Sign-up

VARIoT news about IoT security

CyRC Vulnerability Analysis: Spring4Shell and CVE-2022-22963

Related entries in the VARIoT vulnerabilities database: VAR-202203-1506

Trust: [4.0, []]

Fetched: May 13, 2022, 10:50 a.m., Published: March 30, 2022, 11:52 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2022-22963, CVE-2022-22965

Security Vulnerabilities Found in ClickHouse Open-Source Software

Trust: [4.5, []]

Fetched: May 13, 2022, 10:50 a.m., Published: March 15, 2022, 6:04 p.m.
 Vulnerabilities: information leakage, buffer overflow, code execution...
Affected productsExternal IDs
db: NVD ids: CVE-2021-42390, CVE-2021-42387, CVE-2021-42391, CVE-2021-43305, CVE-2021-43304, CVE-2021-42388, CVE-2021-42389

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution | New York State Office of Information Technology Services

Trust: [3.5, []]

Fetched: May 13, 2022, 10:50 a.m., Published: March 15, 2022, 9:22 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

Western Digital fixes security vulnerability in EdgeRover for Windows and macOS - gHacks Tech News

Trust: [4.0, []]

Fetched: May 13, 2022, 10:50 a.m., Published: March 21, 2022, 3:46 p.m.
 Vulnerabilities: denial of service, directory traversal, privilege escalation...
Affected productsExternal IDs
db: NVD ids: CVE-2022-22988

cr8escape: New Vulnerability in CRI-O Container Engine (CVE-2022-0811)

Trust: [4.75, []]

Fetched: May 13, 2022, 10:50 a.m., Published: March 15, 2022, 12:19 p.m.
 Vulnerabilities: command execution, privilege escalation, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2022-0811, CVE-2022-8011

An In-Depth Look at ICS Vulnerabilities Part 1

Trust: [4.0, []]

Fetched: May 13, 2022, 10:50 a.m., Published: March 30, 2022, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2021-30116

Local Privilege Escalation Vulnerability in Linux (Dirty Pipe) - Security Advisory | QNAP (US)

Trust: [4.25, []]

Fetched: May 13, 2022, 10:50 a.m., Published: May 6, 2022, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs

Vulnerabilities on the Wire: Mitigations for Insecure ICS Device Comm…

Trust: [4.0, []]

Fetched: May 13, 2022, 10:50 a.m., Published: March 15, 2022, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs

Resolved Security Vulnerabilities in Sophos Firewall v18.5 MR3 (CVE-2022-0331) | Sophos

Trust: [5.0, []]

Fetched: May 13, 2022, 10:50 a.m., Published: April 18, 2022, midnight
 Vulnerabilities: information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2022-0331

Critical Veeam backup vulnerabilities exposed Windows users to ransomware assault | TechRadar

Trust: [3.75, []]

Fetched: May 13, 2022, 10:50 a.m., Published: March 17, 2022, 3:05 p.m.
 Vulnerabilities: denial of service, privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2022-26501, CVE-2022-26503, CVE-2022-26500

IoT Security and the Internet of Forgotten Things

Trust: [3.75, []]

Fetched: May 13, 2022, 10:50 a.m., Published: March 22, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-28372

This nasty Windows 10 zero-day vulnerability finally has an unofficial fix | TechRadar

Related entries in the VARIoT vulnerabilities database: VAR-202108-1005, VAR-202201-0640

Trust: [3.25, []]

Fetched: May 13, 2022, 10:50 a.m., Published: March 22, 2022, 1:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-34484, CVE-2022-21919

Update now! Many HP printers affected by three critical security vulnerabilities | Malwarebytes Labs

Trust: [4.0, []]

Fetched: May 13, 2022, 10:50 a.m., Published: March 24, 2022, 11:20 a.m.
 Vulnerabilities: denial of service, information disclosure, buffer overflow...
Affected productsExternal IDs
db: NVD ids: CVE-2022-3942

Vulnerabilities found in 250 HP printer models | CSO Online

Trust: [5.25, []]

Fetched: May 13, 2022, 10:50 a.m., Published: March 23, 2022, 1:56 p.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2022-24292, CVE-2022-3942, CVE-2022-24291, CVE-2022-24293

Microsoft Patches Five Azure Defender for IoT Vulnerabilities, Including Two Critical Ones | Toolbox It-security

Trust: [3.75, []]

Fetched: May 13, 2022, 10:50 a.m., Published: March 30, 2022, midnight
 Vulnerabilities: code execution, buffer overflow, command injection...
Affected productsExternal IDs
db: NVD ids: CVE-2021-42311, CVE-2021-37222, CVE-2021-42310, CVE-2021-42312, CVE-2021-42313

Pwning Microsoft Azure Defender for IoT | Multiple Flaws Allow Remote Code Execution for All - SentinelOne

Trust: [3.5, []]

Fetched: May 13, 2022, 10:50 a.m., Published: March 28, 2022, 6:14 p.m.
 Vulnerabilities: code execution, buffer overflow, command injection...
Affected productsExternal IDs
db: NVD ids: CVE-2021-42311, CVE-2021-37222, CVE-2021-42310, CVE-2021-42312, CVE-2021-42313

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution

Trust: [3.5, []]

Fetched: May 13, 2022, 10:50 a.m., Published: April 6, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

Multiple Vulnerabilities in Schneider Electric APC Smart-UPS Could Allow for Remote Code Execution

Trust: [4.25, []]

Fetched: May 13, 2022, 10:50 a.m., Published: April 6, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

Vulnerability fix: CVE-2022-24934 - Announcements and Updates

Trust: [4.75, []]

Fetched: May 13, 2022, 10:50 a.m., Published: April 7, 2019, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2022-24934

Barak Hadad Shares Details of TLStorm Flaws in APC UPS Devices

Trust: [4.0, []]

Fetched: May 13, 2022, 10:50 a.m., Published: March 21, 2022, 4:25 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs