Sign-up

VARIoT news about IoT security

Patching Log4j to version 2.17.1 can probably wait | VentureBeat

Related entries in the VARIoT vulnerabilities database: VAR-202112-2011

Trust: 5.5

Fetched: Jan. 20, 2022, 8:28 a.m., Published: Dec. 29, 2021, 8:31 p.m.
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
vendor: canary model: canary
db: NVD ids: CVE-2021-44832

Vulnerability Threatens Intel That Leads To Affect Its Users

Related entries in the VARIoT vulnerabilities database: VAR-202111-1151

Trust: 3.5

Fetched: Jan. 20, 2022, 8:28 a.m., Published: Jan. 4, 2022, 8:10 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: schneider electric model: monitor
vendor: schneider electric model: modicon m340
vendor: schneider electric model: m340
vendor: schneider model: monitor
vendor: schneider model: modicon m340
vendor: schneider model: m580
vendor: schneider model: m340
db: NVD ids: CVE-2021-0157

Update Now: New Mac Vulnerability Allows Apps to Spy On You | Digital Trends

Related entries in the VARIoT vulnerabilities database: VAR-202108-1285

Trust: 5.0

Fetched: Jan. 20, 2022, 8:28 a.m., Published: Jan. 11, 2022, 11:33 p.m.
 Vulnerabilities: code injection
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2021-30970

Signed kernel drivers - Unguarded gateway to Windows’ core | WeLiveSecurity

Trust: 4.5

Fetched: Jan. 20, 2022, 8:28 a.m., Published: Jan. 11, 2022, 10:30 a.m.
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: sophos model: endpoint protection
db: NVD ids: CVE-2020-15479, CVE-2020-28922, CVE-2009-0824, CVE-2020-15481, CVE-2018-19320, CVE-2010-1592, CVE-2021-26334, CVE-2020-15480, CVE-2020-28921, CVE-2007-5633

CVE-2021-20038..42: SonicWall SMA 100 Multiple Vulnerabilities (FIXED) | Rapid7 Blog

Related entries in the VARIoT vulnerabilities database: VAR-202112-0732, VAR-202112-0389, VAR-202112-0361, VAR-202112-0730, VAR-202112-0731

Trust: 5.25

Fetched: Jan. 20, 2022, 8:28 a.m., Published: Jan. 11, 2022, 2 p.m.
 Vulnerabilities: parameter injection, denial of service, default password...
Affected productsExternal IDs
vendor: sonicwall model: sma 100
vendor: sonicwall model: secure mobile access
db: NVD ids: CVE-2021-20040, CVE-2021-20039, CVE-2021-20038, CVE-2021-20042, CVE-2021-20041

[updated] You can update now: Microsoft patches 97 bugs including 6 zero-days and a wormable one | Malwarebytes Labs

Related entries in the VARIoT vulnerabilities database: VAR-202107-1503, VAR-202201-0640, VAR-202109-1789

Trust: 4.5

Fetched: Jan. 20, 2022, 8:28 a.m., Published: Jan. 12, 2022, 5:02 p.m.
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2022-21839, CVE-2022-21874, CVE-2022-21836, CVE-2022-21907, CVE-2021-36976, CVE-2022-21919, CVE-2021-22947

Log4j Vulnerability Scanners and Detection Tools: List for MSSPs and Threat Hunters - MSSP Alert

Related entries in the VARIoT vulnerabilities database: VAR-202112-0562, VAR-202112-0566

Trust: 3.0

Fetched: Jan. 20, 2022, 8:28 a.m., Published: Jan. 3, 2022, 12:30 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-45046, CVE-2021-44228

Microsoft Reveals MacOS “Powerdir” Vulnerability That Allowed Access To User Data

Related entries in the VARIoT vulnerabilities database: VAR-202108-1285

Trust: 5.0

Fetched: Jan. 20, 2022, 8:28 a.m., Published: Jan. 12, 2022, 1:07 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: icloud
vendor: apple model: macos
db: NVD ids: CVE-2021-30970

Microsoft Discloses 'Powerdir' Vulnerability, Fixed in macOS Monterey 12.1 Update

Related entries in the VARIoT vulnerabilities database: VAR-202108-1285

Trust: 4.25

Fetched: Jan. 20, 2022, 8:28 a.m., Published: Jan. 10, 2022, 6:16 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2021-30970

