VARIoT latest news about IoT security

Over 75 Vulnerabilities Patched in Android With December 2022 Security Updates \| SecurityWeek.Com Trust: 5.5 Fetched: Jan. 6, 2023, 9:13 a.m., Published: -	Vulnerabilities: privilege escalation, information disclosure, code execution

Affected products

External IDs

vendor:	google	model:	pixel
vendor:	google	model:	android

db:

NVD

ids:

CVE-2022-20411, CVE-2022-20472, CVE-2022-20473, CVE-2022-20498

Cisco IP Phone Zero-Day Vulnerability Disclosed \| SecureTeam Related entries in the VARIoT vulnerabilities database: VAR-202212-0864 Trust: 4.5 Fetched: Jan. 6, 2023, 9:13 a.m., Published: Dec. 23, 2022, 4:05 p.m.	Vulnerabilities: denial of service, code execution

Affected products

External IDs

vendor:	essential	model:	phone
vendor:	cisco	model:	series
vendor:	cisco	model:	ip phone
vendor:	cisco	model:	link layer discovery protocol
vendor:	cisco	model:	ip phone series
vendor:	cisco	model:	voice vlan
vendor:	cisco	model:	ip phone 7800

db:

NVD

ids:

CVE-2022-20968

Google patches 60 vulnerabilities in first Android update of 2023 Related entries in the VARIoT vulnerabilities database: VAR-202301-0249 Trust: 4.75 Fetched: Jan. 6, 2023, 9:13 a.m., Published: Jan. 5, 2023, 2:34 p.m.	Vulnerabilities: memory corruption, buffer overflow, code execution

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2022-42720, CVE-2022-42721, CVE-2022-42719, CVE-2022-22088, CVE-2022-41674

Cisco Firepower Management Center and Firepower Threat Defense Software SSH Denial of Service Vulnerability - Cisco Trust: 3.75 Fetched: Jan. 6, 2023, 9:12 a.m., Published: Dec. 23, 2022, 10:07 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	cisco firepower management center
vendor:	cisco	model:	firepower
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	firepower threat defense software
vendor:	cisco	model:	firepower management center
vendor:	cisco	model:	asa software

Android Security Bulletin-January 2023 \| Android Open Source Project Related entries in the VARIoT vulnerabilities database: VAR-202301-0205, VAR-202301-0235, VAR-202301-0230, VAR-202301-0215, VAR-202301-0249 Trust: 4.25 Fetched: Jan. 6, 2023, 9:11 a.m., Published: Jan. 6, 2023, midnight	Vulnerabilities: information disclosure, denial of service, code execution

Affected products

External IDs

vendor:	samsung	model:	mobile
vendor:	samsung	model:	notes
vendor:	huawei	model:	huawei
vendor:	google	model:	pixel
vendor:	google	model:	android
vendor:	motorola	model:	android
vendor:	motorola	model:	motorola

db:

NVD

ids:

CVE-2022-20235, CVE-2022-33286, CVE-2023-20916, CVE-2022-20493, CVE-2022-33266, CVE-2022-44429, CVE-2022-33285, CVE-2022-44430, CVE-2022-33252, CVE-2023-20904, CVE-2022-44436, CVE-2023-20913, CVE-2022-33255, CVE-2022-32636, CVE-2022-33283, CVE-2022-20456, CVE-2023-20912, CVE-2022-20494, CVE-2023-20922, CVE-2023-20921, CVE-2022-44438, CVE-2022-25746, CVE-2021-35134, CVE-2022-20492, CVE-2023-20919, CVE-2022-44426, CVE-2022-44425, CVE-2022-32637, CVE-2022-20489, CVE-2022-33253, CVE-2023-20920, CVE-2022-20461, CVE-2023-20918, CVE-2022-23960, CVE-2023-20908, CVE-2022-44434, CVE-2022-33276, CVE-2022-20490, CVE-2023-20905, CVE-2022-44427, CVE-2021-35097, CVE-2022-33284, CVE-2023-20915, CVE-2022-44435, CVE-2022-44428, CVE-2022-32635, CVE-2022-44432, CVE-2022-44437, CVE-2021-35113, CVE-2022-25725, CVE-2022-44431, CVE-2022-22088, CVE-2022-33274

F5 Networks BIG-IP : iControl SOAP vulnerability (K94221585) V... \| Tenable® Related entries in the VARIoT vulnerabilities database: VAR-202211-1139 Trust: 3.25 Fetched: Jan. 4, 2023, 9:16 a.m., Published: Jan. 1, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2022-41622

CVE.report on Twitter: "CVE-2022-38757 : A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions e.g., install a bundle on a set of managed devices,... https://t.co/aAEyAfiJmP" / Twitter Trust: 3.0 Fetched: Jan. 4, 2023, 9:15 a.m., Published: Jan. 4, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2022-38757

Google Home security vulnerability allowed hackers to listen to conversations • xtouch.ae Trust: 3.75 Fetched: Jan. 4, 2023, 9:15 a.m., Published: Jan. 3, 2023, 10:02 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	google home
vendor:	google	model:	home
vendor:	google	model:	android

Rewterz Threat Advisory - Multiple VMware vRealize Operations (vROps) Vulnerabilities \| Rewterz Trust: 4.25 Fetched: Jan. 4, 2023, 9:15 a.m., Published: Dec. 19, 2022, 9:02 a.m.	Vulnerabilities: improper access control

Affected products

External IDs

db:

NVD

ids:

CVE-2022-31708, CVE-2022-31707

Apple Devices Have a Significant Vulnerability (So Here’s How to Fix It) - Hackensack, NJ \| Net It On Trust: 3.0 Fetched: Jan. 4, 2023, 9:15 a.m., Published: Jan. 2, 2023, 6:02 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

macos

Forescout uncovers new vulnerabilities affecting OT products Trust: 3.5 Fetched: Jan. 4, 2023, 9:14 a.m., Published: Jan. 3, 2023, 11:36 a.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	codesys	model:	runtime
vendor:	codesys	model:	control
vendor:	codesys	model:	codesys

Several DoS, Code Execution Vulnerabilities Found in Rockwell Automation Controllers \| SecurityWeek.Com Related entries in the VARIoT vulnerabilities database: VAR-202212-2066, VAR-202212-1782 Trust: 5.5 Fetched: Jan. 4, 2023, 9:14 a.m., Published: Jan. 4, 2022, midnight	Vulnerabilities: cross-site scripting, code execution

Affected products

External IDs

vendor:	rockwell	model:	micrologix
vendor:	rockwell	model:	studio 5000
vendor:	rockwell	model:	rslinx
vendor:	rockwell	model:	controllogix controllers
vendor:	rockwell	model:	controllogix
vendor:	rockwell	model:	compactlogix
vendor:	rockwell	model:	guardlogix
vendor:	rockwell	model:	micrologix 1100
vendor:	rockwell automation	model:	micrologix
vendor:	rockwell automation	model:	studio 5000
vendor:	rockwell automation	model:	rslinx
vendor:	rockwell automation	model:	controllogix controllers
vendor:	rockwell automation	model:	controllogix
vendor:	rockwell automation	model:	compactlogix
vendor:	rockwell automation	model:	guardlogix
vendor:	rockwell automation	model:	micrologix 1100

db:

NVD

ids:

CVE-2022-3156, CVE-2022-3157, CVE-2022-46670, CVE-2022-3166

Google Home security vulnerability allowed hackers to listen to conversations Trust: 3.75 Fetched: Jan. 4, 2023, 9:14 a.m., Published: Jan. 11, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	google home
vendor:	google	model:	android
vendor:	google	model:	home

Apple Devices Have a Significant Vulnerability (So Here’s How to Fix It) - Computerware Blog \| DC Metro \| Computerware Trust: 3.0 Fetched: Jan. 4, 2023, 9:13 a.m., Published: Jan. 4, 8480, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

macos

ABB Oil and Gas Flow Computer Hack Can Prevent Utilities From Billing Customers \| SecurityWeek.Com Trust: 6.0 Fetched: Jan. 4, 2023, 9:13 a.m., Published: Jan. 4, 2022, midnight	Vulnerabilities: path traversal

Affected products

External IDs

vendor:

moxa

model:

mxview

db:

NVD

ids:

CVE-2022-0902

Network security threats and vulnerabilities \| NordLayer Learn Trust: 3.5 Fetched: Jan. 4, 2023, 9:12 a.m., Published: Jan. 1, 2023, midnight	Vulnerabilities: denial of service, sql injection

Affected products	External IDs

Healthcare vulnerability management 101 - IoMT, IoT, OT & IT \| Armis Trust: 3.75 Fetched: Jan. 4, 2023, 9:11 a.m., Published: Jan. 3, 2023, 4 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

raspberry pi

model:

3

Vulnérabilité CVE-2022-41720 CVE Vulnerability Trust: 4.0 Fetched: Jan. 3, 2023, 9:26 a.m., Published: Jan. 7, 2023, midnight	Vulnerabilities: directory traversal

Affected products

External IDs

db:

NVD

ids:

CVE-2022-41720

Netgear’s vulnerability in devices, operated at stage before authentication \| Altus Intel Related entries in the VARIoT vulnerabilities database: VAR-202212-2397 Trust: 4.0 Fetched: Jan. 3, 2023, 9:26 a.m., Published: Jan. 3, 2023, 5:39 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	netgear	model:	r8000p
vendor:	netgear	model:	r6700v3
vendor:	netgear	model:	r6400v2
vendor:	netgear	model:	rax35
vendor:	netgear	model:	rax40
vendor:	netgear	model:	r7000p
vendor:	netgear	model:	r6900p
vendor:	netgear	model:	r7000

db:

NVD

ids:

CVE-2022-48196

Cisco Revealed A Security Bug In Its Ip Phones Series 7800 And 8800 \| techdatu Related entries in the VARIoT vulnerabilities database: VAR-202212-0864 Trust: 5.75 Fetched: Jan. 3, 2023, 9:26 a.m., Published: Dec. 25, 2022, midnight	Vulnerabilities: input validation vulnerability

Affected products

External IDs

vendor:	cisco	model:	ip phones
vendor:	cisco	model:	link layer discovery protocol
vendor:	cisco	model:	series
vendor:	cisco	model:	ip phone 7800
vendor:	cisco	model:	ip phone

db:

NVD

ids:

CVE-2022-20968

VARIoT news about IoT security