Sign-up

VARIoT news about IoT security

Siemens SICAM P850 and P855 Devices (Update A) | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202210-0447

Trust: 5.75

Fetched: Jan. 11, 2023, 9:06 a.m., Published: Jan. 1, 2023, midnight
 Vulnerabilities: code execution, session fixation
Affected productsExternal IDs
vendor: siemens model: sicam
db: NVD ids: CVE-2022-41665, CVE-2022-40226

Microsoft research uncovers new Zerobot capabilities - Microsoft Security Blog

Related entries in the VARIoT vulnerabilities database: VAR-202203-1506, VAR-202203-0505, VAR-201803-1048, VAR-202210-1176, VAR-201812-1038, VAR-202202-0832, VAR-201805-0262, VAR-201712-0829, VAR-202007-0064, VAR-201505-0274, VAR-201903-1398, VAR-202102-0290, VAR-202205-0957, VAR-202203-0700, VAR-202208-1439, VAR-202110-1690, VAR-201712-0828

Trust: 4.25

Fetched: Jan. 11, 2023, 9:05 a.m., Published: Dec. 21, 2022, 7:56 p.m.
 Vulnerabilities: denial of service, command injection, default password
Affected productsExternal IDs
vendor: sophos model: firewall
vendor: tenda model: ac1200
db: NVD ids: CVE-2022-22965, CVE-2022-26186, CVE-2017-17215, CVE-2022-30023, CVE-2016-20017, CVE-2022-33891, CVE-2021-46422, CVE-2018-20057, CVE-2022-25075, CVE-2018-10561, CVE-2022-42013, CVE-2020-25223, CVE-2017-17106, CVE-2018-12613, CVE-2020-10987, CVE-2021-35395, CVE-2014-8361, CVE-2022-34538, CVE-2019-10655, CVE-2021-36260, CVE-2022-31137, CVE-2020-7209, CVE-2020-25506, CVE-2022-30525, CVE-2022-26210, CVE-2022-37061, CVE-2021-42013, CVE-2017-17105

Qualcomm and Lenovo Fix High Severity UEFI Vulnerabilities in Chipsets | Spiceworks

Related entries in the VARIoT vulnerabilities database: VAR-202301-0521

Trust: 4.5

Fetched: Jan. 11, 2023, 9:05 a.m., Published: Jan. 11, 2023, midnight
 Vulnerabilities: buffer overflow, information disclosure
Affected productsExternal IDs
vendor: lenovo model: bios
vendor: lenovo model: thinkpad
vendor: lenovo model: system
vendor: lenovo model: updates
db: NVD ids: CVE-2022-4432, CVE-2022-40520, CVE-2022-40516, CVE-2022-4433, CVE-2022-40518, CVE-2022-4435, CVE-2022-40519, CVE-2022-4434, CVE-2022-40517

Qualcomm Snapdragon flaws impact Lenovo, Microsoft, Lenovo, and Samsung devicesSecurity Affairs

Related entries in the VARIoT vulnerabilities database: VAR-202301-0628, VAR-202301-0582

Trust: 5.5

Fetched: Jan. 10, 2023, 9:20 a.m., Published: Jan. 9, 2023, 8:53 a.m.
 Vulnerabilities: integer overflow, buffer overflow, information exposure...
Affected productsExternal IDs
vendor: lenovo model: thinkpad
vendor: lenovo model: bios
vendor: lenovo model: updates
db: NVD ids: CVE-2022-33218, CVE-2022-33219, CVE-2022-33265

Apple Devices Have a Significant Vulnerability (So Here’s How to Fix It) - Fuse Networks Blog | Seattle, Tacoma, Pudget Sound

Trust: 3.0

Fetched: Jan. 10, 2023, 9:19 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos

Researcher Reveals Google Home Speakers Could've Been Hijacked And Turned Into Wiretaps - Truth Unmuted

Trust: 3.0

Fetched: Jan. 10, 2023, 9:16 a.m., Published: Jan. 2, 2023, 2:52 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: google home
vendor: google model: home

Multiple vulnerabilities detected on billions of Android phones | Deccan Herald

Trust: 3.75

Fetched: Jan. 10, 2023, 9:15 a.m., Published: Jan. 9, 2023, 6:50 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
vendor: samsung model: galaxy
vendor: samsung model: mobile

Binarly Discloses Multiple Firmware Vulnerabilities in Qualcomm and Lenovo ARM-based Devices

