VARIoT latest news about IoT security

Access Denied Trust: 3.25 Fetched: Nov. 13, 2022, 9:23 a.m., Published: Nov. 13, 4017, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

chrome

Lenovo driver goof poses security risk for users of 25 notebook models \| Ars Technica Trust: 3.5 Fetched: Nov. 13, 2022, 9:22 a.m., Published: Nov. 25, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	lenovo	model:	bios
vendor:	lenovo	model:	yoga
vendor:	lenovo	model:	system
vendor:	lenovo	model:	notebook
vendor:	lenovo	model:	updates

db:

NVD

ids:

CVE-2022-3432, CVE-2022-3430, CVE-2022-3431

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution Trust: 3.5 Fetched: Nov. 13, 2022, 9:21 a.m., Published: Nov. 9, 2022, midnight	Vulnerabilities: code execution

Affected products	External IDs

Why You Need a Data-driven Approach to Vulnerability Management \| Lookout Trust: 3.5 Fetched: Nov. 13, 2022, 9:20 a.m., Published: Nov. 12, 2022, midnight	Vulnerabilities: information exposure

Affected products

External IDs

vendor:	trend	model:	security
vendor:	trend	model:	antivirus

Android Security Bulletin-September 2022 \| Android Open Source Project Related entries in the VARIoT vulnerabilities database: VAR-202201-0395, VAR-202209-0347, VAR-202209-0276, VAR-202209-0195, VAR-202209-0304, VAR-202209-0395, VAR-202209-0274, VAR-202209-0305, VAR-202201-0426, VAR-202202-0101, VAR-202201-0414 Trust: 4.25 Fetched: Nov. 13, 2022, 9:13 a.m., Published: Sept. 13, 2022, midnight	Vulnerabilities: information disclosure, denial of service, code execution

Affected products

External IDs

vendor:	huawei	model:	huawei
vendor:	motorola	model:	android
vendor:	motorola	model:	motorola
vendor:	google	model:	android
vendor:	google	model:	wifi
vendor:	google	model:	pixel
vendor:	samsung	model:	mobile
vendor:	samsung	model:	notes

db:

NVD

ids:

CVE-2022-23852, CVE-2022-25688, CVE-2022-20388, CVE-2022-22066, CVE-2022-22089, CVE-2021-0871, CVE-2022-25696, CVE-2022-22074, CVE-2022-22094, CVE-2022-20391, CVE-2022-25708, CVE-2022-22091, CVE-2022-25669, CVE-2022-20390, CVE-2022-20389, CVE-2022-20385, CVE-2022-29582, CVE-2022-26447, CVE-2022-20393, CVE-2022-20197, CVE-2022-22092, CVE-2021-0943, CVE-2022-22081, CVE-2022-25686, CVE-2022-25690, CVE-2022-20387, CVE-2022-22093, CVE-2021-4083, CVE-2022-20396, CVE-2022-20395, CVE-2021-0942, CVE-2022-20392, CVE-2022-23990, CVE-2022-25314, CVE-2022-22822, CVE-2021-0697, CVE-2022-20386, CVE-2022-20218, CVE-2022-20399, CVE-2022-20398

Apple releases emergency patch for two iPhone, Mac zero-day vulnerabilities being exploited - The Record by Recorded Future Trust: 3.25 Fetched: Nov. 13, 2022, 9:13 a.m., Published: Aug. 19, 2022, 8:29 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

iphone

What is an Application Vulnerability? - Check Point Software Trust: 3.5 Fetched: Nov. 13, 2022, 9:11 a.m., Published: Sept. 20, 2022, 4:53 p.m.	Vulnerabilities: request forgery, denial of service

Affected products

External IDs

vendor:

check point

model:

check point

Zero-Day Code Injection Detection Using Machine Learning Related entries in the VARIoT vulnerabilities database: VAR-202206-0973, VAR-202206-0004 Trust: 5.25 Fetched: Nov. 13, 2022, 9:11 a.m., Published: Sept. 16, 2022, 1 p.m.	Vulnerabilities: command injection, injection attack, code execution...

