Sign-up

VARIoT news about IoT security

Android यूजर्स को सरकार ने किया अलर्ट, तुरंत अपडेट कर लें डिवाइस वरना होगा भारी नुकसान

Related entries in the VARIoT vulnerabilities database: VAR-202303-0162, VAR-202303-0155, VAR-202303-0140, VAR-202303-0115, VAR-202303-0126, VAR-202303-0137, VAR-202303-0151

Trust: 3.5

Fetched: March 28, 2023, 9:20 a.m., Published: March 26, 2023, 8:58 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: galaxy
vendor: samsung model: samsung galaxy
db: NVD ids: CVE-2022-33242, CVE-2022-33254, CVE-2023-20911, CVE-2023-20957, CVE-2023-20931, CVE-2023-20620, CVE-2023-20623, CVE-2022-33244, CVE-2023-20963, CVE-2023-20960, CVE-2022-4452, CVE-2022-20467, CVE-2023-20621, CVE-2023-20955, CVE-2023-20917, CVE-2023-20947, CVE-2022-20499, CVE-2022-22075, CVE-2023-20964, CVE-2023-20926, CVE-2022-33213, CVE-2022-40515, CVE-2023-20952, CVE-2021-33655, CVE-2022-25705, CVE-2023-20929, CVE-2023-20954, CVE-2022-33256, CVE-2022-40530, CVE-2023-20958, CVE-2022-33309, CVE-2022-47459, CVE-2022-47460, CVE-2023-20951, CVE-2022-25709, CVE-2023-20953, CVE-2023-20910, CVE-2022-33272, CVE-2022-47461, CVE-2023-20966, CVE-2022-33278, CVE-2022-40537, CVE-2023-20956, CVE-2022-47462, CVE-2022-40535, CVE-2022-40531, CVE-2022-25694, CVE-2022-40527, CVE-2023-20959, CVE-2023-20936, CVE-2023-20906, CVE-2023-20962, CVE-2022-40540

Android app from China executed 0-day exploit on millions of devices | Flagrant Malfeasance

Trust: 3.75

Fetched: March 28, 2023, 9:17 a.m., Published: March 27, 2023, 9:38 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2023-20963

Samsung UK on Twitter: "@JEM7687 Thank you for sharing that with us. Samsung takes the safety of our customers very seriously. After determining 6 vulnerabilities may potentially impact select Galaxy devices, of which none were 'severe', Samsung released security patches for 5 of these in March. (1/2) ^RR" / Twitter

Trust: 3.25

Fetched: March 28, 2023, 9:17 a.m., Published: March 28, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: galaxy

Securing Embedded Devices Running C Code: Mitigating Double Free and Use After Free Vulnerabilities - IoT Beacon

Trust: 3.5

Fetched: March 28, 2023, 9:17 a.m., Published: March 25, 2023, 9:21 a.m.
 Vulnerabilities: code execution, use after free, memory leak...
Affected productsExternal IDs

CVE.report on Twitter: "CVE-2023-1139 : Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-gateway service, which could allow deserialization of requests prior to authenticati... https://t.co/FpfyfJIfj6" / Twitter

Trust: 3.0

Fetched: March 28, 2023, 9:14 a.m., Published: March 28, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-1139

Android users Beware: CERT-in issues high severity warning for new vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202303-0162, VAR-202303-0155, VAR-202303-0140, VAR-202303-0115, VAR-202303-0126, VAR-202303-0137, VAR-202303-0151

Trust: 5.0

Fetched: March 28, 2023, 9:13 a.m., Published: March 19, 2023, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2022-33242, CVE-2022-33254, CVE-2023-20911, CVE-2023-20957, CVE-2023-20931, CVE-2023-20620, CVE-2023-20623, CVE-2022-33244, CVE-2023-20963, CVE-2023-20960, CVE-2022-4452, CVE-2022-20467, CVE-2023-20621, CVE-2023-20955, CVE-2023-20917, CVE-2023-20947, CVE-2022-20499, CVE-2022-22075, CVE-2023-20964, CVE-2023-20926, CVE-2022-33213, CVE-2022-40515, CVE-2023-20952, CVE-2021-33655, CVE-2022-25705, CVE-2023-20929, CVE-2023-20954, CVE-2022-33256, CVE-2022-40530, CVE-2023-20958, CVE-2022-33309, CVE-2022-47459, CVE-2022-47460, CVE-2023-20951, CVE-2022-25709, CVE-2023-20953, CVE-2023-20910, CVE-2022-33272, CVE-2022-47461, CVE-2023-20966, CVE-2022-33278, CVE-2022-40537, CVE-2023-20956, CVE-2022-47462, CVE-2022-40535, CVE-2022-40531, CVE-2022-25694, CVE-2022-40527, CVE-2023-20959, CVE-2023-20936, CVE-2023-20906, CVE-2023-20962, CVE-2022-40540

PSA: Make Sure to Update Older Devices to iOS 15.7.4 to Fix Actively Exploited Vulnerability - MacRumors

Trust: 3.75

Fetched: March 28, 2023, 9:12 a.m., Published: July 15, 2004, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: samsung model: notes
vendor: samsung model: note
vendor: apple model: imac
vendor: apple model: iphone
vendor: apple model: ipod touch
vendor: apple model: webkit
vendor: apple model: ipad
vendor: apple model: ipad air

Cisco IP Phone 7800 and 8800 Series Web Management Interface Authentication Bypass Vulnerability - Cisco