CVE - CVE-2021-1037

Trust: 4.25

Fetched: Jan. 20, 2022, 8:28 a.m., Published: Jan. 3, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2021-1037

Updates on Apache Log4j Vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202112-0562, VAR-202202-0767, VAR-202112-2011, VAR-202112-0566, VAR-202112-1782

Trust: 3.5

Fetched: Jan. 20, 2022, 8:28 a.m., Published: Jan. 12, 2022, 5 p.m.
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-45046, CVE-2021-22448, CVE-2021-4104, CVE-2021-4101, CVE-2021-44832, CVE-2021-44228, CVE-2021-45056, CVE-2021-45105

Reflected XSS Vulnerability in TFTP Server - Security Advisory | QNAP (US)

Trust: 4.0

Fetched: Jan. 20, 2022, 8:28 a.m., Published: May 6, 2022, midnight
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2021-38674

[M] Apple releases iOS 15.2.1 to patch a serious HomeKit DDoS vulnerability

Trust: 4.0

Fetched: Jan. 20, 2022, 8:28 a.m., Published: Feb. 15, 2001, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: icloud
vendor: apple model: iphone

Vulnerabilities (CVE) - OpenCVE

Trust: 3.75

Fetched: Jan. 20, 2022, 8:28 a.m., Published: April 6, 2022, midnight
 Vulnerabilities: cross-site scripting, open redirect vulnerability, information disclosure...
Affected productsExternal IDs

Detecting a series of vulnerabilities can help hackers disable metal detectors at airports

Trust: 4.5

Fetched: Jan. 20, 2022, 8:28 a.m., Published: Aug. 17, 2021, midnight
 Vulnerabilities: authentication bypass, directory traversal, buffer overflow...
Affected productsExternal IDs
vendor: cisco model: series
vendor: cisco model: linksys
vendor: google model: google chrome
vendor: google model: chrome
db: NVD ids: CVE-2021-21904, CVE-2021-21907, CVE-2021-21903, CVE-2021-21902, CVE-2021-21909, CVE-2021-21905, CVE-2021-21901, CVE-2021-21906, CVE-2021-21908

The 5 Eyes advise on Log4j vulnerabilities. Ransomware trends. Russia's ultimatum. Pegasus in Uganda. Advice for the holidays.

Trust: 3.25

Fetched: Jan. 20, 2022, 8:28 a.m., Published: Jan. 5, 2022, midnight
 Vulnerabilities: cross-site scripting, authentication bypass, uncontrolled search path...
Affected productsExternal IDs
vendor: schneider electric model: monitor
vendor: wecon model: levistudiou
vendor: horner automation model: cscape
vendor: emerson model: deltav
vendor: emerson model: deltav distributed control system
vendor: schneider model: monitor
vendor: myscada model: mypro
vendor: horner model: automation cscape
vendor: horner model: cscape

Siemens 7sl82 firmware vulnerability list - SecAlerts - Security vulnerabilities in your inbox

Trust: 3.75

Fetched: Jan. 20, 2022, 8:28 a.m., Published: Jan. 15, 2022, midnight
 Vulnerabilities: input validation vulnerability
Affected productsExternal IDs
vendor: siemens model: cp100
vendor: siemens model: siprotec 5
vendor: siemens model: siprotec
vendor: siemens model: cp300

Researcher discloses alleged zero-day vulnerabilities in NUUO NVRmini2 recording device | The Daily Swig

Trust: 5.5

Fetched: Jan. 20, 2022, 8:28 a.m., Published: Jan. 14, 2022, 4:30 p.m.
 Vulnerabilities: command injection, code execution, path traversal
Affected productsExternal IDs
vendor: nuuo model: network video recorder
vendor: nuuo model: nvrmini2
db: NVD ids: CVE-2011-5325

Hardware: News, Reviews, Analysis and Insights | IT PRO

Trust: 3.0

Fetched: Jan. 20, 2022, 8:28 a.m., Published: Jan. 11, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: tp-link model: routers

What is Log4j Vulnerability? - Security Boulevard

Trust: 4.0

Fetched: Jan. 20, 2022, 8:28 a.m., Published: Jan. 13, 2022, 4:42 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs