VARIoT latest news about IoT security

Qualcomm, Lenovo flag multiple high impact firmware vulnerabilities \| SC Media Related entries in the VARIoT vulnerabilities database: VAR-202301-0628, VAR-202301-0582, VAR-202301-0521 Trust: 3.75 Fetched: Jan. 6, 2023, 9:17 a.m., Published: Jan. 5, 2023, 1:36 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	lenovo	model:	bios
vendor:	lenovo	model:	thinkpad
vendor:	lenovo	model:	updates

db:

NVD

ids:

CVE-2022-33218, CVE-2022-33219, CVE-2022-33265, CVE-2022-40516, CVE-2022-40520

A Vulnerability in Brocade Fabric OS Could Allow for Arbitrary Command Injection Trust: 5.0 Fetched: Jan. 6, 2023, 9:16 a.m., Published: Jan. 4, 2023, midnight	Vulnerabilities: command injection

Affected products

External IDs

vendor:	brocade	model:	fabric os
vendor:	brocade	model:	brocade fabric os

8 Network Vulnerability Scanner For Small To Enterprise Business \| techflares Trust: 3.5 Fetched: Jan. 6, 2023, 9:15 a.m., Published: Dec. 25, 2022, midnight	Vulnerabilities: cross-site scripting, sql injection, weak password

Affected products

External IDs

vendor:	sophos	model:	firewall
vendor:	cisco	model:	routers
vendor:	cisco	model:	guard
vendor:	cisco	model:	umbrella

Apple Devices Have a Significant Vulnerability (So Here’s How to Fix It) - Business Technology, Gadgets, and IT Best Practices from Network-911 Blog \| Chatsworth, California \| Network-911, Inc. Trust: 3.0 Fetched: Jan. 6, 2023, 9:15 a.m., Published: Jan. 2, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

macos

First Android update of 2023 patches 60 vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-202301-0249 Trust: 4.75 Fetched: Jan. 6, 2023, 9:14 a.m., Published: Jan. 6, 2023, midnight	Vulnerabilities: memory corruption, buffer overflow, code execution

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2022-42720, CVE-2022-42721, CVE-2022-42719, CVE-2022-22088, CVE-2022-41674

Over 75 Vulnerabilities Patched in Android With December 2022 Security Updates \| SecurityWeek.Com Trust: 5.5 Fetched: Jan. 6, 2023, 9:13 a.m., Published: -	Vulnerabilities: privilege escalation, information disclosure, code execution

Affected products

External IDs

vendor:	google	model:	pixel
vendor:	google	model:	android

db:

NVD

ids:

CVE-2022-20411, CVE-2022-20472, CVE-2022-20473, CVE-2022-20498

Cisco IP Phone Zero-Day Vulnerability Disclosed \| SecureTeam Related entries in the VARIoT vulnerabilities database: VAR-202212-0864 Trust: 4.5 Fetched: Jan. 6, 2023, 9:13 a.m., Published: Dec. 23, 2022, 4:05 p.m.	Vulnerabilities: denial of service, code execution

Affected products

External IDs

vendor:	essential	model:	phone
vendor:	cisco	model:	series
vendor:	cisco	model:	ip phone
vendor:	cisco	model:	link layer discovery protocol
vendor:	cisco	model:	ip phone series
vendor:	cisco	model:	voice vlan
vendor:	cisco	model:	ip phone 7800

db:

NVD

ids:

CVE-2022-20968

Google patches 60 vulnerabilities in first Android update of 2023 Related entries in the VARIoT vulnerabilities database: VAR-202301-0249 Trust: 4.75 Fetched: Jan. 6, 2023, 9:13 a.m., Published: Jan. 5, 2023, 2:34 p.m.	Vulnerabilities: memory corruption, buffer overflow, code execution

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2022-42720, CVE-2022-42721, CVE-2022-42719, CVE-2022-22088, CVE-2022-41674

Cisco Firepower Management Center and Firepower Threat Defense Software SSH Denial of Service Vulnerability - Cisco Trust: 3.75 Fetched: Jan. 6, 2023, 9:12 a.m., Published: Dec. 23, 2022, 10:07 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	cisco firepower management center
vendor:	cisco	model:	firepower
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	firepower threat defense software
vendor:	cisco	model:	firepower management center
vendor:	cisco	model:	asa software

Android Security Bulletin-January 2023 \| Android Open Source Project Related entries in the VARIoT vulnerabilities database: VAR-202301-0205, VAR-202301-0235, VAR-202301-0230, VAR-202301-0215, VAR-202301-0249 Trust: 4.25 Fetched: Jan. 6, 2023, 9:11 a.m., Published: Jan. 6, 2023, midnight	Vulnerabilities: information disclosure, denial of service, code execution

Affected products

External IDs

vendor:	samsung	model:	mobile
vendor:	samsung	model:	notes
vendor:	huawei	model:	huawei
vendor:	google	model:	pixel
vendor:	google	model:	android
vendor:	motorola	model:	android
vendor:	motorola	model:	motorola

db:

NVD

ids:

