Sign-up

VARIoT news about IoT security

TPM 2.0 Library Vulnerabilities May Affect Billions of IoT Devices - Cyber Security Reviews

Trust: 4.0

Fetched: March 7, 2023, 9:20 a.m., Published: March 5, 2023, 12:59 p.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2023-1018

OWASP Top 10 Vulnerabilities | Craw Cyber Security - Craw Security

Trust: 3.5

Fetched: March 7, 2023, 9:19 a.m., Published: March 6, 2023, 7:17 a.m.
 Vulnerabilities: cross-site scripting, sql injection, privilege escalation...
Affected productsExternal IDs

Billions of PCs and other devices vulnerable to newly discovered TPM 2.0 flaws | Sounds Nerdy

Trust: 4.75

Fetched: March 7, 2023, 9:18 a.m., Published: March 2, 2023, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: lenovo model: updates
vendor: lenovo model: system
db: NVD ids: CVE-2023-1018, CVE-2023-1017

Billion Devices at Risk: Two Buffer Overflow Flaws Found in TPM 2.0 Specification | Black Hat Ethical Hacking

Trust: 4.75

Fetched: March 7, 2023, 9:17 a.m., Published: March 6, 2023, 8:25 a.m.
 Vulnerabilities: information disclosure, buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2023-1018, CVE-2023-1017

Billions of PCs and other devices vulnerable to newly discovered TPM 2.0 flaws

Trust: 4.75

Fetched: March 7, 2023, 9:17 a.m., Published: March 2, 2023, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: lenovo model: updates
vendor: lenovo model: system
vendor: asus model: asus
db: NVD ids: CVE-2023-1018, CVE-2023-1017

Billions of PCs and other devices vulnerable to newly discovered TPM 2.0 flaws | Tom's Guide

Trust: 4.75

Fetched: March 7, 2023, 9:16 a.m., Published: March 6, 2023, 4:54 p.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: lenovo model: updates
vendor: lenovo model: system
db: NVD ids: CVE-2023-1018, CVE-2023-1017

About the security content of iOS 16.3.1 and iPadOS 16.3.1 - Apple Support

Related entries in the VARIoT vulnerabilities database: VAR-202302-2116, VAR-202302-1169, VAR-202302-1097

Trust: 5.5

Fetched: March 7, 2023, 9:15 a.m., Published: March 16, 2001, midnight
 Vulnerabilities: use after free, code execution
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: ipad air
vendor: apple model: iphone
vendor: apple model: webkit
vendor: google model: google chrome
vendor: google model: chrome
db: NVD ids: CVE-2023-23524, CVE-2023-23514, CVE-2023-23529

ARC Informatique PcVue (Update A) | CISA

Trust: 3.5

Fetched: March 7, 2023, 9:15 a.m., Published: Feb. 9, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: arc informatique model: pcvue
vendor: arc informatique model: informatique pcvue
db: NVD ids: CVE-2022-4311, CVE-2022-4312

Cisco NX-OS Software CLI Command Injection Vulnerability

Trust: 4.0

Fetched: March 7, 2023, 9:14 a.m., Published: Feb. 22, 2023, 3:50 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: cisco model: 1000v
vendor: cisco model: nexus
vendor: cisco model: nexus 1000v
vendor: cisco model: nx-os software
vendor: cisco model: series
vendor: cisco model: cisco nexus 9000 series
vendor: cisco model: nexus 9000 series
vendor: cisco model: nx-os
vendor: cisco model: cisco nx-os
vendor: cisco model: series switches
vendor: cisco model: nexus 7000
vendor: cisco model: nexus 3000
vendor: cisco model: nexus 9000

Sierra Wireless Airlink ACEmanager Vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-201905-0851

Trust: 5.25

Fetched: March 7, 2023, 9:13 a.m., Published: Jan. 30, 2023, midnight
 Vulnerabilities: command execution, code execution, command injection
Affected productsExternal IDs
vendor: sierra model: mp70
vendor: sierra model: rv50x
vendor: sierra model: es450
vendor: sierra model: gx450
vendor: sierra model: rv50
vendor: sierra model: aleos
vendor: sierra wireless model: mp70
vendor: sierra wireless model: rv50x
vendor: sierra wireless model: es450
vendor: sierra wireless model: gx450
vendor: sierra wireless model: rv50
vendor: sierra wireless model: aleos
db: NVD ids: CVE-2022-46650, CVE-2018-4061, CVE-2022-46649

Multiple vulnerabilities in Audiocodes Device Manager Express

Trust: 4.75

Fetched: March 7, 2023, 9:13 a.m., Published: Feb. 27, 2023, midnight
 Vulnerabilities: input validation error, cross-site scripting, sql injection...
Affected productsExternal IDs
db: NVD ids: CVE-2022-24632, CVE-2022-24629, CVE-2022-24628, CVE-2022-24631, CVE-2022-24627, CVE-2022-24630

Cisco Unified Intelligence Center Vulnerabilities

Trust: 3.0

Fetched: March 7, 2023, 9:13 a.m., Published: March 1, 2023, 3:51 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco unified intelligence center
vendor: cisco model: unified intelligence center

Cisco patches critical bugs in IP Phones | SC Media

Related entries in the VARIoT vulnerabilities database: VAR-202303-0475, VAR-202303-0357

Trust: 5.5

Fetched: March 7, 2023, 9:12 a.m., Published: March 2, 2023, 3:29 p.m.
 Vulnerabilities: code execution, command injection
Affected productsExternal IDs
vendor: cisco model: ip phone 7900 series
vendor: cisco model: ip phone
vendor: cisco model: 8831
vendor: cisco model: unified ip conference phone 8831
vendor: cisco model: unified ip conference phone
vendor: cisco model: series
vendor: cisco model: ip conference phone
vendor: cisco model: ip phones
vendor: cisco model: unified ip phone 7900 series
vendor: cisco model: unified ip phone
db: NVD ids: CVE-2023-20078, CVE-2023-20079

Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities - Cisco

Related entries in the VARIoT vulnerabilities database: VAR-202303-0357

Trust: 3.75

Fetched: March 7, 2023, 9:11 a.m., Published: March 6, 2023, 7:29 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: ip phone
vendor: cisco model: ip conference phone
vendor: cisco model: ip phones
vendor: cisco model: ip phone 7900 series
vendor: cisco model: unified ip conference phone 8831
vendor: cisco model: series
vendor: cisco model: unified ip phone
vendor: cisco model: unified ip phones
vendor: cisco model: unified ip phone 7900 series
vendor: cisco model: 8831
vendor: cisco model: unified ip conference phone
vendor: cisco model: cisco unified ip phone
db: NVD ids: CVE-2023-20079

Siemens Multiple Denial of Service Vulnerabilities in Industrial Products | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202212-1314, VAR-202212-1312, VAR-202212-1311, VAR-202212-1313

Trust: 4.75

Fetched: March 7, 2023, 9:10 a.m., Published: Jan. 13, 2023, midnight
 Vulnerabilities: denial of service, improper validation
Affected productsExternal IDs
vendor: siemens model: simatic s7-1500 cpu family
vendor: siemens model: et 200sp open controller
vendor: siemens model: simatic s7-1500 cpu
vendor: siemens model: simatic et 200sp open controller cpu 1515sp pc2
vendor: siemens model: simatic s7-1500
vendor: siemens model: simatic s7-plcsim advanced
vendor: siemens model: simatic s7-1200
vendor: siemens model: simatic s7-1200 cpu family
vendor: siemens model: simatic et 200sp
vendor: siemens model: tim 1531 irc
vendor: siemens model: simatic s7-plcsim
vendor: siemens model: simatic et 200sp open
vendor: siemens model: simatic s7-1500 software controller
vendor: siemens model: simatic
vendor: siemens model: simatic et 200sp open controller
vendor: siemens model: s7-1500 cpu
vendor: siemens model: simatic s7-1200 cpu
vendor: siemens model: s7-1200 cpu
vendor: siemens model: simatic et
vendor: siemens model: simatic drive controller family
db: NVD ids: CVE-2021-44695, CVE-2021-44694, CVE-2021-44693, CVE-2021-40365

OESIS Framework February 09, 2023 Release - OPSWAT

Trust: 4.0

Fetched: March 5, 2023, 9:25 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: ringcentral model: ringcentral
db: NVD ids: CVE-2022-42330, CVE-2023-22241, CVE-2023-0474, CVE-2023-22240, CVE-2023-22242, CVE-2023-0472, CVE-2023-0471, CVE-2022-42919, CVE-2023-0473

PlugX Trojan Disguised as Legitimate Windows Debugger Tool in Latest Attacks

Trust: 4.75

Fetched: March 5, 2023, 9:23 a.m., Published: Feb. 27, 2023, 10:04 a.m.
 Vulnerabilities: file execution
Affected productsExternal IDs
vendor: trend model: security
vendor: palo alto networks model: networks
vendor: trend micro model: security
vendor: palo model: networks

Privacy expert urges iPhone users to update devices after Apple bug discovered that can access photos - Irish Mirror Online

Related entries in the VARIoT vulnerabilities database: VAR-202302-2044, VAR-202302-2240

Trust: 4.0

Fetched: March 5, 2023, 9:22 a.m., Published: March 1, 2023, 10:18 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone
db: NVD ids: CVE-2023-23520, CVE-2023-23531

Serious Security Flaw in Cisco ClamAV Discovered | LanSource, Inc.

Trust: 3.75

Fetched: March 5, 2023, 9:21 a.m., Published: -
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: clamav model: clamav
vendor: cisco model: clamav

TPM 2.0 Library Vulnerabilities May Affect Billions of IoT Devices - Infosecurity Magazine

Trust: 3.0

Fetched: March 5, 2023, 9:20 a.m., Published: March 3, 2023, 4:30 p.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2023-1018