Sign-up

VARIoT news about IoT security

2022-10 Security Bulletin: Junos OS: On IPv6 OAM SRv6 network enabled devices an attacker sending a specific genuine packet to an IPv6 address configured on the device may cause a RPD memory leak leading to an RPD core. (CVE-2022-22228)

Related entries in the VARIoT vulnerabilities database: VAR-202210-1074

Trust: 4.25

Fetched: Dec. 11, 2022, 9:13 a.m., Published: -
 Vulnerabilities: memory leak
Affected productsExternal IDs
db: NVD ids: CVE-2022-22228

Time is Ticking on a New OpenSSL Vulnerability - IT Security Guru

Related entries in the VARIoT vulnerabilities database: VAR-201609-0352

Trust: 3.0

Fetched: Dec. 11, 2022, 9:13 a.m., Published: Oct. 31, 2022, 3:25 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2016-6309

Android Security Bulletin-December 2022 | Android Open Source Project

Related entries in the VARIoT vulnerabilities database: VAR-202212-0798, VAR-202212-0726, VAR-202212-0441, VAR-202212-0660, VAR-202212-0542, VAR-202212-0543, VAR-202212-0619

Trust: 5.25

Fetched: Dec. 11, 2022, 9:12 a.m., Published: Dec. 11, 2022, midnight
 Vulnerabilities: information disclosure, denial of service, code execution
Affected productsExternal IDs
vendor: huawei model: huawei
vendor: google model: pixel
vendor: google model: android
vendor: samsung model: mobile
vendor: samsung model: notes
vendor: motorola model: motorola
vendor: motorola model: android
db: NVD ids: CVE-2022-25685, CVE-2022-39106, CVE-2021-39795, CVE-2022-25672, CVE-2022-20486, CVE-2022-20469, CVE-2022-20495, CVE-2021-39660, CVE-2022-39130, CVE-2022-20466, CVE-2022-20124, CVE-2022-42756, CVE-2022-20500, CVE-2022-25691, CVE-2022-25692, CVE-2022-32594, CVE-2022-20479, CVE-2022-20480, CVE-2022-39134, CVE-2022-42755, CVE-2022-20485, CVE-2022-20473, CVE-2022-20483, CVE-2022-33238, CVE-2022-25682, CVE-2022-25689, CVE-2022-20468, CVE-2022-20475, CVE-2022-25702, CVE-2022-20482, CVE-2022-39133, CVE-2022-42771, CVE-2022-25673, CVE-2022-20488, CVE-2022-20501, CVE-2022-20497, CVE-2022-32596, CVE-2022-20496, CVE-2022-20240, CVE-2022-20611, CVE-2022-42772, CVE-2022-25681, CVE-2022-20478, CVE-2022-39132, CVE-2022-25697, CVE-2022-32597, CVE-2021-39617, CVE-2022-20442, CVE-2022-32619, CVE-2022-20411, CVE-2022-33268, CVE-2022-20144, CVE-2022-32598, CVE-2022-42770, CVE-2022-39129, CVE-2022-25695, CVE-2022-25698, CVE-2022-39131, CVE-2022-20477, CVE-2022-20449, CVE-2022-20484, CVE-2022-20491, CVE-2022-20470, CVE-2021-0934, CVE-2022-20487, CVE-2022-20476, CVE-2022-20472, CVE-2022-20498, CVE-2022-33235, CVE-2022-20502, CVE-2022-20444, CVE-2022-32620, CVE-2022-20471, CVE-2022-42754, CVE-2022-20474

Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial of Service Vulnerability - Cisco

Trust: 4.0

Fetched: Dec. 11, 2022, 9:12 a.m., Published: Nov. 15, 2022, 10:59 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: ios xe software
vendor: cisco model: ios xe
vendor: cisco model: cisco ios xe
vendor: cisco model: cisco ios

Vulnerability in Acer Laptops Allows Attackers to Disable Secure Boot | SecurityWeek.Com

Trust: 4.5

Fetched: Dec. 11, 2022, 9:11 a.m., Published: Dec. 11, 2022, midnight
 Vulnerabilities: feature bypass, code execution
Affected productsExternal IDs
vendor: dell model: bios
vendor: lenovo model: notebook
vendor: lenovo model: bios
vendor: lenovo model: system
db: NVD ids: CVE-2022-4020, CVE-2022-3431

Cisco Working on Patch for Publicly Disclosed IP Phone Vulnerability | SecurityWeek.Com

Related entries in the VARIoT vulnerabilities database: VAR-202212-0864

Trust: 4.5

Fetched: Dec. 11, 2022, 9:11 a.m., Published: Dec. 11, 2022, midnight
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: cisco model: identity services engine
vendor: cisco model: ip phone
vendor: cisco model: series
vendor: cisco model: ip phones
db: NVD ids: CVE-2022-20968

Cisco Working on Patch for Publicly Disclosed IP Phone Vulnerability | SecurityWeek.Com

Related entries in the VARIoT vulnerabilities database: VAR-202212-0864

Trust: 4.5

Fetched: Dec. 11, 2022, 9:10 a.m., Published: Dec. 11, 2022, midnight
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: cisco model: identity services engine
vendor: cisco model: ip phone
vendor: cisco model: series
vendor: cisco model: ip phones
db: NVD ids: CVE-2022-20968

North Korean hackers used an IE vulnerability to target South Koreans after Halloween tragedy

Trust: 3.25

Fetched: Dec. 9, 2022, 9:22 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: chrome

AMI BMC Vulnerability Imperils Entire Server Supply Chain

Trust: 4.5

Fetched: Dec. 9, 2022, 9:21 a.m., Published: Dec. 8, 2022, 1:22 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: asus model: bmc firmware
vendor: asus model: asus
vendor: lenovo model: updates
vendor: lenovo model: system
vendor: huawei model: huawei
db: NVD ids: CVE-2022-40259, CVE-2022-40242

Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework - Access Point Technology Consulting

Trust: 4.25

Fetched: Dec. 9, 2022, 9:21 a.m., Published: Dec. 7, 2022, 1:30 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2022-4116

Over a Dozen New BMC Firmware Flaws Expose OT and IoT Devices to Remote Attacks | Vumetric Cyber Portal

Trust: 4.75

Fetched: Dec. 9, 2022, 9:20 a.m., Published: Dec. 9, 2022, midnight
 Vulnerabilities: access control bug, buffer overflow, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-26728, CVE-2021-44467

Acer laptops have a bug that hackers can use to take full control of the device

Trust: 3.75

Fetched: Dec. 9, 2022, 9:19 a.m., Published: Nov. 30, 2022, 12:56 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: lenovo model: updates
vendor: lenovo model: bios
vendor: lenovo model: system
db: NVD ids: CVE-2022-4020

Integration of vulnerabilities into Graph Api - Microsoft Community Hub

Trust: 3.5

Fetched: Dec. 9, 2022, 9:19 a.m., Published: Dec. 6, 2022, 10:50 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: hub model: hub

Google Releases Zero-Day Vulnerability Update

Trust: 4.75

Fetched: Dec. 9, 2022, 9:18 a.m., Published: Dec. 7, 2022, 3:46 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: google chrome
db: NVD ids: CVE-2022-4262

Vulnerabilities in Popular Keyboard and Mouse Android Apps Expose User Data | IT Security News

Trust: 5.0

Fetched: Dec. 9, 2022, 9:18 a.m., Published: Dec. 1, 2022, 10:36 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: check point model: check point

Vulnerability Spotlight: NVIDIA driver memory corruption vulnerabilities discovered

Trust: 5.75

Fetched: Dec. 9, 2022, 9:16 a.m., Published: Dec. 6, 2022, 4:09 p.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: snort.org model: snort
vendor: cisco model: firepower
vendor: cisco model: firepower management center
vendor: snort model: snort
db: NVD ids: CVE-2022-34671

New Vulnerabilities Wednesday 07 December - CND News and Blog

Trust: 4.0

Fetched: Dec. 9, 2022, 9:16 a.m., Published: Dec. 7, 2022, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs

Major vulnerabilities used in ransomware attacks

Related entries in the VARIoT vulnerabilities database: VAR-202107-1010

Trust: 4.5

Fetched: Dec. 9, 2022, 9:15 a.m., Published: Dec. 8, 2022, 4:42 p.m.
 Vulnerabilities: authorization vulnerability, sql injection, feature bypass...
Affected productsExternal IDs
vendor: trend model: security
vendor: sonicwall model: secure mobile access
vendor: sonicwall model: sma 100
db: NVD ids: CVE-2021-26855, CVE-2021-34481, CVE-2021-26858, CVE-2021-34527, CVE-2021-28799, CVE-2021-27065

Fortinet Patches High-Severity Authentication Bypass Vulnerability in FortiOS | SecurityWeek.Com

Related entries in the VARIoT vulnerabilities database: VAR-202212-0808, VAR-202212-0781, VAR-202212-0704

Trust: 4.0

Fetched: Dec. 9, 2022, 9:14 a.m., Published: Dec. 9, 2022, midnight
 Vulnerabilities: information disclosure, sql injection, authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2022-35843, CVE-2022-33876, CVE-2022-33875

Critical WhatsApp vulnerabilities patched: Check you've updated!

Trust: 4.5

Fetched: Dec. 9, 2022, 9:13 a.m., Published: Dec. 7, 2022, 6:01 p.m.
 Vulnerabilities: buffer overflow, integer overflow, memory corruption...
Affected productsExternal IDs
db: NVD ids: CVE-2022-36934, CVE-2022-27492