Sign-up

VARIoT news about IoT security

Critical RCE Vulnerability Is Affecting Java : msp

Related entries in the VARIoT vulnerabilities database: VAR-202112-1782, VAR-202112-0566

Trust: 4.75

Fetched: Jan. 20, 2022, 8:28 a.m., Published: March 20, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: icloud
db: NVD ids: CVE-2021-45105, CVE-2021-44228

CyRC Vulnerability Advisory: Multiple vulnerabilities discovered in GOautodial | Synopsys

Trust: 4.75

Fetched: Jan. 20, 2022, 8:28 a.m., Published: Dec. 7, 2021, 2 p.m.
 Vulnerabilities: information disclosure, path traversal, file inclusion...
Affected productsExternal IDs
db: NVD ids: CVE-2021-43175, CVE-2021-43176

Hundreds Of Millions Of Devices At Risk From New Software Vulnerability | WTKG 1230 AM

Trust: 3.0

Fetched: Jan. 20, 2022, 8:28 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: icloud

Top 15 Paid and Free Vulnerability Scanner Tools - DNSstuff

Trust: 3.5

Fetched: Jan. 20, 2022, 8:28 a.m., Published: Jan. 6, 2020, 7:54 a.m.
 Vulnerabilities: default credentials, sql injection, cross-site scripting...
Affected productsExternal IDs
vendor: tripwire model: ip360

Vulnerability Scanning Guide: What It Is and How to Do It Right

Trust: 4.75

Fetched: Jan. 20, 2022, 8:28 a.m., Published: April 5, 2019, midnight
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: comodo model: firewall

Insulin pumps among millions of devices facing risk from newly disclosed cyber vulnerability, IBM says | MedTech Dive

Trust: 3.75

Fetched: Jan. 20, 2022, 8:28 a.m., Published: Aug. 25, 2020, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

Alerts & Security Vulnerability Announcements

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 4.25

Fetched: Jan. 20, 2022, 8:28 a.m., Published: Jan. 12, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228

14 Best Network Security Auditing Tools - What to Know in 2022

Trust: 4.25

Fetched: Jan. 20, 2022, 8:28 a.m., Published: March 2, 2020, 10:32 a.m.
 Vulnerabilities: sql injection, cross-site scripting
Affected productsExternal IDs
vendor: cisco model: secure desktop
vendor: symantec model: antivirus

KCodes NetUSB bug exposes millions of routers to RCE attacks

Trust: 5.5

Fetched: Jan. 20, 2022, 8:28 a.m., Published: Jan. 11, 2022, midnight
 Vulnerabilities: integer overflow, code execution
Affected productsExternal IDs
vendor: kcodes model: netusb
vendor: tp-link model: routers
vendor: netgear model: r6400v2
vendor: netgear model: r6700v3
vendor: netgear model: d7800
vendor: tenda model: router
db: NVD ids: CVE-2021-45388

Rapid7 reports on five vulnerabilities in SonicWall SMA 100 devices, one an RCE

Related entries in the VARIoT vulnerabilities database: VAR-202112-0361

Trust: 4.75

Fetched: Jan. 20, 2022, 8:28 a.m., Published: Jan. 11, 2022, 5:54 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: sonicwall model: sma 100
vendor: sonicwall model: secure mobile access
db: NVD ids: CVE-2021-20038

Apple's HomeKit can be abused to reboot iPhones endlessly

Trust: 3.75

Fetched: Jan. 20, 2022, 8:28 a.m., Published: Jan. 3, 2022, 7:47 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: icloud
vendor: apple model: iphone

HPE | Apache Software Log4j

Related entries in the VARIoT vulnerabilities database: VAR-202112-0562, VAR-202112-0566, VAR-202112-2011, VAR-202112-1782

Trust: 4.75

Fetched: Jan. 20, 2022, 8:28 a.m., Published: Jan. 7, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-45046, CVE-2021-4104, CVE-2021-44228, CVE-2021-44832, CVE-2021-45105

[no-title]

