VARIoT latest news about IoT security

JVNVU#97099584: Multiple vulnerabilities in Buffalo network devices Related entries in the VARIoT vulnerabilities database: VAR-202212-0950, VAR-202212-0948, VAR-202212-0949 Trust: 4.75 Fetched: Dec. 18, 2022, 9:22 a.m., Published: Dec. 9, 2022, midnight	Vulnerabilities: os command injection, command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2022-43466, CVE-2022-43486, CVE-2022-43443

Alert issued to update Citrix ADC, Gateway devices \| IT World Canada News Trust: 4.75 Fetched: Dec. 18, 2022, 9:21 a.m., Published: Dec. 14, 2022, 3:55 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	citrix	model:	gateway
vendor:	citrix	model:	application delivery controller

db:

NVD

ids:

CVE-2022-27518

Patch now! Google Chrome's GPU code has a zero-day Trust: 5.5 Fetched: Dec. 18, 2022, 9:19 a.m., Published: Dec. 8, 2022, 7:15 p.m.	Vulnerabilities: buffer overflow, denial of service

Affected products

External IDs

vendor:	google	model:	home
vendor:	google	model:	google chrome
vendor:	google	model:	chrome

db:

NVD

ids:

CVE-2022-4135

CyRC Vulnerability Advisory: Remote code execution vulnerabilities in mouse and keyboard apps - Security Boulevard Trust: 4.5 Fetched: Dec. 18, 2022, 9:18 a.m., Published: Nov. 30, 2022, 1 p.m.	Vulnerabilities: weak password, code execution

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2022-45483, CVE-2022-45479, CVE-2022-45480, CVE-2022-45482, CVE-2022-45478, CVE-2022-45477, CVE-2022-45481

CVE-2022-41974- Red Hat Customer Portal Trust: 4.0 Fetched: Dec. 18, 2022, 9:17 a.m., Published: Oct. 13, 2022, 9:03 p.m.	Vulnerabilities: privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2022-41973, CVE-2022-41974

Cisco SD-WAN Arbitrary File Deletion Vulnerability - Cisco Trust: 3.0 Fetched: Dec. 18, 2022, 9:17 a.m., Published: Dec. 16, 2022, 7:38 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	sd-wan
vendor:	cisco	model:	cisco sd-wan

Moobot Uses a Fake Vulnerability - Blog - VulnCheck Related entries in the VARIoT vulnerabilities database: VAR-202205-1549, VAR-202205-1480, VAR-202205-1571, VAR-201910-0717, VAR-201909-1437, VAR-202007-1255, VAR-202007-0675, VAR-201802-0965 Trust: 5.25 Fetched: Dec. 18, 2022, 9:15 a.m., Published: Dec. 6, 2022, midnight	Vulnerabilities: command execution, command injection, authentication bypass

Affected products

External IDs

vendor:	d-link	model:	dir-816l
vendor:	d-link	model:	router

db:

NVD

ids:

CVE-2022-28955, CVE-2022-28956, CVE-2022-28958, CVE-2019-17506, CVE-2019-10891, CVE-2020-9376, CVE-2020-15894, CVE-2018-7034

Siemens Multiple Denial of Service Vulnerabilities in Industrial Products \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202212-1314, VAR-202212-1311, VAR-202212-1312, VAR-202212-1313 Trust: 4.75 Fetched: Dec. 18, 2022, 9:15 a.m., Published: Dec. 1, 2022, midnight	Vulnerabilities: improper validation, denial of service

Affected products

External IDs

vendor:	siemens	model:	simatic et 200sp
vendor:	siemens	model:	simatic s7-1500 cpu family
vendor:	siemens	model:	simatic s7-1500 software controller
vendor:	siemens	model:	simatic s7-plcsim advanced
vendor:	siemens	model:	simatic et
vendor:	siemens	model:	simatic et 200sp open controller
vendor:	siemens	model:	s7-1200 cpu
vendor:	siemens	model:	s7-1500 cpu
vendor:	siemens	model:	simatic s7-plcsim
vendor:	siemens	model:	simatic et 200sp open
vendor:	siemens	model:	tim 1531 irc
vendor:	siemens	model:	simatic drive controller family
vendor:	siemens	model:	simatic
vendor:	siemens	model:	simatic s7-1500
vendor:	siemens	model:	simatic s7-1200 cpu
vendor:	siemens	model:	simatic s7-1500 cpu
vendor:	siemens	model:	et 200sp open controller
vendor:	siemens	model:	simatic et 200sp open controller cpu 1515sp pc2
vendor:	siemens	model:	simatic s7-1200 cpu family
vendor:	siemens	model:	simatic s7-1200

db:

NVD

ids:

CVE-2021-44695, CVE-2021-44693, CVE-2021-44694, CVE-2021-40365

New Go-based Botnet Exploiting Exploiting Dozens of IoT Vulnerabilities to Expand its Network Trust: 3.0 Fetched: Dec. 16, 2022, 9:20 a.m., Published: Dec. 7, 2022, 4:03 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

d-link

model:

dns-320

CISA Alert: Veeam Backup and Replication Vulnerabilities Being Exploited in Attacks - PlanetJon Network Trust: 3.75 Fetched: Dec. 16, 2022, 9:20 a.m., Published: Dec. 16, 2022, 5:45 a.m.	Vulnerabilities: denial of service, code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2022-26501, CVE-2022-26500

The Biggest Vulnerabilities To Your Website Security 2022 Trust: 3.5 Fetched: Dec. 16, 2022, 9:18 a.m., Published: Dec. 15, 2022, 7:38 a.m.	Vulnerabilities: cross-site scripting, sql injection

Affected products	External IDs

Security researcher shows off kernel vulnerability on iPhone 14 running iOS 16.1.2 Trust: 3.0 Fetched: Dec. 16, 2022, 9:17 a.m., Published: Dec. 11, 2022, 4:50 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

iphone

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution Trust: 3.5 Fetched: Dec. 16, 2022, 9:17 a.m., Published: Dec. 14, 2022, midnight	Vulnerabilities: code execution

Affected products	External IDs

APT5 Exploits Zero-Day Vulnerability on Citrix ADC and Gateway Devices Trust: 4.75 Fetched: Dec. 16, 2022, 9:15 a.m., Published: Dec. 14, 2022, 10:43 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:

citrix

model:

gateway

db:

NVD

ids:

CVE-2022-27518

Apple Fixes Actively Exploited iPhone Zero-Day Vulnerability - Infosecurity Magazine Related entries in the VARIoT vulnerabilities database: VAR-202212-1751 Trust: 5.0 Fetched: Dec. 16, 2022, 9:15 a.m., Published: Dec. 14, 2022, 4 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	iphone
vendor:	apple	model:	safari
vendor:	apple	model:	webkit

db:

NVD

ids:

CVE-2022-42856

Apple Patches Vulnerability Being “Actively Exploited” in iPhones Related entries in the VARIoT vulnerabilities database: VAR-202212-1751 Trust: 5.75 Fetched: Dec. 16, 2022, 9:15 a.m., Published: Dec. 15, 2022, 11:43 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	ipod touch
vendor:	apple	model:	ipad air
vendor:	apple	model:	iphone
vendor:	apple	model:	ipad
vendor:	apple	model:	webkit

db:

NVD

ids:

CVE-2022-42856

Vulnerability vs. Threat vs. Risk vs… "Other" - Forescout Trust: 3.75 Fetched: Dec. 16, 2022, 9:13 a.m., Published: Nov. 2, 2022, 7:04 p.m.	Vulnerabilities: denial of service

Affected products	External IDs

Dozen High-Severity Vulnerabilities Patched in F5 Products \| SecurityWeek.Com Related entries in the VARIoT vulnerabilities database: VAR-202205-0394 Trust: 3.75 Fetched: Dec. 16, 2022, 9:11 a.m., Published: Dec. 16, 2022, midnight	Vulnerabilities: code execution, privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2022-1388

Exposure score in Defender Vulnerability Management \| Microsoft Learn Trust: 3.0 Fetched: Dec. 16, 2022, 9:11 a.m., Published: Sept. 27, 2022, 11:22 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

trend

model:

security

Cisco Secure Email and Web Manager Multiple Vulnerabilities (c... \| Tenable® Trust: 3.25 Fetched: Dec. 14, 2022, 9:26 a.m., Published: Dec. 1, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2022-20868, CVE-2022-20867

VARIoT news about IoT security