VARIoT latest news about IoT security

Shrootless: Microsoft finds Apple macOS vulnerability \| Malwarebytes Labs Related entries in the VARIoT vulnerabilities database: VAR-202108-2056 Trust: 4.0 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Oct. 29, 2021, 1:31 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

macos

db:

NVD

ids:

CVE-2021-30892

Google Patches 2 Actively Exploited Chrome Zero-Days Trust: 3.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Oct. 29, 2021, 8:42 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	chrome
vendor:	google	model:	google chrome
vendor:	node.js	model:	node.js

db:

NVD

ids:

CVE-2021-38000, CVE-2021-38001, CVE-2021-38002, CVE-2021-38003

Apple iPhone iOS 14.8 patches security exploit used by Pegasus spyware \| Euronews Trust: 3.5 Fetched: Nov. 22, 2021, 8:12 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	iphone
vendor:	apple	model:	macos

db:

NVD

ids:

cve-2021-30858

November Patch Tuesday: Microsoft release fixes for Windows 10 and Windows 11 - MSPoweruser Trust: 3.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 9, 2021, 8:30 p.m.	Vulnerabilities: feature bypass, denial of service, information disclosure...

Affected products	External IDs

Security Bulletin: Vulnerability in sed affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem V9000 products Related entries in the VARIoT vulnerabilities database: VAR-202110-0579 Trust: 4.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 18, 2021, midnight	Vulnerabilities: denial of service

Affected products

External IDs

db:

NVD

ids:

CVE-2021-29873

Vulnerabilities in NPM allowed threat actors to publish new version of any package \| The Daily Swig Trust: 3.0 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 17, 2021, 2:32 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

node.js

model:

node.js

NVD - CVE-2021-34727 Trust: 5.25 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Oct. 13, 2021, midnight	Vulnerabilities: buffer overflow, denial of service

Affected products

External IDs

vendor:	cisco systems	model:	ios xe sd-wan software
vendor:	cisco systems	model:	asr_1000
vendor:	cisco systems	model:	cisco systems
vendor:	cisco systems	model:	cisco ios xe
vendor:	cisco systems	model:	ios xe
vendor:	cisco systems	model:	cisco ios
vendor:	cisco systems	model:	sd-wan
vendor:	cisco	model:	ios xe sd-wan software
vendor:	cisco	model:	asr_1000
vendor:	cisco	model:	cisco systems
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	sd-wan

db:

NVD

ids:

CVE-2021-34727

Security Researcher Immediately Issues Bypass for Windows 0-Day Vulnerability Patch Related entries in the VARIoT vulnerabilities database: VAR-202108-1005 Trust: 3.0 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Dec. 15, 2021, midnight	Vulnerabilities: privilege elevation

Affected products

External IDs

db:

NVD

ids:

CVE-2021-34484

Cisco : Security vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-202110-0618, VAR-202111-0664, VAR-202110-1350, VAR-202110-1376, VAR-202110-0207, VAR-202109-0617, VAR-202110-0203, VAR-202110-0623, VAR-202111-0393, VAR-202109-0624, VAR-202110-1352, VAR-202110-0619, VAR-202111-0418, VAR-202110-1394, VAR-202110-0622, VAR-202110-1297, VAR-202110-0582, VAR-202110-1402, VAR-202109-0622, VAR-202110-0211, VAR-202111-0413, VAR-202110-1392, VAR-202110-1366, VAR-202111-0417, VAR-202110-1367, VAR-202111-0419, VAR-202111-0412, VAR-202109-0623, VAR-202110-1354, VAR-202111-0400, VAR-202110-1298, VAR-202110-0617, VAR-202110-1375, VAR-202110-0209, VAR-202109-0631, VAR-202110-0213, VAR-202108-0824, VAR-202111-0401, VAR-202110-0212, VAR-202110-1286, VAR-202110-1393, VAR-202110-1353, VAR-202110-1305, VAR-202110-1395, VAR-202110-1351, VAR-202110-0583, VAR-202108-0823, VAR-202109-0618, VAR-202110-1065, VAR-202110-1377 Trust: 5.25 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Jan. 2, 2021, midnight	Vulnerabilities: improper validation, traversal attack, command injection...

