Sign-up

VARIoT news about IoT security

New DDoS amplification vector could enable massive attacks | CSO Online

Trust: 3.75

Fetched: April 28, 2023, 9:26 a.m., Published: April 25, 2023, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2023-29552, CVE-2021-21974

New high-severity vulnerability (CVE-2023-29552) discovered in the Service Location Protocol (SLP) | Bitsight

Trust: 3.75

Fetched: April 28, 2023, 9:24 a.m., Published: April 25, 2023, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2023-29552

Exploring a Recent Microsoft Outlook Vulnerability: CVE-2023-23397 | FortiGuard Labs

Trust: 3.0

Fetched: April 28, 2023, 9:23 a.m., Published: April 12, 2023, 7:27 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-23397

Warning: Poor Application Security Health Could Kill You

Trust: 3.75

Fetched: April 28, 2023, 9:22 a.m., Published: April 11, 2023, 9:44 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-32537

CISA adds Microsoft, Apple bugs to exploited vulnerabilities catalog

Trust: 4.75

Fetched: April 28, 2023, 9:22 a.m., Published: April 11, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: trend micro model: security
vendor: samsung model: mobile
vendor: trend model: security
vendor: apple model: webkit
vendor: apple model: ipad air
vendor: apple model: macos
vendor: apple model: iphone
vendor: apple model: safari
vendor: apple model: ipad
db: NVD ids: CVE-2023-28205, CVE-2022-37969, CVE-2023-28206, CVE-2023-28252

The Easiest Way to Secure Medical Devices and Meet FDA Standards - MedCrypt

Trust: 3.25

Fetched: April 28, 2023, 9:21 a.m., Published: April 15, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canary model: canary

Spyware vendors use exploit chains to take advantage of patch delays in mobile ecosystem | CSO Online

Related entries in the VARIoT vulnerabilities database: VAR-202108-2051, VAR-202212-1751

Trust: 5.25

Fetched: April 28, 2023, 9:20 a.m., Published: March 31, 2023, midnight
 Vulnerabilities: information leak, code execution, privilege escalation
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: safari
vendor: google model: android
vendor: google model: chrome
vendor: samsung model: mobile
vendor: avast model: antivirus
db: NVD ids: CVE-2022-3038, CVE-2021-30900, CVE-2022-38181, CVE-2022-3723, CVE-2022-4262, CVE-2023-0266, CVE-2022-22706, CVE-2022-4135, CVE-2022-42856

CISA warns of OS Command Injection vulnerability in INEA ME RTU hardware - Industrial Cyber

Trust: 3.75

Fetched: April 28, 2023, 9:20 a.m., Published: April 21, 2023, 3:16 p.m.
 Vulnerabilities: command injection, os command injection, code execution
Affected productsExternal IDs

device-mapper-multipath vulnerability CVE-2022-41973

Trust: 4.25

Fetched: April 28, 2023, 9:19 a.m., Published: -
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2022-41974, CVE-2022-41973

CISA discloses presence of ICS vulnerabilities in various Siemens products, Datakit, Mitsubishi Electric - Industrial Cyber

Trust: 4.25

Fetched: April 28, 2023, 9:18 a.m., Published: April 14, 2023, 1:29 p.m.
 Vulnerabilities: data injection, path traversal, entity injection...
Affected productsExternal IDs
vendor: hitachi model: web server
vendor: opc foundation model: local discovery server
vendor: siemens model: simatic wincc runtime professional
vendor: siemens model: tia portal
vendor: siemens model: telecontrol server basic
vendor: siemens model: modbus tcp
vendor: siemens model: simatic process historian opc ua server
vendor: siemens model: simatic wincc
vendor: siemens model: openpcs
vendor: siemens model: openpcs 7
vendor: siemens model: jt2go
vendor: siemens model: wincc
vendor: siemens model: scalance
vendor: siemens model: simatic wincc runtime
vendor: siemens model: process historian
vendor: siemens model: sicam
vendor: siemens model: siprotec
vendor: siemens model: teamcenter visualization
vendor: siemens model: simatic net
vendor: siemens model: teamcenter
vendor: siemens model: simatic
vendor: siemens model: scalance x-200irt
vendor: siemens model: siprotec 5
vendor: siemens model: simatic net pc
vendor: siemens model: scalance x-200
vendor: siemens model: simatic net pc software
vendor: siemens model: sicam a8000

Cisco Adaptive Security Appliance Software, Firepower Threat Defense Software, IOS Software, and IOS XE Software IPv6 DHCP (DHCPv6) Client Denial of Service Vulnerability - Cisco

Trust: 4.0

Fetched: April 28, 2023, 9:18 a.m., Published: April 6, 2023, 5:40 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: adaptive security appliance software
vendor: cisco model: firepower
vendor: cisco model: ios xe
vendor: cisco model: cisco ios
vendor: cisco model: firepower threat defense
vendor: cisco model: asa software
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: ios xe software
vendor: cisco model: adaptive security appliance
vendor: cisco model: cisco adaptive security appliance software
vendor: cisco model: ios software
vendor: cisco model: firepower threat defense software

How to Fix CVE-2023-22809- A High-Severity Sudo Privilege Escalation Vulnerability in QNAP NAS Devices? - The Sec Master

Trust: 4.75

Fetched: April 28, 2023, 9:17 a.m., Published: March 31, 2023, 10:30 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2023-22809

Cybersecurity Q&As

Trust: 3.0

Fetched: April 28, 2023, 9:16 a.m., Published: April 28, 4949, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: axis model: gear

Privilege Escalation Vulnerability Found in LG Device Manager - SecurityWeek

Trust: 3.25

Fetched: April 28, 2023, 9:16 a.m., Published: Feb. 18, 2019, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2019-8372

Cisco fixed severe vulnerabilities in its IOS and IOS XE softwareSecurity Affairs

Trust: 5.75

Fetched: April 28, 2023, 9:15 a.m., Published: March 23, 2023, 6:18 p.m.
 Vulnerabilities: command injection, privilege escalation, denial of service
Affected productsExternal IDs
vendor: cisco model: ios xe
vendor: cisco model: cisco ios
vendor: cisco model: iox application
vendor: cisco model: ios xe software
vendor: cisco model: ios xe sd-wan software
vendor: cisco model: cisco ios xe
vendor: cisco model: sd-wan
db: NVD ids: CVE-2023-20035, CVE-2023-20065, CVE-2023-20072, CVE-2023-20080, CVE-2023-20027

Cisco NX-OS Software CLI Command Injection Vulnerability

Trust: 4.0

Fetched: April 28, 2023, 9:15 a.m., Published: Feb. 22, 2023, 3:50 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: cisco model: cisco nx-os
vendor: cisco model: series switches
vendor: cisco model: nexus
vendor: cisco model: nx-os
vendor: cisco model: cisco nexus 9000 series
vendor: cisco model: nexus 3000
vendor: cisco model: nx-os software
vendor: cisco model: nexus 9000
vendor: cisco model: nexus 1000v
vendor: cisco model: series
vendor: cisco model: 1000v
vendor: cisco model: nexus 7000
vendor: cisco model: nexus 9000 series

Cisco StarOS Software Key-Based SSH Authentication Privilege Escalation Vulnerability

Trust: 3.75

Fetched: April 28, 2023, 9:15 a.m., Published: April 19, 2023, 3:47 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: cisco model: staros
vendor: cisco model: cisco staros

SSA-472454

Related entries in the VARIoT vulnerabilities database: VAR-202304-0672

Trust: 4.75

Fetched: April 28, 2023, 9:15 a.m., Published: April 1, 2023, midnight
 Vulnerabilities: command injection, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-28489

APT28 Exploits Known Vulnerability to Carry Out Reconnaissance and Deploy Malware on Cisco Routers | CISA

Related entries in the VARIoT vulnerabilities database: VAR-201707-0964

Trust: 3.5

Fetched: April 28, 2023, 9:14 a.m., Published: April 28, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco ios
vendor: cisco model: cisco routers
vendor: cisco model: router
vendor: cisco model: routers
db: NVD ids: CVE-2017-6742

CISA sounds alarm over Nexx smart home vulnerabilities • The Register

Trust: 3.75

Fetched: April 28, 2023, 9:14 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-1752, CVE-2023-1749, CVE-2023-1750, CVE-2023-1748, CVE-2023-1751