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: home
vendor: google model: android
db: NVD ids: CVE-2022-20465

Vulnerability device scanning block using XG firewall - Discussions - Sophos Firewall - Sophos Community

Trust: 3.0

Fetched: Nov. 15, 2022, 9:21 a.m., Published: Nov. 1, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sophos model: xg firewall