Sign-up

VARIoT news about IoT security

Chinese hackers exploit zero-day vulnerabilities in networking devices

Related entries in the VARIoT vulnerabilities database: VAR-202212-1132

Trust: 4.25

Fetched: Jan. 24, 2023, 9:47 a.m., Published: Jan. 22, 2023, 12:31 a.m.
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: google model: nexus
vendor: fortigate model: fortios
db: NVD ids: CVE-2022-42475

Cisco Patches High-Severity SQL Injection Vulnerability in Unified CM - SecurityWeek

Related entries in the VARIoT vulnerabilities database: VAR-202301-1643

Trust: 4.5

Fetched: Jan. 24, 2023, 9:47 a.m., Published: Jan. 22, 2023, 7:15 p.m.
 Vulnerabilities: sql injection, injection attack
Affected productsExternal IDs
vendor: cisco model: small business
vendor: cisco model: webex
vendor: cisco model: expressway
vendor: cisco model: asyncos software
vendor: cisco model: jabber
vendor: cisco model: telepresence video communication server
vendor: cisco model: email security appliance
vendor: cisco model: telepresence
vendor: cisco model: asyncos
vendor: cisco model: routers
vendor: cisco model: series
vendor: cisco model: expressway series
vendor: cisco model: unified communications
vendor: cisco model: unified communications manager
vendor: cisco model: unified communications manager session management edition
db: NVD ids: CVE-2023-20010

Chinese hackers exploit zero-day vulnerabilities in networking devices, Telecom News, ET Telecom

Related entries in the VARIoT vulnerabilities database: VAR-202212-1132

Trust: 4.25

Fetched: Jan. 24, 2023, 9:46 a.m., Published: Jan. 22, 2023, 12:53 p.m.
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: google model: nexus
vendor: fortigate model: fortios
db: NVD ids: CVE-2022-42475

21 Best Network Scanning Tools and Softwares (Jan 2023)

Trust: 4.5

Fetched: Jan. 24, 2023, 9:44 a.m., Published: Sept. 12, 2022, 4:13 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: paessler model: prtg network monitor
vendor: solarwinds model: network performance monitor

Many ICS flaws remain unpatched as attacks against critical infrastructure rise - ARN

Trust: 3.5

Fetched: Jan. 24, 2023, 9:44 a.m., Published: Jan. 24, 2023, midnight
 Vulnerabilities: denial of service, memory corruption, sql injection...
Affected productsExternal IDs
vendor: trend model: security

Many ICS flaws remain unpatched as attacks against critical infrastructure rise | CSO Online

Trust: 3.5

Fetched: Jan. 24, 2023, 9:43 a.m., Published: Jan. 19, 2023, midnight
 Vulnerabilities: denial of service, memory corruption, sql injection...
Affected productsExternal IDs
vendor: trend model: security

Vulnerable NetComm routers and a public PoC exploit (CVE-2022-4873, CVE-2022-4874) - Help Net Security

Trust: 4.75

Fetched: Jan. 24, 2023, 9:43 a.m., Published: Jan. 18, 2023, 2 p.m.
 Vulnerabilities: authentication bypass, buffer overflow, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2022-4874, CVE-2022-4873

Technical Advisory - Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434) - NCC Group Research

Related entries in the VARIoT vulnerabilities database: VAR-202302-0598, VAR-202302-0502

Trust: 4.5

Fetched: Jan. 24, 2023, 9:43 a.m., Published: Jan. 20, 2023, 2:48 p.m.
 Vulnerabilities: improper access control
Affected productsExternal IDs
vendor: google model: android
vendor: google model: google chrome
vendor: google model: chrome
vendor: samsung model: galaxy
db: NVD ids: CVE-2023-21433, CVE-2023-21434

Samsung patches vulnerabilities that exposed Galaxy Store to attackers - SiliconANGLE

Related entries in the VARIoT vulnerabilities database: VAR-202302-0598, VAR-202302-0502

Trust: 5.75

Fetched: Jan. 24, 2023, 9:42 a.m., Published: Jan. 24, 2023, 12:31 a.m.
 Vulnerabilities: input validation issue
Affected productsExternal IDs
vendor: samsung model: galaxy
vendor: samsung model: mobile
vendor: google model: android
vendor: google model: google chrome
vendor: google model: chrome
db: NVD ids: CVE-2023-21433, CVE-2023-21434

InHand Industrial Router Vulnerabilities Expose Internal OT Networks to Attacks - SecurityWeek

Trust: 3.5

Fetched: Jan. 24, 2023, 9:42 a.m., Published: Jan. 22, 2023, 2:28 a.m.
 Vulnerabilities: code execution, information disclosure
Affected productsExternal IDs
vendor: cisco model: router
vendor: cisco model: routers
vendor: cisco model: series
vendor: cisco model: industrial router

OpenSSL vulnerability CVE-2022-3602 (Remote Code Execution) and CVE-2022-3786 (Denial of Service) Check Point Research Update - Check Point Software

Trust: 5.5

Fetched: Jan. 24, 2023, 9:41 a.m., Published: Nov. 1, 2022, 4:51 p.m.
 Vulnerabilities: buffer overflow, denial of service, code execution
Affected productsExternal IDs
vendor: check point model: check point
db: NVD ids: CVE-2022-3786, CVE-2022-3602

INTEL-SA-00752

Related entries in the VARIoT vulnerabilities database: VAR-202211-0906, VAR-202211-0705, VAR-202211-0788, VAR-202211-0823, VAR-202211-0787

Trust: 3.75

Fetched: Jan. 24, 2023, 9:40 a.m., Published: Nov. 4, 2022, 6:53 p.m.
 Vulnerabilities: denial of service, improper access control
Affected productsExternal IDs
db: NVD ids: CVE-2022-26124, CVE-2022-32569, CVE-2022-36370, CVE-2022-37334, CVE-2022-37345, CVE-2022-33176, CVE-2021-33164, CVE-2022-38099, CVE-2022-35276, CVE-2022-36789, CVE-2022-36349, CVE-2022-21794, CVE-2022-34152

Time is Ticking on a New OpenSSL Vulnerability - Armis

Related entries in the VARIoT vulnerabilities database: VAR-201609-0352

Trust: 4.75

Fetched: Jan. 24, 2023, 9:39 a.m., Published: Oct. 29, 2022, 5:40 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: routers
db: NVD ids: CVE-2016-6309

CISA Warns of Critical Vulnerabilities in 3 Industrial Control System Software

Related entries in the VARIoT vulnerabilities database: VAR-202211-0095

Trust: 5.75

Fetched: Jan. 24, 2023, 9:39 a.m., Published: Nov. 4, 2022, 10:01 a.m.
 Vulnerabilities: file upload issue, code execution, path traversal...
Affected productsExternal IDs
vendor: nokia model: impact
db: NVD ids: CVE-2022-41607, CVE-2022-3703, CVE-2022-2483, CVE-2022-2482, CVE-2022-2484, CVE-2022-40981, CVE-2022-2969

How often should I scan for security vulnerabilities? -

Related entries in the VARIoT vulnerabilities database: VAR-202008-0248, VAR-202112-0566, VAR-202108-1914

Trust: 3.0

Fetched: Jan. 24, 2023, 9:38 a.m., Published: Oct. 25, 2022, 3:41 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2020-1472, CVE-2021-21972, CVE-2021-26855, CVE-2021-44228, CVE-2021-36942

Old vulnerabilities in Cisco products actively exploited in the wildSecurity Affairs

Related entries in the VARIoT vulnerabilities database: VAR-201709-0655, VAR-201803-1387, VAR-201803-1369, VAR-201802-0594

Trust: 4.75

Fetched: Jan. 24, 2023, 9:38 a.m., Published: Dec. 19, 2022, 9:07 p.m.
 Vulnerabilities: buffer overflow, command injection
Affected productsExternal IDs
vendor: cisco model: nx-os
vendor: cisco model: ios xe software
vendor: cisco model: ios software
vendor: cisco model: rv132w
vendor: cisco model: cisco hyperflex
vendor: cisco model: cisco ios
vendor: cisco model: rv134w
vendor: cisco model: routers
vendor: cisco model: ios xe
vendor: cisco model: cisco ios xe
vendor: cisco model: hyperflex
db: NVD ids: CVE-2017-12240, CVE-2021-1497, CVE-2018-0171, CVE-2018-0147, CVE-2018-0125

Cisco identifies vulnerabilities in Identity Services Engine | IT World Canada News

Related entries in the VARIoT vulnerabilities database: VAR-202211-0845, VAR-202211-1027, VAR-202211-0352, VAR-202211-1056, VAR-202211-1102, VAR-202211-1003

Trust: 5.5

Fetched: Jan. 24, 2023, 9:37 a.m., Published: Nov. 28, 2022, 4:46 p.m.
 Vulnerabilities: request forgery, cross-site request forgery, cross-site scripting
Affected productsExternal IDs
vendor: cisco model: identity services engine
vendor: cisco model: network access control
vendor: cisco model: cisco identity services engine
vendor: cisco systems model: identity services engine
vendor: cisco systems model: network access control
vendor: cisco systems model: cisco identity services engine
db: NVD ids: CVE-2022-20963, CVE-2022-20965, CVE-2022-20961, CVE-2022-20964, CVE-2022-20967, CVE-2022-20966

A vulnerability in the Device Management Servlet... · CVE-2023-20020 · GitHub Advisory Database · GitHub

Related entries in the VARIoT vulnerabilities database: VAR-202301-0887

Trust: 5.25

Fetched: Jan. 24, 2023, 9:36 a.m., Published: Jan. 20, 2023, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2023-20020

11 Reports and Vulnerability Management - Greenbone Enterprise Appliance 22.04.6 documentation

Trust: 3.5

Fetched: Jan. 24, 2023, 9:34 a.m., Published: Jan. 11, 2023, midnight
 Vulnerabilities: sql injection, code execution, traversal attack
Affected productsExternal IDs
vendor: trend model: security

Critical OpenSSL vulnerability causes security industry to hold its breath | Cybersecurity Dive

Trust: 3.0

Fetched: Jan. 24, 2023, 9:28 a.m., Published: Nov. 1, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: check point model: check point