CVE-2022-20235, CVE-2022-33286, CVE-2023-20916, CVE-2022-20493, CVE-2022-33266, CVE-2022-44429, CVE-2022-33285, CVE-2022-44430, CVE-2022-33252, CVE-2023-20904, CVE-2022-44436, CVE-2023-20913, CVE-2022-33255, CVE-2022-32636, CVE-2022-33283, CVE-2022-20456, CVE-2023-20912, CVE-2022-20494, CVE-2023-20922, CVE-2023-20921, CVE-2022-44438, CVE-2022-25746, CVE-2021-35134, CVE-2022-20492, CVE-2023-20919, CVE-2022-44426, CVE-2022-44425, CVE-2022-32637, CVE-2022-20489, CVE-2022-33253, CVE-2023-20920, CVE-2022-20461, CVE-2023-20918, CVE-2022-23960, CVE-2023-20908, CVE-2022-44434, CVE-2022-33276, CVE-2022-20490, CVE-2023-20905, CVE-2022-44427, CVE-2021-35097, CVE-2022-33284, CVE-2023-20915, CVE-2022-44435, CVE-2022-44428, CVE-2022-32635, CVE-2022-44432, CVE-2022-44437, CVE-2021-35113, CVE-2022-25725, CVE-2022-44431, CVE-2022-22088, CVE-2022-33274

F5 Networks BIG-IP : iControl SOAP vulnerability (K94221585) V... \| Tenable® Related entries in the VARIoT vulnerabilities database: VAR-202211-1139 Trust: 3.25 Fetched: Jan. 4, 2023, 9:16 a.m., Published: Jan. 1, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2022-41622

CVE.report on Twitter: "CVE-2022-38757 : A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions e.g., install a bundle on a set of managed devices,... https://t.co/aAEyAfiJmP" / Twitter Trust: 3.0 Fetched: Jan. 4, 2023, 9:15 a.m., Published: Jan. 4, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2022-38757

Google Home security vulnerability allowed hackers to listen to conversations • xtouch.ae Trust: 3.75 Fetched: Jan. 4, 2023, 9:15 a.m., Published: Jan. 3, 2023, 10:02 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	google home
vendor:	google	model:	home
vendor:	google	model:	android

Rewterz Threat Advisory - Multiple VMware vRealize Operations (vROps) Vulnerabilities \| Rewterz Trust: 4.25 Fetched: Jan. 4, 2023, 9:15 a.m., Published: Dec. 19, 2022, 9:02 a.m.	Vulnerabilities: improper access control

Affected products

External IDs

db:

NVD

ids:

CVE-2022-31708, CVE-2022-31707

Apple Devices Have a Significant Vulnerability (So Here’s How to Fix It) - Hackensack, NJ \| Net It On Trust: 3.0 Fetched: Jan. 4, 2023, 9:15 a.m., Published: Jan. 2, 2023, 6:02 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

macos

Forescout uncovers new vulnerabilities affecting OT products Trust: 3.5 Fetched: Jan. 4, 2023, 9:14 a.m., Published: Jan. 3, 2023, 11:36 a.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	codesys	model:	runtime
vendor:	codesys	model:	control
vendor:	codesys	model:	codesys

Several DoS, Code Execution Vulnerabilities Found in Rockwell Automation Controllers \| SecurityWeek.Com Related entries in the VARIoT vulnerabilities database: VAR-202212-2066, VAR-202212-1782 Trust: 5.5 Fetched: Jan. 4, 2023, 9:14 a.m., Published: Jan. 4, 2022, midnight	Vulnerabilities: cross-site scripting, code execution

Affected products

External IDs

vendor:	rockwell	model:	micrologix
vendor:	rockwell	model:	studio 5000
vendor:	rockwell	model:	rslinx
vendor:	rockwell	model:	controllogix controllers
vendor:	rockwell	model:	controllogix
vendor:	rockwell	model:	compactlogix
vendor:	rockwell	model:	guardlogix
vendor:	rockwell	model:	micrologix 1100
vendor:	rockwell automation	model:	micrologix
vendor:	rockwell automation	model:	studio 5000
vendor:	rockwell automation	model:	rslinx
vendor:	rockwell automation	model:	controllogix controllers
vendor:	rockwell automation	model:	controllogix
vendor:	rockwell automation	model:	compactlogix
vendor:	rockwell automation	model:	guardlogix
vendor:	rockwell automation	model:	micrologix 1100

db:

NVD

ids:

CVE-2022-3156, CVE-2022-3157, CVE-2022-46670, CVE-2022-3166

Google Home security vulnerability allowed hackers to listen to conversations Trust: 3.75 Fetched: Jan. 4, 2023, 9:14 a.m., Published: Jan. 11, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	google home
vendor:	google	model:	android
vendor:	google	model:	home

Apple Devices Have a Significant Vulnerability (So Here’s How to Fix It) - Computerware Blog \| DC Metro \| Computerware Trust: 3.0 Fetched: Jan. 4, 2023, 9:13 a.m., Published: Jan. 4, 8480, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

macos

ABB Oil and Gas Flow Computer Hack Can Prevent Utilities From Billing Customers \| SecurityWeek.Com Trust: 6.0 Fetched: Jan. 4, 2023, 9:13 a.m., Published: Jan. 4, 2022, midnight	Vulnerabilities: path traversal

Affected products

External IDs

vendor:

moxa

model:

mxview

db:

NVD

ids:

CVE-2022-0902

VARIoT news about IoT security