VARIoT latest news about IoT security

NIST Special Publication 800-63B Trust: 3.5 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Jan. 15, 2022, 1:20 p.m.	Vulnerabilities: cross-site request forgery, request forgery, cross-site scripting...

Affected products

External IDs

vendor:

essential

model:

phone

Inside 1,602 pentests: Common vulnerabilities, findings and fixes - Infosec Resources Trust: 3.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Oct. 29, 2021, 10:14 p.m.	Vulnerabilities: cross-site scripting

Affected products

External IDs

vendor:

trend

model:

security

GS728TPv2 / GS728TPPv2 / GS752TPv2 / GS752TPP Firmware Version 6.0.9.3 \| Answer \| NETGEAR Support Trust: 3.0 Fetched: Nov. 22, 2021, 8:12 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	netgear	model:	gs728tpv2
vendor:	netgear	model:	gs752tpp
vendor:	netgear	model:	gs752tpp firmware
vendor:	netgear	model:	gs728tppv2
vendor:	netgear	model:	gs752tpv2

Microsoft Security Bulletin Coverage for November 2021 - SonicWall Related entries in the VARIoT vulnerabilities database: VAR-202111-0697, VAR-202111-0473, VAR-202111-0789, VAR-202111-0660 Trust: 4.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 15, 2021, midnight	Vulnerabilities: feature bypass, denial of service, information disclosure...

Affected products

External IDs

db:

NVD

ids:

CVE-2021-41379, CVE-2021-42303, CVE-2021-42287, CVE-2021-41374, CVE-2021-26444, CVE-2021-41376, CVE-2021-38665, CVE-2021-42304, CVE-2021-42288, CVE-2021-42280, CVE-2021-36957, CVE-2021-42282, CVE-2021-42285, CVE-2021-40442, CVE-2021-42276, CVE-2021-42319, CVE-2021-42298, CVE-2021-41375, CVE-2021-41371, CVE-2021-42274, CVE-2021-41372, CVE-2021-41368, CVE-2021-41370, CVE-2021-43209, CVE-2021-41373, CVE-2021-42300, CVE-2021-42322, CVE-2021-41367, CVE-2021-42279, CVE-2021-42278, CVE-2021-42291, CVE-2021-42321, CVE-2021-26443, CVE-2021-42305, CVE-2021-42323, CVE-2021-42292, CVE-2021-41366, CVE-2021-42301, CVE-2021-41356, CVE-2021-43208, CVE-2021-42284, CVE-2021-41349, CVE-2021-38666, CVE-2021-42275, CVE-2021-42277, CVE-2021-42286, CVE-2021-41378, CVE-2021-41377, CVE-2021-42316, CVE-2021-3711, CVE-2021-42283, CVE-2021-42302, CVE-2021-38631, CVE-2021-41351, CVE-2021-42296

Researcher finds SSRF bug in internal Google Cloud project, nabs $10,000 bounty \| The Daily Swig Trust: 4.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 19, 2021, 3:45 p.m.	Vulnerabilities: request forgery

Affected products

External IDs

vendor:

serve

model:

serve

Clubhouse launches bug bounty program with $3,000 on offer for critical vulnerabilities \| The Daily Swig Trust: 4.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 18, 2021, 1:40 p.m.	Vulnerabilities: information disclosure

Affected products

External IDs

vendor:

sonos

model:

sonos

Analyzing a watering hole campaign using macOS exploits Related entries in the VARIoT vulnerabilities database: VAR-202108-1374 Trust: 6.0 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 11, 2021, midnight	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:

apple

model:

macos

db:

NVD

ids:

CVE-2021-30869

AMD's Radeon vulnerability haul shows why you should always update your GPU drivers \| PC Gamer Trust: 4.0 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 12, 2021, 11:58 a.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

serve

model:

serve

Shrootless: Microsoft finds Apple macOS vulnerability \| Malwarebytes Labs Related entries in the VARIoT vulnerabilities database: VAR-202108-2056 Trust: 4.0 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Oct. 29, 2021, 1:31 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

macos

db:

NVD

ids:

