Sign-up

VARIoT news about IoT security

Critical remote code execution vulnerability found in Quarkus Java Framework - Scottish Business Resilience Centre

Trust: 4.0

Fetched: Dec. 2, 2022, 9:18 a.m., Published: Dec. 1, 2022, 3:21 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2022-4116

Security Vulnerabilities Newsletter: Top News Rundown (November 2022)

Related entries in the VARIoT vulnerabilities database: VAR-202207-0036, VAR-202211-0767, VAR-202211-0998, VAR-202211-0882, VAR-202203-0005, VAR-202207-0037

Trust: 4.5

Fetched: Dec. 2, 2022, 9:17 a.m., Published: Nov. 2, 2022, midnight
 Vulnerabilities: code execution, code injection, authentication bypass
Affected productsExternal IDs
vendor: lenovo model: system
vendor: lenovo model: desktop
vendor: asus model: bmc firmware
vendor: asus model: asus
vendor: citrix model: access gateway
vendor: citrix model: gateway
db: NVD ids: CVE-2022-33208, CVE-2022-0902, CVE-2022-27510, CVE-2022-33971, CVE-2022-40903, CVE-2022-27513, CVE-2022-27516, CVE-2022-0778, CVE-2022-34151

Delta Electronics Patches Serious Flaws in Industrial Networking Devices | SecurityWeek.Com

Trust: 4.75

Fetched: Dec. 2, 2022, 9:17 a.m., Published: Dec. 2, 2022, midnight
 Vulnerabilities: command injection, code execution, cross-site scripting
Affected productsExternal IDs

Cisco Email Security Appliance, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance Next Generation Management Vulnerabilities - Cisco

Trust: 3.0

Fetched: Dec. 2, 2022, 9:15 a.m., Published: Dec. 1, 2022, 6:53 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cloud email security
vendor: cisco model: cisco email security appliance
vendor: cisco model: email security appliance
vendor: cisco model: cisco cloud email security

2022-10 Security Bulletin: Paragon Active Assurance (Formerly Netrounds): Stored Cross-site Scripting (XSS) vulnerability in web administration (CVE-2022-22229)

Related entries in the VARIoT vulnerabilities database: VAR-202210-1145

Trust: 4.25

Fetched: Dec. 2, 2022, 9:15 a.m., Published: -
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2022-22229

Positive Technologies helps fix ASUSTOR NAS vulnerability

Trust: 6.0

Fetched: Dec. 2, 2022, 9:14 a.m., Published: Dec. 8, 2022, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: asus model: asus
db: NVD ids: CVE-2022-37398

Trio of new vulnerabilities allow code manipulation, denial of service (and worse) for industrial controllers | SC Media

Trust: 5.5

Fetched: Dec. 2, 2022, 9:14 a.m., Published: Nov. 29, 2022, 5:01 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: codesys model: runtime
vendor: codesys model: codesys
db: NVD ids: CVE-2022-4048, CVE-2022-3270, CVE-2022-3079

IoT devices can undermine your security. Here are four ways to boost your defences | ZDNET

Related entries in the VARIoT vulnerabilities database: VAR-202002-1447

Trust: 4.5

Fetched: Dec. 2, 2022, 9:14 a.m., Published: Dec. 2, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: draytek model: draytek routers
vendor: draytek model: vigor
vendor: draytek model: routers
db: NVD ids: CVE-2020-8515

Millions of Android devices prone to hacking due to GPU bug: Google | Business Insider India

Trust: 3.75

Fetched: Nov. 30, 2022, 9:16 a.m., Published: Nov. 25, 2022, 12:29 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
vendor: samsung model: galaxy
db: NVD ids: CVE-2022-36449

Google cyber researchers detect vulnerabilities in millions of Android smartphones | Deccan Herald

Trust: 5.75

Fetched: Nov. 30, 2022, 9:15 a.m., Published: Nov. 29, 2022, 7:24 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: samsung model: exynos
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2021-39793

OpenSSL Vulnerability Not as Severe as Believed, but Patching Is Still a Must | Spiceworks 1

Trust: 3.5

Fetched: Nov. 30, 2022, 9:14 a.m., Published: Nov. 2, 2022, midnight
 Vulnerabilities: code execution, buffer overrun, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2022-3602, CVE-2022-3786

Vulnerability Spotlight: Vulnerabilities in InHand router could give attackers access to console, delete files

Trust: 3.75

Fetched: Nov. 30, 2022, 9:13 a.m., Published: Oct. 27, 2022, 3:04 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: snort model: snort
vendor: cisco model: firepower
vendor: cisco model: firepower management center
vendor: cisco model: router
vendor: snort.org model: snort
db: NVD ids: CVE-2022-29888, CVE-2022-25932

Moxa UC Series Improper Physical Access Control Vulnerability

Trust: 4.25

Fetched: Nov. 30, 2022, 9:12 a.m., Published: -
 Vulnerabilities: access control vulnerability
Affected productsExternal IDs

Zero-day ARM vulnerabilities affect millions of smartphones - NewsTimes.com.ng

Trust: 4.5

Fetched: Nov. 29, 2022, 9:32 a.m., Published: Nov. 28, 2022, 5 p.m.
 Vulnerabilities: memory corruption, code execution
Affected productsExternal IDs
vendor: samsung model: exynos
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2022-36449

Google experts report five dangerous vulnerabilities in smartphones | Div Bracket

Trust: 3.0

Fetched: Nov. 29, 2022, 9:30 a.m., Published: Nov. 26, 2022, 11:13 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

Non-Snapdragon devices at risk from GPU exploits that have already been patched

Trust: 3.75

Fetched: Nov. 29, 2022, 9:30 a.m., Published: May 29, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: exynos
vendor: samsung model: mobile
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2022-33917

Google Warns Millions Of Android Devices Are Prone To Hacking Due To A GPU Bug

Trust: 3.75

Fetched: Nov. 29, 2022, 9:29 a.m., Published: Nov. 25, 2022, 11:50 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: galaxy
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2022-36449

Multiple security vulnerabilities in F5 BIG-IP and BIG-IQ devices | Q-CERT

Related entries in the VARIoT vulnerabilities database: VAR-202211-1139, VAR-202211-1118

Trust: 5.0

Fetched: Nov. 29, 2022, 9:29 a.m., Published: -
 Vulnerabilities: request forgery, cross-site request forgery, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2022-41622, CVE-2022-41800

Google exposes active Android vulnerability affecting Mali GPUs

Trust: 3.75

Fetched: Nov. 29, 2022, 9:28 a.m., Published: Nov. 27, 2022, 10:16 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung galaxy
vendor: samsung model: exynos
vendor: samsung model: galaxy
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2022-36449, CVE-2022-33917

Networking Tech Vulnerability Could Be Used to Hack Spacecraft: Researchers | SecurityWeek.Com

Trust: 3.75

Fetched: Nov. 29, 2022, 9:27 a.m., Published: Nov. 29, 2022, midnight
 Vulnerabilities: control bypass
Affected productsExternal IDs
vendor: cisco model: routers
vendor: realtek model: realtek sdk