Sign-up

VARIoT news about IoT security

Arm Vulnerability Leads to Code Execution, Root on Pixel 6 Phones - SecurityWeek

Trust: 5.75

Fetched: Feb. 8, 2023, 9:12 a.m., Published: Jan. 24, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2022-38181

Cisco Patches 11 High-Severity Vulnerabilities in Security Products - SecurityWeek

Related entries in the VARIoT vulnerabilities database: VAR-202204-2027

Trust: 5.75

Fetched: Feb. 8, 2023, 9:12 a.m., Published: April 28, 2022, midnight
 Vulnerabilities: denial of service, privilege escalation
Affected productsExternal IDs
vendor: cisco model: firepower
vendor: cisco model: firepower management center
vendor: cisco model: telepresence
vendor: cisco model: firepower threat defense
vendor: cisco model: expressway
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: adaptive security appliance
db: NVD ids: CVE-2022-20746

Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202301-0986, VAR-202301-0985

Trust: 4.0

Fetched: Feb. 8, 2023, 9:12 a.m., Published: Jan. 11, 2023, 3:47 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco roomos
vendor: cisco model: cisco telepresence
vendor: cisco model: telepresence
vendor: cisco model: telepresence collaboration endpoint
vendor: cisco model: roomos
db: NVD ids: CVE-2023-20002, CVE-2023-20008

Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Remote Code Execution and Denial of Service Vulnerability

Trust: 4.75

Fetched: Feb. 8, 2023, 9:12 a.m., Published: Jan. 12, 2023, 4:07 p.m.
 Vulnerabilities: code execution, denial of service
Affected productsExternal IDs
vendor: cisco model: routers
vendor: cisco model: rv340
vendor: cisco model: rv345
vendor: cisco model: rv340w
vendor: cisco model: rv345p
vendor: cisco model: rv345p dual wan gigabit vpn routers

Vulnerabilities in Popular Keyboard and Mouse Android Apps Expose User Data - SecurityWeek

Trust: 5.75

Fetched: Feb. 8, 2023, 9:11 a.m., Published: Dec. 1, 2022, 9:22 a.m.
 Vulnerabilities: code execution, weak password
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2022-45482, CVE-2022-45481, CVE-2022-45477, CVE-2022-45479

Apple Patches Zero-Day Vulnerability Exploited Against iPhones - SecurityWeek

Related entries in the VARIoT vulnerabilities database: VAR-202212-1751

Trust: 4.5

Fetched: Feb. 8, 2023, 9:11 a.m., Published: Jan. 22, 2023, 9:12 p.m.
 Vulnerabilities: code execution, information disclosure, security bypass
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: watchos
vendor: apple model: webkit
vendor: apple model: macos
vendor: apple model: icloud
vendor: apple model: iphone
vendor: apple model: tvos
db: NVD ids: CVE-2022-42856

Two year old vulnerability used in ransomware attack against VMware ESXi

Trust: 3.5

Fetched: Feb. 8, 2023, 9:10 a.m., Published: Feb. 6, 2023, 9:22 p.m.
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2022-31699, CVE-2022-31697, CVE-2022-31698, CVE-2021-21974, CVE-2022-31696

QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates - securityenews

Trust: 4.75

Fetched: Feb. 7, 2023, 9:18 a.m., Published: Jan. 31, 2023, 4:39 a.m.
 Vulnerabilities: sql injection, code injection, injection attack
Affected productsExternal IDs
db: NVD ids: CVE-2022-27596

This F5 BIG-IP Vulnerability makes it easier for Ransomware to encrypt networks devices - Cybersecurity Red Flag

Trust: 3.75

Fetched: Feb. 7, 2023, 9:18 a.m., Published: Feb. 3, 2023, midnight
 Vulnerabilities: denial of service, format string vulnerability, process crash...
Affected productsExternal IDs

Realtek Vulnerability Under Attack: Over 134 Million Attempts To Hack IoT Devices - Polar Bear Cyber Security Group

Trust: 5.5

Fetched: Feb. 7, 2023, 9:17 a.m., Published: Feb. 1, 2023, 6:21 a.m.
 Vulnerabilities: command injection, code execution
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo alto networks model: networks
vendor: asus model: asus
db: NVD ids: CVE-2021-35394

Critical Baicells Device Vulnerability Can Expose Telecoms Networks to Snooping - SecurityIT | Consulenza Sulla Sicurezza Informatica

Trust: 5.0

Fetched: Feb. 7, 2023, 9:17 a.m., Published: Feb. 6, 2023, 7:33 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2023-24508

CyberLake Security | Blog | Protecting Your IoT Devices

Trust: 4.0

Fetched: Feb. 7, 2023, 9:16 a.m., Published: Feb. 3, 2023, 8:58 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs

QNAP's NAS devices affected by a new critical security issue, patches are available | TechSpot Forums

Trust: 4.0

Fetched: Feb. 7, 2023, 9:12 a.m., Published: Feb. 7, 4070, midnight
 Vulnerabilities: sql injection
Affected productsExternal IDs
db: NVD ids: CVE-2022-27596

Realtek Vulnerability Under Attack Over 134 Million Attempts to Hack IoT Devices

Trust: 3.75

Fetched: Feb. 7, 2023, 9:11 a.m., Published: Jan. 30, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo alto networks model: networks

OODA Loop - 30k Internet-Exposed QNAP NAS Devices Affected by Recent Vulnerability

Trust: 4.0

Fetched: Feb. 7, 2023, 9:11 a.m., Published: Feb. 1, 2023, 2:55 p.m.
 Vulnerabilities: sql injection, code injection
Affected productsExternal IDs

CVE-2022-27596: QNAP NAS Devices Vulnerable to Critical SQL Injection Vulnerability - Arctic Wolf

Trust: 4.25

Fetched: Feb. 7, 2023, 9:10 a.m., Published: Feb. 2, 2023, 5:03 p.m.
 Vulnerabilities: sql injection
Affected productsExternal IDs
db: NVD ids: CVE-2022-27596

At least 29,000 devices are affected, QNAP announced that there are serious vulnerabilities in QTS and QuTS hero - GAMINGDEPUTY

Trust: 4.25

Fetched: Feb. 7, 2023, 9:10 a.m., Published: Feb. 1, 2023, 6:53 a.m.
 Vulnerabilities: sql injection
Affected productsExternal IDs
db: NVD ids: CVE-2022-27596

Patch Critical Bug Now: QNAP NAS Devices Ripe for the Slaughter

Trust: 5.0

Fetched: Feb. 7, 2023, 9:10 a.m., Published: Feb. 2, 2023, 4:08 p.m.
 Vulnerabilities: sql injection
Affected productsExternal IDs
vendor: qnap model: qnap qts
db: NVD ids: CVE-2022-27596

QNAP's NAS devices affected by a new critical security issue, patches are available | TechSpot

Trust: 4.0

Fetched: Feb. 7, 2023, 9:10 a.m., Published: Feb. 7, 4070, midnight
 Vulnerabilities: sql injection
Affected productsExternal IDs
db: NVD ids: CVE-2022-27596

Multiple Vulnerabilities in Google Android OS Could Allow for Privilege Escalation

Trust: 5.25

Fetched: Feb. 7, 2023, 9:09 a.m., Published: Feb. 1, 2023, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: google model: android