Sign-up

VARIoT news about IoT security

Arm’s Mali GPU driver flaws remain unpatched on Android devices

Trust: 3.5

Fetched: Dec. 14, 2022, 9:24 a.m., Published: Dec. 6, 2022, 7 a.m.
 Vulnerabilities: address disclosure, code execution, memory corruption
Affected productsExternal IDs
vendor: samsung model: android phone
vendor: samsung model: galaxy
vendor: samsung model: samsung galaxy
vendor: google model: pixel
vendor: google model: android

Critical vulnerabilities in Citrix Gateway and Application Delivery Controller devices | Mirage News

Trust: 6.0

Fetched: Dec. 14, 2022, 9:23 a.m., Published: Dec. 13, 2022, 1:05 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: citrix model: application delivery controller
vendor: citrix model: gateway
db: NVD ids: CVE-2022-27518

Android security update fixes more than 80 security vulnerabilities - including four critical | ZDNET

Related entries in the VARIoT vulnerabilities database: VAR-202212-0619

Trust: 6.0

Fetched: Dec. 14, 2022, 9:21 a.m., Published: -
 Vulnerabilities: information disclosure
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2022-20411, CVE-2022-20472, CVE-2022-20498, CVE-2022-20473, CVE-2022-23960, CVE-2022-20502, CVE-2022-20496

New Actively Exploited Zero-Day Vulnerability Discovered in Apple Products

Related entries in the VARIoT vulnerabilities database: VAR-202212-1751, VAR-202202-0109, VAR-202201-0561, VAR-202210-1624, VAR-202203-1579, VAR-202201-0554, VAR-202209-0759, VAR-202203-1580, VAR-202208-1294, VAR-202208-1345

Trust: 4.75

Fetched: Dec. 14, 2022, 9:21 a.m., Published: Dec. 14, 2022, 3:44 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome
vendor: apple model: macos
vendor: apple model: tvos
vendor: apple model: safari
vendor: apple model: icloud
vendor: apple model: webkit
db: NVD ids: CVE-2022-42856, CVE-2022-22620, CVE-2022-22587, CVE-2022-42827, CVE-2022-22674, CVE-2022-22594, CVE-2022-32917, CVE-2022-22675, CVE-2022-32894, CVE-2022-32893

Top 10 Hardware Vulnerabilities MSPs Should Watch Out For - inSOC

Trust: 3.75

Fetched: Dec. 14, 2022, 9:20 a.m., Published: Dec. 13, 2022, 5:34 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security

Cybercriminals Selling Access to Networks Compromised via Recent Fortinet Vulnerability | SecurityWeek.Com

Related entries in the VARIoT vulnerabilities database: VAR-202210-0198

Trust: 5.0

Fetched: Dec. 14, 2022, 9:20 a.m., Published: Dec. 14, 2022, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2022-40684

Vulnerability with public PoC affects Cisco IP phones, fix unavailable (CVE-2022-20968) - Help Net Security

Related entries in the VARIoT vulnerabilities database: VAR-202212-0864

Trust: 3.75

Fetched: Dec. 14, 2022, 9:18 a.m., Published: Dec. 12, 2022, 10:10 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: ip phone 8821
vendor: cisco model: ip phones
vendor: cisco model: ip phone 8800
vendor: cisco model: ip phone
vendor: cisco model: series ip phones
vendor: cisco model: series
vendor: cisco model: wireless ip phone 8821
vendor: cisco model: ip phone 7800 series
vendor: cisco model: voice vlan
vendor: cisco model: ip phone 8800 series
vendor: cisco model: ip phone 7800
vendor: cisco model: link layer discovery protocol
db: NVD ids: CVE-2022-20968

Access Denied

Trust: 3.25

Fetched: Dec. 14, 2022, 9:12 a.m., Published: Dec. 18, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: citrix model: gateway

KB4073757-Protect Windows devices against silicon-based microarchitectural and speculative execution side-channel vulnerabilities - Microsoft Support

Related entries in the VARIoT vulnerabilities database: VAR-201806-1505

Trust: 4.75

Fetched: Dec. 14, 2022, 9:12 a.m., Published: Feb. 28, 2020, midnight
 Vulnerabilities: information disclosure
Affected productsExternal IDs
vendor: google model: home
vendor: google model: android
vendor: google model: chrome
db: NVD ids: CVE-2019-1125, CVE-2018-3665

ERROR: The request could not be satisfied

Trust: 3.25

Fetched: Dec. 14, 2022, 9:11 a.m., Published: -
 Vulnerabilities: configuration error
Affected productsExternal IDs

Sensors | Free Full-Text | Robust Financial Fraud Alerting System Based in the Cloud Environment

Trust: 3.5

Fetched: Dec. 13, 2022, 9:20 a.m., Published: Jan. 13, 2022, midnight
 Vulnerabilities: denial of service, buffer overflow, sql injection
Affected productsExternal IDs
vendor: trend model: security

Nozomi throws light on security vulnerabilities found in Winbox payload protocol used to configure MikroTik devices - Industrial Cyber

