VARIoT latest news about IoT security

Galleon NTS-6002-GPS Command Injection vulnerability (CVE-2022-27224) \| Pen Test Partners Trust: 4.5 Fetched: June 1, 2022, 8:16 a.m., Published: June 1, 6002, midnight	Vulnerabilities: command execution, command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2022-27224

Update now! Cisco fixes several vulnerabilities \| Malwarebytes Labs Related entries in the VARIoT vulnerabilities database: VAR-202203-1409, VAR-202203-0870, VAR-202203-0835, VAR-202203-0836 Trust: 4.0 Fetched: June 1, 2022, 8:16 a.m., Published: March 4, 2022, 6:10 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	cisco expressway
vendor:	cisco	model:	series
vendor:	cisco	model:	cisco telepresence video communication server
vendor:	cisco	model:	small business
vendor:	cisco	model:	catalyst 4500
vendor:	cisco	model:	rv260
vendor:	cisco	model:	rv340
vendor:	cisco	model:	rv325 dual gigabit wan vpn
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	series switches
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	expressway series
vendor:	cisco	model:	rv345
vendor:	cisco	model:	expressway
vendor:	cisco	model:	cisco staros
vendor:	cisco	model:	rv320
vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	telepresence video communication server
vendor:	cisco	model:	rv160
vendor:	cisco	model:	telepresence
vendor:	cisco	model:	staros
vendor:	cisco	model:	cisco telepresence
vendor:	cisco	model:	rv325

db:

NVD

ids:

CVE-2022-20762, CVE-2022-20665, CVE-2022-20756, CVE-2022-20754, CVE-2022-20755

New Bluetooth relay attack leaves devices vulnerable - Techzine Europe Trust: 3.0 Fetched: June 1, 2022, 8:16 a.m., Published: May 19, 2022, 9:42 a.m.	Vulnerabilities: -

Affected products	External IDs

CISA Issues Warning About MFA Configuration and "PrintNightmare" Vulnerabilities Being Exploited by Russian Hackers - CPO Magazine Related entries in the VARIoT vulnerabilities database: VAR-202107-1010 Trust: 3.75 Fetched: June 1, 2022, 8:16 a.m., Published: March 17, 2022, 2:41 a.m.	Vulnerabilities: password guessing

Affected products

External IDs

db:

NVD

ids:

CVE-2021-34527

Format string vulnerability in evdev device handling (#752) · Issues · libinput / libinput · GitLab Trust: 4.5 Fetched: June 1, 2022, 8:16 a.m., Published: -	Vulnerabilities: code execution, format string vulnerability

Affected products

External IDs

db:

NVD

ids:

CVE-2022-1215

Critical Vulnerability Allows Remote Hacking of Zyxel Firewalls \| SecurityWeek.Com Related entries in the VARIoT vulnerabilities database: VAR-202205-0957 Trust: 3.75 Fetched: June 1, 2022, 8:16 a.m., Published: June 1, 2022, midnight	Vulnerabilities: code execution, command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2022-30525

How to Mitigate CVE-2022-0847 (The Dirty Pipe Vulnerability) Related entries in the VARIoT vulnerabilities database: VAR-202203-0043 Trust: 4.75 Fetched: June 1, 2022, 8:16 a.m., Published: March 16, 2022, midnight	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	pixel
vendor:	samsung	model:	samsung

db:

NVD

ids:

CVE-2022-0847

Critical Vulnerabilities Leave Some Network-Attached Storage Devices Open to Attack Related entries in the VARIoT vulnerabilities database: VAR-202105-1166 Trust: 5.75 Fetched: June 1, 2022, 8:16 a.m., Published: April 29, 2022, 9:48 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	synology	model:	diskstation
vendor:	synology	model:	diskstation manager
vendor:	synology	model:	synology router manager
vendor:	synology	model:	router manager
vendor:	trend micro	model:	security
vendor:	netbsd	model:	netbsd
vendor:	trend	model:	security
vendor:	netatalk	model:	netatalk

db:

NVD

ids:

CVE-2022-23125, CVE-2022-23123, CVE-2021-31439, CVE-2022-23121, CVE-2022-23124, CVE-2022-23122, CVE-2022-0194

2 vulnerabilities with 9.8 severity ratings are under exploit. A 3rd looms \| Ars Technica Related entries in the VARIoT vulnerabilities database: VAR-202205-0394 Trust: 3.75 Fetched: June 1, 2022, 8:16 a.m., Published: June 2, 2022, midnight	Vulnerabilities: code execution, privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2022-22972, CVE-2022-22954, CVE-2022-22973, CVE-2022-22960, CVE-2022-1388

