VARIoT latest news about IoT security

Binarly Discovers 16 New, High-Impact Vulnerabilities in Firmware Affecting HP Enterprise Devices Trust: 3.75 Fetched: May 13, 2022, 10:50 a.m., Published: March 8, 2022, midnight	Vulnerabilities: code execution, privilege escalation, buffer overflow...

Affected products

External IDs

db:

NVD

ids:

CVE-2022-23924, CVE-2021-39300, CVE-2022-23928, CVE-2021-39301, CVE-2021-39299, CVE-2022-23931, CVE-2022-23934, CVE-2021-39298, CVE-2022-23927, CVE-2021-39297, CVE-2022-23929, CVE-2022-23925, CVE-2022-23926, CVE-2022-23930, CVE-2022-23932, CVE-2022-23933

Cyble - Critical Vulnerabilities in Serial-to-Ethernet Devices Trust: 3.25 Fetched: May 13, 2022, 10:50 a.m., Published: Feb. 17, 2022, 11:15 a.m.	Vulnerabilities: resource exhaustion, information exposure

Affected products

External IDs

vendor:	moxa	model:	nport 5110
vendor:	moxa	model:	nport

Vulnerabilities Identified in Wyze Cam IoT Device Related entries in the VARIoT vulnerabilities database: VAR-202203-1706, VAR-202203-1880 Trust: 7.0 Fetched: May 13, 2022, 10:50 a.m., Published: April 10, 2022, midnight	Vulnerabilities: buffer overflow

Affected products

External IDs

vendor:

netgear

model:

orbi

db:

NVD

ids:

CVE-2019-12266, CVE-2019-9564

Here’s Why Apple Device Vulnerabilities Just Skyrocketed A Startling 467 Percent \| HotHardware Related entries in the VARIoT vulnerabilities database: VAR-202108-1057 Trust: 4.75 Fetched: May 13, 2022, 10:50 a.m., Published: April 14, 2022, 12:30 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	safari
vendor:	apple	model:	macos
vendor:	trend	model:	security
vendor:	huawei	model:	huawei

db:

NVD

ids:

CVE-2021-30860

Are All Apple Devices Vulnerable to Pegasus? Related entries in the VARIoT vulnerabilities database: VAR-202108-1057 Trust: 3.5 Fetched: May 13, 2022, 10:50 a.m., Published: April 14, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	macos
vendor:	apple	model:	watchos
vendor:	apple	model:	iphone

db:

NVD

ids:

CVE-2021-30860

NVD - CVE-2022-0018 Trust: 5.5 Fetched: May 13, 2022, 10:50 a.m., Published: April 5, 2022, midnight	Vulnerabilities: information exposure

Affected products

External IDs

vendor:	palo	model:	networks globalprotect
vendor:	palo	model:	palo alto networks globalprotect
vendor:	palo	model:	networks
vendor:	apple	model:	macos
vendor:	paloaltonetworks	model:	networks globalprotect
vendor:	paloaltonetworks	model:	palo alto networks globalprotect
vendor:	paloaltonetworks	model:	networks
vendor:	palo alto networks	model:	networks globalprotect
vendor:	palo alto networks	model:	palo alto networks globalprotect
vendor:	palo alto networks	model:	networks

db:

NVD

ids:

CVE-2022-0018

Google Android : List of security vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-202203-1012, VAR-202203-1029, VAR-202204-1532, VAR-202203-0318, VAR-202203-0306, VAR-202203-0322, VAR-202203-0319 Trust: 5.25 Fetched: May 13, 2022, 10:50 a.m., Published: April 21, 2050, midnight	Vulnerabilities: code execution, buffer overflow, use after free...

Affected products

External IDs

vendor:	samsung	model:	knox
vendor:	google	model:	android
vendor:	google	model:	home

db:

NVD

ids:

CVE-2022-27573, CVE-2022-26090, CVE-2022-27825, CVE-2022-24932, CVE-2022-24931, CVE-2022-27824, CVE-2022-27570, CVE-2022-25817, CVE-2022-25833, CVE-2022-26092, CVE-2022-27822, CVE-2022-25816, CVE-2022-27576, CVE-2022-24925, CVE-2022-25818, CVE-2022-27823, CVE-2022-24001, CVE-2022-26093, CVE-2022-27572, CVE-2022-25815, CVE-2022-27836, CVE-2022-27831, CVE-2022-27828, CVE-2022-27829, CVE-2022-27830, CVE-2022-27575, CVE-2022-27826, CVE-2022-27569, CVE-2022-26094, CVE-2022-26096, CVE-2022-24928, CVE-2022-26091, CVE-2022-26098, CVE-2022-27567, CVE-2022-27827, CVE-2022-26095, CVE-2022-27568, CVE-2022-24929, CVE-2022-27832, CVE-2022-27574, CVE-2022-25831, CVE-2022-27571, CVE-2022-25832, CVE-2022-25822, CVE-2022-25814, CVE-2022-26097, CVE-2022-26099, CVE-2022-27821, CVE-2022-27835, CVE-2022-25820