Trust: 3.75

Fetched: March 28, 2023, 9:11 a.m., Published: Jan. 11, 2023, 10:43 a.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: cisco model: ip phone 8821
vendor: cisco model: series
vendor: cisco model: ip phone
vendor: cisco model: wireless ip phone 8821
vendor: cisco model: ip phone 7800

Cisco ASA 5500-X Series Firewalls - Security Advisories, Responses and Notices - Cisco

Trust: 3.0

Fetched: March 28, 2023, 9:11 a.m., Published: Nov. 22, 2015, 10 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: series
vendor: cisco model: asa 5500

Cisco IOS XE Software Fragmented Tunnel Protocol Packet Denial of Service Vulnerability

Trust: 4.0

Fetched: March 28, 2023, 9:10 a.m., Published: March 22, 2023, 3:49 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: cisco ios xe
vendor: cisco model: ios xe software
vendor: cisco model: ios xe
vendor: cisco model: cisco ios

PoC exploits published for Netgear Orbi router vulnerabilities - neoSolutions

Related entries in the VARIoT vulnerabilities database: VAR-202303-1595, VAR-202303-1567, VAR-202303-1655

Trust: 5.5

Fetched: March 26, 2023, 9:13 a.m., Published: March 22, 2023, 3:05 p.m.
 Vulnerabilities: command injection, command execution
Affected productsExternal IDs
vendor: mesh model: mesh
vendor: netgear model: netgear orbi satellite
vendor: netgear model: router
vendor: netgear model: orbi
vendor: cisco model: series routers
vendor: cisco model: router
vendor: cisco model: series
vendor: cisco model: routers
db: NVD ids: CVE-2022-37337, CVE-2022-36429, CVE-2022-38458, CVE-2022-38452

Several zero day vulnerabilities are plaguing Android devices with Samsung chips, warns Google | TechRadar

Trust: 5.75

Fetched: March 26, 2023, 9:12 a.m., Published: March 17, 2023, 3:30 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: samsung model: mobile
vendor: samsung model: exynos
vendor: samsung model: mobile devices
vendor: vivo model: modems
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2023-24033

Several zero day vulnerabilities are plaguing Android…

Trust: 4.75

Fetched: March 26, 2023, 9:12 a.m., Published: March 18, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: samsung model: mobile
vendor: samsung model: exynos
vendor: samsung model: mobile devices
vendor: vivo model: modems
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2023-24033

Five Types of Network Vulnerabilities to Avoid | Exigent Technologies Exigent

Trust: 3.75

Fetched: March 26, 2023, 9:11 a.m., Published: March 22, 2023, 4:29 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: lenovo model: updates

Massive Security Vulnerabilities Found in Mobile Devices Powered by Exynos Chipsets from Samsung Semiconductor

Trust: 5.75

Fetched: March 26, 2023, 9:10 a.m., Published: March 3, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: vivo model: modem
vendor: vivo model: modems
vendor: google model: pixel
vendor: samsung model: mobile
vendor: samsung model: exynos
vendor: samsung model: samsung mobile
vendor: samsung model: mobile devices
db: NVD ids: CVE-2023-26496, CVE-2023-26498, CVE-2023-26497, CVE-2023-24033

CISA Alerts on Critical Security Vulnerabilities in Industrial Control Systems

Related entries in the VARIoT vulnerabilities database: VAR-202209-1831

Trust: 4.75

Fetched: March 26, 2023, 9:10 a.m., Published: March 22, 2023, 1:09 p.m.
 Vulnerabilities: buffer overflow, code execution, path traversal
Affected productsExternal IDs
db: NVD ids: CVE-2023-1139, CVE-2023-28756, CVE-2023-1145, CVE-2022-38742, CVE-2023-1133, CVE-2023-28755

Critical zero-day flaws put Samsung phones at risk - is yours vulnerable? | Tom's Guide

Trust: 4.5

Fetched: March 26, 2023, 9:09 a.m., Published: March 17, 2023, 4:19 p.m.
 Vulnerabilities: code execution, denial of service
Affected productsExternal IDs
vendor: samsung model: mobile
vendor: samsung model: exynos
vendor: samsung model: galaxy
vendor: samsung model: samsung galaxy
vendor: google model: pixel
db: NVD ids: CVE-2023-24033

Cisco IOS XE Software Web UI Path Traversal Vulnerability

Trust: 4.75

Fetched: March 26, 2023, 9:09 a.m., Published: March 22, 2023, 3:49 p.m.
 Vulnerabilities: path traversal
Affected productsExternal IDs
vendor: cisco model: nx-os software
vendor: cisco model: ios software
vendor: cisco model: router
vendor: cisco model: cisco ios xe
vendor: cisco model: ios xr
vendor: cisco model: ios xe
vendor: cisco model: cisco ios
vendor: cisco model: ios xe software
vendor: cisco model: nx-os
vendor: cisco model: ios xr software

Cisco IOS XE Software for Wireless LAN Controllers HTTP Client Profiling Denial of Service Vulnerability

Trust: 4.0

Fetched: March 26, 2023, 9:08 a.m., Published: March 22, 2023, 3:49 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: wireless lan controllers
vendor: cisco model: cisco ios xe
vendor: cisco model: ios xe
vendor: cisco model: cisco ios
vendor: cisco model: ios xe software

Google Pixel vulnerability allows bad actors to undo Markup screenshot edits and redactions

Trust: 3.5

Fetched: March 24, 2023, 9:18 a.m., Published: March 24, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
db: NVD ids: CVE-2023-21036