VARIoT latest news about IoT security

Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082 - Microsoft Security Blog Trust: 3.5 Fetched: Nov. 8, 2022, 11:38 a.m., Published: Oct. 1, 2022, 4:21 a.m.	Vulnerabilities: code execution, request forgery

Affected products

External IDs

db:

NVD

ids:

CVE-2022-41082, CVE-2022-41040

Nest Security Bulletin-August 2022 - Product Documentation Help Trust: 4.75 Fetched: Nov. 8, 2022, 11:38 a.m., Published: Aug. 8, 2022, midnight	Vulnerabilities: code execution, denial of service, information disclosure

Affected products

External IDs

vendor:

google

model:

home

EZVIZ - Notice about Vulnerabilities in Some EZVIZ Products 20220914 Trust: 4.75 Fetched: Nov. 8, 2022, 11:38 a.m., Published: Sept. 14, 2022, midnight	Vulnerabilities: buffer overflow, memory initialization vulnerability

Affected products

External IDs

db:

NVD

ids:

CVE-2022-2471, CVE-2022-2472

Cisco NX-OS Software OSPFv3 Denial of Service Vulnerability - Cisco Trust: 4.0 Fetched: Nov. 8, 2022, 11:37 a.m., Published: Oct. 21, 2022, 8:41 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	nx-os
vendor:	cisco	model:	nexus 3000
vendor:	cisco	model:	series
vendor:	cisco	model:	1000v
vendor:	cisco	model:	nexus 9000 series
vendor:	cisco	model:	nexus
vendor:	cisco	model:	cisco nx-os
vendor:	cisco	model:	nexus 1000v
vendor:	cisco	model:	nexus 9000
vendor:	cisco	model:	nexus 7000
vendor:	cisco	model:	series switches
vendor:	cisco	model:	nx-os software

Cisco Patches High-Severity Vulnerabilities in Business Switches \| SecurityWeek.Com Related entries in the VARIoT vulnerabilities database: VAR-202208-1879 Trust: 4.75 Fetched: Nov. 8, 2022, 11:36 a.m., Published: Nov. 8, 2022, midnight	Vulnerabilities: process crash, improper validation

Affected products

External IDs

vendor:	cisco	model:	nx-os
vendor:	cisco	model:	email security appliance
vendor:	cisco	model:	series
vendor:	cisco	model:	fxos
vendor:	cisco	model:	nexus
vendor:	cisco	model:	nx-os software
vendor:	cisco	model:	ios xr

db:

NVD

ids:

CVE-2022-20823, CVE-2022-20824, CVE-2022-20921

FBI Issues Alert on Unpatched and Outdated Medical Devices \| Healthcare Innovation Trust: 3.0 Fetched: Nov. 8, 2022, 11:36 a.m., Published: Sept. 14, 2022, midnight	Vulnerabilities: -

Affected products	External IDs

latest network devices Trust: 4.25 Fetched: Nov. 8, 2022, 10:14 a.m., Published: July 4, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	watch
vendor:	apple	model:	iphone
vendor:	apple	model:	macos
vendor:	apple	model:	itunes
vendor:	cisco	model:	routers
vendor:	cisco	model:	series
vendor:	cisco	model:	router
vendor:	cisco	model:	quad
vendor:	trend	model:	security
vendor:	trend	model:	antivirus

db:

NVD

ids:

CVE-2020-15078

Multiple Vulnerabilities Discovered in Juniper Junos OS Related entries in the VARIoT vulnerabilities database: VAR-202210-0815, VAR-202210-0792, VAR-202210-1013, VAR-202210-0849, VAR-202210-0898, VAR-202210-0918 Trust: 4.0 Fetched: Nov. 8, 2022, 10:13 a.m., Published: Nov. 1, 2022, 10:43 a.m.	Vulnerabilities: file inclusion, code execution, path traversal...

Affected products

External IDs

db:

NVD

ids:

CVE-2022-22243, CVE-2022-22244, CVE-2022-22241, CVE-2022-22245, CVE-2022-22246, CVE-2022-22242

More security vulnerabilities detected on Google Chrome, security patch released \| Deccan Herald Trust: 5.0 Fetched: Nov. 8, 2022, 10:12 a.m., Published: Nov. 1, 2022, 10:15 a.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	google chrome
vendor:	google	model:	chrome

CVE security vulnerabilities related to CWE (Common Weakness Enumeration) 319 Related entries in the VARIoT vulnerabilities database: VAR-202206-2044, VAR-202208-0251, VAR-202207-1580, VAR-202202-0685, VAR-202202-1142, VAR-202111-0671, VAR-202211-0072, VAR-202210-1889, VAR-202205-0920, VAR-202203-0059, VAR-202209-0115, VAR-202202-0307, VAR-202112-0132, VAR-202109-1063, VAR-202202-1221, VAR-202210-1430, VAR-202208-2006, VAR-202111-0013 Trust: 4.25 Fetched: Nov. 8, 2022, 10:10 a.m., Published: -	Vulnerabilities: information disclosure, request forgery, code execution...

Affected products

External IDs

vendor:	typo3	model:	typo3
vendor:	axis	model:	m1125
vendor:	axis	model:	communications
vendor:	delta	model:	diaenergie
vendor:	hitachi vantara	model:	pentaho business analytics
vendor:	hitachi vantara	model:	pentaho
vendor:	automationdirect	model:	c-more
vendor:	fiberhome	model:	routers
vendor:	fiberhome	model:	router
vendor:	moxa	model:	mxview
vendor:	hitachi	model:	web server
vendor:	hitachi	model:	vantara pentaho
vendor:	samsung	model:	note
vendor:	samsung	model:	mobile
vendor:	tp-link	model:	wr841n
vendor:	tp-link	model:	tl-wr841n
vendor:	tp-link	model:	routers
vendor:	tp-link	model:	tp-link tl-wr841n
vendor:	netgear	model:	r8000
vendor:	netgear	model:	r6400v2
vendor:	netgear	model:	r6700v3
vendor:	netgear	model:	r6900
vendor:	netgear	model:	r6900p
vendor:	netgear	model:	rs400
vendor:	netgear	model:	r7850
vendor:	netgear	model:	r6700
vendor:	netgear	model:	r7000p
vendor:	netgear	model:	router
vendor:	netgear	model:	r7000
vendor:	netgear	model:	r7900
vendor:	delta electronics	model:	diaenergie
vendor:	trend	model:	security
vendor:	node.js	model:	node.js

db:

NVD

ids:

CVE-2022-32245, CVE-2022-31204, CVE-2022-39287, CVE-2022-31046, CVE-2022-30993, CVE-2022-27619, CVE-2022-2003, CVE-2021-45104, CVE-2022-28861, CVE-2022-1524, CVE-2022-30994, CVE-2021-45735, CVE-2022-20243, CVE-2021-40392, CVE-2021-40366, CVE-2022-23105, CVE-2021-41835, CVE-2021-39882, CVE-2021-45447, CVE-2021-42948, CVE-2022-21829, CVE-2022-42916, CVE-2022-29874, CVE-2022-0988, CVE-2022-2005, CVE-2021-41849, CVE-2022-30312, CVE-2021-39272, CVE-2022-39269, CVE-2022-41636, CVE-2021-40846, CVE-2022-34371, CVE-2022-21798, CVE-2022-29519, CVE-2021-44518, CVE-2022-29733, CVE-2022-2485, CVE-2021-40847, CVE-2022-25805, CVE-2022-2338, CVE-2022-33724, CVE-2022-0162, CVE-2021-45894, CVE-2022-41983, CVE-2021-45100, CVE-2022-30115, CVE-2022-26077, CVE-2022-38846, CVE-2022-36200, CVE-2021-42699

Microsoft Defender Vulnerability Management Detects OpenSSL Flaws Trust: 3.0 Fetched: Nov. 8, 2022, 10:09 a.m., Published: Nov. 3, 2022, 8:09 a.m.	Vulnerabilities: code execution, buffer overflow

