Sign-up

VARIoT news about IoT security

What are zero-day attacks, and how to prevent them? - Gcore

Trust: 3.5

Fetched: Nov. 29, 2022, 9:26 a.m., Published: Nov. 24, 2022, 7:27 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: routers
vendor: huawei model: hg532
vendor: huawei model: huawei

November Patch Tuesday: Microsoft Finally Patches Two NotProxyShell And Four Other Zero-day Flaws | Spiceworks 1

Trust: 5.25

Fetched: Nov. 29, 2022, 9:24 a.m., Published: Nov. 9, 2022, midnight
 Vulnerabilities: request forgery, security feature bypass, privilege escalation...
Affected productsExternal IDs
vendor: trend micro model: security
vendor: trend model: security
db: NVD ids: CVE-2022-41128, CVE-2022-41082, CVE-2022-38015, CVE-2022-41040, CVE-2022-41118, CVE-2022-41073, CVE-2022-41044, CVE-2022-37966, CVE-2022-41080, CVE-2022-41125, CVE-2022-41088, CVE-2022-37967, CVE-2022-41039, CVE-2022-41091

15-Year-Old Python Vulnerability Still Affects Over 350,000 Open-Source Projects | Spiceworks 1

Trust: 4.5

Fetched: Nov. 29, 2022, 9:24 a.m., Published: Sept. 22, 2022, midnight
 Vulnerabilities: code execution, directory traversal, traversal attack...
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2007-4559

Discontinued Web Server Poses IoT Security Risks | Decipher

Trust: 3.75

Fetched: Nov. 29, 2022, 9:23 a.m., Published: Nov. 22, 2022, midnight
 Vulnerabilities: information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2017-9833, CVE-2021-33558

Google Ships Emergency Update for the Sixth Zero-day Chrome Vulnerability in 2022 | Spiceworks 1

Related entries in the VARIoT vulnerabilities database: VAR-202205-1370, VAR-202203-1921

Trust: 4.75

Fetched: Nov. 29, 2022, 9:17 a.m., Published: Sept. 6, 2022, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome
vendor: google model: android
db: NVD ids: CVE-2022-0609, CVE-2022-2294, CVE-2022-2856, CVE-2022-1364, CVE-2022-3075, CVE-2022-1096

Citrix Application Delivery Management Security Bulletin for CVE-2022-27511 and CVE-2022-27512

Trust: 5.25

Fetched: Nov. 29, 2022, 9:14 a.m., Published: June 27, 2022, 10:21 a.m.
 Vulnerabilities: improper access control
Affected productsExternal IDs
db: NVD ids: CVE-2022-27511, CVE-2022-27512

CWE - 2022 CWE Top 25 Most Dangerous Software Weaknesses

Trust: 4.5

Fetched: Nov. 29, 2022, 9:12 a.m., Published: Nov. 29, 2022, midnight
 Vulnerabilities: request forgery, command injection, path traversal...
Affected productsExternal IDs
vendor: trend model: security

Exploit Database - Exploits for Penetration Testers, Researchers, and Ethical Hackers

Trust: 3.5

Fetched: Nov. 29, 2022, 9:11 a.m., Published: Feb. 26, 2000, midnight
 Vulnerabilities: request forgery, cross-site request forgery
Affected productsExternal IDs

What Are The Benefits Of Using Vulnerability Management Software - Analytic Searches

Trust: 3.0

Fetched: Nov. 27, 2022, 9:20 a.m., Published: Nov. 23, 2022, 7:03 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs

Tips For Using Vulnerability Management Software Successfully - Infosem

Trust: 3.75

Fetched: Nov. 27, 2022, 9:18 a.m., Published: Nov. 23, 2022, 7:08 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: trend model: security

Google exposes active Android vulnerability affecting Mali GPUs

Trust: 3.75

Fetched: Nov. 27, 2022, 9:18 a.m., Published: Nov. 25, 2022, 4:48 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
vendor: samsung model: samsung galaxy
vendor: samsung model: exynos
vendor: samsung model: galaxy
db: NVD ids: CVE-2022-33917, CVE-2022-36449

Millions Of Android Devices Running On Mali GPU Are Vulnerable To Attacks, And You Can’t Fix It - Tech

Trust: 3.75

Fetched: Nov. 27, 2022, 9:18 a.m., Published: Nov. 25, 2022, 11:35 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: motorola model: android
vendor: motorola model: motorola
vendor: xiaomi model: redmi
vendor: google model: pixel
vendor: google model: android
vendor: asus model: asus
vendor: samsung model: note
vendor: samsung model: samsung galaxy
vendor: samsung model: galaxy
vendor: samsung model: galaxy s10
vendor: samsung model: note 10
vendor: samsung model: galaxy s9
vendor: samsung model: galaxy note
vendor: samsung model: galaxy s7
vendor: huawei model: huawei mate
vendor: huawei model: huawei p30
vendor: huawei model: mate
vendor: huawei model: honor view 20
vendor: huawei model: mate 8
vendor: huawei model: huawei
vendor: huawei model: honor
vendor: huawei model: view 20
db: NVD ids: CVE-2022-33917, CVE-2022-36449

Alert! Millions of Android devices prone to hacking due to GPU bug: Google's Project Zero Team

Trust: 3.75

Fetched: Nov. 27, 2022, 9:17 a.m., Published: Nov. 27, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
vendor: samsung model: galaxy
db: NVD ids: CVE-2022-36449

Microsoft CVE-2022-41055: Windows Human Interface Device Information Disclosure Vulnerability

Trust: 3.5

Fetched: Nov. 27, 2022, 9:17 a.m., Published: Nov. 4, 2022, midnight
 Vulnerabilities: information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2022-41055

Top Emerging Cybersecurity Threats and Defensive Mechanism to be Safe | HackerNoon

Trust: 3.5

Fetched: Nov. 27, 2022, 9:16 a.m., Published: Nov. 19, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: essential model: phone
vendor: google model: android
vendor: trend model: antivirus
vendor: trend model: security
vendor: apple model: iphone

CISA Tells Organizations to Patch Linux Kernel Vulnerability Exploited by Malware | SecurityWeek.Com

Trust: 4.0

Fetched: Nov. 27, 2022, 9:13 a.m., Published: Nov. 27, 2022, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2021-3493, CVE-2021-4034

How works Microsoft Defender Vulnerability Management (MDVM)

Related entries in the VARIoT vulnerabilities database: VAR-202205-1958

Trust: 4.75

Fetched: Nov. 27, 2022, 9:12 a.m., Published: Nov. 21, 2022, 2:17 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: trend model: endpoint sensor
vendor: trend model: password manager
vendor: trend model: antivirus
vendor: trend model: security
db: NVD ids: CVE-2022-30190

Google Patches the Seventh Zero-Day Chrome Vulnerability of 2022 | Spiceworks 1

Related entries in the VARIoT vulnerabilities database: VAR-202203-1921, VAR-202205-1370

Trust: 5.25

Fetched: Nov. 27, 2022, 9:11 a.m., Published: Nov. 2, 2022, midnight
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: google chrome
db: NVD ids: CVE-2022-3723, CVE-2022-1096, CVE-2022-2856, CVE-2022-1364, CVE-2022-2294, CVE-2022-0609, CVE-2022-3075

Siemens LOGO! 8 BM Devices | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202210-0505, VAR-202210-0503, VAR-202210-0504

Trust: 3.75

Fetched: Nov. 27, 2022, 9:10 a.m., Published: Nov. 8, 2022, midnight
 Vulnerabilities: improper validation
Affected productsExternal IDs
db: NVD ids: CVE-2022-36363, CVE-2022-36362, CVE-2022-36361

Google's Project Zero found exploitable vulnerabilities

Trust: 3.75

Fetched: Nov. 25, 2022, 9:33 a.m., Published: Nov. 24, 2022, 2:55 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: samsung model: android phone
db: NVD ids: CVE-2021-25370, CVE-2021-25369, CVE-2021-25337