Sign-up

VARIoT news about IoT security

The Spring4Shell Vulnerability: Overview, Detection, and Remediation | Datadog

Related entries in the VARIoT vulnerabilities database: VAR-202203-1506

Trust: 3.75

Fetched: May 13, 2022, 10:50 a.m., Published: April 1, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2022-22965, CVE-2022-22963

What Is Device Vulnerability Management? | Endpoint

Trust: 5.75

Fetched: May 13, 2022, 10:50 a.m., Published: Feb. 3, 2022, 1:15 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2022-23728, CVE-2019-0708

Cisco : Security vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202201-1480, VAR-202202-1727, VAR-202111-1197, VAR-202202-1098, VAR-202111-0401, VAR-202110-1351, VAR-202110-1376, VAR-202201-1485, VAR-202110-0618, VAR-202202-1102, VAR-202201-1474, VAR-202201-1479, VAR-202110-1352, VAR-202201-1484, VAR-202204-0751, VAR-202201-1483, VAR-202201-1478, VAR-202110-1350, VAR-202110-1392, VAR-202203-0836, VAR-202111-0412, VAR-202110-0619, VAR-202110-0617, VAR-202112-0566, VAR-202110-1402, VAR-202110-1375, VAR-202111-0393, VAR-202111-1196, VAR-202201-1475, VAR-202110-1377, VAR-202202-1288, VAR-202203-1506, VAR-202201-1476, VAR-202111-0400, VAR-202202-1728, VAR-202110-1353, VAR-202201-1522, VAR-202203-0870, VAR-202111-0664, VAR-202203-0835, VAR-202204-1285, VAR-202202-1048, VAR-202201-1482, VAR-202203-1409, VAR-202111-0413, VAR-202201-1481, VAR-202204-1682, VAR-202201-1477, VAR-202201-1486, VAR-202111-1198

Trust: 4.25

Fetched: May 13, 2022, 10:50 a.m., Published: April 19, 2050, midnight
 Vulnerabilities: denial of service, cross-site scripting, code execution
Affected productsExternal IDs
vendor: cisco model: small business rv
vendor: cisco model: dna center
vendor: cisco model: cisco telepresence
vendor: cisco model: cisco meeting
vendor: cisco model: meeting
vendor: cisco model: email security appliance
vendor: cisco model: security manager
vendor: cisco model: cisco policy suite
vendor: cisco model: common services platform collector
vendor: cisco model: cisco identity services engine
vendor: cisco model: identity services engine
vendor: cisco model: cisco meeting server
vendor: cisco model: cisco prime infrastructure
vendor: cisco model: umbrella
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: webex meetings
vendor: cisco model: asyncos
vendor: cisco model: staros
vendor: cisco model: telepresence video communication server
vendor: cisco model: anyconnect secure mobility client
vendor: cisco model: series routers
vendor: cisco model: cisco telepresence video communication server
vendor: cisco model: policy suite
vendor: cisco model: cisco asyncos
vendor: cisco model: small business rv series routers
vendor: cisco model: cisco small business
vendor: cisco model: meeting server
vendor: cisco model: firepower threat defense
vendor: cisco model: series
vendor: cisco model: firepower
vendor: cisco model: prime infrastructure
vendor: cisco model: cisco staros
vendor: cisco model: expressway series
vendor: cisco model: cisco webex
vendor: cisco model: cisco security manager
vendor: cisco model: cisco email security appliance
vendor: cisco model: cisco expressway
vendor: cisco model: webex
vendor: cisco model: prime service catalog
vendor: cisco model: adaptive security appliance
vendor: cisco model: expressway
vendor: cisco model: cisco anyconnect secure mobility client
vendor: cisco model: asyncos software
vendor: cisco model: cisco prime service catalog
vendor: cisco model: cisco webex meetings
vendor: snort model: snort
vendor: mesh model: mesh
db: NVD ids: CVE-2022-20638, CVE-2022-20750, CVE-2021-40130, CVE-2022-20630, CVE-2021-40115, CVE-2021-40117, CVE-2021-34793, CVE-2022-20644, CVE-2021-40122, CVE-2022-20680, CVE-2022-20639, CVE-2022-20636, CVE-2021-40116, CVE-2022-20643, CVE-2022-20763, CVE-2022-20642, CVE-2022-20646, CVE-2021-40118, CVE-2021-34791, CVE-2022-20755, CVE-2021-40124, CVE-2021-40121, CVE-2021-40123, CVE-2021-44228, CVE-2021-40125, CVE-2021-34794, CVE-2021-40126, CVE-2021-40131, CVE-2022-20641, CVE-2021-34792, CVE-2022-20738, CVE-2022-22965, CVE-2022-20647, CVE-2021-40128, CVE-2022-20653, CVE-2021-40114, CVE-2022-20658, CVE-2022-20756, CVE-2021-40119, CVE-2022-20754, CVE-2022-20741, CVE-2022-20659, CVE-2022-20637, CVE-2022-20762, CVE-2021-40120, CVE-2022-20640, CVE-2022-20782, CVE-2022-20645, CVE-2022-20635, CVE-2021-40129

Repeatable Firmware Security Failures:16 High Impact Vulnerabilities Discovered in HP Devices

Related entries in the VARIoT vulnerabilities database: VAR-202202-0129, VAR-202202-0147

