Sign-up

VARIoT news about IoT security

Fortinet Heap-Based Buffer Overflow Vulnerability - Lansweeper

Trust: 4.0

Fetched: Dec. 23, 2022, 9:16 a.m., Published: Dec. 13, 2022, 3:31 p.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs

Cisco Reports Critical IP Phone Vulnerability | The VeriCom Group

Related entries in the VARIoT vulnerabilities database: VAR-202212-0864

Trust: 4.5

Fetched: Dec. 23, 2022, 9:14 a.m., Published: -
 Vulnerabilities: code execution, denial of service
Affected productsExternal IDs
vendor: cisco model: link layer discovery protocol
vendor: cisco model: ip phone
vendor: cisco model: ip phone 7800
vendor: cisco model: series
db: NVD ids: CVE-2022-20968

New and Actively Exploited Zero-Day Vulnerability discovered in Multiple Apple Devices - TecSec Services Ltd

Related entries in the VARIoT vulnerabilities database: VAR-202212-1751

Trust: 3.75

Fetched: Dec. 23, 2022, 9:11 a.m., Published: Dec. 22, 2022, 2:44 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: ipad
vendor: apple model: safari
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: icloud
db: NVD ids: CVE-2022-42856

Security Flaws in AMI BMC Can Expose Many Data Centers, Clouds to Attacks | SecurityWeek.Com

Trust: 4.5

Fetched: Dec. 23, 2022, 9:11 a.m., Published: Dec. 23, 2022, midnight
 Vulnerabilities: default credentials, code execution
Affected productsExternal IDs
vendor: lenovo model: system
vendor: asus model: bmc firmware
vendor: asus model: asus
vendor: huawei model: huawei
db: NVD ids: CVE-2022-40259, CVE-2022-40242

Security Advisory: Asus M25 NAS Vulnerability - ONEKEY

Trust: 4.75

Fetched: Dec. 23, 2022, 9:10 a.m., Published: Dec. 1, 2022, 9:25 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: asus model: asus

OESIS Framework December 06, 2022 Release - OPSWAT

Related entries in the VARIoT vulnerabilities database: VAR-201903-0177, VAR-201907-0116, VAR-201903-0183, VAR-201903-0185, VAR-201903-0187, VAR-201903-0184

Trust: 3.75

Fetched: Dec. 21, 2022, 9:29 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: quick heal model: quick heal
vendor: palo alto networks model: networks
vendor: symantec model: antivirus
vendor: symantec model: norton
vendor: palo model: networks
vendor: quick heal technologies model: quick heal
db: NVD ids: CVE-2018-16472, CVE-2022-3370, CVE-2022-4191, CVE-2019-6522, CVE-2022-4262, CVE-2019-5457, CVE-2022-4192, CVE-2020-25598, CVE-2022-4181, CVE-2022-4194, CVE-2022-4180, CVE-2022-4178, CVE-2022-4193, CVE-2020-3481, CVE-2022-3373, CVE-2019-6557, CVE-2019-5444, CVE-2022-4189, CVE-2022-4172, CVE-2022-4176, CVE-2022-4144, CVE-2019-6561, CVE-2022-3725, CVE-2020-15852, CVE-2022-4175, CVE-2019-6565, CVE-2022-4195, CVE-2022-4184, CVE-2022-4187, CVE-2022-4190, CVE-2022-4188, CVE-2022-4177, CVE-2022-4179, CVE-2022-4183, CVE-2019-6559, CVE-2022-4186, CVE-2022-4174, CVE-2022-4182, CVE-2017-2599

Update X.org Server 21.1.5 and Xwayland 22.1.6 with elimination of 6 vulnerabilities | Altus Intel

Trust: 3.0

Fetched: Dec. 21, 2022, 9:28 a.m., Published: Dec. 14, 2022, 6:18 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-46343, CVE-2022-46340, CVE-2022-46283, CVE-2022-46342, CVE-2022-46344, CVE-2022-46341

Update now! Google patches Android vulnerability that allows remote code execution over Bluetooth : spixnet_gmbh_official

Trust: 4.5

Fetched: Dec. 21, 2022, 9:23 a.m., Published: March 21, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android

Cisco Reports Critical IP Phone Vulnerability | Absolute Computer Systems LLC

Related entries in the VARIoT vulnerabilities database: VAR-202212-0864

Trust: 4.5

Fetched: Dec. 21, 2022, 9:22 a.m., Published: -
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
vendor: cisco model: series
vendor: cisco model: ip phone 7800
vendor: cisco model: ip phone
vendor: cisco model: link layer discovery protocol
db: NVD ids: CVE-2022-20968