Related entries in the VARIoT vulnerabilities database: VAR-201808-0384

Trust: 4.25

Fetched: Dec. 13, 2022, 9:16 a.m., Published: Dec. 12, 2022, 11:23 a.m.
 Vulnerabilities: brute force attack, path traversal
Affected productsExternal IDs
vendor: mikrotik model: mikrotik router
vendor: mikrotik model: mikrotik routers
vendor: mikrotik model: winbox
vendor: mikrotik model: routeros
vendor: mikrotik model: router
vendor: mikrotik model: routers
vendor: microtik model: mikrotik router
vendor: microtik model: mikrotik routers
vendor: microtik model: winbox
vendor: microtik model: routeros
vendor: microtik model: router
vendor: microtik model: routers
db: NVD ids: CVE-2018-14847

Cyber Security Asean

Trust: 3.75

Fetched: Dec. 13, 2022, 9:15 a.m., Published: Dec. 13, 2022, midnight
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs

Microsoft Edge Browser - Security Vulnerabilities in 2022

Trust: 5.25

Fetched: Dec. 13, 2022, 9:14 a.m., Published: Dec. 13, 2022, midnight
 Vulnerabilities: memory corruption, use after free, feature bypass...
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: android
vendor: google model: google chrome
db: NVD ids: CVE-2021-26436, CVE-2018-1022, CVE-2018-8139, CVE-2018-8133, CVE-2021-30624, CVE-2021-21157, CVE-2018-0953, CVE-2020-17153, CVE-2020-1195, CVE-2018-0955, CVE-2022-33649, CVE-2021-30617, CVE-2021-30611, CVE-2018-8123, CVE-2018-8114, CVE-2021-21141, CVE-2018-1021, CVE-2021-30610, CVE-2021-30609, CVE-2022-44708, CVE-2021-30614, CVE-2022-41115, CVE-2018-8122, CVE-2021-33741, CVE-2022-33680, CVE-2018-0943, CVE-2021-24113, CVE-2021-30607, CVE-2018-8130, CVE-2018-1025, CVE-2018-0951, CVE-2018-8358, CVE-2021-30622, CVE-2021-30613, CVE-2022-4135, CVE-2022-38012, CVE-2021-30618, CVE-2021-30615, CVE-2021-30608, CVE-2021-30621, CVE-2021-30620, CVE-2018-8388, CVE-2018-0954, CVE-2018-0945, CVE-2020-16884, CVE-2018-8137, CVE-2021-30606, CVE-2018-8177, CVE-2021-38669, CVE-2021-24100, CVE-2018-8128, CVE-2022-33636, CVE-2021-36930, CVE-2018-8178, CVE-2018-8179, CVE-2022-35796, CVE-2022-33639, CVE-2021-30616, CVE-2021-30612, CVE-2021-21140, CVE-2021-30623, CVE-2018-8383, CVE-2018-0946, CVE-2018-8145, CVE-2018-8112, CVE-2022-41035, CVE-2021-30619, CVE-2022-44688

Cisco discloses high-severity IP phone vulnerability - Techzine Europe

Related entries in the VARIoT vulnerabilities database: VAR-202007-1057

Trust: 3.75

Fetched: Dec. 13, 2022, 9:13 a.m., Published: Dec. 12, 2022, 8:28 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: series
vendor: cisco model: ip phone 7800
vendor: cisco model: ip phone 7800 series
vendor: cisco model: ip phone 8800 series
vendor: cisco model: ip phone 8800
vendor: cisco model: ip phone
db: NVD ids: CVE-2020-3452

Microsoft Patches Vulnerability Allowing Full Access to Azure Service Fabric Clusters | SecurityWeek.Com

Trust: 4.25

Fetched: Dec. 13, 2022, 9:12 a.m., Published: Dec. 13, 2022, midnight
 Vulnerabilities: cross-site scripting, code execution
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo model: networks
db: NVD ids: CVE-2022-35829

List vulnerabilities by software | Microsoft Learn

Trust: 3.75

Fetched: Dec. 13, 2022, 9:12 a.m., Published: Oct. 19, 2022, 9:04 p.m.
 Vulnerabilities: security feature bypass, feature bypass
Affected productsExternal IDs
db: NVD ids: CVE-2017-0140

Omron PLC Vulnerability Exploited by Sophisticated ICS Malware | SecurityWeek.Com

Related entries in the VARIoT vulnerabilities database: VAR-202207-0037, VAR-202207-0036

Trust: 3.75

Fetched: Dec. 13, 2022, 9:11 a.m., Published: Dec. 13, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: omron model: omron plc
db: NVD ids: CVE-2022-34151, CVE-2022-33208, CVE-2022-33971

Cisco discloses high-severity IP phone zero-day with exploit code

Related entries in the VARIoT vulnerabilities database: VAR-202212-0864

Trust: 4.5

Fetched: Dec. 13, 2022, 9:10 a.m., Published: -
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
vendor: cisco model: link layer discovery protocol
vendor: cisco model: series
vendor: cisco model: ip phone 7800
vendor: cisco model: voice vlan
vendor: cisco model: ip phones
vendor: cisco model: ip phone
db: NVD ids: CVE-2022-20968

Vulnerability Database

Trust: 4.0

Fetched: Dec. 13, 2022, 9:10 a.m., Published: -
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2022-45797