Sign-up

VARIoT news about IoT security

Researchers Devise Malware That Runs When an iPhone is Powered Off - ExtremeTech

Trust: 3.0

Fetched: June 6, 2022, 1:05 p.m., Published: May 18, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone

VMware vulnerabilities under attack, CISA urges action

Trust: 4.0

Fetched: June 6, 2022, 1:05 p.m., Published: May 19, 2022, midnight
 Vulnerabilities: authentication bypass, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2022-22973, CVE-2022-22960, CVE-2022-22954, CVE-2022-22972

NCC Warns of Damaging Vulnerabilities in AVAST & AVG Antivirus on Mobile Devices without Automatic Update - TechnologyMirror

Trust: 4.75

Fetched: June 6, 2022, 1:04 p.m., Published: May 23, 2022, 7:33 a.m.
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs
vendor: avast model: antivirus
db: NVD ids: CVE-2022-26522, CVE-2022-26523

Threat Brief: VMware Vulnerabilities Exploited in the Wild (CVE-2022-22954 and Others)

Related entries in the VARIoT vulnerabilities database: VAR-201803-1048

Trust: 4.25

Fetched: June 2, 2022, 9:22 a.m., Published: May 20, 2022, 6 a.m.
 Vulnerabilities: privilege escalation, code execution
Affected productsExternal IDs
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: palo model: firewall
vendor: palo model: networks
db: NVD ids: CVE-2022-22956, CVE-2022-22957, CVE-2022-22961, CVE-2022-22958, CVE-2022-22960, CVE-2022-22972, CVE-2022-22954, CVE-2022-22959, CVE-2022-22973, CVE-2017-17215, CVE-2022-22955

Update now! Multiple vulnerabilities patched in Google Chrome | Malwarebytes Labs

Trust: 5.5

Fetched: June 2, 2022, 9:22 a.m., Published: May 25, 2022, 11 a.m.
 Vulnerabilities: use after free
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: google chrome
db: NVD ids: CVE-2022-1853

Multiple vulnerabilities present in VMware products | Cyber.gov.au

Trust: 5.25

Fetched: June 2, 2022, 9:22 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2022-22972, CVE-2022-22973, CVE-2022-22954, CVE-2022-22960

Multiple Vulnerabilities in Google Android OS Could Allow for Escalation of Privilege

Trust: 3.25

Fetched: June 2, 2022, 9:22 a.m., Published: June 1, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

Google fixes two critical Pixel vulnerabilities: Get your updates when you can! | Malwarebytes Labs

Trust: 4.5

Fetched: June 2, 2022, 9:22 a.m., Published: May 5, 2022, 2:44 p.m.
 Vulnerabilities: code execution, memory corruption, information disclosure
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2022-20117, CVE-2022-20120, CVE-2021-35090

Microsoft Finds Critical Bugs in Pre-Installed Apps on Millions of Android Devices

Trust: 4.75

Fetched: June 2, 2022, 9:22 a.m., Published: May 28, 2022, 8:37 a.m.
 Vulnerabilities: privilege escalation, command injection
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2021-42600, CVE-2021-42598, CVE-2021-42599, CVE-2021-42601

Critical Zoom vulnerabilities fixed last week required no user interaction | Ars Technica

Trust: 4.75

Fetched: June 2, 2022, 9:22 a.m., Published: May 26, 2022, 12:10 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: zoom model: client
vendor: zoom model: zoom client
db: NVD ids: CVE-2022-22786, CVE-2022-22784

Apple Issues Emergency Fixes For Security Flaws In Millions Of Devices, Patch ASAP | HotHardware

Related entries in the VARIoT vulnerabilities database: VAR-202203-1579, VAR-202203-1580

Trust: 5.0

Fetched: June 2, 2022, 9:22 a.m., Published: May 17, 2022, 2:51 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: watchos
vendor: apple model: tvos
vendor: apple model: macos
db: NVD ids: CVE-2022-22674, CVE-2022-22675

Tesla electric cars can be hacked, researcher showcases digital lock's vulnerability | Electric Vehicles News | Zee News

Trust: 3.0

Fetched: June 2, 2022, 9:22 a.m., Published: May 21, 2022, 12:54 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: tesla model: model

