Sign-up

VARIoT news about IoT security

Critical vulnerabilities in NPM would allow hackers to publish new versions of any package - Cyberthreat Daily

Trust: 3.0

Fetched: Nov. 22, 2021, 8:12 a.m., Published: Jan. 16, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: node.js model: node.js

A Vulnerability in Cisco Adaptive Security Appliance and Firepower Threat Defense Could Allow for Security Bypass | New York State Office of Information Technology Services

Trust: 4.0

Fetched: Nov. 22, 2021, 8:12 a.m., Published: Oct. 29, 2021, 7:41 p.m.
 Vulnerabilities: security bypass
Affected productsExternal IDs
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: firepower threat defense
vendor: cisco model: firepower
vendor: cisco model: adaptive security appliance

Top IoT Security Solutions for 2022 | eSecurity Planet

Trust: 3.5

Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 20, 2021, 5:13 a.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: serve model: serve
vendor: cisco model: guard
vendor: cisco model: routers
vendor: cisco model: threat response
vendor: cisco model: sd-wan
vendor: broadcom model: broadcom
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo model: palo alto networks
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: palo alto networks

What Is IoT Security? Insights & Tips from 11 IoT Experts - Hashed Out by The SSL Storeā„¢

Trust: 3.5

Fetched: Nov. 22, 2021, 8:12 a.m., Published: Oct. 11, 2021, 5 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: serve model: serve

HackDig

Trust: 3.75

Fetched: Nov. 22, 2021, 8:12 a.m., Published: Jan. 2, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dovecot model: dovecot
db: NVD ids: CVE-2021-44033

Windows 10 KB5007186 update comes with several improvements

Trust: 3.0

Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 9, 2021, midnight
 Vulnerabilities: security feature bypass, code execution, denial of service...
Affected productsExternal IDs

Lab Minutes

Trust: 3.25

Fetched: Nov. 22, 2021, 8:12 a.m., Published: Jan. 9, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: palo model: firewall

Digital Vaccine #9602

Trust: 5.25

Fetched: Nov. 22, 2021, 8:12 a.m., Published: Oct. 27, 2021, midnight
 Vulnerabilities: file upload vulnerability, information disclosure, buffer overflow...
Affected productsExternal IDs
vendor: trend model: security
vendor: delta model: diaenergie
vendor: fatek model: automation winproladder
vendor: fatek model: winproladder
vendor: centreon model: centreon
vendor: trend micro model: security
vendor: siemens model: solid edge viewer
vendor: siemens model: solid edge
vendor: fatek automation model: automation winproladder
vendor: fatek automation model: winproladder
vendor: tippingpoint model: tippingpoint
vendor: advantech model: webaccess
vendor: advantech model: advantech webaccess
vendor: delta industrial automation model: diaenergie
db: NVD ids: CVE-2021-37558, CVE-2021-34848, CVE-2021-26085, CVE-2021-31813, CVE-2021-24275, CVE-2021-32955

Welcome to LWN.net [LWN.net]

Trust: 3.5

Fetched: Nov. 22, 2021, 8:12 a.m., Published: Dec. 17, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: freeipa model: freeipa
vendor: axis model: axis
vendor: google model: home
vendor: opensc model: opensc
vendor: mageia model: mageia
db: NVD ids: cve-2021-42574

December 2021 Android Update Rolling out to Google Pixel Phones | InsideTechno

Trust: 3.5

Fetched: Nov. 22, 2021, 8:12 a.m., Published: Dec. 7, 2021, 8:32 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
db: NVD ids: CVE-2021-1048

Security Advisory - Privilege Escalation Vulnerability in Huawei Product

Related entries in the VARIoT vulnerabilities database: VAR-202111-1435

Trust: 5.75

Fetched: Nov. 22, 2021, 8:12 a.m., Published: Jan. 5, 2022, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: huawei model: cloudengine 7800
vendor: huawei model: huawei
vendor: huawei model: cloudengine 5800
vendor: huawei model: cloudengine 12800
vendor: huawei model: cloudengine 6800
vendor: huawei model: cloudengine
db: NVD ids: CVE-2021-39976

Security Bulletin: NVIDIA GPU Display Driver - October 2021 | NVIDIA

Trust: 4.25

Fetched: Nov. 22, 2021, 8:12 a.m., Published: Oct. 16, 2021, midnight
 Vulnerabilities: denial of service, code execution, information disclosure...
Affected productsExternal IDs
vendor: citrix model: licensing
vendor: citrix model: hypervisor

Software Vulnerability within Apple tvOS Actively Exploited

Related entries in the VARIoT vulnerabilities database: VAR-202108-2057

Trust: 5.5

Fetched: Nov. 22, 2021, 8:12 a.m., Published: Oct. 28, 2021, 4:30 p.m.
 Vulnerabilities: memory corruption, integer overflow
Affected productsExternal IDs
vendor: roku model: roku
vendor: apple model: tvos
vendor: apple model: apple tv
vendor: apple model: watch
db: NVD ids: CVE-2021-30883

Security Bulletin | Zoom

Trust: 3.25

Fetched: Nov. 22, 2021, 8:12 a.m., Published: Dec. 30, 2021, 8:21 p.m.
 Vulnerabilities: remote command injection, privilege escalation, request forgery...
Affected productsExternal IDs
vendor: zoom model: zoom
vendor: zoom model: client
vendor: zoom model: zoom client
vendor: blackberry model: blackberry
vendor: blackberry model: link
vendor: ringcentral model: ringcentral
vendor: google model: chrome
vendor: google model: chrome os
vendor: google model: android

Swarm Intelligence May Be Just the Ticket for Improved Network & Device Security

Trust: 3.75

Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 18, 2021, 3 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: mesh model: mesh
db: NVD ids: CVE-2021-42292, CVE-2021-43208, CVE-2021-43209, CVE-2021-42321, CVE-2021-42298, CVE-2021-41371, CVE-2021-38631, CVE-2021-26443

Apple hits the alarm with multi-OS emergency update to patch zero-click flaw | Computerworld

Trust: 4.75

Fetched: Nov. 22, 2021, 8:12 a.m., Published: Sept. 14, 2021, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: watchos
vendor: apple model: macos

When will my Samsung Galaxy phone get a security update? - SamMobile

Trust: 3.5

Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 2, 2021, 8:58 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: galaxy j7 duo
vendor: samsung model: note
vendor: samsung model: galaxy
vendor: samsung model: galaxy s8
vendor: samsung model: galaxy a7
vendor: samsung model: mobile
vendor: samsung model: samsung galaxy
vendor: samsung model: j7 duo
vendor: samsung model: galaxy s10
vendor: samsung model: samsung
vendor: samsung model: note 10
vendor: samsung model: galaxy j4
vendor: samsung model: galaxy j6
vendor: samsung model: galaxy s9
vendor: samsung model: galaxy j3
vendor: samsung model: galaxy note
vendor: google model: android

Security Vulnerabilities Found in BusyBox Could Lead to DoS Attacks

Trust: 3.5

Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 10, 2021, 2:55 p.m.
 Vulnerabilities: code execution, information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2021-42378, CVE-2021-42379, CVE-2021-42381, CVE-2021-42386, CVE-2021-42374, CVE-2021-42380, CVE-2021-42384, CVE-2021-42375, CVE-2021-42377, CVE-2021-42382, CVE-2021-42373, CVE-2021-42376, CVE-2021-42383, CVE-2021-42385

A set of vulnerabilities in TCP/IP stacks could leave millions of connected medical devices open to attack - Cyber Security Review

Trust: 3.0

Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 15, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs

Citrix Products Multiple Vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202112-0296, VAR-202112-0297

Trust: 3.5

Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 10, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-22956, CVE-2021-22955