Sign-up

VARIoT news about IoT security

Apple Devices Have a Significant Vulnerability (So Here’s How to Fix It) - Quercus IT Blog | Edmonton, AB | Quercus IT

Trust: 3.0

Fetched: Jan. 22, 2023, 9:20 a.m., Published: Jan. 10, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos

Inglourious Drivers - A Journey of Finding Vulnerabilities in Drivers

Trust: 3.5

Fetched: Jan. 22, 2023, 9:14 a.m., Published: Jan. 20, 2023, midnight
 Vulnerabilities: buffer overflow, code execution, privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2022-25637

A Time of Challenge, Change, and Celebration: Ordr's Year in Review

Trust: 3.5

Fetched: Jan. 22, 2023, 9:13 a.m., Published: Dec. 30, 2022, 11 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: meeting
vendor: cisco model: series switches
vendor: cisco model: identity services engine
vendor: cisco model: series
vendor: cisco model: catalyst
vendor: cisco model: cisco identity services engine

Potential Threats to Building Automation Systems | TXOne Networks

Trust: 4.25

Fetched: Jan. 22, 2023, 9:12 a.m., Published: Dec. 27, 2022, 8:51 a.m.
 Vulnerabilities: denial of service, privilege escalation
Affected productsExternal IDs
vendor: belkin model: router
vendor: nest model: learning thermostat
vendor: trend model: security

New Bluetooth vulnerability could break privacy

Trust: 3.0

Fetched: Jan. 22, 2023, 9:11 a.m., Published: Nov. 25, 2022, midnight
 Vulnerabilities: replay attack
Affected productsExternal IDs

Over 4,000 Sophos Firewall devices vulnerable to RCE attacks

Related entries in the VARIoT vulnerabilities database: VAR-202209-1931

Trust: 4.25

Fetched: Jan. 22, 2023, 9:10 a.m., Published: -
 Vulnerabilities: authentication bypass, sql injection, code injection...
Affected productsExternal IDs
vendor: sophos model: xg firewall
vendor: sophos model: firewall
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2022-1040, CVE-2022-3236

Synology Fixes a Max Severity RCE Vulnerability in VPN Server Products

Trust: 3.75

Fetched: Jan. 22, 2023, 9:09 a.m., Published: Jan. 4, 2023, 11:28 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: synology model: synology router manager
vendor: synology model: router manager
db: NVD ids: CVE-2021-28799, CVE-2022-43931

Top 10 Hardware Vulnerabilities MSPs Should Watch Out For

Trust: 3.75

Fetched: Jan. 22, 2023, 9:09 a.m., Published: Dec. 13, 2022, 5:34 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security

Synology Issues Patch for Severe VPN Plus Server Vulnerability | NetZone Technologies

Trust: 5.5

Fetched: Jan. 20, 2023, 9:30 a.m., Published: -
 Vulnerabilities: command injection, command execution, injection attack
Affected productsExternal IDs
vendor: synology model: router manager
vendor: synology model: synology router manager
db: NVD ids: CVE-2022-43931

Critical vulnerabilities in Siemens PLC devices could allow bypass of protected boot features (CVE-2022-38773) - Help Net Security

Related entries in the VARIoT vulnerabilities database: VAR-202301-0605

Trust: 4.25

Fetched: Jan. 20, 2023, 9:29 a.m., Published: Jan. 12, 2023, 1 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: simatic
db: NVD ids: CVE-2022-38773

OS command injection vulnerabilities (Part 3) - ITZone

Trust: 3.5

Fetched: Jan. 20, 2023, 9:25 a.m., Published: Jan. 17, 2023, 7:01 a.m.
 Vulnerabilities: os command injection, command injection, command execution
Affected productsExternal IDs

Cisco Issues Warning on Security Flaws in Routers | LanSource, Inc.

Trust: 3.0

Fetched: Jan. 20, 2023, 9:24 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: router
vendor: cisco model: rv082
vendor: cisco model: small business
vendor: cisco model: rv042g
vendor: cisco model: rv016
vendor: cisco model: cisco small business
vendor: cisco model: routers
vendor: cisco model: rv042

First Security Updates from SAP for 2023 Fix Critical Vulnerabilities

Trust: 3.75

Fetched: Jan. 20, 2023, 9:23 a.m., Published: Jan. 12, 2023, 2:11 p.m.
 Vulnerabilities: sql injection, code injection
Affected productsExternal IDs

Cisco Issues Warning on Security Flaws in Routers | MG|Computer, Inc.

Trust: 3.0

Fetched: Jan. 20, 2023, 9:23 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: router
vendor: cisco model: rv082
vendor: cisco model: small business
vendor: cisco model: rv042g
vendor: cisco model: rv016
vendor: cisco model: cisco small business
vendor: cisco model: routers
vendor: cisco model: rv042

Has adoption of “connected devices” outpaced security? - Techgoondu Techgoondu

Trust: 3.0

Fetched: Jan. 20, 2023, 9:22 a.m., Published: Jan. 19, 2023, 10:39 a.m.
 Vulnerabilities: -
Affected productsExternal IDs

Over 4,000 Sophos Firewall devices vulnerable to RCE attacks | Vumetric Cyber Portal

Related entries in the VARIoT vulnerabilities database: VAR-202209-1931

Trust: 6.0

Fetched: Jan. 20, 2023, 9:22 a.m., Published: Jan. 20, 2023, midnight
 Vulnerabilities: code execution, authentication bypass, code injection
Affected productsExternal IDs
vendor: sophos model: firewall
db: NVD ids: CVE-2022-3236

The prevalence of RCE exploits and what you should know about RCEs | Tripwire

Trust: 4.5

Fetched: Jan. 20, 2023, 9:21 a.m., Published: Jan. 17, 2023, midnight
 Vulnerabilities: improper access control, code execution, privilege escalation...
Affected productsExternal IDs
vendor: imperva model: web application firewall

Cisco CX Cloud Agent Privilege Escalation Vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202301-1328, VAR-202301-1814

Trust: 5.25

Fetched: Jan. 20, 2023, 9:20 a.m., Published: Jan. 11, 2023, 3:47 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2023-20043, CVE-2023-20044

Hackers are using device monitoring software Cacti to install malware | TechRadar

Trust: 5.0

Fetched: Jan. 20, 2023, 9:19 a.m., Published: Jan. 17, 2023, 7 p.m.
 Vulnerabilities: command injection, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2022-46169

Vulnerability Management Standard | Office of the Vice Chancellor for IT and Chief Information Officer | University of Colorado Boulder

Trust: 3.0

Fetched: Jan. 20, 2023, 9:18 a.m., Published: Nov. 18, 2022, 12:52 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs