Sign-up

VARIoT news about IoT security

Singapore University of Technology and Design: Research News

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 1, 2021, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: asus model: asus

NVD - CVE-2021-34781

Related entries in the VARIoT vulnerabilities database: VAR-202110-1395

Trust: 4.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 3, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: sourcefire_defense_center
vendor: cisco model: firepower_management_center_virtual_appliance
vendor: cisco model: firepower_threat_defense
db: NVD ids: CVE-2021-34781

BlackBerry QNX flaw left cars and medical devices vulnerable to attack | Engadget

Trust: 3.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: blackberry model: blackberry

Zero-click RCE vulnerability in Hikvision security cameras could lead to network compromise | The Daily Swig

Trust: 5.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 20, 2021, 3:02 p.m.
 Vulnerabilities: injection attack, code execution, command injection
Affected productsExternal IDs
vendor: hikvision model: hikvision
vendor: hikvision model: camera
db: NVD ids: CVE-2021-36260

Google Releases Chrome Update Fixing Seven Severe Vulnerabilities | iPhone in Canada Blog

Trust: 6.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 29, 2021, 2:37 p.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: google model: chrome
db: NVD ids: CVE-2021-38000, CVE-2021-38003

New 'Shrootless' Bug Could Let Attackers Install Rootkit on macOS Systems

Related entries in the VARIoT vulnerabilities database: VAR-202108-2056

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 29, 2021, 11:03 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2021-30892

New AbstractEmu malware roots Android devices, evades detection

Related entries in the VARIoT vulnerabilities database: VAR-201910-0902, VAR-202003-0573

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 28, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: samsung model: galaxy
vendor: samsung model: samsung galaxy
vendor: samsung model: samsung
db: NVD ids: CVE-2019-2215, CVE-2020-0069, CVE-2020-0041

Cisco : Security vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202110-0212, VAR-202110-1376, VAR-202110-1375, VAR-202110-0622, VAR-202110-1298, VAR-202111-0418, VAR-202111-0412, VAR-202109-0617, VAR-202110-1065, VAR-202109-0622, VAR-202110-0583, VAR-202110-1366, VAR-202110-0211, VAR-202111-0413, VAR-202110-0618, VAR-202110-1402, VAR-202110-1350, VAR-202109-0631, VAR-202110-1354, VAR-202109-0624, VAR-202110-0619, VAR-202110-0213, VAR-202111-0393, VAR-202110-1351, VAR-202110-0207, VAR-202110-1367, VAR-202110-1352, VAR-202110-0617, VAR-202110-1392, VAR-202111-0400, VAR-202110-0582, VAR-202111-0419, VAR-202109-0623, VAR-202110-1297, VAR-202110-1394, VAR-202111-0664, VAR-202108-0824, VAR-202110-1353, VAR-202108-0823, VAR-202109-0618, VAR-202110-0203, VAR-202110-0209, VAR-202110-1305, VAR-202110-0623, VAR-202111-0417, VAR-202110-1395, VAR-202110-1286, VAR-202111-0401, VAR-202110-1393, VAR-202110-1377

Trust: 5.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 2, 2021, midnight
 Vulnerabilities: command injection, cross-site request forgery, directory traversal...
Affected productsExternal IDs
vendor: cisco model: prime infrastructure
vendor: cisco model: cisco meeting server
vendor: cisco model: cisco prime infrastructure
vendor: cisco model: series
vendor: cisco model: sd-wan vmanage software
vendor: cisco model: sd-wan
vendor: cisco model: firepower
vendor: cisco model: ios xr software
vendor: cisco model: meeting
vendor: cisco model: telepresence video communication server
vendor: cisco model: routers
vendor: cisco model: cisco webex
vendor: cisco model: firepower management center
vendor: cisco model: rv110w
vendor: cisco model: cisco telepresence management suite
vendor: cisco model: cisco web security appliance
vendor: cisco model: cisco firepower management center
vendor: cisco model: cisco prime collaboration
vendor: cisco model: nexus
vendor: cisco model: cisco prime collaboration provisioning
vendor: cisco model: telepresence collaboration endpoint
vendor: cisco model: adaptive security appliance
vendor: cisco model: rv130
vendor: cisco model: rv215w
vendor: cisco model: telepresence management suite
vendor: cisco model: cisco ios xe
vendor: cisco model: ios xe software
vendor: cisco model: cisco meeting
vendor: cisco model: link layer discovery protocol
vendor: cisco model: small business
vendor: cisco model: cisco expressway
vendor: cisco model: ios xe
vendor: cisco model: sd-wan vmanage
vendor: cisco model: meeting server
vendor: cisco model: identity services engine
vendor: cisco model: telepresence
vendor: cisco model: cisco sd-wan
vendor: cisco model: webex
vendor: cisco model: roomos
vendor: cisco model: cisco ios
vendor: cisco model: dna center
vendor: cisco model: cisco ios xr
vendor: cisco model: prime collaboration provisioning
vendor: cisco model: cisco telepresence video communication server
vendor: cisco model: cisco small business
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: expressway series
vendor: cisco model: ios xe sd-wan software
vendor: cisco model: prime collaboration
vendor: cisco model: firepower threat defense
vendor: cisco model: cisco telepresence
vendor: cisco model: rv130w
vendor: cisco model: expressway
vendor: cisco model: ios xr
vendor: cisco model: cisco roomos
vendor: cisco model: cisco identity services engine
vendor: cisco model: web security appliance
vendor: snort model: snort
db: NVD ids: CVE-2021-34766, CVE-2021-34793, CVE-2021-34794, CVE-2021-34789, CVE-2021-34755, CVE-2021-34774, CVE-2021-40124, CVE-2021-34785, CVE-2021-34762, CVE-2021-34746, CVE-2021-34738, CVE-2021-34764, CVE-2021-34758, CVE-2021-40120, CVE-2021-40122, CVE-2021-40125, CVE-2021-40118, CVE-2021-34771, CVE-2021-34787, CVE-2021-34765, CVE-2021-40121, CVE-2021-34772, CVE-2021-40126, CVE-2021-40117, CVE-2021-34742, CVE-2021-34763, CVE-2021-40116, CVE-2021-40123, CVE-2021-34791, CVE-2021-40128, CVE-2009-1234, CVE-2021-34743, CVE-2021-34773, CVE-2021-34759, CVE-2021-34756, CVE-2021-34783, CVE-2021-40119, CVE-2021-34749, CVE-2021-40114, CVE-2021-34745, CVE-2021-34786, CVE-2021-34782, CVE-2021-34748, CVE-2021-34761, CVE-2021-34760, CVE-2021-34784, CVE-2021-34781, CVE-2021-34754, CVE-2021-40115, CVE-2021-34790, CVE-2021-34792

Apple fixes zero-day in iOS and iPadOS 15.0.2 emergency release: Detect and Prioritize Vulnerabilities using VMDR for Mobile Devices - REAL security

Related entries in the VARIoT vulnerabilities database: VAR-202104-0750, VAR-202108-2172, VAR-202108-1374, VAR-202109-1311, VAR-202109-1315, VAR-202109-1316, VAR-202109-1420, VAR-202109-1419, VAR-202104-0751, VAR-202109-1313, VAR-202110-0332, VAR-202104-0753, VAR-202108-1057, VAR-202108-2057, VAR-202104-0647

Trust: 4.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 19, 2021, 6:08 a.m.
 Vulnerabilities: integer overflow
Affected productsExternal IDs
vendor: google model: android
vendor: apple model: iphone
vendor: apple model: ipad air
vendor: apple model: ipad
vendor: apple model: ipod touch
db: NVD ids: CVE-2021-1870, CVE-2021-30858, CVE-2021-30869, CVE-2021-30661, CVE-2021-30665, CVE-2021-30666, CVE-2021-30762, CVE-2021-30761, CVE-2021-1871, CVE-2021-30663, CVE-2021-30807, CVE-2021-1879, CVE-2021-30860, CVE-2021-30883, CVE-2021-1782

Apple iOS 15.0.2 is here; check what’s up with the new update | PINKVILLA

Related entries in the VARIoT vulnerabilities database: VAR-202108-2057

Trust: 3.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 12, 2021, 2:35 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: ipad air
vendor: apple model: iphone
vendor: apple model: ipad
db: NVD ids: CVE-2021-30883

Cisco Bug: CSCuw77959 - Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability

Trust: 5.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 25, 2021, midnight
 Vulnerabilities: buffer overflow, denial of service, code execution
Affected productsExternal IDs
vendor: cisco model: series switches
vendor: cisco model: asr 1000 series
vendor: cisco model: ios xe software
vendor: cisco model: asr 1000
vendor: cisco model: series wireless controllers
vendor: cisco model: cisco ios
vendor: cisco model: integrated services routers
vendor: cisco model: routers
vendor: cisco model: cisco ios xe
vendor: cisco model: catalyst
vendor: cisco model: series integrated services routers
vendor: cisco model: integrated services virtual router
vendor: cisco model: catalyst 9800
vendor: cisco model: router
vendor: cisco model: series
vendor: cisco model: ios xe
vendor: cisco model: cisco asr 1000 series
db: CISCO ids: CISCO-SA-20170927-DHCP