Affected products

External IDs

db:

NVD

ids:

CVE-2022-3786, CVE-2022-3602

NVD - CVE-2022-42731 Trust: 4.75 Fetched: Nov. 8, 2022, 10:07 a.m., Published: Feb. 5, 2001, midnight	Vulnerabilities: replay attack, authentication bypass

Affected products

External IDs

db:

NVD

ids:

CVE-2022-42731

Apple “zero-day” vulnerability: update your Apple devices immediately \| WFU IS Trust: 3.0 Fetched: Nov. 8, 2022, 10 a.m., Published: Aug. 19, 2022, 9:04 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	macos
vendor:	apple	model:	safari

Get all vulnerabilities \| Microsoft Learn Trust: 3.0 Fetched: Nov. 8, 2022, 9:59 a.m., Published: Oct. 19, 2022, 9:04 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2019-0608

Apple discloses security vulnerabilities in iPhones, iPads, Macs allowing 'full admin access' to devices \| Fox Business Trust: 3.0 Fetched: Nov. 8, 2022, 9:59 a.m., Published: Nov. 15, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	webkit
vendor:	apple	model:	ipad
vendor:	apple	model:	ipad air
vendor:	apple	model:	iphone
vendor:	apple	model:	ipod touch
vendor:	apple	model:	macos

Zyxel NAS Devices are Affected by a Critical RCE Vulnerability Related entries in the VARIoT vulnerabilities database: VAR-202207-1385, VAR-202207-1298 Trust: 5.5 Fetched: Nov. 8, 2022, 9:59 a.m., Published: Sept. 8, 2022, 8:10 a.m.	Vulnerabilities: directory traversal, privilege escalation, format string issue...

Affected products

External IDs

vendor:	zyxel	model:	nas542
vendor:	zyxel	model:	nas540
vendor:	zyxel	model:	nas326
vendor:	qnap	model:	photo station
vendor:	trend	model:	security

db:

NVD

ids:

CVE-2022-2030, CVE-2022-34747, CVE-2022-0823, CVE-2022-30526

80,000 Chinese-manufactured Cameras Still Vulnerable to Year-old Critical Vulnerability \| Spiceworks 1 Trust: 4.0 Fetched: Nov. 8, 2022, 9:58 a.m., Published: Aug. 25, 2022, 2:35 p.m.	Vulnerabilities: command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2021-36260

Flash Notice: Apple Fixes 8th Zero-Day Vulnerability Related entries in the VARIoT vulnerabilities database: VAR-202209-0759, VAR-202208-1294 Trust: 3.75 Fetched: Nov. 8, 2022, 9:57 a.m., Published: Nov. 8, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	webkit
vendor:	apple	model:	macos

db:

NVD

ids:

CVE-2022-32917, CVE-2022-32894

XIoT Vendors Show Progress on Discovering, Fixing Firmware Vulnerabilities \| SecurityWeek.Com Trust: 3.75 Fetched: Nov. 8, 2022, 9:56 a.m., Published: Nov. 8, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

trend

model:

security

ICS cybersecurity vulnerabilities found in Hitachi Energy, Honeywell, PTC, Sensormatic, Mitsubishi Electric, Fuji Electric, Omron equipment - Industrial Cyber Trust: 4.5 Fetched: Nov. 8, 2022, 9:56 a.m., Published: Aug. 31, 2022, 11:45 a.m.	Vulnerabilities: input validation vulnerability, code execution, os command injection...

Affected products

External IDs

vendor:	omron	model:	cx-programmer
vendor:	rockwell automation	model:	kepserver enterprise
vendor:	mitsubishi	model:	melsec iq-r
vendor:	mitsubishi	model:	melsec iq-r series
vendor:	rockwell	model:	kepserver enterprise
vendor:	trend micro	model:	security
vendor:	trend	model:	security
vendor:	honeywell	model:	experion
vendor:	mitsubishi electric	model:	melsec iq-r
vendor:	mitsubishi electric	model:	melsec iq-r series

VARIoT news about IoT security