Sign-up

VARIoT news about IoT security

Microsoft warns China, Iran, North Korea and Turkey are exploiting recently revealed software vulnerability - ABC17NEWS

Trust: 3.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 14, 2021, 8:55 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: cve-2021-44228

[no-title]

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 5.25

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 2, 2022, midnight
 Vulnerabilities: code execution, sql injection, cross-site scripting
Affected productsExternal IDs
vendor: rapid model: scada
vendor: sophos model: endpoint protection
db: NVD ids: CVE-2021-44228

CVE-2021-44228 Impact of Log4j Vulnerabilities CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832

Related entries in the VARIoT vulnerabilities database: VAR-202112-2011, VAR-202112-1782, VAR-202112-0562, VAR-202112-0566

Trust: 4.25

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 10, 2021, 9:45 p.m.
 Vulnerabilities: code execution, code injection
Affected productsExternal IDs
vendor: palo model: palo alto networks
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo model: wf-500
vendor: palo model: pan-os
vendor: paloaltonetworks model: palo alto networks
vendor: paloaltonetworks model: networks
vendor: paloaltonetworks model: firewall
vendor: paloaltonetworks model: wf-500
vendor: paloaltonetworks model: pan-os
vendor: palo alto networks model: palo alto networks
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: wf-500
vendor: palo alto networks model: pan-os
db: NVD ids: CVE-2021-44832, CVE-2021-451052021, CVE-2021-45105, CVE-2021-45046, CVE-2021-448322021, CVE-2021-44228

SonicWall Patches Critical Vulnerability in SMA Appliances | SecurityWeek.Com

Related entries in the VARIoT vulnerabilities database: VAR-202109-1777

Trust: 5.5

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 16, 2022, midnight
 Vulnerabilities: privilege escalation, command injection, code injection
Affected productsExternal IDs
vendor: sonicwall model: remote access
vendor: sonicwall model: email security
vendor: sonicwall model: sma 100
vendor: sonicwall model: secure mobile access
db: NVD ids: CVE-2021-20034

Broadcom Response to Log4j Vulnerability

Trust: 3.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 29, 2021, 7:39 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: broadcom model: broadcom

Log4j Vulnerability: What Security Leaders Need To Know and Do

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 4.75

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 16, 2021, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: filezilla model: server
vendor: filezilla model: filezilla
vendor: cisco model: webex
vendor: cisco model: routers
vendor: cisco model: cisco webex
db: NVD ids: CVE-2021-44228

Log4j vulnerability: Experts say it can lead to leakage of sensitive data | Technology News,The Indian Express

Related entries in the VARIoT vulnerabilities database: VAR-202112-0562

Trust: 6.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 16, 2021, 10:26 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: icloud
db: NVD ids: CVE-2021-45046

Shrootless: macOS Vulnerability Found by Microsoft Allows Rootkit Installation | SecurityWeek.Com

Related entries in the VARIoT vulnerabilities database: VAR-202108-2056

Trust: 3.75

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 16, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2021-30892

Billions of Wi-Fi and Bluetooth devices vulnerable to password and data theft attacks | TechRadar

Trust: 4.75

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 15, 2021, 2 a.m.
 Vulnerabilities: privilege escalation, denial of service, code execution
Affected productsExternal IDs
vendor: broadcom model: broadcom

Microsoft warns China, Iran, North Korea and Turkey are exploiting recently revealed software vulnerability - KTVZ

Trust: 3.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 14, 2021, 8:55 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: cve-2021-44228

Microsoft warns China, Iran, North Korea and Turkey are exploiting recently revealed software vulnerability - KION546

Trust: 3.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 14, 2021, 8:55 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: cve-2021-44228

Microsoft warns of security vulnerability in Minecraft Java • Eurogamer.net

Trust: 4.25

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 13, 2021, 10:42 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

Hundreds of thousands of MikroTik devices still vulnerable to botnets

Related entries in the VARIoT vulnerabilities database: VAR-201910-0546, VAR-201910-0547, VAR-201803-2171, VAR-201808-0384

Trust: 5.25

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 9, 2021, midnight
 Vulnerabilities: code execution, weak password, buffer overflow
Affected productsExternal IDs
vendor: mikrotik model: mikrotik
vendor: mikrotik model: winbox
vendor: mikrotik model: router
vendor: mikrotik model: routers
vendor: mikrotik model: routeros
vendor: mikrotik model: mikrotik routers
db: NVD ids: CVE-2019-3977, cve-2018-14847, CVE-2019-3978, CVE-2018-7445, CVE-2018-14847
db: POSIVITIVE TECHNOLOGY ids: ID:10

