VARIoT latest news about IoT security

Threat Advisory: High Severity OpenSSL Vulnerabilities Trust: 5.5 Fetched: Jan. 24, 2023, 9:28 a.m., Published: Nov. 1, 2022, 7:03 p.m.	Vulnerabilities: buffer overflow, denial of service, code execution

Affected products

External IDs

vendor:	clamav	model:	clamav
vendor:	cisco	model:	clamav
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	meraki mx
vendor:	cisco	model:	web security appliance
vendor:	cisco	model:	firepower
vendor:	cisco	model:	umbrella

db:

NVD

ids:

CVE-2022-3786, CVE-2022-3602

A vulnerability in dynamic access policies (DAP)... · CVE-2022-20947 · GitHub Advisory Database · GitHub Related entries in the VARIoT vulnerabilities database: VAR-202211-0561 Trust: 6.0 Fetched: Jan. 24, 2023, 9:27 a.m., Published: Nov. 16, 2022, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	firepower
vendor:	cisco	model:	firepower threat defense

db:

NVD

ids:

CVE-2022-20947

Google Accuses Spanish Security Firm of Developing Exploit Tools for Chrome And Microsoft Defender \| Spiceworks Trust: 4.75 Fetched: Jan. 24, 2023, 9:26 a.m., Published: Dec. 1, 2022, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	chrome

db:

NVD

ids:

CVE-2022-26485, CVE-2021-42298

Multiple High Severity Vulnerabilities in Cisco Products \| Q-CERT Related entries in the VARIoT vulnerabilities database: VAR-202211-0352 Trust: 5.75 Fetched: Jan. 24, 2023, 9:25 a.m., Published: -	Vulnerabilities: cross-site request forgery, improper validation, sql injection...

Affected products

External IDs

vendor:	cisco	model:	cisco web security appliance
vendor:	cisco	model:	email security appliance
vendor:	cisco	model:	cisco email security appliance
vendor:	cisco	model:	cisco identity services engine
vendor:	cisco	model:	web security appliance
vendor:	cisco	model:	identity services engine

db:

NVD

ids:

CVE-2022-20867, CVE-2022-20868, CVE-2022-20961

Configure Microsoft Defender for Endpoint on iOS features \| Microsoft Learn Trust: 3.0 Fetched: Jan. 24, 2023, 9:24 a.m., Published: Dec. 12, 2022, 11:40 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

ipad

Delta Electronics Deserialization Vulnerability - SonicWall Trust: 4.75 Fetched: Jan. 24, 2023, 9:23 a.m., Published: Nov. 23, 2022, midnight	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2022-38142

SQL Injection vulnerability in ManageEngine Password Manager Pro, PAM360 and Access Manager Plus Trust: 4.25 Fetched: Jan. 24, 2023, 9:22 a.m., Published: Jan. 24, 4305, midnight	Vulnerabilities: sql injection

Affected products	External IDs

Pair of Galaxy App Store Bugs Offer Cyberattackers Mobile Device Access Related entries in the VARIoT vulnerabilities database: VAR-202302-0598, VAR-202302-0502 Trust: 3.75 Fetched: Jan. 24, 2023, 9:22 a.m., Published: Jan. 23, 2023, 10 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	samsung	model:	galaxy
vendor:	samsung	model:	mobile

db:

NVD

ids:

CVE-2023-21433, CVE-2023-21434

Suspected Chinese Threat Actors Exploiting FortiOS Vulnerability (CVE-2022-42475) \| Mandiant Related entries in the VARIoT vulnerabilities database: VAR-202212-1132 Trust: 3.5 Fetched: Jan. 24, 2023, 9:20 a.m., Published: Jan. 30, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	sonicwall	model:	ssl-vpn
vendor:	sonicwall	model:	email security
vendor:	fortigate	model:	fortios

db:

NVD

ids:

CVE-2022-42475, CVE-2022-49475

Microsoft Uncovers macOS Flaw That Let Hackers Bypass Gatekeeper Security \| Spiceworks Related entries in the VARIoT vulnerabilities database: VAR-202212-1290 Trust: 3.5 Fetched: Jan. 24, 2023, 9:19 a.m., Published: Dec. 22, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	safari
vendor:	apple	model:	macos

db:

NVD

ids:

CVE-2022-42821

Major Vulnerability Discovered in KACE Trust: 5.5 Fetched: Jan. 24, 2023, 9:19 a.m., Published: July 3, 2019, 10:46 p.m.	Vulnerabilities: script execution, sql injection

Affected products

External IDs

vendor:	quest	model:	kace systems management appliance
vendor:	quest	model:	kace systems management
vendor:	quest kace	model:	kace systems management appliance
vendor:	quest kace	model:	kace systems management

db:

NVD

ids:

CVE-2018-0504

Binarly Discloses Multiple Firmware Vulnerabilities in Qualcomm and Lenovo ARM-based Devices \| Business Wire Related entries in the VARIoT vulnerabilities database: VAR-202301-0521 Trust: 4.5 Fetched: Jan. 24, 2023, 9:18 a.m., Published: Jan. 9, 2023, midnight	Vulnerabilities: memory leak, buffer overflow, code execution...

Affected products

External IDs

vendor:	lenovo	model:	thinkpad
vendor:	lenovo	model:	updates
vendor:	lenovo	model:	system

db:

NVD

ids:

CVE-2022-40519, CVE-2022-4433, CVE-2022-4435, CVE-2022-40518, CVE-2022-4432, CVE-2022-4434, CVE-2022-40520, CVE-2022-40516, CVE-2022-40517

Google Home Vulnerability: Eavesdropping on Conversations Trust: 3.0 Fetched: Jan. 24, 2023, 9:18 a.m., Published: Jan. 1, 2023, 7:52 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	google home
vendor:	google	model:	home

Pwning the all Google phone with a non-Google bug \| The GitHub Blog Related entries in the VARIoT vulnerabilities database: VAR-202203-0043, VAR-201910-0902 Trust: 5.5 Fetched: Jan. 24, 2023, 9:16 a.m., Published: Jan. 23, 2023, 3:05 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	trend	model:	security
vendor:	samsung	model:	notes
vendor:	samsung	model:	note
vendor:	google	model:	android
vendor:	google	model:	pixel

db:

NVD

ids:

CVE-2022-38181, CVE-2022-0847, CVE-2021-39793, CVE-2021-0920, CVE-2022-20186, CVE-2021-1048, CVE-2022-33917, CVE-2019-2215, CVE-2022-22706, CVE-2022-36449

Detecting Vulnerability on IoT Device Firmware: A Survey Trust: 4.25 Fetched: Jan. 24, 2023, 9:14 a.m., Published: Jan. 10, 2023, midnight	Vulnerabilities: authentication bypass, denial of service, information disclosure...

Affected products

External IDs

vendor:	samsung	model:	printer
vendor:	samsung	model:	printers
vendor:	samsung smartthings	model:	printer
vendor:	samsung smartthings	model:	printers

Are smart devices cyber secure? - Verity Product Trust: 3.25 Fetched: Jan. 22, 2023, 9:24 a.m., Published: Jan. 20, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	home
vendor:	google	model:	wi-fi router
vendor:	google	model:	google home

Cisco Issues Warning on Security Flaws in Routers \| Technology Partners Trust: 3.0 Fetched: Jan. 22, 2023, 9:23 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	rv016
vendor:	cisco	model:	cisco small business
vendor:	cisco	model:	small business
vendor:	cisco	model:	routers
vendor:	cisco	model:	rv042
vendor:	cisco	model:	router
vendor:	cisco	model:	rv082
vendor:	cisco	model:	rv042g

4 critical BIOS vulnerabilities affect DELL Laptops like Alienware, Inspiron, Vostro models - Cybersecurity Red Flag Related entries in the VARIoT vulnerabilities database: VAR-202301-1432 Trust: 5.75 Fetched: Jan. 22, 2023, 9:22 a.m., Published: Jan. 4, 2023, midnight	Vulnerabilities: buffer overflow, code execution, input validation vulnerability

Affected products

External IDs

vendor:

dell

model:

bios

db:

NVD

ids:

CVE-2022-34393, CVE-2022-34401, CVE-2022-34399, CVE-2022-34460

Exploits released for two Samsung Galaxy App Store vulnerabilities - Security & Privacy News - Nsane Forums Related entries in the VARIoT vulnerabilities database: VAR-202302-0598, VAR-202302-0502 Trust: 5.75 Fetched: Jan. 22, 2023, 9:22 a.m., Published: Jan. 21, 2023, 5:16 p.m.	Vulnerabilities: improper access control

Affected products

External IDs

vendor:	samsung	model:	mobile
vendor:	samsung	model:	samsung galaxy
vendor:	samsung	model:	note
vendor:	samsung	model:	mobile devices
vendor:	samsung	model:	galaxy
vendor:	google	model:	android
vendor:	google	model:	chrome

db:

NVD

ids:

CVE-2023-21433, CVE-2023-21434

Chinese hackers exploit zero-day vulnerabilities in networking devices - Articles Related entries in the VARIoT vulnerabilities database: VAR-202212-1132 Trust: 4.25 Fetched: Jan. 22, 2023, 9:22 a.m., Published: Jan. 22, 2023, 12:27 a.m.	Vulnerabilities: buffer overflow, code execution

Affected products

External IDs

vendor:	fortigate	model:	fortios
vendor:	google	model:	nexus

db:

NVD

ids:

CVE-2022-42475

VARIoT news about IoT security