Sign-up

VARIoT news about IoT security

18 zero-day flaws impact Samsung Android handsets, wearables and telematics | SC Media

Trust: 5.75

Fetched: April 16, 2023, 9:15 a.m., Published: March 17, 2023, 12:43 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
vendor: samsung model: mobile
vendor: samsung model: exynos
vendor: samsung model: mobile devices
db: NVD ids: CVE-2023-26074, CVE-2023-26075, CVE-2023-26076, CVE-2023-26072, CVE-2023-26073, CVE-2023-24033

Suspected Chinese hackers exploit vulnerability in Fortinet devices

Related entries in the VARIoT vulnerabilities database: VAR-202212-1132

Trust: 3.75

Fetched: April 16, 2023, 9:15 a.m., Published: Jan. 21, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2022-42475

Monitoring Device Lifecycle and Vulnerabilities Using Advisor - Infoblox NIOS 8.5 - Infoblox Documentation Portal

Trust: 3.0

Fetched: April 16, 2023, 9:15 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: infoblox model: nios

Cisco DNA Center Privilege Escalation Vulnerability

Trust: 4.75

Fetched: April 16, 2023, 9:14 a.m., Published: March 22, 2023, 3:49 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: cisco model: dna center

Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities

Trust: 4.5

Fetched: April 16, 2023, 9:14 a.m., Published: April 11, 2023, 11:20 a.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
vendor: cisco model: prime infrastructure
vendor: cisco model: evolved programmable network manager
vendor: cisco model: cisco prime infrastructure
vendor: cisco model: cisco evolved programmable network manager
db: NVD ids: CVE-2023-20129, CVE-2023-20130, CVE-2023-20127, CVE-2023-20131

Security Advisory: Multiple Vulnerabilities in NetModule Routers - ONEKEY

Trust: 3.25

Fetched: April 16, 2023, 9:13 a.m., Published: Feb. 24, 2023, 9:02 a.m.
 Vulnerabilities: path traversal, command execution, command injection
Affected productsExternal IDs
vendor: asus model: routers
vendor: asus model: router
vendor: asus model: asus

OESIS Framework March 30, 2023 Release - OPSWAT

Trust: 3.0

Fetched: April 14, 2023, 9:27 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-47502, CVE-2022-38745, CVE-2022-42334, CVE-2018-1000620, CVE-2022-42333, CVE-2022-42332

Three vulnerabilities found in Wyze Cam devices allow for outside access - rxrhngwweqb

Trust: 3.5

Fetched: April 14, 2023, 9:24 a.m., Published: March 30, 2023, 4:33 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: home
vendor: ring model: video doorbell

Three vulnerabilities found in Wyze Cam devices allow for outside access - xebvtwqnxve

Trust: 3.75

Fetched: April 14, 2023, 9:24 a.m., Published: March 30, 2023, 2:20 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: mesh model: mesh

Gadgets: A benchmark test uncovered some critical vulnerabilities in thousands of QNAP devices

Trust: 3.0

Fetched: April 14, 2023, 9:22 a.m., Published: April 5, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-27597, CVE-2022-27598

Android April 2023 Security Updates fix several critical vulnerabilities - gHacks Tech News

Trust: 4.5

Fetched: April 14, 2023, 9:20 a.m., Published: April 4, 2023, 4:42 a.m.
 Vulnerabilities: code execution, denial of service, information disclosure
Affected productsExternal IDs
vendor: google model: android
vendor: google model: wifi

Stay Safe from Silent Cyberattacks on IoT Devices | S & O Computers, LLC

Trust: 3.0

Fetched: April 14, 2023, 9:20 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs

QuaDream Spyware Targeted iPhones with Malicious Calendar Invites • iPhone in Canada Blog

Trust: 3.0

Fetched: April 14, 2023, 9:19 a.m., Published: April 11, 2023, 9:44 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone

CISA Issues Warnings on Seven New Exploited Vulnerabilities -- Campus Technology

Trust: 5.5

Fetched: April 14, 2023, 9:19 a.m., Published: April 10, 2023, midnight
 Vulnerabilities: code execution, memory leak, information disclosure...
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: ipad
vendor: apple model: ipad air
vendor: apple model: iphone
vendor: apple model: macos
db: NVD ids: CVE-2023-28205, CVE-2023-28206, CVE-2021-27877, CVE-2023-26083, CVE-2021-27876, CVE-2021-27878, CVE-2019-1388

CISA Warns: Patch Apple Zero-Day Vulnerabilities Until May

Trust: 5.75

Fetched: April 14, 2023, 9:18 a.m., Published: April 11, 2023, 10:29 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: safari
vendor: apple model: ipad
vendor: apple model: ipad air
vendor: apple model: iphone
vendor: apple model: ipod touch
vendor: apple model: macos
db: NVD ids: CVE-2023-28205, CVE-2023-28206

Protect Your Devices from Zero-Day Vulnerabilities: Apple’s Latest Security Update Explained | TAC Security

Trust: 4.5

Fetched: April 14, 2023, 9:18 a.m., Published: April 12, 2023, 10:05 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: macos
vendor: apple model: safari
db: NVD ids: CVE-2023-28205, CVE-2023-28206

Apple Rolls Out Zero-Day Patches to Older iOS, macOS Devices - SecurityWeek

Trust: 5.75

Fetched: April 14, 2023, 9:17 a.m., Published: April 11, 2023, 11:29 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android
vendor: google model: chrome
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: macos
db: NVD ids: CVE-2023-28205, CVE-2023-28206

Microsoft April Patch Tuesday | Spiceworks - Spiceworks

Trust: 4.25

Fetched: April 14, 2023, 9:17 a.m., Published: -
 Vulnerabilities: code execution, information disclosure, feature bypass...
Affected productsExternal IDs
vendor: trend micro model: security
vendor: trend model: security
db: NVD ids: CVE-2023-28252, CVE-2023-28250, CVE-2023-21552, CVE-2023-23376, CVE-2023-21554

Cisco Patches High-Severity Vulnerabilities in IOS Software - SecurityWeek

Trust: 5.75

Fetched: April 14, 2023, 9:17 a.m., Published: March 23, 2023, 3:12 p.m.
 Vulnerabilities: privilege escalation, path traversal
Affected productsExternal IDs
vendor: cisco model: iox application
vendor: cisco model: ios software
vendor: cisco model: ip phones
vendor: cisco model: sd-wan
vendor: cisco model: wireless lan controllers
vendor: cisco model: sd-wan vmanage
vendor: cisco model: ios xe
vendor: cisco model: dna center
vendor: cisco model: sd-wan vmanage software
vendor: cisco model: routers
vendor: cisco model: catalyst
vendor: cisco model: wireless access point
vendor: cisco model: ios xe software
vendor: cisco model: firepower threat defense
vendor: cisco model: firepower
vendor: cisco model: series switches
vendor: cisco model: adaptive security appliance
vendor: cisco model: series
vendor: cisco model: ios xe sd-wan software
db: NVD ids: CVE-2023-20080, CVE-2023-20027, CVE-2023-20067, CVE-2023-20035, CVE-2023-20072, CVE-2023-20065

Android phones vulnerable to remote hacking - update right now | Tom's Guide

Trust: 5.5

Fetched: April 14, 2023, 9:15 a.m., Published: April 6, 2023, 2:52 p.m.
 Vulnerabilities: code execution, memory corruption
Affected productsExternal IDs
vendor: samsung model: android phone
vendor: google model: android
vendor: oneplus model: one
vendor: motorola model: motorola
vendor: motorola model: android
vendor: essential model: phone
db: NVD ids: CVE-2023-21096, CVE-2023-21085, CVE-2022-38181