What you need to know about the Log4j vulnerability | Modern Healthcare

Trust: 3.75

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 15, 2021, 9:42 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: cve-2021-44228
db: VMWARE ids: VMSA-2021-0028

Why device manufacturers should lose sleep over the Log4j vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-202112-1782, VAR-202112-0566, VAR-202112-0562

Trust: 3.75

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 14, 2021, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-45105, CVE-2021-44228, CVE-2021-45046

Millions of Android phones need to be fixed NOW over 'eavesdropping' scare

Trust: 4.75

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Nov. 30, 2021, 12:32 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: samsung model: note
vendor: samsung model: android phone
vendor: samsung model: samsung
vendor: vivo model: vivo
vendor: google model: chrome
vendor: google model: android
vendor: check point model: check point
db: NVD ids: CVE-2021-0662, CVE-2021-0661, CVE-2021-0663

Hundreds Of Millions Of Devices At Risk From New Software Vulnerability | iHeart

Trust: 3.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 14, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: icloud

Apache log4j Vulnerability CVE-2021-44228: Analysis and Mitigations

Related entries in the VARIoT vulnerabilities database: VAR-202112-1782, VAR-202112-0566, VAR-202112-2011, VAR-202112-0562, VAR-201704-1589, VAR-201912-0889

Trust: 5.25

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 10, 2021, 9 p.m.
 Vulnerabilities: denial of service, code execution, code injection
Affected productsExternal IDs
vendor: canary model: canary
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo model: palo alto networks
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: palo alto networks
vendor: snort model: snort
db: NVD ids: CVE-2021-45105, CVE-2021-44228, CVE-2021-44832, CVE-2021-45046, CVE-2017-5645, CVE-2019-17571

CISA releases advisory on five Apache HTTP server vulnerabilities affecting Cisco products | ZDNet

Related entries in the VARIoT vulnerabilities database: VAR-202109-1803, VAR-202109-1805, VAR-202109-1804, VAR-202109-1802

Trust: 3.75

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 9, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cups model: cups
vendor: cisco model: unified communications
vendor: cisco model: cisco prime collaboration provisioning
vendor: cisco model: prime optical
vendor: cisco model: cisco telepresence
vendor: cisco model: cisco ucs director
vendor: cisco model: prime infrastructure
vendor: cisco model: cisco ucs manager
vendor: cisco model: cisco security manager
vendor: cisco model: firepower
vendor: cisco model: telepresence
vendor: cisco model: firepower management center
vendor: cisco model: cisco policy suite
vendor: cisco model: fxos
vendor: cisco model: security manager
vendor: cisco model: ucs director
vendor: cisco model: policy suite
vendor: cisco model: smart net total care
vendor: cisco model: cisco prime infrastructure
vendor: cisco model: wide area application services
vendor: cisco model: cisco unified communications manager
vendor: cisco model: expressway series
vendor: cisco model: ucs manager
vendor: cisco model: cisco prime optical
vendor: cisco model: cisco prime collaboration
vendor: cisco model: cisco unified communications domain manager
vendor: cisco model: telepresence video communication server
vendor: cisco model: unified communications domain manager
vendor: cisco model: cisco cloud services platform 2100
vendor: cisco model: cisco firepower management center
vendor: cisco model: prime collaboration provisioning
vendor: cisco model: ucs central software
vendor: cisco model: unified communications manager
vendor: cisco model: dna center
vendor: cisco model: cloud services platform
vendor: cisco model: unified communications manager im & presence service
vendor: cisco model: cloud services platform 2100
vendor: cisco model: series
vendor: cisco model: expressway
vendor: cisco model: cisco expressway
vendor: cisco model: prime collaboration
vendor: cisco model: cisco telepresence video communication server
db: NVD ids: CVE-2021-39275, CVE-2021-34798, CVE-2021-36160, CVE-2021-33193, CVE-2021-40438

Lack of Patching Leaves 300,000 Routers at Risk for Attack

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 3.5

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 9, 2021, 10:25 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: mikrotik model: mikrotik
vendor: mikrotik model: winbox
vendor: mikrotik model: router
vendor: mikrotik model: routers
vendor: mikrotik model: routeros
vendor: mikrotik model: mikrotik routers
db: NVD ids: CVE-2021-44228, cve-2021-44228