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution | New York State Office of Information Technology Services

Trust: 3.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 27, 2021, 4:24 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

Protecting Your Fortinet Devices With Firmware Security - Security Boulevard

Related entries in the VARIoT vulnerabilities database: VAR-201906-0815, VAR-202008-0193, VAR-201901-0568, VAR-202007-0079

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Nov. 2, 2021, 5:58 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2018-13379, CVE-2019-5591, CVE-2018-13374, CVE-2020-12812

Cybersecurity report reveals critical business vulnerabilities | VentureBeat

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 14, 2021, 6:31 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: citrix model: netscaler
vendor: cisco model: adaptive security appliance
vendor: trend model: security

Top 20 most exploited software vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202008-0248, VAR-201703-0755, VAR-202007-1393

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 30, 2021, noon
 Vulnerabilities: -
Affected productsExternal IDs
vendor: citrix model: gateway
vendor: citrix model: application delivery controller
vendor: pulse secure model: pulse policy secure
vendor: pulse secure model: pulse connect secure
vendor: pulse secure model: connect secure
vendor: pulse secure model: policy secure
vendor: mobileiron model: sentry
vendor: cisco model: integrated services router
vendor: cisco model: router
db: NVD ids: CVE-2020-1472, CVE-2019-19781, CVE-2017-5638, CVE-2020-5902, CVE-2017-0143, CVE-2021-27102, CVE-2017-8759, CVE-2015-1641, CVE-2019-11510, CVE-2020-15505, CVE-2021-27101, CVE-2019-0406, CVE-2018-7600, CVE-2012-0158, CVE-2017-0199, CVE-2017-11882, CVE-2020-0688, CVE-2018-4878

Top 10 Most Exploited Vulnerabilities - SYXSENSE

Trust: 4.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 17, 2021, 6:53 p.m.
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: citrix model: netscaler
vendor: citrix model: gateway
db: NVD ids: CVE-2019-19781, CVE-2019-3396, CVE-2019-11510, CVE-2020-15505, CVE-2017-11882, CVE-2020-0688

Cisco Small Business RV Series Routers Command Injection Vulnerability

Trust: 4.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Nov. 3, 2021, 3:46 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: cisco model: cisco small business
vendor: cisco model: routers
vendor: cisco model: small business
vendor: cisco model: series routers
vendor: cisco model: small business rv series routers
vendor: cisco model: small business rv
vendor: cisco model: series

Security Researcher Immediately Issues Bypass for Windows 0-Day Vulnerability Patch

Related entries in the VARIoT vulnerabilities database: VAR-202108-1005

Trust: 3.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 10, 2022, midnight
 Vulnerabilities: privilege elevation
Affected productsExternal IDs
db: NVD ids: CVE-2021-34484

Android Security Bulletin-October 2021 | Android Open Source Project

Related entries in the VARIoT vulnerabilities database: VAR-202110-1118, VAR-202110-1132, VAR-202110-1125, VAR-202110-1126, VAR-202110-1123, VAR-202012-1547, VAR-202110-1131, VAR-202110-1128, VAR-202110-1032, VAR-202110-1127, VAR-202105-1475, VAR-202110-1207, VAR-202110-1208, VAR-202110-1139, VAR-202110-1130, VAR-202110-1034, VAR-202110-1129, VAR-202110-1124, VAR-202105-1429

Trust: 4.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 16, 2021, midnight
 Vulnerabilities: denial of service, code execution, information disclosure
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: samsung model: notes
vendor: nokia model: nokia
vendor: broadcom model: broadcom
vendor: huawei model: huawei
vendor: google model: android
vendor: google model: pixel
vendor: motorola model: android
vendor: motorola model: motorola
db: NVD ids: CVE-2021-30310, CVE-2021-0870, CVE-2021-1983, CVE-2021-30291, CVE-2021-0703, CVE-2021-30288, CVE-2021-30302, CVE-2021-30297, CVE-2020-29660, CVE-2021-1984, CVE-2021-1932, CVE-2021-0483, CVE-2021-30257, CVE-2021-27666, CVE-2021-1949, CVE-2021-30258, CVE-2021-1913, CVE-2020-26147, CVE-2021-1917, CVE-2021-1936, CVE-2021-29647, CVE-2021-1959, CVE-2021-1985, CVE-2020-11303, CVE-2021-30256, CVE-2020-10768, CVE-2021-30292, CVE-2020-26140

Apple releases emergency update to fix spyware vulnerability | Healthcare IT News

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 14, 2021, 6:54 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: watchos
vendor: apple model: macos
vendor: trend model: security