Lenovo Notebook BIOS Vulnerabilities - Lenovo Support PL Trust: 3.75 Fetched: June 1, 2022, 8:16 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	lenovo	model:	l340-15iwl
vendor:	lenovo	model:	l340-15irh
vendor:	lenovo	model:	l340-17irh
vendor:	lenovo	model:	bios
vendor:	lenovo	model:	notebook
vendor:	lenovo	model:	l340-17iwl
vendor:	lenovo	model:	yoga

db:

NVD

ids:

CVE-2021-3972, CVE-2021-3971, CVE-2021-3970

Your Lenovo Is Vulnerable to a New Malware Attack Trust: 3.0 Fetched: June 1, 2022, 8:16 a.m., Published: April 20, 2022, 9 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

lenovo

model:

desktop

Your iPhone Is Vulnerable to a Malware Attack Even When It’s Off \| WIRED Trust: 3.0 Fetched: June 1, 2022, 8:16 a.m., Published: May 17, 2022, 7:20 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

iphone

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution Trust: 5.0 Fetched: June 1, 2022, 8:16 a.m., Published: May 25, 2022, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	google	model:	google chrome
vendor:	google	model:	chrome

TLStorm 2.0 - IT Security Guru Related entries in the VARIoT vulnerabilities database: VAR-202203-0237 Trust: 5.25 Fetched: June 1, 2022, 8:16 a.m., Published: May 3, 2022, 11:07 a.m.	Vulnerabilities: code execution, memory corruption

Affected products

External IDs

vendor:	aruba	model:	web management portal
vendor:	extremenetworks	model:	ers3500

db:

NVD

ids:

CVE-2022-29861, CVE-2022-29860, CVE-2022-22805, CVE-2022-23677, CVE-2022-23676

Spring4Shell: Detect and mitigate vulnerabilities in Java Spring \| Dynatrace \| Dynatrace news Related entries in the VARIoT vulnerabilities database: VAR-202203-1506 Trust: 3.5 Fetched: June 1, 2022, 8:16 a.m., Published: March 31, 2022, 10:09 p.m.	Vulnerabilities: code execution, denial of service, information exposure

Affected products

External IDs

db:

NVD

ids:

CVE-2022-22950, CVE-2022-22965, CVE-2022-22695, CVE-2022-22963

Lenovo UEFI Firmware Vulnerabilities Impact Millions of Laptops Trust: 4.5 Fetched: June 1, 2022, 8:16 a.m., Published: April 20, 2022, 10:14 a.m.	Vulnerabilities: code execution, privilege escalation, memory corruption

Affected products

External IDs

vendor:	dell	model:	bios
vendor:	lenovo	model:	system
vendor:	lenovo	model:	yoga
vendor:	lenovo	model:	flex
vendor:	lenovo	model:	bios
vendor:	lenovo	model:	notebook

db:

NVD

ids:

CVE-2021-3972, CVE-2021-3971, CVE-2021-3970

More than 65 percent Android device sold in 2021 were at risk of being hacked: Report Trust: 4.75 Fetched: June 1, 2022, 8:16 a.m., Published: April 23, 2022, 3:51 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	watch
vendor:	check point	model:	check point

Linux kernel bug dubbed 'Dirty Pipe' can lead to root access, affects Android devices as well Related entries in the VARIoT vulnerabilities database: VAR-202203-0043 Trust: 3.75 Fetched: June 1, 2022, 8:16 a.m., Published: March 9, 2022, 2:16 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	pixel
vendor:	google	model:	android
vendor:	samsung	model:	samsung galaxy
vendor:	samsung	model:	galaxy
vendor:	samsung	model:	notes
vendor:	samsung	model:	exynos
vendor:	samsung	model:	samsung

db:

NVD

ids:

CVE-2022-0847

Defending Against Misconfigured MFA & PrintNightmare Vulnerabilities \| eSecurityPlanet Related entries in the VARIoT vulnerabilities database: VAR-202107-1010 Trust: 4.5 Fetched: May 13, 2022, 10:50 a.m., Published: March 21, 2022, 6:09 p.m.	Vulnerabilities: code execution, privilege escalation

Affected products

External IDs

vendor:

cisco

model:

router

db:

NVD

ids:

CVE-2021-34527, CVE-2021-36958

100 million Samsung Galaxy devices vulnerable to cryptographic key hack \| IT PRO Trust: 3.5 Fetched: May 13, 2022, 10:50 a.m., Published: May 21, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	samsung	model:	mobile
vendor:	samsung	model:	galaxy s8
vendor:	samsung	model:	samsung galaxy
vendor:	google	model:	android

db:

NVD

ids:

CVE-2021-25444, CVE-2021-25490

VARIoT news about IoT security