Sign-up

VARIoT news about IoT security

Vulnerability Spotlight: Vulnerabilities in Abode Systems home security kit could allow attacker to take over cameras, remotely disable them

Related entries in the VARIoT vulnerabilities database: VAR-202210-1549, VAR-202210-1547

Trust: 5.5

Fetched: Nov. 16, 2022, 9:20 a.m., Published: Oct. 20, 2022, 1:27 p.m.
 Vulnerabilities: heap corruption, authentication bypass, memory corruption...
Affected productsExternal IDs
vendor: google model: google home
vendor: google model: home
vendor: snort model: snort
vendor: cisco model: firepower management center
vendor: cisco model: series
vendor: cisco model: firepower
vendor: snort.org model: snort
db: NVD ids: CVE-2022-27804, CVE-2022-35244, CVE-2022-27805, CVE-2022-32775, CVE-2022-33189, CVE-2022-30541, CVE-2022-30603, CVE-2022-29472, CVE-2022-29475, CVE-2022-29477, CVE-2022-33192, CVE-2022-32773, CVE-2022-33195, CVE-2022-32574, CVE-2022-32586

Cisco Identity Services Engine Cross-Site Scripting Vulnerability - Cisco

Trust: 5.0

Fetched: Nov. 16, 2022, 9:19 a.m., Published: Nov. 15, 2022, 6:59 a.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: cisco model: cisco identity services engine
vendor: cisco model: identity services engine

Aiphone Intercom System Vulnerability Allows Hackers to Open Doors | SecurityWeek.Com

Trust: 5.0

Fetched: Nov. 16, 2022, 9:18 a.m., Published: Nov. 16, 2022, midnight
 Vulnerabilities: information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2022-40903

Research, News, and Perspectives

Related entries in the VARIoT vulnerabilities database: VAR-201912-0499

Trust: 3.5

Fetched: Nov. 16, 2022, 9:10 a.m., Published: Aug. 5, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2019-8561

Cybersecurity researcher discovers a way to bypass the lock screen on Pixel devices - ACOM TOUCH IT SOLUTION

Trust: 3.5

Fetched: Nov. 15, 2022, 9:25 a.m., Published: Nov. 15, 2022, 12:31 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: home
vendor: google model: android
db: NVD ids: CVE-2022-20465

Vulnerability device scanning block using XG firewall - Discussions - Sophos Firewall - Sophos Community

Trust: 3.0

Fetched: Nov. 15, 2022, 9:21 a.m., Published: Nov. 1, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sophos model: xg firewall

Vulnerability in Safari, iOS 16.1 could let hackers steal users’ sensitive data, says Cert-In - .

Trust: 3.75

Fetched: Nov. 15, 2022, 9:20 a.m., Published: Oct. 26, 2022, 9:17 a.m.
 Vulnerabilities: improper validation, use after free, improper memory handling...
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: ipad air
vendor: apple model: macos
vendor: apple model: iphone
vendor: apple model: ipad
vendor: apple model: safari

Vulnerability News | Cybersecurity Dive

Trust: 4.5

Fetched: Nov. 15, 2022, 9:20 a.m., Published: Nov. 14, 2022, midnight
 Vulnerabilities: authentication bypass, request forgery, code execution
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SNMP Denial of Service Vulnerability - Cisco

Trust: 4.0

Fetched: Nov. 15, 2022, 9:12 a.m., Published: Nov. 9, 2022, 1:37 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: firepower threat defense
vendor: cisco model: adaptive security appliance
vendor: cisco model: adaptive security appliance software
vendor: cisco model: asa software
vendor: cisco model: cisco firepower management center
vendor: cisco model: firepower
vendor: cisco model: firepower management center
vendor: cisco model: firepower threat defense software
vendor: cisco model: cisco adaptive security appliance software

Apple users advised to immediately update software for macOS, iPhone and iPad: SingCERT - CNA

Trust: 3.5

Fetched: Nov. 13, 2022, 9:25 a.m., Published: Nov. 19, 2022, midnight
 Vulnerabilities: code execution, memory corruption
Affected productsExternal IDs
vendor: apple model: ipad air
vendor: apple model: ipad
vendor: apple model: macbook
vendor: apple model: iphone
vendor: apple model: macos

Citrix ADC, Gateway vulnerabilities addressed | SC Media

Trust: 3.0

Fetched: Nov. 13, 2022, 9:25 a.m., Published: Nov. 11, 2022, 7:30 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: citrix model: gateway

New Lenovo Notebook Models Affected By UEFI Firmware Vulnerabilities - Infosecurity Magazine