Apple iPhone and iPad users, here’s why you should install the latest update on your devices - Times of India

Trust: 4.75

Fetched: Dec. 21, 2022, 9:21 a.m., Published: Dec. 21, 2063, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: ipad
vendor: apple model: iphone
vendor: apple model: itunes
vendor: apple model: ipad air
vendor: apple model: webkit

NSA says Chinese hackers are actively attacking flaw in widely used networking device - CyberScoop - JN-66 Data Analytics

Trust: 4.75

Fetched: Dec. 21, 2022, 9:21 a.m., Published: Dec. 14, 2022, 12:15 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: citrix model: application delivery controller

Cisco Reports Critical IP Phone Vulnerability | Chicago Microsystems, Inc. | IT Support Services in Chicago and Lake County, IL

Related entries in the VARIoT vulnerabilities database: VAR-202212-0864

Trust: 4.5

Fetched: Dec. 21, 2022, 9:20 a.m., Published: -
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
vendor: cisco model: series
vendor: cisco model: ip phone 7800
vendor: cisco model: ip phone
vendor: cisco model: link layer discovery protocol
db: NVD ids: CVE-2022-20968

Apple users urged to update devices after cyber attacks on iPads and older iPhones , Latest Tech News - The New Paper

Trust: 3.0

Fetched: Dec. 21, 2022, 9:20 a.m., Published: Dec. 15, 2022, 9:10 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: ipad
vendor: apple model: iphone
vendor: apple model: ipod touch
vendor: apple model: webkit
vendor: apple model: ipad air

Hackers Score Nearly $1M at Device-Focused Pwn2Own Contest

Trust: 3.75

Fetched: Dec. 21, 2022, 9:19 a.m., Published: Dec. 13, 2022, 3:10 p.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: tp-link model: routers
vendor: lexmark model: printer
vendor: lexmark model: lexmark printer
vendor: trend model: security
vendor: samsung model: galaxy
vendor: samsung model: mobile
vendor: samsung model: samsung galaxy
vendor: samsung model: printer
vendor: samsung model: printers
vendor: trend micro model: security

Security Risks, Serious Vulnerabilities Rampant Among XIoT Devices in the Workplace - CPO Magazine

Trust: 3.25

Fetched: Dec. 21, 2022, 9:18 a.m., Published: Dec. 16, 2022, 6:25 a.m.
 Vulnerabilities: privilege escalation, weak password, default password
Affected productsExternal IDs
vendor: huawei model: huawei
vendor: trend model: security

Cisco Reports Critical IP Phone Vulnerability | Natural Networks, Inc.

Related entries in the VARIoT vulnerabilities database: VAR-202212-0864

Trust: 4.5

Fetched: Dec. 21, 2022, 9:17 a.m., Published: -
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
vendor: cisco model: series
vendor: cisco model: ip phone 7800
vendor: cisco model: ip phone
vendor: cisco model: link layer discovery protocol
db: NVD ids: CVE-2022-20968

Microsoft: Popular IoT SDKs Leave Critical Infrastructure Wide Open to Cyberattack

Trust: 4.75

Fetched: Dec. 21, 2022, 9:17 a.m., Published: Nov. 23, 2022, 5:02 p.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
vendor: realtek model: realtek sdk
db: NVD ids: CVE-2021-35395, CVE-2017-9833, CVE-2021-33558, CVE-2022-27255

Cisco Reports Critical IP Phone Vulnerability | Saggio Technology

Related entries in the VARIoT vulnerabilities database: VAR-202212-0864

Trust: 4.5

Fetched: Dec. 21, 2022, 9:16 a.m., Published: -
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
vendor: cisco model: series
vendor: cisco model: ip phone 7800
vendor: cisco model: ip phone
vendor: cisco model: link layer discovery protocol
db: NVD ids: CVE-2022-20968

A Malicious Android SMS Application Hijacks Victims' Devices Using an SMS Relay.

Trust: 4.0

Fetched: Dec. 20, 2022, 9:28 a.m., Published: Dec. 20, 2022, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: google model: android

Cisco Reports Critical IP Phone Vulnerability | Computer Networks, Inc.

Related entries in the VARIoT vulnerabilities database: VAR-202212-0864

Trust: 4.5

Fetched: Dec. 20, 2022, 9:28 a.m., Published: -
 Vulnerabilities: code execution, denial of service
Affected productsExternal IDs
vendor: cisco model: ip phone
vendor: cisco model: ip phone 7800
vendor: cisco model: link layer discovery protocol
vendor: cisco model: series
db: NVD ids: CVE-2022-20968