Sign-up

VARIoT news about IoT security

The ‘riskiest devices’ most vulnerable to cyber attacks - The Hindu BusinessLine

Trust: 3.0

Fetched: Nov. 8, 2022, 9:45 a.m., Published: Oct. 13, 2022, 4:34 p.m.
 Vulnerabilities: -
Affected productsExternal IDs

Objects > Security Profiles > Vulnerability Protection

Trust: 3.5

Fetched: Nov. 8, 2022, 9:42 a.m., Published: Oct. 24, 2022, 5:23 p.m.
 Vulnerabilities: brute force attack
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall

Binarly Finds Six High Severity Firmware Vulnerabilities in HP Enterprise Devices

Trust: 4.5

Fetched: Nov. 8, 2022, 9:40 a.m., Published: Nov. 8, 2022, midnight
 Vulnerabilities: memory corruption, code execution, buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2022-23930, CVE-2021-39299, CVE-2022-31640, CVE-2022-31644, CVE-2022-31641, CVE-2022-31645, CVE-2022-31646

Exploit Code of Critical Realtek SDK Vulnerability Released - SOCRadar

Trust: 4.75

Fetched: Nov. 8, 2022, 9:40 a.m., Published: Aug. 17, 2022, 11:18 a.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: snort model: snort
vendor: realtek model: realtek sdk
db: NVD ids: CVE-2022-27255

New Vulnerabilities Reported in Baxter's Internet-Connected Infusion Pumps

Trust: 5.75

Fetched: Nov. 8, 2022, 9:39 a.m., Published: Sept. 8, 2022, 5:55 p.m.
 Vulnerabilities: format string vulnerability
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo model: firewall
vendor: baxter model: wireless battery module
vendor: baxter model: spectrum infusion system
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
db: NVD ids: CVE-2022-26393, CVE-2022-26390, CVE-2022-26392, CVE-2022-26394

Bypassing NAT to Attack Dataprobe iBoot-PDUs | Claroty

Trust: 4.25

Fetched: Nov. 8, 2022, 9:38 a.m., Published: Nov. 8, 2022, midnight
 Vulnerabilities: directory traversal, improper access control, code execution...
Affected productsExternal IDs
vendor: codesys model: codesys
vendor: codesys model: linux
vendor: codesys model: control
vendor: codesys model: web server
db: NVD ids: CVE-2022-3183, CVE-2022-3185, CVE-2022-3184, CVE-2022-3187, CVE-2022-3189, CVE-2022-3188, CVE-2022-3186

Nest security bulletin - August 2022 - Product Documentation Help

Trust: 4.75

Fetched: Nov. 8, 2022, 9:38 a.m., Published: Aug. 8, 2022, midnight
 Vulnerabilities: information disclosure, denial of service, code execution
Affected productsExternal IDs
vendor: google model: home

Tripwire IP360 Hardware Appliances | Tripwire

Trust: 3.25

Fetched: Nov. 8, 2022, 9:37 a.m., Published: May 8, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: tripwire model: ip360

Update now! Google patches vulnerabilities for Pixel mobile phones

Trust: 5.75

Fetched: Nov. 8, 2022, 9:36 a.m., Published: Oct. 27, 2022, 8:54 p.m.
 Vulnerabilities: memory corruption, privilege escalation, buffer overflow
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2022-20231, CVE-2022-20364

Exploit Code Released for Critical Vulnerability Affecting Networking Devices with Realtek's RTL819x system on a chip (SoC) | UCSF IT

Trust: 3.25

Fetched: Nov. 8, 2022, 9:36 a.m., Published: Nov. 1, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-27255

Mitigating Cyber Vulnerabilities in Medical Devices | Baker Donelson - JDSupra

Trust: 4.25

Fetched: Nov. 8, 2022, 9:35 a.m., Published: Nov. 19, 2022, midnight
 Vulnerabilities: default password
Affected productsExternal IDs

Vulnerability methods and properties | Microsoft Learn

Trust: 3.0

Fetched: Nov. 8, 2022, 9:35 a.m., Published: Oct. 19, 2022, 9:04 p.m.
 Vulnerabilities: denial of service, privilege escalation
Affected productsExternal IDs

Vulnerabilities Found in Airplane WiFi Devices- IT Security Guru

Trust: 4.0

Fetched: Nov. 8, 2022, 9:34 a.m., Published: Sept. 15, 2022, 9:08 a.m.
 Vulnerabilities: default password
Affected productsExternal IDs
db: NVD ids: CVE-2022-36159, CVE-2022-36158

Apple releases security update for iPhones and iPads to address vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-202208-1345, VAR-202208-1294

Trust: 4.75

Fetched: Nov. 8, 2022, 9:34 a.m., Published: Oct. 27, 2022, 8:52 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: ipad air
vendor: apple model: macos
vendor: apple model: safari
vendor: apple model: itunes
vendor: apple model: iphone
vendor: apple model: ipod touch
vendor: apple model: ipad
db: NVD ids: CVE-2022-32893, CVE-2022-32894

Two Apple zero day vulnerabilities discovered - users must take action

Related entries in the VARIoT vulnerabilities database: VAR-202208-1345

Trust: 5.75

Fetched: Nov. 8, 2022, 9:33 a.m., Published: Aug. 18, 2022, 11:17 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: zoom model: client
vendor: google model: chrome
vendor: apple model: webkit
vendor: apple model: ipad
vendor: apple model: ipad air
vendor: apple model: iphone
vendor: apple model: macos
db: NVD ids: CVE-2022-32893, CVE-2022-28756, CVE-2022-2856

Out-of-date medical devices could be leaving you vulnerable

Trust: 3.75

Fetched: Nov. 8, 2022, 9:33 a.m., Published: Sept. 19, 2022, midnight
 Vulnerabilities: weak password
Affected productsExternal IDs

Zyxel Patches Critical Vulnerability in NAS Firmware | SecurityWeek.Com

Trust: 5.5

Fetched: Nov. 8, 2022, 9:29 a.m., Published: Nov. 8, 2022, midnight
 Vulnerabilities: format string vulnerability, code execution
Affected productsExternal IDs
vendor: zyxel model: nas542
vendor: zyxel model: nas540
vendor: zyxel model: nas326
db: NVD ids: CVE-2022-34747

Critical Vulnerability in Apple Devices - B2B Cyber ​​Security

Related entries in the VARIoT vulnerabilities database: VAR-202209-0759

Trust: 5.75

Fetched: Nov. 8, 2022, 9:28 a.m., Published: Oct. 15, 2022, 7:19 a.m.
 Vulnerabilities: privilege escalation, code execution
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: ipad
vendor: apple model: iphone
vendor: apple model: ipod touch
db: NVD ids: CVE-2022-32917

Microsoft Security Bulletin MS01-059 - Critical | Microsoft Learn

Trust: 3.5

Fetched: Nov. 8, 2022, 9:27 a.m., Published: Oct. 11, 2017, midnight
 Vulnerabilities: denial of service, buffer overrun
Affected productsExternal IDs

Apple discloses serious security vulnerabilities for iPhones, iPads and Macs | Science & Tech News | Sky News

Trust: 4.0

Fetched: Nov. 8, 2022, 9:26 a.m., Published: Aug. 19, 2022, 6:04 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: macos
vendor: apple model: iphone