Sign-up

VARIoT news about IoT security

Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework - Access Point Technology Consulting

Trust: 4.25

Fetched: Dec. 9, 2022, 9:21 a.m., Published: Dec. 7, 2022, 1:30 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2022-4116

Over a Dozen New BMC Firmware Flaws Expose OT and IoT Devices to Remote Attacks | Vumetric Cyber Portal

Trust: 4.75

Fetched: Dec. 9, 2022, 9:20 a.m., Published: Dec. 9, 2022, midnight
 Vulnerabilities: access control bug, buffer overflow, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-26728, CVE-2021-44467

Acer laptops have a bug that hackers can use to take full control of the device

Trust: 3.75

Fetched: Dec. 9, 2022, 9:19 a.m., Published: Nov. 30, 2022, 12:56 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: lenovo model: updates
vendor: lenovo model: bios
vendor: lenovo model: system
db: NVD ids: CVE-2022-4020

Integration of vulnerabilities into Graph Api - Microsoft Community Hub

Trust: 3.5

Fetched: Dec. 9, 2022, 9:19 a.m., Published: Dec. 6, 2022, 10:50 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: hub model: hub

Google Releases Zero-Day Vulnerability Update

Trust: 4.75

Fetched: Dec. 9, 2022, 9:18 a.m., Published: Dec. 7, 2022, 3:46 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: google chrome
db: NVD ids: CVE-2022-4262

Vulnerabilities in Popular Keyboard and Mouse Android Apps Expose User Data | IT Security News

Trust: 5.0

Fetched: Dec. 9, 2022, 9:18 a.m., Published: Dec. 1, 2022, 10:36 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: check point model: check point

Vulnerability Spotlight: NVIDIA driver memory corruption vulnerabilities discovered

Trust: 5.75

Fetched: Dec. 9, 2022, 9:16 a.m., Published: Dec. 6, 2022, 4:09 p.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: snort.org model: snort
vendor: cisco model: firepower
vendor: cisco model: firepower management center
vendor: snort model: snort
db: NVD ids: CVE-2022-34671

New Vulnerabilities Wednesday 07 December - CND News and Blog

Trust: 4.0

Fetched: Dec. 9, 2022, 9:16 a.m., Published: Dec. 7, 2022, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs

Major vulnerabilities used in ransomware attacks

Related entries in the VARIoT vulnerabilities database: VAR-202107-1010

Trust: 4.5

Fetched: Dec. 9, 2022, 9:15 a.m., Published: Dec. 8, 2022, 4:42 p.m.
 Vulnerabilities: authorization vulnerability, sql injection, feature bypass...
Affected productsExternal IDs
vendor: trend model: security
vendor: sonicwall model: secure mobile access
vendor: sonicwall model: sma 100
db: NVD ids: CVE-2021-26855, CVE-2021-34481, CVE-2021-26858, CVE-2021-34527, CVE-2021-28799, CVE-2021-27065

Fortinet Patches High-Severity Authentication Bypass Vulnerability in FortiOS | SecurityWeek.Com

Related entries in the VARIoT vulnerabilities database: VAR-202212-0808, VAR-202212-0781, VAR-202212-0704

Trust: 4.0

Fetched: Dec. 9, 2022, 9:14 a.m., Published: Dec. 9, 2022, midnight
 Vulnerabilities: information disclosure, sql injection, authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2022-35843, CVE-2022-33876, CVE-2022-33875

Critical WhatsApp vulnerabilities patched: Check you've updated!

Trust: 4.5

Fetched: Dec. 9, 2022, 9:13 a.m., Published: Dec. 7, 2022, 6:01 p.m.
 Vulnerabilities: buffer overflow, integer overflow, memory corruption...
Affected productsExternal IDs
db: NVD ids: CVE-2022-36934, CVE-2022-27492

Cisco discloses high-severity IP phone bug with exploit code

Related entries in the VARIoT vulnerabilities database: VAR-202212-0864

Trust: 4.5

Fetched: Dec. 9, 2022, 9:12 a.m., Published: -
 Vulnerabilities: code execution, denial of service
Affected productsExternal IDs
vendor: cisco model: ip phones
vendor: cisco model: link layer discovery protocol
vendor: cisco model: ip phone
vendor: cisco model: ip phone 7800
vendor: cisco model: series
vendor: cisco model: voice vlan
db: NVD ids: CVE-2022-20968

Zerobot Weaponizes Numerous Flaws in Slew of IoT Devices

Trust: 3.0

Fetched: Dec. 9, 2022, 9:11 a.m., Published: Dec. 7, 2022, 10:35 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: huawei model: huawei

Why medical equipment vulnerability remediation is not one-size-fits-all - TRIMEDX

Trust: 3.0

Fetched: Dec. 9, 2022, 9:11 a.m., Published: Oct. 19, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs

Update now! Google patches Android vulnerability that allows remote code execution over Bluetooth

Trust: 5.5

Fetched: Dec. 9, 2022, 9:10 a.m., Published: Dec. 7, 2022, 7:08 p.m.
 Vulnerabilities: information disclosure, code execution
Affected productsExternal IDs
vendor: google model: android
vendor: samsung model: mobile devices
vendor: samsung model: android phone
vendor: samsung model: mobile
db: NVD ids: CVE-2022-20498, CVE-2022-20411, CVE-2022-20472, CVE-2022-20473

Forescout’s Vedere Labs Discloses Three New Vulnerabilities Affecting OT Products | UAE News 24/7

Related entries in the VARIoT vulnerabilities database: VAR-201501-0401

Trust: 4.5

Fetched: Dec. 7, 2022, 9:22 a.m., Published: Dec. 6, 2022, 1:25 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: codesys model: control
vendor: codesys model: codesys
vendor: codesys model: runtime
db: NVD ids: CVE-2022-31806, CVE-2022-3079, CVE-2014-9195, CVE-2022-3270, CVE-2022-22515, CVE-2022-31896, CVE-2022-4048

Google says Google should do a better job of patching Android phones | Ars Technica

Trust: 4.5

Fetched: Dec. 7, 2022, 9:22 a.m., Published: Nov. 28, 2022, 6:23 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
vendor: samsung model: exynos
vendor: samsung model: galaxy
db: NVD ids: CVE-2022-36449

Smart inverters’ vulnerability to cyberattack | EurekAlert!

Trust: 3.0

Fetched: Dec. 7, 2022, 9:21 a.m., Published: Nov. 29, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs

What Project Memoria Foretold about TCP/IP Security and Supply Chain Vulnerabilities - Security Boulevard

Trust: 3.75

Fetched: Dec. 7, 2022, 9:21 a.m., Published: Dec. 6, 2022, noon
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2020-7461, CVE-2020-11899

URGENT/11 vulnerabilities in VxWorks OS impact over 2 billion IoT devices - Latest Digital Transformation Trends | Cloud News | Wire19

Related entries in the VARIoT vulnerabilities database: VAR-201908-0712, VAR-201908-0702, VAR-201908-0714, VAR-201908-0713, VAR-201908-0701, VAR-201908-0715, VAR-201908-0706, VAR-201908-0705, VAR-201908-0699, VAR-201908-0703, VAR-201908-0704

Trust: 4.0

Fetched: Dec. 7, 2022, 9:19 a.m., Published: July 30, 2019, midnight
 Vulnerabilities: information leak
Affected productsExternal IDs
db: NVD ids: CVE-2019-12255, CVE-2019-12261, CVE-2019-12257, CVE-2019-12256, CVE-2019-12260, CVE-2019-12258, CVE-2019-12265, CVE-2019-12264, CVE-2019-12259, CVE-2019-12262, CVE-2019-12263