VARIoT latest news about IoT security

The increase in vulnerabilities is the reason why device vulnerability management is important Trust: 3.75 Fetched: Dec. 13, 2022, 9:10 a.m., Published: Dec. 11, 2022, 7:18 a.m.	Vulnerabilities: denial of service, code execution

Affected products	External IDs

Cisco reveals zero-day vulnerability in IP phones Trust: 3.25 Fetched: Dec. 11, 2022, 9:18 a.m., Published: Dec. 11, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

cisco

model:

ip phones

Google warns that millions of Android devices could be at risk of being attacked due to this vulnerability - casinomalta Trust: 3.75 Fetched: Dec. 11, 2022, 9:17 a.m., Published: Nov. 26, 2022, 4:37 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	huawei	model:	huawei
vendor:	apple	model:	iphone
vendor:	google	model:	pixel
vendor:	google	model:	android
vendor:	samsung	model:	mobile
vendor:	samsung	model:	galaxy s10
vendor:	samsung	model:	samsung galaxy
vendor:	samsung	model:	galaxy

db:

NVD

ids:

CVE-2022-33917

vulnerability assessments Archives - Securicon Trust: 4.75 Fetched: Dec. 11, 2022, 9:16 a.m., Published: Dec. 11, 2021, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	google	model:	chrome
vendor:	google	model:	home
vendor:	google	model:	android

Vulnerabilities in Popular Keyboard and Mouse Android Apps Expose User Data \| SecurityWeek.Com Trust: 5.75 Fetched: Dec. 11, 2022, 9:16 a.m., Published: Dec. 11, 2022, midnight	Vulnerabilities: weak password, code execution

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2022-45477, CVE-2022-45481, CVE-2022-45482, CVE-2022-45479

Cisco Identity Services Engine Insufficient Access Control Vulnerability - Cisco Trust: 3.75 Fetched: Dec. 11, 2022, 9:15 a.m., Published: Nov. 29, 2022, 6:53 a.m.	Vulnerabilities: access control vulnerability

Affected products

External IDs

vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	cisco identity services engine

Google Pays $70k for Android Lock Screen Bypass \| SecurityWeek.Com Trust: 4.5 Fetched: Dec. 11, 2022, 9:14 a.m., Published: Dec. 11, 2022, midnight	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:	google	model:	pixel
vendor:	google	model:	android

db:

NVD

ids:

CVE-2022-20465

Vulnerability Examples: Common Types and 5 Real World Examples - Bright Security Trust: 4.5 Fetched: Dec. 11, 2022, 9:14 a.m., Published: Sept. 15, 2022, 1:13 p.m.	Vulnerabilities: cross-site scripting, code injection, denial of service...

Affected products

External IDs

vendor:	google	model:	home
vendor:	google	model:	android

2022-10 Security Bulletin: Junos OS: On IPv6 OAM SRv6 network enabled devices an attacker sending a specific genuine packet to an IPv6 address configured on the device may cause a RPD memory leak leading to an RPD core. (CVE-2022-22228) Related entries in the VARIoT vulnerabilities database: VAR-202210-1074 Trust: 4.25 Fetched: Dec. 11, 2022, 9:13 a.m., Published: -	Vulnerabilities: memory leak

Affected products

External IDs

db:

NVD

ids:

CVE-2022-22228

Time is Ticking on a New OpenSSL Vulnerability - IT Security Guru Related entries in the VARIoT vulnerabilities database: VAR-201609-0352 Trust: 3.0 Fetched: Dec. 11, 2022, 9:13 a.m., Published: Oct. 31, 2022, 3:25 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2016-6309

Android Security Bulletin-December 2022 \| Android Open Source Project Related entries in the VARIoT vulnerabilities database: VAR-202212-0798, VAR-202212-0726, VAR-202212-0441, VAR-202212-0660, VAR-202212-0542, VAR-202212-0543, VAR-202212-0619 Trust: 5.25 Fetched: Dec. 11, 2022, 9:12 a.m., Published: Dec. 11, 2022, midnight	Vulnerabilities: information disclosure, denial of service, code execution

Affected products

External IDs

vendor:	huawei	model:	huawei
vendor:	google	model:	pixel
vendor:	google	model:	android
vendor:	samsung	model:	mobile
vendor:	samsung	model:	notes
vendor:	motorola	model:	motorola
vendor:	motorola	model:	android

db:

NVD

ids:

