Sign-up

VARIoT news about IoT security

A new vulnerability has been discovered that puts almost all Android devices at risk: even system apps are not safe | Div Bracket

Trust: 3.0

Fetched: Dec. 6, 2022, 9:18 a.m., Published: Dec. 5, 2022, 11:37 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

Multiple Vulnerabilities in Google Android OS Could Allow for Arbitrary Code Execution

Trust: 5.25

Fetched: Dec. 6, 2022, 9:18 a.m., Published: Nov. 30, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android

Address Medical Device Vulnerabilities to Protect Healthcare System Cybersecurity - Healthcare Business Today

Trust: 3.0

Fetched: Dec. 6, 2022, 9:17 a.m., Published: Dec. 4, 2022, 5:42 p.m.
 Vulnerabilities: -
Affected productsExternal IDs

Google Reveals Spyware Vendor's Use of Samsung Phone Zero-Day Exploits | SecurityWeek.Com

Trust: 4.5

Fetched: Dec. 6, 2022, 9:14 a.m., Published: Dec. 6, 2022, midnight
 Vulnerabilities: code execution, information leak
Affected productsExternal IDs
vendor: samsung model: note
vendor: google model: android
vendor: google model: chrome
db: NVD ids: CVE-2021-25337, CVE-2021-25369, CVE-2021-25370

Uncover RF Security Vulnerabilities with SDRs - Embedded Computing Design

Trust: 4.25

Fetched: Dec. 6, 2022, 9:13 a.m., Published: Sept. 9, 2022, midnight
 Vulnerabilities: replay attack, denial of service, information disclosure
Affected productsExternal IDs
vendor: mesh model: mesh

Google Rolls Out Emergency Patch for Ninth Zero-Day Chrome Vulnerability of 2022 | Spiceworks 1

Related entries in the VARIoT vulnerabilities database: VAR-202205-1370, VAR-202203-1921

Trust: 5.25

Fetched: Dec. 6, 2022, 9:12 a.m., Published: Dec. 5, 2022, midnight
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: home
db: NVD ids: CVE-2022-3723, CVE-2022-2856, CVE-2022-0609, CVE-2022-4135, CVE-2022-3075, CVE-2022-2294, CVE-2022-4262, CVE-2022-1364, CVE-2022-1096

Kandji Announces New Device Harmony Platform, Tears Down the Wall Between IT and InfoSec to Keep Enterprise Apple Users Secure and Productive

Trust: 3.0

Fetched: Dec. 6, 2022, 9:11 a.m., Published: Oct. 3, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos

Vulnerability not yet fixed leaves millions of Android phones at risk - PhoneArena

Trust: 4.75

Fetched: Dec. 6, 2022, 9:11 a.m., Published: Dec. 15, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: samsung model: notes
vendor: samsung model: samsung galaxy
vendor: samsung model: galaxy
vendor: samsung model: android phone
vendor: samsung model: exynos
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2022-33917, CVE-2022-36449

Three Innocuous Linux Vulnerabilities Chained to Obtain Full Root Privileges | SecurityWeek.Com

Trust: 5.5

Fetched: Dec. 6, 2022, 9:10 a.m., Published: Dec. 6, 2022, midnight
 Vulnerabilities: code execution, privilege escalation, symlink attack
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2022-41973, CVE-2022-3328, CVE-2021-44731, CVE-2022-41974

Hackers Execute Arbitrary Code with Microsoft Office | Master Computing | IT Services & IT Support Dallas, TX

Trust: 3.0

Fetched: Dec. 4, 2022, 9:23 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-41106

Google Researchers Warn Millions Of Android Devices Prone To Hacking Due To Gpu Bug

Trust: 3.75

Fetched: Dec. 4, 2022, 9:23 a.m., Published: Nov. 26, 2022, 9:41 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
vendor: samsung model: galaxy
db: NVD ids: CVE-2022-36449

Hackers Execute Arbitrary Code with Microsoft Office | Logical Business Solutions Inc.

Trust: 3.0

Fetched: Dec. 4, 2022, 9:22 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-41106

Three Innocuous Linux Vulnerabilities Chained to Obtain Full Root Privileges | SecurityWeek.Com

Trust: 5.5

Fetched: Dec. 4, 2022, 9:22 a.m., Published: Dec. 4, 2022, midnight
 Vulnerabilities: code execution, privilege escalation, symlink attack
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2022-41973, CVE-2022-3328, CVE-2022-41974, CVE-2021-44731

Google reveals high-risk vulnerabilities that threaten millions of Android devices - TechGoing

Trust: 3.0

Fetched: Dec. 4, 2022, 9:21 a.m., Published: Dec. 3, 2022, 7:07 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

How Vulnerable Are Mobile Networks and Devices? - Manning

Trust: 3.5

Fetched: Dec. 4, 2022, 9:20 a.m., Published: Dec. 2, 2022, 5:23 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: google model: home
vendor: google model: wifi
vendor: tesla model: model
vendor: huawei model: nice
vendor: huawei model: huawei

Drop What You're Doing and Update iOS, Android, and Windows | WIRED

Related entries in the VARIoT vulnerabilities database: VAR-202210-1070, VAR-202210-0997

Trust: 4.5

Fetched: Dec. 4, 2022, 9:20 a.m., Published: Nov. 30, 2022, noon
 Vulnerabilities: code execution, authentication bypass, buffer overflow
Affected productsExternal IDs
vendor: google model: wifi
vendor: google model: chrome
vendor: google model: pixel
vendor: google model: android
vendor: google model: google chrome
vendor: apple model: iphone
vendor: apple model: macos
vendor: samsung model: galaxy
db: NVD ids: CVE-2022-41128, CVE-2022-41091, CVE-2022-3886, CVE-2022-3890, CVE-2022-31685, CVE-2022-40304, CVE-2022-3885, CVE-2022-2209, CVE-2022-31686, CVE-2022-45404, CVE-2022-41073, CVE-2022-20463, CVE-2022-3889, CVE-2022-40303, CVE-2022-4135, CVE-2022-3887, CVE-2022-3888, CVE-2022-41125

Top Emerging Cybersecurity Threats and How to Prevent Them From Happening to You | HackerNoon

Trust: 3.5

Fetched: Dec. 4, 2022, 9:19 a.m., Published: Dec. 19, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: apple model: iphone

SSA-955858

Related entries in the VARIoT vulnerabilities database: VAR-202210-0505, VAR-202210-0504, VAR-202210-0503

Trust: 4.75

Fetched: Dec. 4, 2022, 9:13 a.m., Published: Dec. 8, 2022, midnight
 Vulnerabilities: buffer overflow, improper validation, input validation vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2022-36363, CVE-2022-36361, CVE-2022-36362

Fortinet Warns of New Authentication Bypass Vulnerability - Kratikal Blogs

Related entries in the VARIoT vulnerabilities database: VAR-202210-0198

Trust: 5.75

Fetched: Dec. 4, 2022, 9:12 a.m., Published: Nov. 8, 2022, 7:09 a.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2022-40684

Huawei Security Hypervisor Vulnerability - Impalabs Blog

Related entries in the VARIoT vulnerabilities database: VAR-202110-1853

Trust: 4.5

Fetched: Dec. 2, 2022, 9:24 a.m., Published: Dec. 1, 2022, midnight
 Vulnerabilities: integer overflow, code execution
Affected productsExternal IDs
vendor: huawei model: huawei
db: NVD ids: CVE-2021-39979