VARIoT latest news about IoT security

Cyber Security Asean Trust: 3.75 Fetched: Dec. 13, 2022, 9:15 a.m., Published: Dec. 13, 2022, midnight	Vulnerabilities: denial of service, code execution

Affected products	External IDs

Microsoft Edge Browser - Security Vulnerabilities in 2022 Trust: 5.25 Fetched: Dec. 13, 2022, 9:14 a.m., Published: Dec. 13, 2022, midnight	Vulnerabilities: memory corruption, use after free, feature bypass...

Affected products

External IDs

vendor:	google	model:	chrome
vendor:	google	model:	android
vendor:	google	model:	google chrome

db:

NVD

ids:

CVE-2021-26436, CVE-2018-1022, CVE-2018-8139, CVE-2018-8133, CVE-2021-30624, CVE-2021-21157, CVE-2018-0953, CVE-2020-17153, CVE-2020-1195, CVE-2018-0955, CVE-2022-33649, CVE-2021-30617, CVE-2021-30611, CVE-2018-8123, CVE-2018-8114, CVE-2021-21141, CVE-2018-1021, CVE-2021-30610, CVE-2021-30609, CVE-2022-44708, CVE-2021-30614, CVE-2022-41115, CVE-2018-8122, CVE-2021-33741, CVE-2022-33680, CVE-2018-0943, CVE-2021-24113, CVE-2021-30607, CVE-2018-8130, CVE-2018-1025, CVE-2018-0951, CVE-2018-8358, CVE-2021-30622, CVE-2021-30613, CVE-2022-4135, CVE-2022-38012, CVE-2021-30618, CVE-2021-30615, CVE-2021-30608, CVE-2021-30621, CVE-2021-30620, CVE-2018-8388, CVE-2018-0954, CVE-2018-0945, CVE-2020-16884, CVE-2018-8137, CVE-2021-30606, CVE-2018-8177, CVE-2021-38669, CVE-2021-24100, CVE-2018-8128, CVE-2022-33636, CVE-2021-36930, CVE-2018-8178, CVE-2018-8179, CVE-2022-35796, CVE-2022-33639, CVE-2021-30616, CVE-2021-30612, CVE-2021-21140, CVE-2021-30623, CVE-2018-8383, CVE-2018-0946, CVE-2018-8145, CVE-2018-8112, CVE-2022-41035, CVE-2021-30619, CVE-2022-44688

Cisco discloses high-severity IP phone vulnerability - Techzine Europe Related entries in the VARIoT vulnerabilities database: VAR-202007-1057 Trust: 3.75 Fetched: Dec. 13, 2022, 9:13 a.m., Published: Dec. 12, 2022, 8:28 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	series
vendor:	cisco	model:	ip phone 7800
vendor:	cisco	model:	ip phone 7800 series
vendor:	cisco	model:	ip phone 8800 series
vendor:	cisco	model:	ip phone 8800
vendor:	cisco	model:	ip phone

db:

NVD

ids:

CVE-2020-3452

Microsoft Patches Vulnerability Allowing Full Access to Azure Service Fabric Clusters \| SecurityWeek.Com Trust: 4.25 Fetched: Dec. 13, 2022, 9:12 a.m., Published: Dec. 13, 2022, midnight	Vulnerabilities: cross-site scripting, code execution

Affected products

External IDs

vendor:	palo alto networks	model:	networks
vendor:	palo	model:	networks

db:

NVD

ids:

CVE-2022-35829

List vulnerabilities by software \| Microsoft Learn Trust: 3.75 Fetched: Dec. 13, 2022, 9:12 a.m., Published: Oct. 19, 2022, 9:04 p.m.	Vulnerabilities: security feature bypass, feature bypass

Affected products

External IDs

db:

NVD

ids:

CVE-2017-0140

Omron PLC Vulnerability Exploited by Sophisticated ICS Malware \| SecurityWeek.Com Related entries in the VARIoT vulnerabilities database: VAR-202207-0037, VAR-202207-0036 Trust: 3.75 Fetched: Dec. 13, 2022, 9:11 a.m., Published: Dec. 13, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

omron

model:

omron plc

db:

NVD

ids:

CVE-2022-34151, CVE-2022-33208, CVE-2022-33971

Cisco discloses high-severity IP phone zero-day with exploit code Related entries in the VARIoT vulnerabilities database: VAR-202212-0864 Trust: 4.5 Fetched: Dec. 13, 2022, 9:10 a.m., Published: -	Vulnerabilities: denial of service, code execution

Affected products

External IDs

vendor:	cisco	model:	link layer discovery protocol
vendor:	cisco	model:	series
vendor:	cisco	model:	ip phone 7800
vendor:	cisco	model:	voice vlan
vendor:	cisco	model:	ip phones
vendor:	cisco	model:	ip phone

db:

NVD

ids:

CVE-2022-20968

Vulnerability Database Trust: 4.0 Fetched: Dec. 13, 2022, 9:10 a.m., Published: -	Vulnerabilities: privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2022-45797

The increase in vulnerabilities is the reason why device vulnerability management is important Trust: 3.75 Fetched: Dec. 13, 2022, 9:10 a.m., Published: Dec. 11, 2022, 7:18 a.m.	Vulnerabilities: denial of service, code execution

Affected products	External IDs

Cisco reveals zero-day vulnerability in IP phones Trust: 3.25 Fetched: Dec. 11, 2022, 9:18 a.m., Published: Dec. 11, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

cisco

model:

ip phones

Google warns that millions of Android devices could be at risk of being attacked due to this vulnerability - casinomalta Trust: 3.75 Fetched: Dec. 11, 2022, 9:17 a.m., Published: Nov. 26, 2022, 4:37 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	huawei	model:	huawei
vendor:	apple	model:	iphone
vendor:	google	model:	pixel
vendor:	google	model:	android
vendor:	samsung	model:	mobile
vendor:	samsung	model:	galaxy s10
vendor:	samsung	model:	samsung galaxy
vendor:	samsung	model:	galaxy

db:

NVD

ids:

CVE-2022-33917

vulnerability assessments Archives - Securicon Trust: 4.75 Fetched: Dec. 11, 2022, 9:16 a.m., Published: Dec. 11, 2021, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	google	model:	chrome
vendor:	google	model:	home
vendor:	google	model:	android

Vulnerabilities in Popular Keyboard and Mouse Android Apps Expose User Data \| SecurityWeek.Com Trust: 5.75 Fetched: Dec. 11, 2022, 9:16 a.m., Published: Dec. 11, 2022, midnight	Vulnerabilities: weak password, code execution

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2022-45477, CVE-2022-45481, CVE-2022-45482, CVE-2022-45479

Cisco Identity Services Engine Insufficient Access Control Vulnerability - Cisco Trust: 3.75 Fetched: Dec. 11, 2022, 9:15 a.m., Published: Nov. 29, 2022, 6:53 a.m.	Vulnerabilities: access control vulnerability

Affected products

External IDs

vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	cisco identity services engine

Google Pays $70k for Android Lock Screen Bypass \| SecurityWeek.Com Trust: 4.5 Fetched: Dec. 11, 2022, 9:14 a.m., Published: Dec. 11, 2022, midnight	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:	google	model:	pixel
vendor:	google	model:	android

db:

NVD

ids:

CVE-2022-20465

Vulnerability Examples: Common Types and 5 Real World Examples - Bright Security Trust: 4.5 Fetched: Dec. 11, 2022, 9:14 a.m., Published: Sept. 15, 2022, 1:13 p.m.	Vulnerabilities: cross-site scripting, code injection, denial of service...

Affected products

External IDs

vendor:	google	model:	home
vendor:	google	model:	android

2022-10 Security Bulletin: Junos OS: On IPv6 OAM SRv6 network enabled devices an attacker sending a specific genuine packet to an IPv6 address configured on the device may cause a RPD memory leak leading to an RPD core. (CVE-2022-22228) Related entries in the VARIoT vulnerabilities database: VAR-202210-1074 Trust: 4.25 Fetched: Dec. 11, 2022, 9:13 a.m., Published: -	Vulnerabilities: memory leak

Affected products

External IDs

db:

NVD

ids:

CVE-2022-22228

Time is Ticking on a New OpenSSL Vulnerability - IT Security Guru Related entries in the VARIoT vulnerabilities database: VAR-201609-0352 Trust: 3.0 Fetched: Dec. 11, 2022, 9:13 a.m., Published: Oct. 31, 2022, 3:25 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2016-6309

Android Security Bulletin-December 2022 \| Android Open Source Project Related entries in the VARIoT vulnerabilities database: VAR-202212-0798, VAR-202212-0726, VAR-202212-0441, VAR-202212-0660, VAR-202212-0542, VAR-202212-0543, VAR-202212-0619 Trust: 5.25 Fetched: Dec. 11, 2022, 9:12 a.m., Published: Dec. 11, 2022, midnight	Vulnerabilities: information disclosure, denial of service, code execution

Affected products

External IDs

vendor:	huawei	model:	huawei
vendor:	google	model:	pixel
vendor:	google	model:	android
vendor:	samsung	model:	mobile
vendor:	samsung	model:	notes
vendor:	motorola	model:	motorola
vendor:	motorola	model:	android

db:

NVD

ids:

CVE-2022-25685, CVE-2022-39106, CVE-2021-39795, CVE-2022-25672, CVE-2022-20486, CVE-2022-20469, CVE-2022-20495, CVE-2021-39660, CVE-2022-39130, CVE-2022-20466, CVE-2022-20124, CVE-2022-42756, CVE-2022-20500, CVE-2022-25691, CVE-2022-25692, CVE-2022-32594, CVE-2022-20479, CVE-2022-20480, CVE-2022-39134, CVE-2022-42755, CVE-2022-20485, CVE-2022-20473, CVE-2022-20483, CVE-2022-33238, CVE-2022-25682, CVE-2022-25689, CVE-2022-20468, CVE-2022-20475, CVE-2022-25702, CVE-2022-20482, CVE-2022-39133, CVE-2022-42771, CVE-2022-25673, CVE-2022-20488, CVE-2022-20501, CVE-2022-20497, CVE-2022-32596, CVE-2022-20496, CVE-2022-20240, CVE-2022-20611, CVE-2022-42772, CVE-2022-25681, CVE-2022-20478, CVE-2022-39132, CVE-2022-25697, CVE-2022-32597, CVE-2021-39617, CVE-2022-20442, CVE-2022-32619, CVE-2022-20411, CVE-2022-33268, CVE-2022-20144, CVE-2022-32598, CVE-2022-42770, CVE-2022-39129, CVE-2022-25695, CVE-2022-25698, CVE-2022-39131, CVE-2022-20477, CVE-2022-20449, CVE-2022-20484, CVE-2022-20491, CVE-2022-20470, CVE-2021-0934, CVE-2022-20487, CVE-2022-20476, CVE-2022-20472, CVE-2022-20498, CVE-2022-33235, CVE-2022-20502, CVE-2022-20444, CVE-2022-32620, CVE-2022-20471, CVE-2022-42754, CVE-2022-20474

Cisco IOS XE Software DNS NAT Protocol Application Layer Gateway Denial of Service Vulnerability - Cisco Trust: 4.0 Fetched: Dec. 11, 2022, 9:12 a.m., Published: Nov. 15, 2022, 10:59 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	cisco ios

VARIoT news about IoT security