CVE-2022-25685, CVE-2022-39106, CVE-2021-39795, CVE-2022-25672, CVE-2022-20486, CVE-2022-20469, CVE-2022-20495, CVE-2021-39660, CVE-2022-39130, CVE-2022-20466, CVE-2022-20124, CVE-2022-42756, CVE-2022-20500, CVE-2022-25691, CVE-2022-25692, CVE-2022-32594, CVE-2022-20479, CVE-2022-20480, CVE-2022-39134, CVE-2022-42755, CVE-2022-20485, CVE-2022-20473, CVE-2022-20483, CVE-2022-33238, CVE-2022-25682, CVE-2022-25689, CVE-2022-20468, CVE-2022-20475, CVE-2022-25702, CVE-2022-20482, CVE-2022-39133, CVE-2022-42771, CVE-2022-25673, CVE-2022-20488, CVE-2022-20501, CVE-2022-20497, CVE-2022-32596, CVE-2022-20496, CVE-2022-20240, CVE-2022-20611, CVE-2022-42772, CVE-2022-25681, CVE-2022-20478, CVE-2022-39132, CVE-2022-25697, CVE-2022-32597, CVE-2021-39617, CVE-2022-20442, CVE-2022-32619, CVE-2022-20411, CVE-2022-33268, CVE-2022-20144, CVE-2022-32598, CVE-2022-42770, CVE-2022-39129, CVE-2022-25695, CVE-2022-25698, CVE-2022-39131, CVE-2022-20477, CVE-2022-20449, CVE-2022-20484, CVE-2022-20491, CVE-2022-20470, CVE-2021-0934, CVE-2022-20487, CVE-2022-20476, CVE-2022-20472, CVE-2022-20498, CVE-2022-33235, CVE-2022-20502, CVE-2022-20444, CVE-2022-32620, CVE-2022-20471, CVE-2022-42754, CVE-2022-20474

Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial of Service Vulnerability - Cisco Trust: 4.0 Fetched: Dec. 11, 2022, 9:12 a.m., Published: Nov. 15, 2022, 10:59 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	cisco ios

Vulnerability in Acer Laptops Allows Attackers to Disable Secure Boot \| SecurityWeek.Com Trust: 4.5 Fetched: Dec. 11, 2022, 9:11 a.m., Published: Dec. 11, 2022, midnight	Vulnerabilities: feature bypass, code execution

Affected products

External IDs

vendor:	dell	model:	bios
vendor:	lenovo	model:	notebook
vendor:	lenovo	model:	bios
vendor:	lenovo	model:	system

db:

NVD

ids:

CVE-2022-4020, CVE-2022-3431

Cisco Working on Patch for Publicly Disclosed IP Phone Vulnerability \| SecurityWeek.Com Related entries in the VARIoT vulnerabilities database: VAR-202212-0864 Trust: 4.5 Fetched: Dec. 11, 2022, 9:11 a.m., Published: Dec. 11, 2022, midnight	Vulnerabilities: buffer overflow, code execution

Affected products

External IDs

vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	ip phone
vendor:	cisco	model:	series
vendor:	cisco	model:	ip phones

db:

NVD

ids:

CVE-2022-20968

Cisco Working on Patch for Publicly Disclosed IP Phone Vulnerability \| SecurityWeek.Com Related entries in the VARIoT vulnerabilities database: VAR-202212-0864 Trust: 4.5 Fetched: Dec. 11, 2022, 9:10 a.m., Published: Dec. 11, 2022, midnight	Vulnerabilities: buffer overflow, code execution

Affected products

External IDs

vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	ip phone
vendor:	cisco	model:	series
vendor:	cisco	model:	ip phones

db:

NVD

ids:

CVE-2022-20968

North Korean hackers used an IE vulnerability to target South Koreans after Halloween tragedy Trust: 3.25 Fetched: Dec. 9, 2022, 9:22 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

chrome

AMI BMC Vulnerability Imperils Entire Server Supply Chain Trust: 4.5 Fetched: Dec. 9, 2022, 9:21 a.m., Published: Dec. 8, 2022, 1:22 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	asus	model:	bmc firmware
vendor:	asus	model:	asus
vendor:	lenovo	model:	updates
vendor:	lenovo	model:	system
vendor:	huawei	model:	huawei

db:

NVD

ids:

CVE-2022-40259, CVE-2022-40242

Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework - Access Point Technology Consulting Trust: 4.25 Fetched: Dec. 9, 2022, 9:21 a.m., Published: Dec. 7, 2022, 1:30 p.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2022-4116

Over a Dozen New BMC Firmware Flaws Expose OT and IoT Devices to Remote Attacks \| Vumetric Cyber Portal Trust: 4.75 Fetched: Dec. 9, 2022, 9:20 a.m., Published: Dec. 9, 2022, midnight	Vulnerabilities: access control bug, buffer overflow, code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-26728, CVE-2021-44467

Acer laptops have a bug that hackers can use to take full control of the device Trust: 3.75 Fetched: Dec. 9, 2022, 9:19 a.m., Published: Nov. 30, 2022, 12:56 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	lenovo	model:	updates
vendor:	lenovo	model:	bios
vendor:	lenovo	model:	system

db:

NVD

ids:

CVE-2022-4020

VARIoT news about IoT security