Sign-up

VARIoT news about IoT security

Announcing Microsoft Defender Vulnerability Management in public preview - Microsoft Tech Community

Trust: 3.5

Fetched: June 1, 2022, 8:58 a.m., Published: May 12, 2022, 3:41 p.m.
 Vulnerabilities: service disruption
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome

Zyxel silently patches command-injection vulnerability with 9.8 severity rating | Ars Technica

Related entries in the VARIoT vulnerabilities database: VAR-202205-0957

Trust: 5.5

Fetched: June 1, 2022, 8:58 a.m., Published: June 9, 2022, midnight
 Vulnerabilities: authentication vulnerability, command injection, remote command injection
Affected productsExternal IDs
vendor: zyxel model: atp200
vendor: zyxel model: usg20w-vpn
vendor: zyxel model: usg20-vpn
db: NVD ids: CVE-2022-30525

HP Patches UEFI Vulnerabilities Affecting Over 200 Computers | SecurityWeek.Com

Trust: 4.75

Fetched: June 1, 2022, 8:58 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: lenovo model: desktop
vendor: lenovo model: system
vendor: lenovo model: bios
vendor: lenovo model: updates
vendor: dell model: bios
db: NVD ids: CVE-2021-3809, CVE-2021-3808

Microsoft Details Severe Vulnerabilities in Pre-Installed Android Apps

Trust: 4.0

Fetched: June 1, 2022, 8:58 a.m., Published: May 28, 2022, 4:22 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2021-42600, CVE-2021-42598, CVE-2021-42599, CVE-2021-42601

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution

Trust: 3.5

Fetched: June 1, 2022, 8:58 a.m., Published: May 25, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

Microsoft : Security vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202205-0624, VAR-202205-0625, VAR-202205-0626

Trust: 3.75

Fetched: June 1, 2022, 8:58 a.m., Published: June 1, 2050, midnight
 Vulnerabilities: information disclosure, denial of service, security feature bypass...
Affected productsExternal IDs
db: NVD ids: CVE-2022-26936, CVE-2022-29113, CVE-2022-26932, CVE-2022-29110, CVE-2022-29114, CVE-2022-29141, CVE-2022-29107, CVE-2022-29129, CVE-2022-29139, CVE-2022-29130, CVE-2022-29131, CVE-2022-29105, CVE-2022-22014, CVE-2022-30129, CVE-2022-22013, CVE-2022-23267, CVE-2022-29103, CVE-2022-26933, CVE-2022-29132, CVE-2022-29128, CVE-2022-29117, CVE-2022-26938, CVE-2022-22012, CVE-2022-26935, CVE-2022-29115, CVE-2022-29123, CVE-2022-29102, CVE-2022-29148, CVE-2022-29125, CVE-2022-29116, CVE-2022-29112, CVE-2022-29138, CVE-2022-29145, CVE-2022-29137, CVE-2022-29106, CVE-2022-29121, CVE-2022-29127, CVE-2022-29151, CVE-2022-29104, CVE-2022-29134, CVE-2022-29108, CVE-2022-30138, CVE-2022-29150, CVE-2022-22011, CVE-2022-29133, CVE-2022-29109, CVE-2022-29142, CVE-2022-26934, CVE-2022-26939, CVE-2022-29122, CVE-2022-26937, CVE-2022-29120, CVE-2022-29126, CVE-2022-29135, CVE-2022-26940, CVE-2022-29140

Unpatched DNS bug affects millions of routers and IoT devices

Trust: 3.75

Fetched: June 1, 2022, 8:58 a.m., Published: June 1, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: netgear model: router
vendor: axis model: communications

Patch: Zoom chat messages can infect devices with malware • The Register

Trust: 4.75

Fetched: June 1, 2022, 8:58 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: zoom model: client
vendor: zoom model: zoom
vendor: zoom model: zoom client
vendor: google model: android
db: NVD ids: CVE-2022-22787

Hackers can take over device without privileges - NCC warns mobile phone users - Daily Post Nigeria

Trust: 4.75

Fetched: June 1, 2022, 8:58 a.m., Published: May 22, 2022, 4:59 p.m.
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs
vendor: avast model: antivirus
db: NVD ids: CVE-2022-26522, CVE-2022-26523

Apple users alert! Device could be hacked if not updated, claims CERT-In advisory

Trust: 4.75

Fetched: June 1, 2022, 8:58 a.m., Published: May 1, 2022, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: apple model: watch
vendor: apple model: mac os

CVE-2022-29127 - Security Update Guide - Microsoft - BitLocker Security Feature Bypass Vulnerability

Trust: 4.0

Fetched: June 1, 2022, 8:58 a.m., Published: -
 Vulnerabilities: security feature bypass, feature bypass
Affected productsExternal IDs
db: NVD ids: CVE-2022-29127

Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Vulnerability Spotlight: How an attacker could chain several vulnerabilities in an industrial wireless router to gain root access

Related entries in the VARIoT vulnerabilities database: VAR-202205-1035

Trust: 5.25

Fetched: June 1, 2022, 8:58 a.m., Published: May 1, 2022, midnight
 Vulnerabilities: privilege escalation, cross-site scripting, buffer overflow...
Affected productsExternal IDs
vendor: cisco model: router
vendor: snort.org model: snort
vendor: snort model: snort
db: NVD ids: CVE-2022-27172

Critical F5 BIG-IP Flaw Actively Exploited by Hackers | eSecurityPlanet

Related entries in the VARIoT vulnerabilities database: VAR-202205-0394

Trust: 4.0

Fetched: June 1, 2022, 8:58 a.m., Published: May 12, 2022, 9:42 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2022-1388

This unpatched DNS bug could put 'well-known' IoT devices at risk | ZDNet

Trust: 3.0

Fetched: June 1, 2022, 8:58 a.m., Published: June 5, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: axis model: communications

SentinelOne unveils severe zero-day vulnerabilities in Avast and AVG - Techzine Europe

Trust: 6.0

Fetched: June 1, 2022, 8:58 a.m., Published: May 5, 2022, 10:31 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: avast model: antivirus
db: NVD ids: CVE-2022-26522, CVE-2022-26523

Vulnerabilities (CVE) - OpenCVE

Trust: 3.0

Fetched: June 1, 2022, 8:58 a.m., Published: April 6, 2022, midnight
 Vulnerabilities: sql injection, cross-site scripting, improper validation...
Affected productsExternal IDs

Sophos Firewall v19.0 GA Resolves Security Vulnerabilities (CVE-2022-1040, CVE-2021-25268, CVE-2021-25267, CVE-2022-0331) | Sophos

Trust: 4.5

Fetched: June 1, 2022, 8:58 a.m., Published: June 19, 2022, midnight
 Vulnerabilities: authentication bypass, code execution, privilege escalation...
Affected productsExternal IDs
db: NVD ids: CVE-2022-1040, CVE-2021-25268, CVE-2022-0331, CVE-2021-25267

NVD - CVE-2022-30525

Related entries in the VARIoT vulnerabilities database: VAR-202205-0957

Trust: 3.75

Fetched: June 1, 2022, 8:58 a.m., Published: June 5, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: zyxel model: atp800
vendor: zyxel model: atp500_firmware
vendor: zyxel model: atp200
vendor: zyxel model: usg20w-vpn_firmware
vendor: zyxel model: atp500
vendor: zyxel model: vpn50_firmware
vendor: zyxel model: vpn50
vendor: zyxel model: usg20w-vpn
vendor: zyxel model: vpn100_firmware
vendor: zyxel model: atp800_firmware
vendor: zyxel model: vpn1000
vendor: zyxel model: vpn300_firmware
vendor: zyxel model: atp200_firmware
vendor: zyxel model: atp100
vendor: zyxel model: vpn100
vendor: zyxel model: vpn1000_firmware
vendor: zyxel model: vpn300
vendor: zyxel model: atp100_firmware
db: NVD ids: CVE-2022-30525

Vulnerabilities (CVE) - OpenCVE

Trust: 4.5

Fetched: June 1, 2022, 8:58 a.m., Published: April 6, 2022, midnight
 Vulnerabilities: memory corruption, privilege escalation, cross-site scripting...
Affected productsExternal IDs
vendor: cisco model: firepower threat defense
vendor: cisco model: cisco 7600 series
vendor: cisco model: series
vendor: cisco model: series industrial security appliance
vendor: cisco model: asa 5500 series
vendor: cisco model: ftd virtual
vendor: cisco model: firepower 2100
vendor: cisco model: catalyst
vendor: cisco model: cisco catalyst 6500 series
vendor: cisco model: 7600 series
vendor: cisco model: adaptive security appliance
vendor: cisco model: firepower
vendor: cisco model: adaptive security virtual appliance
vendor: cisco model: asa 5500
vendor: cisco model: asa software
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: catalyst 6500
vendor: cisco model: ios 12.4
vendor: cisco model: catalyst 6500 series
vendor: cisco model: industrial security appliance
vendor: cisco model: firepower 9300
vendor: cisco model: routers
vendor: cisco model: series switches
vendor: cisco model: series routers
vendor: aruba model: aruba instant
vendor: aruba model: instant
vendor: aruba model: instant access point

Threat Actors Exploiting F5 BIG-IP CVE-2022-1388 | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202205-0394

Trust: 3.75

Fetched: June 1, 2022, 8:58 a.m., Published: June 16, 2022, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2022-1388