Affected products

External IDs

vendor:	mesh	model:	mesh
vendor:	snort	model:	snort
vendor:	cisco	model:	cisco evolved programmable network manager
vendor:	cisco	model:	cisco meeting server
vendor:	cisco	model:	firepower
vendor:	cisco	model:	unified communications manager
vendor:	cisco	model:	dna center
vendor:	cisco	model:	policy suite
vendor:	cisco	model:	cisco telepresence management suite
vendor:	cisco	model:	webex meetings
vendor:	cisco	model:	cisco webex meetings
vendor:	cisco	model:	cisco anyconnect secure mobility client
vendor:	cisco	model:	cisco unified communications manager
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ios xr software
vendor:	cisco	model:	cisco firepower management center
vendor:	cisco	model:	cisco policy suite
vendor:	cisco	model:	webex
vendor:	cisco	model:	small business
vendor:	cisco	model:	telepresence management suite
vendor:	cisco	model:	series routers
vendor:	cisco	model:	series
vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	cisco meeting
vendor:	cisco	model:	unified communications manager session management edition
vendor:	cisco	model:	cisco web security appliance
vendor:	cisco	model:	meeting server
vendor:	cisco	model:	routers
vendor:	cisco	model:	telepresence collaboration endpoint
vendor:	cisco	model:	cisco roomos
vendor:	cisco	model:	evolved programmable network manager
vendor:	cisco	model:	umbrella
vendor:	cisco	model:	cisco ios xr
vendor:	cisco	model:	cisco telepresence
vendor:	cisco	model:	cisco small business
vendor:	cisco	model:	telepresence
vendor:	cisco	model:	ios xr
vendor:	cisco	model:	roomos
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	meeting
vendor:	cisco	model:	unified communications
vendor:	cisco	model:	nexus
vendor:	cisco	model:	small business rv series routers
vendor:	cisco	model:	webex video mesh
vendor:	cisco	model:	common services platform collector
vendor:	cisco	model:	web security appliance
vendor:	cisco	model:	cisco prime infrastructure
vendor:	cisco	model:	cisco webex
vendor:	cisco	model:	small business rv
vendor:	cisco	model:	prime infrastructure
vendor:	cisco	model:	anyconnect secure mobility client
vendor:	cisco	model:	firepower management center
vendor:	cisco	model:	cisco identity services engine
vendor:	cisco	model:	firepower threat defense

db:

NVD

ids:

CVE-2021-40122, CVE-2021-40119, CVE-2021-40118, CVE-2021-34793, CVE-2021-34742, CVE-2021-34785, CVE-2021-34782, CVE-2021-34760, CVE-2021-40126, CVE-2021-34765, CVE-2021-40116, CVE-2021-40121, CVE-2021-34774, CVE-2021-34783, CVE-2021-34789, CVE-2021-34756, CVE-2021-34743, CVE-2021-40125, CVE-2021-34746, CVE-2021-34758, CVE-2021-40120, CVE-2021-34791, CVE-2021-34764, CVE-2021-34784, CVE-2021-34763, CVE-2021-34773, CVE-2009-1234, CVE-2021-40124, CVE-2021-34759, CVE-2021-34787, CVE-2021-40128, CVE-2021-34755, CVE-2021-40123, CVE-2021-34794, CVE-2021-34748, CVE-2021-34771, CVE-2021-34772, CVE-2021-34749, CVE-2021-40115, CVE-2021-34766, CVE-2021-34754, CVE-2021-34790, CVE-2021-40114, CVE-2021-34761, CVE-2021-34781, CVE-2021-40117, CVE-2021-34738, CVE-2021-34745, CVE-2021-34786, CVE-2021-34762, CVE-2021-34792

Google fixes Android zero-day exploited in the wild in targeted attacks - The Record by Recorded Future Trust: 3.5 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 4, 2021, 2:32 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

android

Dahua Console, access internal debug console and/or other researched functions in Dahua devices. Feel free to contribute in this project. Related entries in the VARIoT vulnerabilities database: VAR-202109-1874, VAR-202109-1875 Trust: 3.25 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Oct. 25, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-33045, CVE-2021-33044

cisco mobility client windows - AOL Search Results Trust: 3.0 Fetched: Nov. 22, 2021, 8:12 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	cisco anyconnect secure mobility client
vendor:	cisco	model:	anyconnect secure mobility client

Flaws on Nucleus TCP/IP Stack Impact Safety-Critical Devices \| Decipher Related entries in the VARIoT vulnerabilities database: VAR-202111-1605, VAR-202111-1604 Trust: 4.5 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 9, 2021, midnight	Vulnerabilities: denial of service, code execution

Affected products

External IDs

vendor:	treck	model:	tcp/ip stack
vendor:	siemens	model:	nucleus net
vendor:	siemens	model:	nucleus

db:

NVD

ids:

CVE-2021-31886, CVE-2021-31887

Insufficient Access Controls Cause Philips MRI Vulnerabilities Trust: 3.5 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 15, 2021, 1:30 p.m.	Vulnerabilities: sql injection, injection attack

Affected products

External IDs

vendor:

philips

model:

tasy emr

11 FREE Penetration Testing Tools to Test Application Security Trust: 3.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: May 26, 2021, 2:24 p.m.	Vulnerabilities: local file inclusion, file inclusion, command injection...

Affected products	External IDs

CISA Tells OEM To Patch Alarming BrakTooth Security Flaws Affecting Billions Of Devices \| HotHardware Trust: 3.5 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 5, 2021, 11:46 a.m.	Vulnerabilities: denial of service, code execution

Affected products

External IDs

vendor:

samsung

model:

samsung

XR700 Firmware Version 1.0.1.46 \| Answer \| NETGEAR Support Trust: 3.0 Fetched: Nov. 22, 2021, 8:12 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	netgear	model:	xr700 firmware
vendor:	netgear	model:	xr700

Working to Secure the Technology Supply Chain - Nextgov Trust: 3.0 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 12, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

trend

model:

security

PS5 has a vulnerability that makes it possible to jailbreak the device - latest news today blogtuan.info Trust: 3.0 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 14, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

sony

model:

playstation

Emsisoft - Emsisoft Business Security Trust: 3.0 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Aug. 2, 2021, 3:19 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	emsisoft	model:	anti-malware
vendor:	emsisoft	model:	antivirus
vendor:	emsisoft	model:	emsisoft anti-malware

VARIoT news about IoT security