Trust: 4.0

Fetched: Nov. 13, 2022, 9:25 a.m., Published: Nov. 10, 2022, 5 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: lenovo model: bios
vendor: lenovo model: yoga
vendor: lenovo model: system
vendor: lenovo model: notebook
db: NVD ids: CVE-2022-3432, CVE-2022-3430, CVE-2022-3431

CISA Warns of Critical Vulnerabilities in 3 Industrial Control System Software - info database | Vulners

Related entries in the VARIoT vulnerabilities database: VAR-202211-0095

Trust: 5.75

Fetched: Nov. 13, 2022, 9:24 a.m., Published: Nov. 4, 2022, 10:01 a.m.
 Vulnerabilities: path traversal, file upload issue, directory traversal...
Affected productsExternal IDs
vendor: nokia model: impact
db: NVD ids: CVE-2022-2969, CVE-2022-2484, CVE-2022-3703, CVE-2022-2482, CVE-2022-41607, CVE-2022-40981, CVE-2022-2483

Access Denied

Trust: 3.25

Fetched: Nov. 13, 2022, 9:23 a.m., Published: Nov. 13, 4017, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: chrome

Lenovo driver goof poses security risk for users of 25 notebook models | Ars Technica

Trust: 3.5

Fetched: Nov. 13, 2022, 9:22 a.m., Published: Nov. 25, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: lenovo model: bios
vendor: lenovo model: yoga
vendor: lenovo model: system
vendor: lenovo model: notebook
vendor: lenovo model: updates
db: NVD ids: CVE-2022-3432, CVE-2022-3430, CVE-2022-3431

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution

Trust: 3.5

Fetched: Nov. 13, 2022, 9:21 a.m., Published: Nov. 9, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

Why You Need a Data-driven Approach to Vulnerability Management | Lookout

Trust: 3.5

Fetched: Nov. 13, 2022, 9:20 a.m., Published: Nov. 12, 2022, midnight
 Vulnerabilities: information exposure
Affected productsExternal IDs
vendor: trend model: security
vendor: trend model: antivirus

Android Security Bulletin-September 2022 | Android Open Source Project

Related entries in the VARIoT vulnerabilities database: VAR-202201-0395, VAR-202209-0347, VAR-202209-0276, VAR-202209-0195, VAR-202209-0304, VAR-202209-0395, VAR-202209-0274, VAR-202209-0305, VAR-202201-0426, VAR-202202-0101, VAR-202201-0414

Trust: 4.25

Fetched: Nov. 13, 2022, 9:13 a.m., Published: Sept. 13, 2022, midnight
 Vulnerabilities: information disclosure, denial of service, code execution
Affected productsExternal IDs
vendor: huawei model: huawei
vendor: motorola model: android
vendor: motorola model: motorola
vendor: google model: android
vendor: google model: wifi
vendor: google model: pixel
vendor: samsung model: mobile
vendor: samsung model: notes
db: NVD ids: CVE-2022-23852, CVE-2022-25688, CVE-2022-20388, CVE-2022-22066, CVE-2022-22089, CVE-2021-0871, CVE-2022-25696, CVE-2022-22074, CVE-2022-22094, CVE-2022-20391, CVE-2022-25708, CVE-2022-22091, CVE-2022-25669, CVE-2022-20390, CVE-2022-20389, CVE-2022-20385, CVE-2022-29582, CVE-2022-26447, CVE-2022-20393, CVE-2022-20197, CVE-2022-22092, CVE-2021-0943, CVE-2022-22081, CVE-2022-25686, CVE-2022-25690, CVE-2022-20387, CVE-2022-22093, CVE-2021-4083, CVE-2022-20396, CVE-2022-20395, CVE-2021-0942, CVE-2022-20392, CVE-2022-23990, CVE-2022-25314, CVE-2022-22822, CVE-2021-0697, CVE-2022-20386, CVE-2022-20218, CVE-2022-20399, CVE-2022-20398

Apple releases emergency patch for two iPhone, Mac zero-day vulnerabilities being exploited - The Record by Recorded Future

Trust: 3.25

Fetched: Nov. 13, 2022, 9:13 a.m., Published: Aug. 19, 2022, 8:29 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone

What is an Application Vulnerability? - Check Point Software

Trust: 3.5

Fetched: Nov. 13, 2022, 9:11 a.m., Published: Sept. 20, 2022, 4:53 p.m.
 Vulnerabilities: request forgery, denial of service
Affected productsExternal IDs
vendor: check point model: check point