Sign-up

VARIoT news about IoT security

Patch: Zoom chat messages can infect devices with malware • The Register

Trust: 4.75

Fetched: June 1, 2022, 8:58 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: zoom model: client
vendor: zoom model: zoom
vendor: zoom model: zoom client
vendor: google model: android
db: NVD ids: CVE-2022-22787

Hackers can take over device without privileges - NCC warns mobile phone users - Daily Post Nigeria

Trust: 4.75

Fetched: June 1, 2022, 8:58 a.m., Published: May 22, 2022, 4:59 p.m.
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs
vendor: avast model: antivirus
db: NVD ids: CVE-2022-26522, CVE-2022-26523

Apple users alert! Device could be hacked if not updated, claims CERT-In advisory

Trust: 4.75

Fetched: June 1, 2022, 8:58 a.m., Published: May 1, 2022, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: apple model: watch
vendor: apple model: mac os

CVE-2022-29127 - Security Update Guide - Microsoft - BitLocker Security Feature Bypass Vulnerability

Trust: 4.0

Fetched: June 1, 2022, 8:58 a.m., Published: -
 Vulnerabilities: security feature bypass, feature bypass
Affected productsExternal IDs
db: NVD ids: CVE-2022-29127

Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Vulnerability Spotlight: How an attacker could chain several vulnerabilities in an industrial wireless router to gain root access

Related entries in the VARIoT vulnerabilities database: VAR-202205-1035

Trust: 5.25

Fetched: June 1, 2022, 8:58 a.m., Published: May 1, 2022, midnight
 Vulnerabilities: privilege escalation, cross-site scripting, buffer overflow...
Affected productsExternal IDs
vendor: cisco model: router
vendor: snort.org model: snort
vendor: snort model: snort
db: NVD ids: CVE-2022-27172

Critical F5 BIG-IP Flaw Actively Exploited by Hackers | eSecurityPlanet

Related entries in the VARIoT vulnerabilities database: VAR-202205-0394

Trust: 4.0

Fetched: June 1, 2022, 8:58 a.m., Published: May 12, 2022, 9:42 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2022-1388

This unpatched DNS bug could put 'well-known' IoT devices at risk | ZDNet

Trust: 3.0

Fetched: June 1, 2022, 8:58 a.m., Published: June 5, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: axis model: communications

SentinelOne unveils severe zero-day vulnerabilities in Avast and AVG - Techzine Europe

Trust: 6.0

Fetched: June 1, 2022, 8:58 a.m., Published: May 5, 2022, 10:31 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: avast model: antivirus
db: NVD ids: CVE-2022-26522, CVE-2022-26523

Vulnerabilities (CVE) - OpenCVE

Trust: 3.0

Fetched: June 1, 2022, 8:58 a.m., Published: April 6, 2022, midnight
 Vulnerabilities: sql injection, cross-site scripting, improper validation...
Affected productsExternal IDs

Sophos Firewall v19.0 GA Resolves Security Vulnerabilities (CVE-2022-1040, CVE-2021-25268, CVE-2021-25267, CVE-2022-0331) | Sophos

Trust: 4.5

Fetched: June 1, 2022, 8:58 a.m., Published: June 19, 2022, midnight
 Vulnerabilities: authentication bypass, code execution, privilege escalation...
Affected productsExternal IDs
db: NVD ids: CVE-2022-1040, CVE-2021-25268, CVE-2022-0331, CVE-2021-25267

NVD - CVE-2022-30525

Related entries in the VARIoT vulnerabilities database: VAR-202205-0957

Trust: 3.75

Fetched: June 1, 2022, 8:58 a.m., Published: June 5, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: zyxel model: atp800
vendor: zyxel model: atp500_firmware
vendor: zyxel model: atp200
vendor: zyxel model: usg20w-vpn_firmware
vendor: zyxel model: atp500
vendor: zyxel model: vpn50_firmware
vendor: zyxel model: vpn50
vendor: zyxel model: usg20w-vpn
vendor: zyxel model: vpn100_firmware
vendor: zyxel model: atp800_firmware
vendor: zyxel model: vpn1000
vendor: zyxel model: vpn300_firmware
vendor: zyxel model: atp200_firmware
vendor: zyxel model: atp100
vendor: zyxel model: vpn100
vendor: zyxel model: vpn1000_firmware
vendor: zyxel model: vpn300
vendor: zyxel model: atp100_firmware
db: NVD ids: CVE-2022-30525

Vulnerabilities (CVE) - OpenCVE

Trust: 4.5

Fetched: June 1, 2022, 8:58 a.m., Published: April 6, 2022, midnight
 Vulnerabilities: memory corruption, privilege escalation, cross-site scripting...
Affected productsExternal IDs
vendor: cisco model: firepower threat defense
vendor: cisco model: cisco 7600 series
vendor: cisco model: series
vendor: cisco model: series industrial security appliance
vendor: cisco model: asa 5500 series
vendor: cisco model: ftd virtual
vendor: cisco model: firepower 2100
vendor: cisco model: catalyst
vendor: cisco model: cisco catalyst 6500 series
vendor: cisco model: 7600 series
vendor: cisco model: adaptive security appliance
vendor: cisco model: firepower
vendor: cisco model: adaptive security virtual appliance
vendor: cisco model: asa 5500
vendor: cisco model: asa software
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: catalyst 6500
vendor: cisco model: ios 12.4
vendor: cisco model: catalyst 6500 series
vendor: cisco model: industrial security appliance
vendor: cisco model: firepower 9300
vendor: cisco model: routers
vendor: cisco model: series switches
vendor: cisco model: series routers
vendor: aruba model: aruba instant
vendor: aruba model: instant
vendor: aruba model: instant access point

Threat Actors Exploiting F5 BIG-IP CVE-2022-1388 | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202205-0394

Trust: 3.75

Fetched: June 1, 2022, 8:58 a.m., Published: June 16, 2022, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2022-1388

Critical flaws in 'millions of Aruba, Avaya switches' • The Register

Trust: 5.75

Fetched: June 1, 2022, 8:58 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: extreme model: ers3500
vendor: aruba model: web management portal
vendor: extreme networks model: ers3500
db: NVD ids: CVE-2022-23676, CVE-2022-29861, CVE-2022-23677, CVE-2022-29860

These popular VPNs, firewalls are actively under attack | TechRadar

Related entries in the VARIoT vulnerabilities database: VAR-202205-0957

Trust: 4.0

Fetched: June 1, 2022, 8:58 a.m., Published: May 16, 2022, 5:34 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2022-30525

Rapid7 discovers critical vulnerability in Zyxel firewalls - Techzine Europe

Related entries in the VARIoT vulnerabilities database: VAR-202205-0957

Trust: 5.0

Fetched: June 1, 2022, 8:58 a.m., Published: June 6, 2022, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2022-30525

Vulnerability Alert: TLStorm 2

Trust: 3.75

Fetched: June 1, 2022, 8:58 a.m., Published: May 4, 2022, midnight
 Vulnerabilities: code execution, authentication bypass
Affected productsExternal IDs

Exploits created for critical F5 BIG-IP flaw, install patch immediately

Related entries in the VARIoT vulnerabilities database: VAR-202205-0394

Trust: 4.75

Fetched: June 1, 2022, 8:58 a.m., Published: June 1, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2022-1388

When “secure” isn’t secure at all: High‑impact UEFI vulnerabilities discovered in Lenovo consumer laptops | WeLiveSecurity

Trust: 4.25

Fetched: June 1, 2022, 8:16 a.m., Published: April 19, 2022, 9:30 a.m.
 Vulnerabilities: code execution, memory corruption
Affected productsExternal IDs
vendor: ring model: ring
vendor: lenovo model: 110-15ibr
vendor: lenovo model: updates
vendor: lenovo model: bios
vendor: lenovo model: 330-15igm
vendor: lenovo model: system
vendor: lenovo model: power management
vendor: lenovo model: yoga
db: NVD ids: CVE-2021-3972, CVE-2021-3971, CVE-2021-3970

Microsoft Security Bulletins: March 2022

Related entries in the VARIoT vulnerabilities database: VAR-202203-0039, VAR-202009-1442, VAR-202203-0090, VAR-202006-1623

Trust: 5.25

Fetched: June 1, 2022, 8:16 a.m., Published: March 1, 2022, midnight
 Vulnerabilities: code execution, information disclosure, denial of service
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome
db: NVD ids: CVE-2022-24464, CVE-2022-23277, CVE-2022-24452, CVE-2022-24457, CVE-2022-24461, CVE-2022-24508, CVE-2022-23285, CVE-2022-24453, CVE-2022-21967, CVE-2022-24509, CVE-2022-24462, CVE-2022-24501, CVE-2022-21990, CVE-2022-23297, CVE-2022-24526, CVE-2022-23288, CVE-2022-24502, CVE-2022-24455, CVE-2022-22006, CVE-2022-23299, CVE-2022-23296, CVE-2020-8927, CVE-2022-23283, CVE-2022-23290, CVE-2022-23287, CVE-2022-24463, CVE-2022-24454, CVE-2022-24512, CVE-2022-24503, CVE-2022-24505, CVE-2022-24451, CVE-2022-24511, CVE-2022-23295, CVE-2022-23282, CVE-2022-22010, CVE-2022-23294, CVE-2022-24522, CVE-2022-24510, CVE-2020-9827, CVE-2022-21977, CVE-2022-24460, CVE-2022-23284, CVE-2022-24459, CVE-2022-24507, CVE-2022-23293, CVE-2022-23253, CVE-2022-24456, CVE-2022-23300, CVE-2022-23291, CVE-2022-21973, CVE-2022-22007, CVE-2022-23301, CVE-2022-21975, CVE-2022-23298, CVE-2022-24525, CVE-2022-23286, CVE-2022-23281