Sign-up

VARIoT news about IoT security

Get patching: SonicWall warns of vulnerabilties in SMA 100 series remote access devices | ZDNet

Related entries in the VARIoT vulnerabilities database: VAR-202102-0898

Trust: 3.75

Fetched: Jan. 18, 2022, 11:37 a.m., Published: Jan. 18, 2022, 11:37 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sonicwall model: remote access
vendor: sonicwall model: netextender
vendor: sonicwall model: sma 100
vendor: sonicwall model: secure mobile access
db: NVD ids: CVE-2021-20016

עדכון האבטחה החודשי של מיקרוסופט - דצמבר 2021 | מערך הסייבר הלאומי

Related entries in the VARIoT vulnerabilities database: VAR-202112-1833

Trust: 3.75

Fetched: Jan. 18, 2022, 11:37 a.m., Published: Dec. 18, 2021, midnight
 Vulnerabilities: feature bypass, denial of service, code execution...
Affected productsExternal IDs
db: NVD ids: CVE-2021-43877, CVE-2020-0655, CVE-2021-43905, CVE-2021-43217, CVE-2021-43239, CVE-2021-43232, CVE-2021-42309, CVE-2019-0887, CVE-2021-43882, CVE-2021-42315, CVE-2021-43229, CVE-2021-40453, CVE-2021-43899, CVE-2021-43893, CVE-2021-42311, CVE-2021-43238, CVE-2021-41360, CVE-2021-41365, CVE-2021-40452, CVE-2021-42310, CVE-2021-43214, CVE-2021-43247, CVE-2021-43246, CVE-2021-43226, CVE-2021-43883, CVE-2021-42294, CVE-2021-43256, CVE-2021-43245, CVE-2021-41333, CVE-2021-42293, CVE-2021-43219, CVE-2021-43248, CVE-2021-43231, CVE-2021-42313, CVE-2021-43240, CVE-2021-43891, CVE-2021-43890, CVE-2021-43207, CVE-2021-1669, CVE-2021-43907, CVE-2021-43225, CVE-2021-43889, CVE-2021-42314, CVE-2021-42312, CVE-2021-43230, CVE-2021-40441, CVE-2021-43223, CVE-2021-43237, CVE-2021-43228, CVE-2021-43215, CVE-2021-43233, CVE-2021-43234, CVE-2021-43875, CVE-2021-43880

NPort W2150A/W2250A Series Serial Device Servers Vulnerability

Trust: 3.0

Fetched: Jan. 18, 2022, 11:37 a.m., Published: Jan. 16, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: moxa model: moxa
vendor: moxa model: nport w2150a
vendor: moxa model: nport

NPort W2150A/W2250A Series Serial Device Servers Vulnerability

Trust: 3.0

Fetched: Jan. 18, 2022, 11:37 a.m., Published: Jan. 16, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: moxa model: moxa
vendor: moxa model: nport w2150a
vendor: moxa model: nport

Security Advisories

Trust: 3.25

Fetched: Jan. 18, 2022, 11:36 a.m., Published: Jan. 16, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: moxa model: moxa

Norton Community | Forum, Release Announcements

Trust: 3.0

Fetched: Jan. 18, 2022, 11:35 a.m., Published: Jan. 17, 2022, 6:51 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos

NAS-maker Synology reveals new remote code execution vulnerabilities

Trust: 5.0

Fetched: Jan. 18, 2022, 11:35 a.m., Published: Aug. 27, 2021, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: synology model: synology router manager
vendor: synology model: router manager
vendor: synology model: diskstation manager
vendor: synology model: diskstation
db: NVD ids: CVE-2021-3712, CVE-2021-3711

Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Vulnerability Spotlight: Multiple vulnerabilities in ZTE MF971R LTE router

Related entries in the VARIoT vulnerabilities database: VAR-202110-0397, VAR-202110-0396

Trust: 5.5

Fetched: Jan. 18, 2022, 11:35 a.m., Published: Jan. 13, 2022, midnight
 Vulnerabilities: buffer overflow, cross-site scripting
Affected productsExternal IDs
vendor: snort model: snort
vendor: snort.org model: snort
vendor: cisco model: router
vendor: cisco model: firepower
vendor: cisco model: firepower management center
db: NVD ids: CVE-2021-21745, CVE-2021-21748

Security Vulnerabilities fixed in Firefox 94 - Mozilla

Trust: 3.0

Fetched: Jan. 18, 2022, 11:35 a.m., Published: Oct. 18, 2021, midnight
 Vulnerabilities: memory corruption
Affected productsExternal IDs

HP Threat Research Shows Attackers Exploiting Zero‐Day Vulnerability before Enterprises Can Patch | WebWire

Related entries in the VARIoT vulnerabilities database: VAR-202109-1909

Trust: 3.75

Fetched: Jan. 18, 2022, 11:35 a.m., Published: Dec. 2, 2021, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-404441, CVE-2021-40444

Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Vulnerability Spotlight: Vulnerabilities in Lantronix PremierWave 2050 could lead to code execution, file deletion

Trust: 5.5

Fetched: Jan. 18, 2022, 11:34 a.m., Published: Jan. 13, 2022, midnight
 Vulnerabilities: code execution, local file inclusion, file inclusion...
Affected productsExternal IDs
vendor: cisco model: firepower
vendor: cisco model: firepower management center
vendor: snort model: snort
vendor: snort.org model: snort
db: NVD ids: CVE-2021-21878, CVE-2021-21886, CVE-2021-21896

Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Cisco Talos finds 10 vulnerabilities in Azure Sphere’s Linux kernel, Security Monitor and Pluton

Related entries in the VARIoT vulnerabilities database: VAR-202111-0789, VAR-202111-0473

Trust: 5.25

Fetched: Jan. 18, 2022, 11:34 a.m., Published: Jan. 13, 2022, midnight
 Vulnerabilities: denial of service, information leak, information disclosure
Affected productsExternal IDs
vendor: snort model: snort
vendor: snort.org model: snort
db: NVD ids: CVE-2021-41375, CVE-2021-42300, CVE-2021-41374, CVE-2021-41376

Microsoft Surface Pro 3 Security Feature Bypass Vulnerability Surface - Windows 10 Forums

Trust: 3.0

Fetched: Jan. 18, 2022, 11:33 a.m., Published: Jan. 13, 2022, midnight
 Vulnerabilities: security feature bypass, feature bypass
Affected productsExternal IDs

NVD - CVE-2021-34776

Trust: 3.0

Fetched: Jan. 18, 2022, 11:33 a.m., Published: Jan. 18, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-34776

Linux Vulnerability Scanner | Linux Vulnerability Scanning Tool - ManageEngine Vulnerability Manager Plus

Trust: 3.25

Fetched: Jan. 18, 2022, 11:33 a.m., Published: Dec. 18, 2021, 11:33 a.m.
 Vulnerabilities: denial of service, code execution, cross-site scripting
Affected productsExternal IDs
vendor: delegate model: delegate
vendor: rising model: antivirus

Will this Account Lockout mechanism increase the severity of a information leakage vulnerability that leaks usernames? - Information Security Stack Exchange

Trust: 3.75

Fetched: Jan. 18, 2022, 11:32 a.m., Published: Jan. 18, 2022, midnight
 Vulnerabilities: account lockout, information leakage
Affected productsExternal IDs

Nearly 100 TCP/IP Stack Vulnerabilities Found During 18-Month Research Project

Trust: 4.0

Fetched: Jan. 18, 2022, 11:31 a.m., Published: Nov. 19, 2021, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: treck model: tcp/ip stack

Critical Vulnerability Found in More Than 150 HP Printer Models | SecurityWeek.Com

Trust: 3.5

Fetched: Jan. 18, 2022, 11:31 a.m., Published: Jan. 18, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: printers
vendor: samsung model: samsung
vendor: samsung model: printer
db: NVD ids: CVE-2021-39238, CVE-2021-39237

Cybersecurity Risk Lurks in a Common Industrial Operating System | IndustryWeek

Trust: 3.5

Fetched: Jan. 18, 2022, 11:31 a.m., Published: Jan. 18, 2022, 10:31 a.m.
 Vulnerabilities: denial of service, code execution, buffer overflow
Affected productsExternal IDs
vendor: siemens model: nucleus
vendor: siemens model: nucleus net

83 million devices using the Kalay protocol are at risk for remote takeover. Are yours? - TechRepublic

Trust: 3.0

Fetched: Jan. 18, 2022, 11:30 a.m., Published: Jan. 18, 2022, midnight
 Vulnerabilities: device impersonation
Affected productsExternal IDs