Sign-up

VARIoT news about IoT security

Microsoft patches 66 vulnerabilities in September update

Trust: 4.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 15, 2021, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-36965, CVE-2021-38657, CVE-2021-36956, CVE-2021-40444, CVE-2021-38667, CVE-2021-38647, CVE-2021-38671, CVE-2021-26435, CVE-2021-40447

NVD - CVE-2021-34734

Related entries in the VARIoT vulnerabilities database: VAR-202108-0822

Trust: 5.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 26, 2021, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: cisco systems
vendor: cisco model: link layer discovery protocol
vendor: cisco model: series
vendor: cisco systems model: cisco systems
vendor: cisco systems model: link layer discovery protocol
vendor: cisco systems model: series
db: NVD ids: CVE-2021-34734

Update Apple devices immediately to close a critical security vulnerability | Access Tufts

Trust: 3.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 17, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: watchos

MikroTik blog - MÄ“ris botnet

Related entries in the VARIoT vulnerabilities database: VAR-201808-0384

Trust: 4.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 15, 2021, midnight
 Vulnerabilities: weak password
Affected productsExternal IDs
vendor: mikrotik model: routers
vendor: mikrotik model: mikrotik router
vendor: mikrotik model: routeros
vendor: mikrotik model: mikrotik
vendor: mikrotik model: router
db: NVD ids: CVE-2018-14847

Apple patches zero-day flaw affecting all devices - Security - iTnews

Trust: 3.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 4, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: watchos

How a Medical Device Vulnerability Can Compromise Privacy

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Dec. 18, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: zoom model: zoom

Devices From Many Vendors Can Be Hacked Remotely Due to Flaws in Realtek SDK | SecurityWeek.Com

Trust: 4.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 14, 2022, midnight
 Vulnerabilities: denial of service, command injection
Affected productsExternal IDs
vendor: realtek model: audio driver
vendor: realtek model: realtek sdk
vendor: asus model: asus
vendor: huawei model: huawei
db: NVD ids: CVE-2021-35392, CVE-2021-35395

Bluetooth devices proven to be vulnerable to unfixable security problems

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 1, 2021, 10:42 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: asus model: asus

New Research Uncovers 5 Vulnerabilities in Mitsubishi Safety PLCs

Trust: 4.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 5, 2021, 3:01 a.m.
 Vulnerabilities: account lockout
Affected productsExternal IDs

Report: 83 Million Cameras, Other Devices Prone to IoT Vulnerability - Commercial Integrator

Trust: 3.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 17, 2021, 2:45 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

New BrakTooth Flaws Leave Millions of Bluetooth-enabled Devices Vulnerable - duckduck WHO ?

Trust: 5.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-28139

Multiple Flaws in Realtek SDK Affect Wide Range of IoT Devices | Decipher

Trust: 4.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 16, 2021, midnight
 Vulnerabilities: command injection, buffer overflow
Affected productsExternal IDs
vendor: realtek model: realtek sdk
vendor: asus model: asus

Microsoft MSHTML Remote Code Execution Vulnerability: Security Bulletins: Information Security & Policy: Indiana University

Trust: 5.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 12, 2022, midnight
 Vulnerabilities: file execution, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-40444

Mandiant Discloses Critical Vulnerability Affecting Millions of IoT Devices | Mandiant

Trust: 4.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 17, 2021, midnight
 Vulnerabilities: device impersonation, code execution
Affected productsExternal IDs
vendor: google model: home
vendor: wireshark model: wireshark
vendor: apple model: watch
db: NVD ids: CVE-2021-28372

A Vulnerability in Cisco Adaptive Security Appliance and Firepower Threat Defense Could Allow for Security Bypass

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 7, 2022, 7:33 p.m.
 Vulnerabilities: security bypass
Affected productsExternal IDs
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: firepower threat defense
vendor: cisco model: firepower
vendor: cisco model: small business
vendor: cisco model: adaptive security appliance

Apple iOS and iPadOS Vulnerability Exploited by Cybercriminals

Trust: 5.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 13, 2021, 4:34 p.m.
 Vulnerabilities: integer overflow, privilege escalation
Affected productsExternal IDs
vendor: apple model: ipod touch
vendor: apple model: ipad
vendor: apple model: iphone os
vendor: apple model: iphone
db: NVD ids: CVE-2021-30883

Microsoft warns of dangerous vulnerability in Surface Pro 3 devices

Related entries in the VARIoT vulnerabilities database: VAR-202110-1321

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 21, 2021, 7:58 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
vendor: broadcom model: broadcom
vendor: broadcom model: linux
db: NVD ids: CVE-2021-30970, CVE-2021-42299, CVE-2019-15126

These Bluetooth security flaws could affect billions of devices | TechRadar

Trust: 3.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 3, 2021, 2:01 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

Cisco urges users to patch critical vulnerability in virtualized network devices after PoC is made public | The Daily Swig

Trust: 4.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 3, 2021, 1:45 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: cisco model: router

Security Advisory - CSV Injection Vulnerability in Some Huawei Products

Trust: 4.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 14, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: huawei model: huawei
db: NVD ids: CVE-2021-37131