CVE-2021-30892

Google Patches 2 Actively Exploited Chrome Zero-Days Trust: 3.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Oct. 29, 2021, 8:42 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	chrome
vendor:	google	model:	google chrome
vendor:	node.js	model:	node.js

db:

NVD

ids:

CVE-2021-38000, CVE-2021-38001, CVE-2021-38002, CVE-2021-38003

Apple iPhone iOS 14.8 patches security exploit used by Pegasus spyware \| Euronews Trust: 3.5 Fetched: Nov. 22, 2021, 8:12 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	iphone
vendor:	apple	model:	macos

db:

NVD

ids:

cve-2021-30858

November Patch Tuesday: Microsoft release fixes for Windows 10 and Windows 11 - MSPoweruser Trust: 3.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 9, 2021, 8:30 p.m.	Vulnerabilities: feature bypass, denial of service, information disclosure...

Affected products	External IDs

Security Bulletin: Vulnerability in sed affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem V9000 products Related entries in the VARIoT vulnerabilities database: VAR-202110-0579 Trust: 4.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 18, 2021, midnight	Vulnerabilities: denial of service

Affected products

External IDs

db:

NVD

ids:

CVE-2021-29873

Vulnerabilities in NPM allowed threat actors to publish new version of any package \| The Daily Swig Trust: 3.0 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 17, 2021, 2:32 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

node.js

model:

node.js

NVD - CVE-2021-34727 Trust: 5.25 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Oct. 13, 2021, midnight	Vulnerabilities: buffer overflow, denial of service

Affected products

External IDs

vendor:	cisco systems	model:	ios xe sd-wan software
vendor:	cisco systems	model:	asr_1000
vendor:	cisco systems	model:	cisco systems
vendor:	cisco systems	model:	cisco ios xe
vendor:	cisco systems	model:	ios xe
vendor:	cisco systems	model:	cisco ios
vendor:	cisco systems	model:	sd-wan
vendor:	cisco	model:	ios xe sd-wan software
vendor:	cisco	model:	asr_1000
vendor:	cisco	model:	cisco systems
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	sd-wan

db:

NVD

ids:

CVE-2021-34727

Security Researcher Immediately Issues Bypass for Windows 0-Day Vulnerability Patch Related entries in the VARIoT vulnerabilities database: VAR-202108-1005 Trust: 3.0 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Dec. 15, 2021, midnight	Vulnerabilities: privilege elevation

Affected products

External IDs

db:

NVD

ids:

CVE-2021-34484

Cisco : Security vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-202110-0618, VAR-202111-0664, VAR-202110-1350, VAR-202110-1376, VAR-202110-0207, VAR-202109-0617, VAR-202110-0203, VAR-202110-0623, VAR-202111-0393, VAR-202109-0624, VAR-202110-1352, VAR-202110-0619, VAR-202111-0418, VAR-202110-1394, VAR-202110-0622, VAR-202110-1297, VAR-202110-0582, VAR-202110-1402, VAR-202109-0622, VAR-202110-0211, VAR-202111-0413, VAR-202110-1392, VAR-202110-1366, VAR-202111-0417, VAR-202110-1367, VAR-202111-0419, VAR-202111-0412, VAR-202109-0623, VAR-202110-1354, VAR-202111-0400, VAR-202110-1298, VAR-202110-0617, VAR-202110-1375, VAR-202110-0209, VAR-202109-0631, VAR-202110-0213, VAR-202108-0824, VAR-202111-0401, VAR-202110-0212, VAR-202110-1286, VAR-202110-1393, VAR-202110-1353, VAR-202110-1305, VAR-202110-1395, VAR-202110-1351, VAR-202110-0583, VAR-202108-0823, VAR-202109-0618, VAR-202110-1065, VAR-202110-1377 Trust: 5.25 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Jan. 2, 2021, midnight	Vulnerabilities: improper validation, traversal attack, command injection...

