Sign-up

VARIoT news about IoT security

Security Alert Log4j Update #1 Dated 12.17.21

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566, VAR-202112-0562

Trust: 3.75

Fetched: Jan. 14, 2022, 11:48 a.m., Published: Dec. 20, 2021, 10:43 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: check point model: check point
vendor: check point model: security gateway
vendor: palo model: networks
vendor: palo model: palo alto networks
vendor: palo alto networks model: networks
vendor: palo alto networks model: palo alto networks
vendor: broadcom model: broadcom
db: NVD ids: CVE-2021-44228, CVE-2021-45046

Malsmoke targets nine-year-old Windows vulnerability - Tech Monitor

Related entries in the VARIoT vulnerabilities database: VAR-202109-1909

Trust: 4.5

Fetched: Jan. 14, 2022, 11:48 a.m., Published: Jan. 6, 2022, 5:50 p.m.
 Vulnerabilities: signature validation vulnerability
Affected productsExternal IDs
vendor: palo alto networks model: palo alto networks
vendor: palo alto networks model: networks
vendor: check point model: check point
vendor: palo model: palo alto networks
vendor: palo model: networks
db: NVD ids: CVE-2021-40444

Details Released on SonicWall Flaws in SMA-100 Devices

Related entries in the VARIoT vulnerabilities database: VAR-202112-0361

Trust: 4.75

Fetched: Jan. 14, 2022, 11:48 a.m., Published: Jan. 11, 2022, 7:05 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: sonicwall model: sma 100
vendor: sonicwall model: secure mobile access
db: NVD ids: CVE-2021-20038

Data Theorem Releases Critical Insight into Log4Shell Vulnerability to Assist Security Teams in Addressing the Exploit - My TechDecisions

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 3.75

Fetched: Jan. 14, 2022, 11:48 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2021-44228

Microsoft investigating Defender issue with Log4j scanner | VentureBeat

Related entries in the VARIoT vulnerabilities database: VAR-202112-2011

Trust: 4.75

Fetched: Jan. 14, 2022, 11:48 a.m., Published: Dec. 29, 2021, 3:34 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2021-44832

Dell Windows drivers still vulnerable to kernel attacks | Born's Tech and Windows World

Related entries in the VARIoT vulnerabilities database: VAR-202105-0569

Trust: 5.25

Fetched: Jan. 14, 2022, 11:48 a.m., Published: Dec. 19, 2021, 10 a.m.
 Vulnerabilities: privilege escalation, access control vulnerability, privilege elevation
Affected productsExternal IDs
vendor: dell model: idrac8
vendor: dell model: bios
db: NVD ids: CVE-2021-21551

Threats to Smart Home Security and How to Counter Them

Trust: 3.5

Fetched: Jan. 14, 2022, 11:48 a.m., Published: Dec. 28, 2021, 5:35 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: google home
vendor: google model: home

Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution

Trust: 4.25

Fetched: Jan. 14, 2022, 11:48 a.m., Published: Jan. 7, 2022, 7:33 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android

Security Advisory for Post-Authentication Command Injection on D6220, PSV-2021-0200 | Answer | NETGEAR Support

Trust: 5.0

Fetched: Jan. 14, 2022, 11:48 a.m., Published: -
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: netgear model: d6220
vendor: netgear model: orbi

The HomeKit Bug That Can Cripple Your iPhone - The Mac Observer

Trust: 3.5

Fetched: Jan. 14, 2022, 11:48 a.m., Published: Jan. 3, 2022, 9:53 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: icloud

Why is the Log4j vulnerability causing alarm among tech companies? | TechGig

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 4.75

Fetched: Jan. 14, 2022, 11:48 a.m., Published: Dec. 17, 2021, 10:49 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: check point model: check point
vendor: cisco model: meeting server
vendor: cisco model: webex
vendor: cisco model: meeting
vendor: cisco model: cisco webex
vendor: cisco model: webex meeting server
db: NVD ids: CVE-2021-44228

Security Advisory for Post-Authentication Command Injection on Some Routers and WiFi Systems, PSV-2020-0557 | Answer | NETGEAR Support

Trust: 5.0

Fetched: Jan. 14, 2022, 11:48 a.m., Published: -
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: netgear model: r7850
vendor: netgear model: r8000
vendor: netgear model: r8000p
vendor: netgear model: rbr850
vendor: netgear model: rbs850
vendor: netgear model: r7900p
vendor: netgear model: orbi
vendor: netgear model: rbk852

How To Scan For Log4j Vulnerability ? - Crispcor

Trust: 3.0

Fetched: Jan. 14, 2022, 11:48 a.m., Published: Jan. 9, 2022, 5:17 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

Conti Ransomware Hitting VMware vCenter With Log4j Exploit

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 5.25

Fetched: Jan. 14, 2022, 11:48 a.m., Published: Dec. 17, 2021, 2:02 p.m.
 Vulnerabilities: code execution, privilege elevation
Affected productsExternal IDs
vendor: trend model: security
vendor: palo model: networks
db: NVD ids: CVE-2021-44228

Software flaws in walk-through metal detectors made them hackable

Trust: 3.75

Fetched: Jan. 14, 2022, 11:48 a.m., Published: Dec. 22, 2021, 6:18 p.m.
 Vulnerabilities: directory traversal, buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2021-21905, CVE-2021-21904, CVE-2021-21901, CVE-2021-21909, CVE-2021-21907, CVE-2021-21908, CVE-2021-21906, CVE-2021-21903, CVE-2021-21902

Security Advisory - Cross-Site Scripting(XSS) Vulnerability in Huawei WS318n Product

Trust: 4.25

Fetched: Jan. 14, 2022, 11:48 a.m., Published: Dec. 17, 2021, midnight
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: huawei model: huawei

Tracking Device Made by Apple Showing Up in Suspected Crimes - NBC10 Philadelphia

Trust: 3.0

Fetched: Jan. 14, 2022, 11:48 a.m., Published: Dec. 23, 2021, 5:26 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone

CVE - CVE-2021-43083

Trust: 3.0

Fetched: Jan. 14, 2022, 11:48 a.m., Published: Jan. 3, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-43083

Log4Shell vulnerability assessment and potential product impact statement | Spacelabs Healthcare

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 3.0

Fetched: Jan. 14, 2022, 11:48 a.m., Published: Dec. 14, 2021, 12:13 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228

New Log4j flaw: 5 reasons why organizations should worry now - ManageEngine Blog

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 5.0

Fetched: Jan. 14, 2022, 11:48 a.m., Published: Dec. 20, 2021, 4:59 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228