Sign-up

VARIoT news about IoT security

Cisco Working on Patch for Publicly Disclosed IP Phone Vulnerability - SecurityWeek

Related entries in the VARIoT vulnerabilities database: VAR-202212-0864

Trust: 4.5

Fetched: Jan. 26, 2023, 10 a.m., Published: Dec. 9, 2022, midnight
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
vendor: cisco model: identity services engine
vendor: cisco model: series
vendor: cisco model: ip phone
vendor: cisco model: ip phones
db: NVD ids: CVE-2022-20968

Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats

Trust: 4.25

Fetched: Jan. 26, 2023, 9:58 a.m., Published: Jan. 24, 2023, 1:24 p.m.
 Vulnerabilities: denial of service, command execution, arbitrary command execution...
Affected productsExternal IDs
vendor: d-link model: router
vendor: realtek model: realtek sdk
vendor: netgear model: router
vendor: asus model: asus
vendor: asus model: routers
vendor: asus model: router
vendor: palo model: firewall
vendor: palo model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: belkin model: router
db: NVD ids: CVE-2021-35394

System BIOS komputera Alienware Aurora Ryzen Edition | Szczegóły sterownika | Dell Polska

Trust: 3.25

Fetched: Jan. 24, 2023, 9:51 a.m., Published: Jan. 16, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: bios

Apple fixes actively exploited iOS zero-day on older iPhones, iPads - Security & Privacy News - Nsane Forums

Related entries in the VARIoT vulnerabilities database: VAR-202212-1751

Trust: 4.75

Fetched: Jan. 24, 2023, 9:51 a.m., Published: Jan. 23, 2023, 7:48 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: watchos
vendor: apple model: ipod touch
vendor: apple model: ipad air
vendor: apple model: ipad
vendor: apple model: macos
vendor: apple model: iphone
vendor: apple model: webkit
vendor: apple model: safari
db: NVD ids: CVE-2022-42856

Vulnerabilities in the web interface of Juniper network devices shipped with JunOS | ValeurBit Infosec

Related entries in the VARIoT vulnerabilities database: VAR-202210-0918, VAR-202210-1013, VAR-202210-0898, VAR-202210-0815, VAR-202210-0849

Trust: 3.0

Fetched: Jan. 24, 2023, 9:50 a.m., Published: Jan. 19, 2023, 7:04 a.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2022-22242, CVE-2022-22241, CVE-2022-22246, CVE-2022-22243, CVE-2022-22245

Chinese hackers exploit zero-day vulnerabilities in networking devices | Radarr Africa

Related entries in the VARIoT vulnerabilities database: VAR-202212-1132

Trust: 4.25

Fetched: Jan. 24, 2023, 9:49 a.m., Published: Jan. 23, 2023, 7:23 a.m.
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: google model: nexus
vendor: fortigate model: fortios
db: NVD ids: CVE-2022-42475

End-of-life Cisco VPN Routers Open for RCE Attacks

Trust: 3.0

Fetched: Jan. 24, 2023, 9:48 a.m., Published: Jan. 23, 2023, 5:16 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: small business
vendor: cisco model: router
vendor: cisco model: routers
vendor: cisco model: cisco small business

All Samsung Galaxy owners must have the most recent version of the Galaxy Store installed on their devices - Bollyinside

Related entries in the VARIoT vulnerabilities database: VAR-202302-0598, VAR-202302-0502

Trust: 3.75

Fetched: Jan. 24, 2023, 9:47 a.m., Published: Jan. 23, 2023, 7:22 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: google model: google chrome
vendor: google model: chrome
vendor: samsung model: galaxy
vendor: samsung model: samsung galaxy
vendor: samsung model: notes
db: NVD ids: CVE-2023-21433, CVE-2023-21434

Chinese hackers exploit zero-day vulnerabilities in networking devices

Related entries in the VARIoT vulnerabilities database: VAR-202212-1132

Trust: 4.25

Fetched: Jan. 24, 2023, 9:47 a.m., Published: Jan. 22, 2023, 12:31 a.m.
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: google model: nexus
vendor: fortigate model: fortios
db: NVD ids: CVE-2022-42475

Cisco Patches High-Severity SQL Injection Vulnerability in Unified CM - SecurityWeek

Related entries in the VARIoT vulnerabilities database: VAR-202301-1643

Trust: 4.5

Fetched: Jan. 24, 2023, 9:47 a.m., Published: Jan. 22, 2023, 7:15 p.m.
 Vulnerabilities: sql injection, injection attack
Affected productsExternal IDs
vendor: cisco model: small business
vendor: cisco model: webex
vendor: cisco model: expressway
vendor: cisco model: asyncos software
vendor: cisco model: jabber
vendor: cisco model: telepresence video communication server
vendor: cisco model: email security appliance
vendor: cisco model: telepresence
vendor: cisco model: asyncos
vendor: cisco model: routers
vendor: cisco model: series
vendor: cisco model: expressway series
vendor: cisco model: unified communications
vendor: cisco model: unified communications manager
vendor: cisco model: unified communications manager session management edition
db: NVD ids: CVE-2023-20010