Trust: 5.5

Fetched: May 13, 2022, 10:50 a.m., Published: April 16, 2022, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: dell model: bios
vendor: siemens model: simatic
db: NVD ids: CVE-2021-42059, CVE-2021-39297, CVE-2021-42554, CVE-2021-45971, CVE-2021-45970, CVE-2021-45969

What to Do with Critical Medical Device Vulnerabilities - CyberHoot

Related entries in the VARIoT vulnerabilities database: VAR-201702-0080, VAR-201908-0705, VAR-201702-0856, VAR-202006-0330, VAR-201908-0712, VAR-202006-0332, VAR-202006-0331, VAR-202006-0329, VAR-202006-0328

Trust: 4.25

Fetched: May 13, 2022, 10:50 a.m., Published: March 8, 2022, 3:01 p.m.
 Vulnerabilities: management error, authentication vulnerability, buffer overflow
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo model: networks
vendor: baxter model: spectrum wbm
vendor: baxter model: wireless battery module
db: NVD ids: CVE-2016-8375, CVE-2019-12264, CVE-2016-9355, CVE-2020-25165, CVE-2020-12043, CVE-2019-12255, CVE-2020-12047, CVE-2020-12045, CVE-2020-12041, CVE-2020-12040

The Main Vulnerabilities and Security Risks within IoT Devices

Trust: [3.25, []]

Fetched: May 13, 2022, 10:50 a.m., Published: April 2, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs

Researchers discover critical vulnerabilities in APC Smart-UPS devices | TechSpot Forums

Trust: [3.25, []]

Fetched: May 13, 2022, 10:50 a.m., Published: April 11, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs

NVD - CVE-2022-0646

Trust: [4.5, []]

Fetched: May 13, 2022, 10:50 a.m., Published: April 5, 2022, midnight
 Vulnerabilities: incomplete cleanup, use after free
Affected productsExternal IDs
db: NVD ids: CVE-2022-0646

Considering buying a smart device? To protect your security, ask yourself these five questions

Trust: [3.5, []]

Fetched: May 13, 2022, 10:50 a.m., Published: Feb. 21, 2022, 2:52 p.m.
 Vulnerabilities: denial of service, default credentials
Affected productsExternal IDs

Warning Issued About Access:7 Vulnerabilities Affecting IoT and Medical Devices

Trust: [3.0, []]

Fetched: May 13, 2022, 10:50 a.m., Published: March 9, 2022, 3:29 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-25252, CVE-2022-25247, CVE-2022-25248, CVE-2022-25249, CVE-2022-25246, CVE-2022-25251, CVE-2022-25250

APC Smart-UPS Vulnerability Puts Millions of Devices at Risk

Trust: [3.75, []]

Fetched: May 13, 2022, 10:50 a.m., Published: March 9, 2022, 7:26 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

Dirty Pipe Privilege Escalation Vulnerability in Linux | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202203-0043

Trust: [4.25, []]

Fetched: May 13, 2022, 10:50 a.m., Published: April 5, 2022, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2022-0847

New 16 High-Severity UEFI Firmware Flaws Discovered in Millions of HP Devices

Trust: [3.75, []]

Fetched: May 13, 2022, 10:50 a.m., Published: March 8, 2022, 6:08 p.m.
 Vulnerabilities: memory corruption, code execution
Affected productsExternal IDs

7 Best Vulnerability Management Tools in 2022 (Paid & Free)

Trust: [3.5, []]

Fetched: May 13, 2022, 10:50 a.m., Published: Aug. 14, 2021, 9:30 a.m.
 Vulnerabilities: cross-site scripting, sql injection
Affected productsExternal IDs

Remote code execution vulnerability present in Sophos Firewall | Cyber.gov.au

Trust: [5.25, []]

Fetched: May 13, 2022, 10:50 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2022-1040

What actions customers can take to protect, detect, and respond to Log4j vulnerabilities in Operational Technology (OT) and Industrial Internet of Things (IIoT) environments | The Internet of Things on AWS - Official Blog

Related entries in the VARIoT vulnerabilities database: VAR-202112-0562, VAR-202112-0566

Trust: [3.75, []]

Fetched: May 13, 2022, 10:50 a.m., Published: Jan. 20, 2022, 12:06 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-45046, CVE-2021-44228

BIG-IP AFM vulnerability CVE-2022-23028

Related entries in the VARIoT vulnerabilities database: VAR-202201-1345

Trust: [3.25, []]

Fetched: May 13, 2022, 10:50 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-23028

iDor iDM Server Vulnerability Advisory: Alerts: Public Resources: REN-ISAC: Research Education Networking Information Sharing & Analysis Center

Trust: [4.0, []]

Fetched: May 13, 2022, 10:50 a.m., Published: April 6, 5041, midnight
 Vulnerabilities: default credentials, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2021-395072021, CVE-2021-39507

Current Activity | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202203-1579, VAR-202203-1580

Trust: [3.25, []]

Fetched: May 13, 2022, 10:50 a.m., Published: April 4, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-22674, CVE-2022-22675

SECURITY - Symphony Plus SPIET800 and PNI800 Denial of Service

Trust: [3.25, []]

Fetched: May 13, 2022, 10:50 a.m., Published: April 1, 2022, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs