Sign-up

VARIoT news about IoT security

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

Trust: 5.5

Fetched: May 13, 2022, 8 a.m., Published: May 11, 2022, midnight
 Vulnerabilities: buffer overflow, use after free, code execution
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: home
vendor: google model: chrome
db: NVD ids: CVE-2022-0305, CVE-2022-0306, CVE-2022-0310, CVE-2022-0295, CVE-2022-0301, CVE-2022-0300, CVE-2022-0291, CVE-2022-0307, CVE-2022-0304, CVE-2022-0309, CVE-2022-0294, CVE-2022-0297, CVE-2022-0298, CVE-2022-0308, CVE-2022-0293, CVE-2022-0290, CVE-2022-0296, CVE-2022-0303, CVE-2022-0289, CVE-2022-0292, CVE-2022-0311, CVE-2022-0302

Critical Vulnerability in Linux Devices Enables Root Access on Most Distros, XIoT Devices - Medigate Blog

Trust: 3.75

Fetched: May 13, 2022, 8 a.m., Published: Jan. 27, 2022, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2021-4034

CVE-2022-23968: Xerox vulnerability allows unauthenticated users to remotely brick network printers (UPDATED) | The NeoSmart Files

Trust: 3.75

Fetched: May 13, 2022, 8 a.m., Published: Jan. 24, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: xerox model: phaser
vendor: xerox model: workcentre
db: NVD ids: CVE-2022-23968

SonicWall Customers Warned of Possible Attacks Exploiting Recent Vulnerability | SecurityWeek.Com

Related entries in the VARIoT vulnerabilities database: VAR-202112-0361

Trust: 5.5

Fetched: May 13, 2022, 8 a.m., Published: May 13, 2022, midnight
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: sonicwall model: remote access
vendor: sonicwall model: secure mobile access
vendor: sonicwall model: sma 100
db: NVD ids: CVE-2021-20038

Xerox Quietly Patched Device-Bricking Flaw Affecting Some Printers | SecurityWeek.Com

Trust: 5.5

Fetched: May 13, 2022, 8 a.m., Published: May 13, 2022, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: samsung model: printers
vendor: samsung model: notes
vendor: xerox model: phaser
vendor: xerox model: workcentre
db: NVD ids: CVE-2022-23968

Motorola Device Manager 2.5 Download (Free) - DeviceUpdate.exe

Trust: 3.0

Fetched: May 13, 2022, 8 a.m., Published: May 2, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: motorola model: motorola

ESB-2021.4302.4

Related entries in the VARIoT vulnerabilities database: VAR-202112-0562, VAR-202112-2011, VAR-202112-1782, VAR-202112-0566

Trust: 5.5

Fetched: May 13, 2022, 8 a.m., Published: Jan. 7, 2022, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: citrix model: netscaler
vendor: citrix model: netscaler adc
vendor: citrix model: netscaler gateway
vendor: citrix model: gateway
vendor: citrix model: xenserver
vendor: citrix model: license server
vendor: citrix model: hypervisor
vendor: citrix model: citrix license server
vendor: citrix model: xenmobile server
db: NVD ids: CVE-2021-45046, CVE-2021-44832, CVE-2021-45105, CVE-2021-44228

The Pluton security processor is designed to protect hardware and firmware from vulnerabilities

Trust: 3.0

Fetched: May 13, 2022, 7:59 a.m., Published: May 11, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: lenovo model: system
vendor: lenovo model: updates

Wormable Windows 11 vulnerability could let malware spead like wildfire

Trust: 4.0

Fetched: May 13, 2022, 7:59 a.m., Published: May 11, 2022, midnight
 Vulnerabilities: information disclosure, denial of service, security feature bypass...
Affected productsExternal IDs
db: NVD ids: CVE-2022-21907

Analyzing an Old Bug and Discovering CVE-2021-30995

Related entries in the VARIoT vulnerabilities database: VAR-202108-1149, VAR-202108-2078, VAR-202109-0285

Trust: 5.75

Fetched: May 13, 2022, 7:59 a.m., Published: May 13, 2021, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2021-30995, CVE-2021-30855, CVE-2021-1740

Re-addressing Log4j vulnerability | Office of Information Technology

Related entries in the VARIoT vulnerabilities database: VAR-202112-2011

Trust: 3.25

Fetched: May 13, 2022, 7:59 a.m., Published: Dec. 30, 2021, 11:05 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-44832

Reporting Suspected Vulnerabilities - Huawei

Trust: 3.0

Fetched: May 13, 2022, 7:59 a.m., Published: May 13, 2040, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: huawei model: huawei

Vulnerabilities in McAfee Agent allows privilege escalation and code execution as Windows SYSTEM | Born's Tech and Windows World

Trust: 5.0

Fetched: May 13, 2022, 7:59 a.m., Published: May 4, 2022, midnight
 Vulnerabilities: command injection, code execution, privilege escalation...
Affected productsExternal IDs
db: NVD ids: CVE-2022-0166, CVE-2021-31854

Cloudflare reports a massive 175% increase in DDoS attacks | Digital Trends

Trust: 4.75

Fetched: May 13, 2022, 7:59 a.m., Published: May 15, 2022, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: trend model: security

Log4j vulnerabilities and the long slog through remediation and risk management.

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 3.75

Fetched: May 13, 2022, 7:59 a.m., Published: May 1, 2022, midnight
 Vulnerabilities: improper validation, denial of service, information leak...
Affected productsExternal IDs
db: NVD ids: CVE-2021-4483220, CVE-2019-17571502, CVE-2017-5645502, CVE-2021-44228502, CVE-2021-45046502, CVE-2021-4510520, CVE-2021-4104502, CVE-2021-44228, CVE-2020-9488295

More than half of medical devices found to have critical vulnerabilities | ZDNet - OneNewsTech - Latest News, Internet & Tech News

Trust: 3.75

Fetched: May 13, 2022, 7:59 a.m., Published: May 13, 2022, midnight
 Vulnerabilities: default credentials
Affected productsExternal IDs

Security Advisory - Cross-Site Scripting(XSS) Vulnerability in Huawei WS318n Product

Related entries in the VARIoT vulnerabilities database: VAR-202112-2524

Trust: 5.75

Fetched: May 13, 2022, 7:59 a.m., Published: May 13, 2040, midnight
 Vulnerabilities: information disclosure, cross-site scripting
Affected productsExternal IDs
vendor: huawei model: huawei
db: NVD ids: CVE-2021-40041

Vulnerability in GitHub Actions Allowed Attackers to Take Control of Victim’s Device | IT Security News

Related entries in the VARIoT vulnerabilities database: VAR-202110-0794

Trust: 3.75

Fetched: May 13, 2022, 7:59 a.m., Published: May 18, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2021-38178

Microsoft Issues Serious Windows 10, Windows 11 Upgrade Warning

Related entries in the VARIoT vulnerabilities database: VAR-202107-1503, VAR-202109-1789, VAR-202201-0640

Trust: 3.75

Fetched: May 13, 2022, 7:59 a.m., Published: Jan. 13, 2022, midnight
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2022-21874, CVE-2021-36976, CVE-2022-21839, CVE-2022-21836, CVE-2021-22947, CVE-2022-21919

Attackers Are Targeting Unknown SolarwWnds Vulnerability, Microsoft Warns - KoDDoS Blog

Trust: 4.5

Fetched: May 13, 2022, 7:59 a.m., Published: Jan. 23, 2022, 7:27 a.m.
 Vulnerabilities: input validation bug, code execution
Affected productsExternal IDs
vendor: solarwinds model: serv-u
db: NVD ids: CVE-2021-35247, CVE-2021-35211