Spring4Shell Vulnerability Exploited To Spread Mirai Botnet Malware, According to Security Researchers - CPO Magazine Trust: 4.25 Fetched: May 13, 2022, 10:50 a.m., Published: April 15, 2022, 9:45 a.m.	Vulnerabilities: code execution, password guessing, denial of service

Affected products

External IDs

vendor:	palo	model:	networks
vendor:	trend micro	model:	security
vendor:	trend	model:	security
vendor:	palo alto networks	model:	networks

Healthcare IoT, Medical Device Vulnerability Disclosures Skyrocket Trust: 3.5 Fetched: May 13, 2022, 10:50 a.m., Published: March 4, 2022, 1:30 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	trend	model:	security
vendor:	palo alto networks	model:	networks
vendor:	palo	model:	networks

IoT/connected Device Discovery and Security Auditing in Corporate Networks Trust: 4.75 Fetched: May 13, 2022, 10:50 a.m., Published: Feb. 7, 2022, 9:20 a.m.	Vulnerabilities: default credentials

Affected products

External IDs

vendor:

trend

model:

security

More Lexmark device vulnerabilities (wrap-up Feb. 2022) \| Born's Tech and Windows World Related entries in the VARIoT vulnerabilities database: VAR-202201-0782, VAR-202201-1528, VAR-202201-0780 Trust: 6.0 Fetched: May 13, 2022, 10:50 a.m., Published: Feb. 12, 2022, 10:51 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:

lexmark

model:

printer

db:

NVD

ids:

CVE-2021-44734, CVE-2021-44735, CVE-2021-44738

16 Vulnerabilities Found in Firmware of HP Enterprise Devices \| SecurityWeek.Com Trust: 4.5 Fetched: May 13, 2022, 10:50 a.m., Published: April 16, 2022, midnight	Vulnerabilities: privilege escalation, information disclosure, memory corruption...

Affected products

External IDs

vendor:	lenovo	model:	edge
vendor:	lenovo	model:	system
vendor:	lenovo	model:	desktop
vendor:	lenovo	model:	updates

Lenovo patches UEFI firmware vulnerabilities impacting millions of users \| ZDNet Trust: 4.75 Fetched: May 13, 2022, 10:50 a.m., Published: April 5, 2022, midnight	Vulnerabilities: memory corruption

Affected products

External IDs

vendor:	lenovo	model:	updates
vendor:	lenovo	model:	bios
vendor:	lenovo	model:	yoga
vendor:	lenovo	model:	notebook
vendor:	lenovo	model:	system
vendor:	lenovo	model:	power management
vendor:	lenovo	model:	flex

db:

NVD

ids:

CVE-2021-3972, CVE-2021-3971, CVE-2021-3970

The Spring4Shell Vulnerability: Overview, Detection, and Remediation \| Datadog Related entries in the VARIoT vulnerabilities database: VAR-202203-1506 Trust: 3.75 Fetched: May 13, 2022, 10:50 a.m., Published: April 1, 2022, midnight	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2022-22965, CVE-2022-22963

What Is Device Vulnerability Management? \| Endpoint Trust: 5.75 Fetched: May 13, 2022, 10:50 a.m., Published: Feb. 3, 2022, 1:15 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

trend

model:

security

db:

NVD

ids:

CVE-2022-23728, CVE-2019-0708

Cisco : Security vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-202201-1480, VAR-202202-1727, VAR-202111-1197, VAR-202202-1098, VAR-202111-0401, VAR-202110-1351, VAR-202110-1376, VAR-202201-1485, VAR-202110-0618, VAR-202202-1102, VAR-202201-1474, VAR-202201-1479, VAR-202110-1352, VAR-202201-1484, VAR-202204-0751, VAR-202201-1483, VAR-202201-1478, VAR-202110-1350, VAR-202110-1392, VAR-202203-0836, VAR-202111-0412, VAR-202110-0619, VAR-202110-0617, VAR-202112-0566, VAR-202110-1402, VAR-202110-1375, VAR-202111-0393, VAR-202111-1196, VAR-202201-1475, VAR-202110-1377, VAR-202202-1288, VAR-202203-1506, VAR-202201-1476, VAR-202111-0400, VAR-202202-1728, VAR-202110-1353, VAR-202201-1522, VAR-202203-0870, VAR-202111-0664, VAR-202203-0835, VAR-202204-1285, VAR-202202-1048, VAR-202201-1482, VAR-202203-1409, VAR-202111-0413, VAR-202201-1481, VAR-202204-1682, VAR-202201-1477, VAR-202201-1486, VAR-202111-1198 Trust: 4.25 Fetched: May 13, 2022, 10:50 a.m., Published: April 19, 2050, midnight	Vulnerabilities: denial of service, cross-site scripting, code execution

Affected products

External IDs

vendor:	cisco	model:	small business rv
vendor:	cisco	model:	dna center
vendor:	cisco	model:	cisco telepresence
vendor:	cisco	model:	cisco meeting
vendor:	cisco	model:	meeting
vendor:	cisco	model:	email security appliance
vendor:	cisco	model:	security manager
vendor:	cisco	model:	cisco policy suite
vendor:	cisco	model:	common services platform collector
vendor:	cisco	model:	cisco identity services engine
vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	cisco meeting server
vendor:	cisco	model:	cisco prime infrastructure
vendor:	cisco	model:	umbrella
vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	webex meetings
vendor:	cisco	model:	asyncos
vendor:	cisco	model:	staros
vendor:	cisco	model:	telepresence video communication server
vendor:	cisco	model:	anyconnect secure mobility client
vendor:	cisco	model:	series routers
vendor:	cisco	model:	cisco telepresence video communication server
vendor:	cisco	model:	policy suite
vendor:	cisco	model:	cisco asyncos
vendor:	cisco	model:	small business rv series routers
vendor:	cisco	model:	cisco small business
vendor:	cisco	model:	meeting server
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	series
vendor:	cisco	model:	firepower
vendor:	cisco	model:	prime infrastructure
vendor:	cisco	model:	cisco staros
vendor:	cisco	model:	expressway series
vendor:	cisco	model:	cisco webex
vendor:	cisco	model:	cisco security manager
vendor:	cisco	model:	cisco email security appliance
vendor:	cisco	model:	cisco expressway
vendor:	cisco	model:	webex
vendor:	cisco	model:	prime service catalog
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	expressway
vendor:	cisco	model:	cisco anyconnect secure mobility client
vendor:	cisco	model:	asyncos software
vendor:	cisco	model:	cisco prime service catalog
vendor:	cisco	model:	cisco webex meetings
vendor:	snort	model:	snort
vendor:	mesh	model:	mesh

db:

NVD

ids:

CVE-2022-20638, CVE-2022-20750, CVE-2021-40130, CVE-2022-20630, CVE-2021-40115, CVE-2021-40117, CVE-2021-34793, CVE-2022-20644, CVE-2021-40122, CVE-2022-20680, CVE-2022-20639, CVE-2022-20636, CVE-2021-40116, CVE-2022-20643, CVE-2022-20763, CVE-2022-20642, CVE-2022-20646, CVE-2021-40118, CVE-2021-34791, CVE-2022-20755, CVE-2021-40124, CVE-2021-40121, CVE-2021-40123, CVE-2021-44228, CVE-2021-40125, CVE-2021-34794, CVE-2021-40126, CVE-2021-40131, CVE-2022-20641, CVE-2021-34792, CVE-2022-20738, CVE-2022-22965, CVE-2022-20647, CVE-2021-40128, CVE-2022-20653, CVE-2021-40114, CVE-2022-20658, CVE-2022-20756, CVE-2021-40119, CVE-2022-20754, CVE-2022-20741, CVE-2022-20659, CVE-2022-20637, CVE-2022-20762, CVE-2021-40120, CVE-2022-20640, CVE-2022-20782, CVE-2022-20645, CVE-2022-20635, CVE-2021-40129

Repeatable Firmware Security Failures:16 High Impact Vulnerabilities Discovered in HP Devices Related entries in the VARIoT vulnerabilities database: VAR-202202-0129, VAR-202202-0147 Trust: 5.5 Fetched: May 13, 2022, 10:50 a.m., Published: April 16, 2022, midnight	Vulnerabilities: buffer overflow

Affected products

External IDs

vendor:	dell	model:	bios
vendor:	siemens	model:	simatic

db:

NVD

ids:

CVE-2021-42059, CVE-2021-39297, CVE-2021-42554, CVE-2021-45971, CVE-2021-45970, CVE-2021-45969

What to Do with Critical Medical Device Vulnerabilities - CyberHoot Related entries in the VARIoT vulnerabilities database: VAR-201702-0080, VAR-201908-0705, VAR-201702-0856, VAR-202006-0330, VAR-201908-0712, VAR-202006-0332, VAR-202006-0331, VAR-202006-0329, VAR-202006-0328 Trust: 4.25 Fetched: May 13, 2022, 10:50 a.m., Published: March 8, 2022, 3:01 p.m.	Vulnerabilities: management error, authentication vulnerability, buffer overflow

Affected products

External IDs

vendor:	palo alto networks	model:	networks
vendor:	palo	model:	networks
vendor:	baxter	model:	spectrum wbm
vendor:	baxter	model:	wireless battery module

db:

NVD

ids:

CVE-2016-8375, CVE-2019-12264, CVE-2016-9355, CVE-2020-25165, CVE-2020-12043, CVE-2019-12255, CVE-2020-12047, CVE-2020-12045, CVE-2020-12041, CVE-2020-12040

The Main Vulnerabilities and Security Risks within IoT Devices Trust: [3.25, []] Fetched: May 13, 2022, 10:50 a.m., Published: April 2, 2022, midnight	Vulnerabilities: -

Affected products	External IDs

Researchers discover critical vulnerabilities in APC Smart-UPS devices \| TechSpot Forums Trust: [3.25, []] Fetched: May 13, 2022, 10:50 a.m., Published: April 11, 2022, midnight	Vulnerabilities: -

Affected products	External IDs

VARIoT news about IoT security