Sign-up

VARIoT news about IoT security

Günter Born on Twitter: "Serious vulnerability InRouter firmware from InHand Networks threatens robots, electricity meters, med. devices etc. https://t.co/fWa87plT2T #IoT #Security Born's Tech and Windows World" / Twitter

Trust: 3.0

Fetched: Jan. 17, 2023, 9:20 a.m., Published: Jan. 17, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-22598

Attackers deploy sophisticated Linux implant on Fortinet network security devices | CSO Online

Related entries in the VARIoT vulnerabilities database: VAR-202212-1132

Trust: 4.75

Fetched: Jan. 17, 2023, 9:20 a.m., Published: Jan. 13, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2022-42475

CVE.report on Twitter: "CVE-2023-22411 : An Out-of-Bounds Write vulnerability in Flow Processing Daemon flowd of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service #DoS . On SRX Series devices using Unified... https://t.co/ODHkw06DeE" / Twitter

Trust: 4.25

Fetched: Jan. 17, 2023, 9:18 a.m., Published: Jan. 17, 2023, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2023-22411

Novel AI for better intel reports under development at IARPA | SC Media

Trust: 3.25

Fetched: Jan. 17, 2023, 9:18 a.m., Published: Jan. 11, 2023, 5:43 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security

AMD has revealed a whole host of CPU security flaws

Trust: 3.0

Fetched: Jan. 17, 2023, 9:17 a.m., Published: Jan. 21, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

Nintendo Switch Users Alerted to Severe Vulnerability in Games

Trust: 3.0

Fetched: Jan. 17, 2023, 9:17 a.m., Published: Jan. 17, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

Rewterz Threat Advisory - ICS: Siemens S7-1500 CPU devices Vulnerability | Rewterz

Related entries in the VARIoT vulnerabilities database: VAR-202301-0605

Trust: 4.0

Fetched: Jan. 17, 2023, 9:14 a.m., Published: Jan. 13, 2023, 3:10 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: solid edge
vendor: siemens model: s7-1500 cpu
db: NVD ids: CVE-2022-38773

Binarly Discloses Multiple Firmware Vulnerabilities in Qualcomm and Lenovo ARM-based Devices - ChannelBiz UK

Related entries in the VARIoT vulnerabilities database: VAR-202301-0521

Trust: 4.5

Fetched: Jan. 17, 2023, 9:13 a.m., Published: Jan. 9, 2023, 6:43 p.m.
 Vulnerabilities: buffer overflow, code execution, memory leak...
Affected productsExternal IDs
vendor: lenovo model: thinkpad
vendor: lenovo model: updates
vendor: lenovo model: system
db: NVD ids: CVE-2022-4434, CVE-2022-40520, CVE-2022-40518, CVE-2022-40519, CVE-2022-4435, CVE-2022-4433, CVE-2022-40516, CVE-2022-40517, CVE-2022-4432

Binarly Discloses Multiple Firmware Vulnerabilities in Qualcomm and Lenovo ARM-based Devices | Morningstar

Related entries in the VARIoT vulnerabilities database: VAR-202301-0521

Trust: 4.25

Fetched: Jan. 17, 2023, 9:13 a.m., Published: Jan. 9, 2023, 6:43 p.m.
 Vulnerabilities: buffer overflow, code execution, memory leak...
Affected productsExternal IDs
vendor: lenovo model: thinkpad
vendor: lenovo model: updates
vendor: lenovo model: system
db: NVD ids: CVE-2022-4434, CVE-2022-40520, CVE-2022-40518, CVE-2022-40519, CVE-2022-4435, CVE-2022-4433, CVE-2022-40516, CVE-2022-40517, CVE-2022-4432

AMD has revealed a whole host of CPU security flaws | TechRadar

Trust: 3.0

Fetched: Jan. 17, 2023, 9:12 a.m., Published: Jan. 16, 2023, 11:51 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

What is Vulnerability Management? | Kaseya

Trust: 3.0

Fetched: Jan. 17, 2023, 9:11 a.m., Published: Jan. 12, 2023, 6:58 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs

Binarly Discloses Multiple Firmware Vulnerabilities in Qualcomm and Lenovo ARM-based Devices - Silicon UK

Related entries in the VARIoT vulnerabilities database: VAR-202301-0521

Trust: 4.25

Fetched: Jan. 15, 2023, 9:23 a.m., Published: Jan. 9, 2023, 6:43 p.m.
 Vulnerabilities: code execution, information disclosure, memory leak...
Affected productsExternal IDs
vendor: lenovo model: system
vendor: lenovo model: thinkpad
vendor: lenovo model: updates
db: NVD ids: CVE-2022-4432, CVE-2022-40518, CVE-2022-4434, CVE-2022-40519, CVE-2022-40520, CVE-2022-4435, CVE-2022-4433, CVE-2022-40516, CVE-2022-40517

Researcher Details Lexmark Printer "Zero-Day" Vulnerability

Trust: 3.5

Fetched: Jan. 15, 2023, 9:20 a.m., Published: Jan. 13, 2023, 9:39 a.m.
 Vulnerabilities: file upload bug, code execution, privilege escalation
Affected productsExternal IDs
vendor: lexmark international model: lexmark printer
vendor: lexmark international model: printer
vendor: lexmark model: lexmark printer
vendor: lexmark model: printer

Microsoft Sharepoint Server - Security Vulnerabilities in 2023

Trust: 3.75

Fetched: Jan. 15, 2023, 9:17 a.m., Published: Jan. 15, 2023, midnight
 Vulnerabilities: authentication bypass, information disclosure, memory corruption...
Affected productsExternal IDs
db: NVD ids: CVE-2021-34467, CVE-2022-38008, CVE-2020-17016, CVE-2021-43876, CVE-2022-22716, CVE-2023-21743, CVE-2021-26418, CVE-2020-16952, CVE-2020-16950, CVE-2020-17125, CVE-2021-1717, CVE-2020-16944, CVE-2021-40483, CVE-2021-31173, CVE-2021-34520, CVE-2022-29108, CVE-2021-42309, CVE-2020-17015, CVE-2021-40487, CVE-2020-17122, CVE-2022-44690, CVE-2020-17123, CVE-2020-16932, CVE-2021-38651, CVE-2021-27076, CVE-2021-1716, CVE-2022-38053, CVE-2021-31964, CVE-2020-17115, CVE-2021-31948, CVE-2020-16929, CVE-2021-28450, CVE-2022-21840, CVE-2021-31965, CVE-2022-41037, CVE-2021-31963, CVE-2022-24472, CVE-2020-16979, CVE-2022-44693, CVE-2022-41062, CVE-2021-40482, CVE-2021-40486, CVE-2022-21987, CVE-2020-17121, CVE-2020-1338, CVE-2021-1715, CVE-2023-21742, CVE-2021-40484, CVE-2021-38652, CVE-2021-1726, CVE-2022-41036, CVE-2020-16941, CVE-2021-34519, CVE-2022-35823, CVE-2021-36940, CVE-2022-21837, CVE-2020-16953, CVE-2022-41122, CVE-2021-31966, CVE-2020-16946, CVE-2021-24104, CVE-2020-17017, CVE-2021-31171, CVE-2020-16942, CVE-2021-43242, CVE-2020-17120, CVE-2020-16931, CVE-2021-34517, CVE-2022-21968, CVE-2022-41061, CVE-2020-16945, CVE-2022-41103, CVE-2021-1719, CVE-2020-17127, CVE-2021-1641, CVE-2023-21744, CVE-2021-24071, CVE-2020-17061, CVE-2021-28474, CVE-2022-41060, CVE-2021-27052, CVE-2020-16951, CVE-2020-16948, CVE-2020-17060, CVE-2020-17118, CVE-2022-41038, CVE-2022-37961, CVE-2021-28478, CVE-2021-31181, CVE-2021-41344, CVE-2021-42320, CVE-2021-31950, CVE-2021-24066, CVE-2020-17089, CVE-2020-1218, CVE-2021-28453, CVE-2020-16930, CVE-2021-31172, CVE-2022-30159, CVE-2021-42294, CVE-2021-1707, CVE-2022-30157, CVE-2021-1712, CVE-2022-30172, CVE-2022-30171, CVE-2021-34468, CVE-2022-38009, CVE-2021-26420, CVE-2022-22005, CVE-2020-17129, CVE-2020-17128, CVE-2021-24072, CVE-2022-30158

Multiple Vulnerabilities in Qualcomm and Lenovo ARM-based Devices

Related entries in the VARIoT vulnerabilities database: VAR-202301-0521

Trust: 4.25

Fetched: Jan. 15, 2023, 9:16 a.m., Published: Jan. 15, 2023, midnight
 Vulnerabilities: code execution, information disclosure, buffer overflow
Affected productsExternal IDs
vendor: lenovo model: system
vendor: lenovo model: thinkpad
vendor: lenovo model: updates
db: NVD ids: CVE-2022-4432, CVE-2022-40518, CVE-2022-4434, CVE-2022-40519, CVE-2022-40520, CVE-2022-4435, CVE-2022-4433, CVE-2022-40516, CVE-2022-40517, CVE-2022-3431, CVE-2022-3430

What are Zero-day Exploits and Vulnerabilities?

Trust: 3.25

Fetched: Jan. 15, 2023, 9:15 a.m., Published: Feb. 3, 2022, noon
 Vulnerabilities: denial of service, privilege escalation
Affected productsExternal IDs
vendor: apple model: webkit
vendor: google model: google chrome
vendor: google model: chrome

ETIC Telecom Remote Access Server (RAS) | CISA

Trust: 4.75

Fetched: Jan. 15, 2023, 9:12 a.m., Published: Jan. 1, 2023, midnight
 Vulnerabilities: path traversal, privilege escalation, directory traversal
Affected productsExternal IDs
db: NVD ids: CVE-2022-40981, CVE-2022-41607, CVE-2022-3703

Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Vulnerabilities

Trust: 3.0

Fetched: Jan. 15, 2023, 9:12 a.m., Published: Jan. 11, 2023, 3:47 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: service management
vendor: cisco model: rv016
vendor: cisco model: cisco small business
vendor: cisco model: rv082
vendor: cisco model: small business
vendor: cisco model: rv042g
vendor: cisco model: rv042
vendor: cisco model: routers

InHand Networks InRouter | CISA

Trust: 4.5

Fetched: Jan. 15, 2023, 9:11 a.m., Published: -
 Vulnerabilities: improper access control, command injection, code execution...
Affected productsExternal IDs
db: NVD ids: CVE-2023-22601, CVE-2023-22598, CVE-2023-22597, CVE-2023-22599, CVE-2023-22600

11 BEST Web Vulnerability Scanner (Website Scanning Tools)

Trust: 4.25

Fetched: Jan. 13, 2023, 9:27 a.m., Published: Dec. 23, 2022, 5:58 a.m.
 Vulnerabilities: injection attack, cross-site scripting, sql injection
Affected productsExternal IDs
vendor: zoho model: manageengine vulnerability manager plus
vendor: tripwire model: ip360
vendor: google model: android