Related entries in the VARIoT vulnerabilities database: VAR-202112-1782, VAR-202112-0566

Trust: 4.25

Fetched: Jan. 20, 2022, 8:28 a.m., Published: Dec. 29, 2021, midnight
 Vulnerabilities: denial of service, command execution, code execution
Affected productsExternal IDs
vendor: trend model: worry-free business security
vendor: trendmicro model: security
vendor: trendmicro model: worry-free business security
db: NVD ids: CVE-2021-45105, CVE-2021-44228

Patching Log4j to version 2.17.1 can probably wait | VentureBeat

Related entries in the VARIoT vulnerabilities database: VAR-202112-2011

Trust: 5.5

Fetched: Jan. 20, 2022, 8:28 a.m., Published: Dec. 29, 2021, 8:31 p.m.
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
vendor: canary model: canary
db: NVD ids: CVE-2021-44832

Vulnerability Threatens Intel That Leads To Affect Its Users

Related entries in the VARIoT vulnerabilities database: VAR-202111-1151

Trust: 3.5

Fetched: Jan. 20, 2022, 8:28 a.m., Published: Jan. 4, 2022, 8:10 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: schneider electric model: monitor
vendor: schneider electric model: modicon m340
vendor: schneider electric model: m340
vendor: schneider model: monitor
vendor: schneider model: modicon m340
vendor: schneider model: m580
vendor: schneider model: m340
db: NVD ids: CVE-2021-0157

Update Now: New Mac Vulnerability Allows Apps to Spy On You | Digital Trends

Related entries in the VARIoT vulnerabilities database: VAR-202108-1285

Trust: 5.0

Fetched: Jan. 20, 2022, 8:28 a.m., Published: Jan. 11, 2022, 11:33 p.m.
 Vulnerabilities: code injection
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2021-30970

Signed kernel drivers - Unguarded gateway to Windows’ core | WeLiveSecurity

Trust: 4.5

Fetched: Jan. 20, 2022, 8:28 a.m., Published: Jan. 11, 2022, 10:30 a.m.
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: sophos model: endpoint protection
db: NVD ids: CVE-2020-15479, CVE-2020-28922, CVE-2009-0824, CVE-2020-15481, CVE-2018-19320, CVE-2010-1592, CVE-2021-26334, CVE-2020-15480, CVE-2020-28921, CVE-2007-5633

CVE-2021-20038..42: SonicWall SMA 100 Multiple Vulnerabilities (FIXED) | Rapid7 Blog

Related entries in the VARIoT vulnerabilities database: VAR-202112-0732, VAR-202112-0389, VAR-202112-0361, VAR-202112-0730, VAR-202112-0731

Trust: 5.25

Fetched: Jan. 20, 2022, 8:28 a.m., Published: Jan. 11, 2022, 2 p.m.
 Vulnerabilities: parameter injection, denial of service, default password...
Affected productsExternal IDs
vendor: sonicwall model: sma 100
vendor: sonicwall model: secure mobile access
db: NVD ids: CVE-2021-20040, CVE-2021-20039, CVE-2021-20038, CVE-2021-20042, CVE-2021-20041

[updated] You can update now: Microsoft patches 97 bugs including 6 zero-days and a wormable one | Malwarebytes Labs

Related entries in the VARIoT vulnerabilities database: VAR-202107-1503, VAR-202201-0640, VAR-202109-1789

Trust: 4.5

Fetched: Jan. 20, 2022, 8:28 a.m., Published: Jan. 12, 2022, 5:02 p.m.
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2022-21839, CVE-2022-21874, CVE-2022-21836, CVE-2022-21907, CVE-2021-36976, CVE-2022-21919, CVE-2021-22947

Log4j Vulnerability Scanners and Detection Tools: List for MSSPs and Threat Hunters - MSSP Alert

Related entries in the VARIoT vulnerabilities database: VAR-202112-0562, VAR-202112-0566

Trust: 3.0

Fetched: Jan. 20, 2022, 8:28 a.m., Published: Jan. 3, 2022, 12:30 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-45046, CVE-2021-44228