Chinese hackers exploit zero-day vulnerabilities in networking devices, Telecom News, ET Telecom

Related entries in the VARIoT vulnerabilities database: VAR-202212-1132

Trust: 4.25

Fetched: Jan. 24, 2023, 9:46 a.m., Published: Jan. 22, 2023, 12:53 p.m.
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: google model: nexus
vendor: fortigate model: fortios
db: NVD ids: CVE-2022-42475

21 Best Network Scanning Tools and Softwares (Jan 2023)

Trust: 4.5

Fetched: Jan. 24, 2023, 9:44 a.m., Published: Sept. 12, 2022, 4:13 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: paessler model: prtg network monitor
vendor: solarwinds model: network performance monitor

Many ICS flaws remain unpatched as attacks against critical infrastructure rise - ARN

Trust: 3.5

Fetched: Jan. 24, 2023, 9:44 a.m., Published: Jan. 24, 2023, midnight
 Vulnerabilities: denial of service, memory corruption, sql injection...
Affected productsExternal IDs
vendor: trend model: security

Many ICS flaws remain unpatched as attacks against critical infrastructure rise | CSO Online

Trust: 3.5

Fetched: Jan. 24, 2023, 9:43 a.m., Published: Jan. 19, 2023, midnight
 Vulnerabilities: denial of service, memory corruption, sql injection...
Affected productsExternal IDs
vendor: trend model: security

Vulnerable NetComm routers and a public PoC exploit (CVE-2022-4873, CVE-2022-4874) - Help Net Security

Trust: 4.75

Fetched: Jan. 24, 2023, 9:43 a.m., Published: Jan. 18, 2023, 2 p.m.
 Vulnerabilities: authentication bypass, buffer overflow, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2022-4874, CVE-2022-4873

Technical Advisory - Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434) - NCC Group Research

Related entries in the VARIoT vulnerabilities database: VAR-202302-0598, VAR-202302-0502

Trust: 4.5

Fetched: Jan. 24, 2023, 9:43 a.m., Published: Jan. 20, 2023, 2:48 p.m.
 Vulnerabilities: improper access control
Affected productsExternal IDs
vendor: google model: android
vendor: google model: google chrome
vendor: google model: chrome
vendor: samsung model: galaxy
db: NVD ids: CVE-2023-21433, CVE-2023-21434

Samsung patches vulnerabilities that exposed Galaxy Store to attackers - SiliconANGLE

Related entries in the VARIoT vulnerabilities database: VAR-202302-0598, VAR-202302-0502

Trust: 5.75

Fetched: Jan. 24, 2023, 9:42 a.m., Published: Jan. 24, 2023, 12:31 a.m.
 Vulnerabilities: input validation issue
Affected productsExternal IDs
vendor: samsung model: galaxy
vendor: samsung model: mobile
vendor: google model: android
vendor: google model: google chrome
vendor: google model: chrome
db: NVD ids: CVE-2023-21433, CVE-2023-21434

InHand Industrial Router Vulnerabilities Expose Internal OT Networks to Attacks - SecurityWeek

Trust: 3.5

Fetched: Jan. 24, 2023, 9:42 a.m., Published: Jan. 22, 2023, 2:28 a.m.
 Vulnerabilities: code execution, information disclosure
Affected productsExternal IDs
vendor: cisco model: router
vendor: cisco model: routers
vendor: cisco model: series
vendor: cisco model: industrial router

OpenSSL vulnerability CVE-2022-3602 (Remote Code Execution) and CVE-2022-3786 (Denial of Service) Check Point Research Update - Check Point Software

Trust: 5.5

Fetched: Jan. 24, 2023, 9:41 a.m., Published: Nov. 1, 2022, 4:51 p.m.
 Vulnerabilities: buffer overflow, denial of service, code execution
Affected productsExternal IDs
vendor: check point model: check point
db: NVD ids: CVE-2022-3786, CVE-2022-3602

INTEL-SA-00752

Related entries in the VARIoT vulnerabilities database: VAR-202211-0906, VAR-202211-0705, VAR-202211-0788, VAR-202211-0823, VAR-202211-0787

Trust: 3.75

Fetched: Jan. 24, 2023, 9:40 a.m., Published: Nov. 4, 2022, 6:53 p.m.
 Vulnerabilities: denial of service, improper access control
Affected productsExternal IDs
db: NVD ids: CVE-2022-26124, CVE-2022-32569, CVE-2022-36370, CVE-2022-37334, CVE-2022-37345, CVE-2022-33176, CVE-2021-33164, CVE-2022-38099, CVE-2022-35276, CVE-2022-36789, CVE-2022-36349, CVE-2022-21794, CVE-2022-34152