Affected products

External IDs

vendor:	palo	model:	networks
vendor:	palo	model:	firewall
vendor:	tenda	model:	router
vendor:	tenda	model:	ac18
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	firewall

db:

NVD

ids:

CVE-2022-31446, CVE-2022-26134, CVE-2022-34265, CVE-2022-0332

Information disclosure in Microsoft Network Device Enrollment Service (NDES) Trust: 4.25 Fetched: Nov. 13, 2022, 9:10 a.m., Published: Sept. 14, 2022, midnight	Vulnerabilities: information disclosure

Affected products

External IDs

db:

NVD

ids:

CVE-2022-37959

Aiphone Door Access Control Devices Vulnerable to Routine Hacking Technique via NFC \| Spiceworks 1 Trust: 3.75 Fetched: Nov. 13, 2022, 9:10 a.m., Published: Nov. 11, 2022, midnight	Vulnerabilities: account lockout

Affected products

External IDs

db:

NVD

ids:

CVE-2022-40903

Zoom Fixes Severe Security Vulnerability for Mac Users \| ComTech Computer Services, Inc. Trust: 3.75 Fetched: Nov. 11, 2022, 9:30 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	zoom	model:	zoom client
vendor:	zoom	model:	client

db:

NVD

ids:

CVE-2022-28762

OpenSSL project reveals details around pair of vulnerabilities as it downgrades severity \| SC Media Trust: 5.0 Fetched: Nov. 11, 2022, 9:30 a.m., Published: Nov. 1, 2022, 11:39 p.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2022-3602, CVE-2022-3786

Vulnerabilities in Citrix Gateway and Citrix ADC. - Zest Related entries in the VARIoT vulnerabilities database: VAR-202211-0998, VAR-202211-0882, VAR-202211-0767 Trust: 3.75 Fetched: Nov. 11, 2022, 9:29 a.m., Published: Nov. 10, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	citrix systems	model:	gateway
vendor:	citrix	model:	gateway

db:

NVD

ids:

CVE-2022-27513, CVE-2022-27516, CVE-2022-27510

Fortinet Admits Many Devices Still Unprotected Against Exploited Vulnerability \| SecurityWeek.Com Related entries in the VARIoT vulnerabilities database: VAR-202210-0198 Trust: 4.0 Fetched: Nov. 11, 2022, 9:28 a.m., Published: Nov. 11, 2022, midnight	Vulnerabilities: authentication bypass

Affected products

External IDs

db:

NVD

ids:

CVE-2022-40684

Google releases labeling guidelines to help secure IoT devices at the network’s edge \| VentureBeat Trust: 3.75 Fetched: Nov. 11, 2022, 9:28 a.m., Published: Nov. 2, 2022, 9:49 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:

google

model:

android

A dangerous vulnerability found in popular laptops \| Div Bracket Trust: 3.75 Fetched: Nov. 11, 2022, 9:26 a.m., Published: Nov. 11, 2022, 3:34 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	lenovo	model:	system
vendor:	lenovo	model:	updates

db:

NVD

ids:

CVE-2022-3431, CVE-2022-3432, CVE-2022-3430

ESET found Lenovo Windows 11 and 10 laptops have Secure Boot vulnerability, BIOS update out - Neowin Trust: 3.75 Fetched: Nov. 11, 2022, 9:26 a.m., Published: Nov. 11, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	lenovo	model:	bios
vendor:	lenovo	model:	system
vendor:	lenovo	model:	notebook

db:

NVD

ids:

CVE-2022-3431, CVE-2022-3432, CVE-2022-3430

Multiple Vulnerabilities in VMware Workspace ONE Assist Could Allow for Privilege Escalation Trust: 3.25 Fetched: Nov. 11, 2022, 9:26 a.m., Published: Nov. 9, 2022, midnight	Vulnerabilities: privilege escalation

Affected products	External IDs

Critical UEFI Firmware Vulnerabilities Detected in Specific Lenovo Notebook Models - BRANDEFENSE Trust: 3.5 Fetched: Nov. 11, 2022, 9:25 a.m., Published: Nov. 10, 2022, 1:09 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

lenovo

model:

notebook

Internet of Things (IoT) Security: Next-Generation Protection - Dgtl Infra Trust: 4.25 Fetched: Nov. 11, 2022, 9:25 a.m., Published: Oct. 31, 2022, 7 a.m.	Vulnerabilities: command injection, code execution

Affected products

External IDs

vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	firewall
vendor:	tesla	model:	model
vendor:	palo	model:	networks
vendor:	palo	model:	firewall

VARIoT news about IoT security