Affected products

External IDs

vendor:	mesh	model:	mesh
vendor:	snort	model:	snort
vendor:	cisco	model:	cisco evolved programmable network manager
vendor:	cisco	model:	cisco meeting server
vendor:	cisco	model:	firepower
vendor:	cisco	model:	unified communications manager
vendor:	cisco	model:	dna center
vendor:	cisco	model:	policy suite
vendor:	cisco	model:	cisco telepresence management suite
vendor:	cisco	model:	webex meetings
vendor:	cisco	model:	cisco webex meetings
vendor:	cisco	model:	cisco anyconnect secure mobility client
vendor:	cisco	model:	cisco unified communications manager
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ios xr software
vendor:	cisco	model:	cisco firepower management center
vendor:	cisco	model:	cisco policy suite
vendor:	cisco	model:	webex
vendor:	cisco	model:	small business
vendor:	cisco	model:	telepresence management suite
vendor:	cisco	model:	series routers
vendor:	cisco	model:	series
vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	cisco meeting
vendor:	cisco	model:	unified communications manager session management edition
vendor:	cisco	model:	cisco web security appliance
vendor:	cisco	model:	meeting server
vendor:	cisco	model:	routers
vendor:	cisco	model:	telepresence collaboration endpoint
vendor:	cisco	model:	cisco roomos
vendor:	cisco	model:	evolved programmable network manager
vendor:	cisco	model:	umbrella
vendor:	cisco	model:	cisco ios xr
vendor:	cisco	model:	cisco telepresence
vendor:	cisco	model:	cisco small business
vendor:	cisco	model:	telepresence
vendor:	cisco	model:	ios xr
vendor:	cisco	model:	roomos
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	meeting
vendor:	cisco	model:	unified communications
vendor:	cisco	model:	nexus
vendor:	cisco	model:	small business rv series routers
vendor:	cisco	model:	webex video mesh
vendor:	cisco	model:	common services platform collector
vendor:	cisco	model:	web security appliance
vendor:	cisco	model:	cisco prime infrastructure
vendor:	cisco	model:	cisco webex
vendor:	cisco	model:	small business rv
vendor:	cisco	model:	prime infrastructure
vendor:	cisco	model:	anyconnect secure mobility client
vendor:	cisco	model:	firepower management center
vendor:	cisco	model:	cisco identity services engine
vendor:	cisco	model:	firepower threat defense

db:

NVD

ids:

CVE-2021-40122, CVE-2021-40119, CVE-2021-40118, CVE-2021-34793, CVE-2021-34742, CVE-2021-34785, CVE-2021-34782, CVE-2021-34760, CVE-2021-40126, CVE-2021-34765, CVE-2021-40116, CVE-2021-40121, CVE-2021-34774, CVE-2021-34783, CVE-2021-34789, CVE-2021-34756, CVE-2021-34743, CVE-2021-40125, CVE-2021-34746, CVE-2021-34758, CVE-2021-40120, CVE-2021-34791, CVE-2021-34764, CVE-2021-34784, CVE-2021-34763, CVE-2021-34773, CVE-2009-1234, CVE-2021-40124, CVE-2021-34759, CVE-2021-34787, CVE-2021-40128, CVE-2021-34755, CVE-2021-40123, CVE-2021-34794, CVE-2021-34748, CVE-2021-34771, CVE-2021-34772, CVE-2021-34749, CVE-2021-40115, CVE-2021-34766, CVE-2021-34754, CVE-2021-34790, CVE-2021-40114, CVE-2021-34761, CVE-2021-34781, CVE-2021-40117, CVE-2021-34738, CVE-2021-34745, CVE-2021-34786, CVE-2021-34762, CVE-2021-34792

Google fixes Android zero-day exploited in the wild in targeted attacks - The Record by Recorded Future Trust: 3.5 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 4, 2021, 2:32 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

android

Dahua Console, access internal debug console and/or other researched functions in Dahua devices. Feel free to contribute in this project. Related entries in the VARIoT vulnerabilities database: VAR-202109-1874, VAR-202109-1875 Trust: 3.25 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Oct. 25, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-33045, CVE-2021-33044

cisco mobility client windows - AOL Search Results Trust: 3.0 Fetched: Nov. 22, 2021, 8:12 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	cisco anyconnect secure mobility client
vendor:	cisco	model:	anyconnect secure mobility client

VARIoT news about IoT security