5 Most Disruptive Vulnerability Types | Arctic Wolf

Trust: 5.5

Fetched: June 2, 2022, 9:22 a.m., Published: May 3, 2022, 12:46 p.m.
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
vendor: cisco model: aironet series
vendor: cisco model: aironet series access points
vendor: cisco model: aironet
vendor: cisco model: series
vendor: cisco model: access points
vendor: cisco model: cisco aironet series access points
db: NVD ids: CVE-2020-3260

Zyxel security advisory for OS command injection vulnerability of firewalls | Zyxel

Related entries in the VARIoT vulnerabilities database: VAR-202205-0957

Trust: 4.75

Fetched: June 2, 2022, 9:22 a.m., Published: May 12, 2022, 9:09 p.m.
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
db: NVD ids: CVE-2022-30525

Warning: F5 BIG-IP iControl REST vulnerability could lead to device takeover Risks | Cert

Related entries in the VARIoT vulnerabilities database: VAR-202205-0394

Trust: 3.0

Fetched: June 2, 2022, 9:22 a.m., Published: May 9, 2022, 12:50 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-1388

April 2022’s Most Wanted Malware: A Shake Up in the Index but Emotet is Still on Top - Check Point Software

Related entries in the VARIoT vulnerabilities database: VAR-201504-0262, VAR-201511-0079, VAR-201811-0489, VAR-201404-0551, VAR-201606-0254, VAR-202112-0566, VAR-201403-0506, VAR-201404-0287, VAR-202003-0310, VAR-201404-0286, VAR-201404-0288, VAR-202003-0311, VAR-201805-0262, VAR-201012-0060, VAR-201812-0620, VAR-202003-0309

Trust: 5.25

Fetched: June 2, 2022, 9:22 a.m., Published: May 10, 2022, 4:20 p.m.
 Vulnerabilities: input validation error, command injection, code execution...
Affected productsExternal IDs
vendor: dasan model: gpon routers
vendor: dasan model: gpon router
vendor: check point model: check point
vendor: google model: google chrome
vendor: google model: chrome
vendor: google model: android
db: NVD ids: CVE-2019-18952, CVE-2015-0666, CVE-2015-7254, CVE-2018-3948, CVE-2014-0780, CVE-2016-4523, CVE-2016-8530, CVE-2021-44228, CVE-2014-0130, CVE-2020-13756, CVE-2020-5410, CVE-2014-0094, CVE-2014-0113, CVE-2020-10827, CVE-2014-0112, CVE-2012-5469, CVE-2014-0114, CVE-2020-10828, CVE-2020-8260, CVE-2018-10561, CVE-2010-4598, CVE-2015-4068, CVE-2018-3949, CVE-2011-2474, CVE-2020-10826, CVE-2017-11512

Top Exploited Vulnerabilities in 2021

Related entries in the VARIoT vulnerabilities database: VAR-202008-0248, VAR-202112-0566

Trust: 3.75

Fetched: June 2, 2022, 9:22 a.m., Published: May 12, 2022, 11:19 a.m.
 Vulnerabilities: encryption flaw
Affected productsExternal IDs
db: NVD ids: CVE-2021-27065, CVE-2021-34473, CVE-2021-26855, CVE-2020-1472, CVE-2021-31207, CVE-2021-34523, CVE-2021-26084, CVE-2021-44228

Security vulnerabilities detected in Chrome, update browser now: Cert-In | Deccan Herald

Trust: 5.0

Fetched: June 2, 2022, 9:22 a.m., Published: May 2, 2022, 1:08 p.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: google model: chrome

Armis Discovers "TLStorm 2.0," Five Critical Vulnerabilities in Network Switches, Organizations Around the World at Risk

Related entries in the VARIoT vulnerabilities database: VAR-202203-0237

Trust: 5.25

Fetched: June 2, 2022, 9:22 a.m., Published: May 3, 2022, 10 a.m.
 Vulnerabilities: code execution, memory corruption
Affected productsExternal IDs
vendor: aruba model: web management portal
vendor: extremenetworks model: ers3500
vendor: palo model: networks
db: NVD ids: CVE-2022-23676, CVE-2022-22805, CVE-2022-23677, CVE-2022-29861, CVE-2022-29860

Cyber Security Today, May 11, 2022 - F5 BIG-IP devices under attack, a proposed settlement on a Clearview AI lawsuit and Colonial Pipeline may be fined | IT World Canada News

Trust: 3.0

Fetched: June 2, 2022, 9:22 a.m., Published: May 11, 2022, 12:36 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: nokia model: impact