Related entries in the VARIoT vulnerabilities database: VAR-202301-0521

Trust: 4.25

Fetched: Jan. 10, 2023, 9:15 a.m., Published: Jan. 9, 2023, 7:58 p.m.
 Vulnerabilities: memory leak, code execution, buffer overflow...
Affected productsExternal IDs
vendor: lenovo model: updates
vendor: lenovo model: thinkpad
vendor: lenovo model: system
db: NVD ids: CVE-2022-4432, CVE-2022-40519, CVE-2022-40516, CVE-2022-4435, CVE-2022-40520, CVE-2022-4433, CVE-2022-40517, CVE-2022-40518, CVE-2022-4434

Spying on Kids’ Smart Devices: Beware of Security Vulnerabilities! | SpringerLink

Trust: 5.0

Fetched: Jan. 10, 2023, 9:15 a.m., Published: Jan. 10, 2023, midnight
 Vulnerabilities: privilege escalation

Binarly Discovers 16 New, High-Impact Vulnerabilities in Firmware Affecting HP Enterprise Devices

Related entries in the VARIoT vulnerabilities database: VAR-202301-0521

Trust: 4.25

Fetched: Jan. 10, 2023, 9:14 a.m., Published: Jan. 9, 2023, midnight
 Vulnerabilities: code execution, information disclosure
Affected productsExternal IDs
vendor: lenovo model: updates
vendor: lenovo model: thinkpad
vendor: lenovo model: system
db: NVD ids: CVE-2022-40516, CVE-2022-40520, CVE-2022-40517

Time to uninstall! Abandoned Android apps pack a vulnerability punch

Trust: 4.5

Fetched: Jan. 10, 2023, 9:11 a.m., Published: Dec. 8, 2022, 7:15 p.m.
 Vulnerabilities: code execution, weak password
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2022-45482, CVE-2022-45481, CVE-2022-45478, CVE-2022-45477, CVE-2022-45479, CVE-2022-45480, CVE-2022-45483

Qualcomm UEFI Flaws Expose Microsoft, Lenovo, Samsung Devices to Attacks | SecurityWeek.Com

Trust: 3.5

Fetched: Jan. 10, 2023, 9:11 a.m., Published: Jan. 10, 2022, midnight
 Vulnerabilities: code execution, information disclosure
Affected productsExternal IDs
vendor: lenovo model: thinkpad
vendor: lenovo model: system
vendor: lenovo model: updates

Hackers Leverage Compromised Fortinet Devices to Distribute Ransomware - Infosecurity Magazine

Related entries in the VARIoT vulnerabilities database: VAR-202210-0198

Trust: 4.0

Fetched: Jan. 10, 2023, 9:11 a.m., Published: Jan. 5, 2023, 6 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2022-40684

Configure advanced features in Microsoft Defender for Endpoint | Microsoft Learn

Trust: 4.5

Fetched: Jan. 10, 2023, 9:10 a.m., Published: Nov. 17, 2022, 11:48 p.m.
 Vulnerabilities: policy violation, script execution
Affected productsExternal IDs
vendor: essential model: phone

January Pixel update, security patch hits 4a devices and newer

Trust: 3.0

Fetched: Jan. 8, 2023, 9:17 a.m., Published: Jan. 8, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: pixel

NetGear Warns Users To Patch Recently Fixed Wi-Fi Router Bug - Slashdot

Trust: 3.25

Fetched: Jan. 8, 2023, 9:16 a.m., Published: Jan. 30, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: netgear model: router

Netgear Advises Users to Patch a Recently Resolved WiFi Router Bug

Trust: 3.25

Fetched: Jan. 8, 2023, 9:15 a.m., Published: Dec. 30, 2022, 1:02 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: netgear model: router

Why Aren’t We Winning the War Against Cybercrime? - ReadWrite

Trust: 3.75

Fetched: Jan. 8, 2023, 9:15 a.m., Published: Jan. 5, 2023, 5:01 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: trend model: security

Researcher Reveals Google Home Speakers Could’ve Been Hijacked And Turned Into Wiretaps - Phil Stock World

Trust: 3.5

Fetched: Jan. 8, 2023, 9:15 a.m., Published: Dec. 30, 2022, 11:30 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: google home
vendor: google model: android
vendor: google model: home

Samsung rolls out its January 2023 update to Galaxy Z Flip

Trust: 3.75

Fetched: Jan. 8, 2023, 9:14 a.m., Published: Jan. 4, 2023, 1:14 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: samsung model: knox
vendor: samsung model: note
vendor: samsung model: galaxy
vendor: samsung model: note 10
vendor: samsung model: galaxy note
vendor: google model: android