VARIoT latest news about IoT security

"Trojan Source" technique can conceal vulnerabilities in code. BlackMatter affiliate uses custom tool for data exfiltration. Android malware gains root access. Related entries in the VARIoT vulnerabilities database: VAR-202108-2056 Trust: 3.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Dec. 20, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2021-42574, CVE-2021-30892

3 Medium Severity Vulnerabilities Identified in Philips MRI Solutions Trust: 3.0 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 10, 2021, 1:22 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-3084, CVE-2021-3083, CVE-2021-3085

Exploit Files ≈ Packet Storm Trust: 4.0 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Dec. 17, 2021, midnight	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-42237, CVE-2021-38146, CVE-2021-42580, CVE-2021-38294, CVE-2020-28328, CVE-2021-43140, CVE-2021-22205, CVE-2021-35323, CVE-2020-16152, CVE-2021-43397, CVE-2021-22204, CVE-2021-26795, CVE-2021-24664, CVE-2021-42840

USN-5009-2: libslirp vulnerabilities Trust: 3.0 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Oct. 27, 2021, 6:13 a.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-3595, CVE-2021-3594, CVE-2021-3592, CVE-2020-29130, CVE-2020-29129, CVE-2021-3593

AMD EPYC Processors Hit by 22 Security Vulnerabilities, Patch is Already Out \| TechPowerUp Forums Trust: 3.25 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 15, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

db:

SCHNEIDER

ids:

SB950

How Telecom Providers Can Prevent IoT Attacks \| Toolbox Tech Trust: 3.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Oct. 26, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

mesh

model:

mesh

Researchers wait 12 months to report vulnerability with 9.8 out of 10 severity rating \| Ars Technica Trust: 5.25 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Jan. 12, 2022, midnight	Vulnerabilities: code execution, buffer overflow

Affected products

External IDs

vendor:	palo alto networks	model:	palo alto networks
vendor:	palo alto networks	model:	palo alto networks globalprotect
vendor:	palo alto networks	model:	networks globalprotect
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	firewall
vendor:	palo alto networks	model:	pan-os
vendor:	palo	model:	palo alto networks
vendor:	palo	model:	palo alto networks globalprotect
vendor:	palo	model:	networks globalprotect
vendor:	palo	model:	networks
vendor:	palo	model:	firewall
vendor:	palo	model:	pan-os

db:

NVD

ids:

CVE-2021-3064

25th October - Threat Intelligence Report - Check Point Research Trust: 4.25 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Oct. 25, 2021, 12:13 p.m.	Vulnerabilities: code execution, memory corruption

Affected products

External IDs

vendor:	google	model:	android
vendor:	check point	model:	check point

db:

NVD

ids:

CVE-2021-41355, CVE-2017-11882, CVE-2020-0951

Vulnerability Discovered in Ubiquiti Inc. UniFi Protect Software Related entries in the VARIoT vulnerabilities database: VAR-202108-0413 Trust: 3.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Sept. 2, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

ubiquiti

model:

unifi

db:

NVD

ids:

CVE-2021-22944

Microsoft November 2021 Patch Tuesday Related entries in the VARIoT vulnerabilities database: VAR-202111-0697, VAR-202111-0473, VAR-202111-0789, VAR-202111-0660 Trust: 3.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 15, 2021, midnight	Vulnerabilities: feature bypass, denial of service, information disclosure...

Affected products

External IDs

db:

NVD

ids:

CVE-2021-41379, CVE-2021-42303, CVE-2021-42287, CVE-2021-41374, CVE-2021-26444, CVE-2021-41376, CVE-2021-38665, CVE-2021-42304, CVE-2021-42288, CVE-2021-42280, CVE-2021-42282, CVE-2021-36957, CVE-2021-42319, CVE-2021-40442, CVE-2021-42276, CVE-2021-42285, CVE-2021-41375, CVE-2021-42298, CVE-2021-42274, CVE-2021-41371, CVE-2021-41372, CVE-2021-41368, CVE-2021-41370, CVE-2021-43209, CVE-2021-41373, CVE-2021-42300, CVE-2021-42322, CVE-2021-41367, CVE-2021-42279, CVE-2021-42278, CVE-2021-42291, CVE-2021-42321, CVE-2021-26443, CVE-2021-42305, CVE-2021-42323, CVE-2021-42292, CVE-2021-42301, CVE-2021-41366, CVE-2021-41356, CVE-2021-43208, CVE-2021-42284, CVE-2021-38666, CVE-2021-41349, CVE-2021-42275, CVE-2021-42277, CVE-2021-42286, CVE-2021-41378, CVE-2021-41377, CVE-2021-42316, CVE-2021-3711, CVE-2021-42302, CVE-2021-42283, CVE-2021-38631, CVE-2021-41351, CVE-2021-42296

New Windows update patches 55 bugs and major vulnerabilities Trust: 3.25 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 11, 2021, 8 a.m.	Vulnerabilities: code execution

Affected products	External IDs

November Patch Tuesday drop fixes bugs in Excel, Exchange Server Trust: 5.25 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 10, 2021, midnight	Vulnerabilities: security feature bypass, buffer overflow, memory corruption...

Affected products

External IDs

vendor:	trend micro	model:	security
vendor:	trend	model:	security

db:

NVD

ids:

CVE-2021-42292, CVE-2021-42270, CVE-2021-26855, CVE-2021-38666, CVE-2021-27065, CVE-2021-3711, CVE-2021-42316, CVE-2021-42321, CVE-2021-42298, CVE-2021-26443

Microsoft Security Response Center Trust: 4.25 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Dec. 11, 2021, midnight	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-42306, CVE-2021-38645, CVE-2021-38647, CVE-2021-38649, CVE-2021-38648

Education, Research The Most Attacked Industries in The Cyberspace Trust: 4.5 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 12, 2021, 12:19 p.m.	Vulnerabilities: path traversal, code execution, directory traversal...

Affected products

External IDs

vendor:	check point	model:	check point
vendor:	google	model:	android

Samsung monthly updates: November 2021 security patch details released - SamMobile Trust: 3.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 2, 2021, 7:35 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	samsung	model:	galaxy
vendor:	samsung	model:	samsung
vendor:	samsung	model:	galaxy s10

Apple rushes to block 'zero-click' iPhone spyware - BBC News Trust: 3.25 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Sept. 14, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

iphone

Device security \| Cloud IoT Core Documentation \| Google Cloud Trust: 3.0 Fetched: Nov. 22, 2021, 8:12 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

android

CVE - CVE-2021-40114 Related entries in the VARIoT vulnerabilities database: VAR-202110-1353 Trust: 5.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Jan. 3, 2022, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco systems	model:	series
vendor:	cisco systems	model:	cisco systems
vendor:	cisco	model:	series
vendor:	cisco	model:	cisco systems
vendor:	snort	model:	snort

db:

NVD

ids:

CVE-2021-40114

CVE-2021-40117 - CVE.report Related entries in the VARIoT vulnerabilities database: VAR-202110-1351 Trust: 6.0 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Jan. 7, 2022, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	firepower
vendor:	cisco	model:	firepower threat defense

db:

NVD

ids:

CVE-2021-40117

Patch Now: Cisco, CISA Sound The Alarm On Four Software Flaws - My TechDecisions Related entries in the VARIoT vulnerabilities database: VAR-202111-0664 Trust: 4.5 Fetched: Nov. 22, 2021, 8:12 a.m., Published: -	Vulnerabilities: command injection, denial of service

Affected products

External IDs

vendor:	cisco	model:	cisco small business
vendor:	cisco	model:	series
vendor:	cisco	model:	series switches
vendor:	cisco	model:	email security appliance
vendor:	cisco	model:	300 series managed switches
vendor:	cisco	model:	asyncos software
vendor:	cisco	model:	200 series smart switches
vendor:	cisco	model:	policy suite
vendor:	cisco	model:	cisco email security appliance
vendor:	cisco	model:	small business switches
vendor:	cisco	model:	small business 500 series stackable managed switches
vendor:	cisco	model:	small business series switches
vendor:	cisco	model:	esw2 series advanced switches
vendor:	cisco	model:	series smart switches
vendor:	cisco	model:	series stackable managed switches
vendor:	cisco	model:	500 series stackable managed switches
vendor:	cisco	model:	asyncos
vendor:	cisco	model:	series managed switches
vendor:	cisco	model:	cisco policy suite
vendor:	cisco	model:	small business series
vendor:	cisco	model:	small business
vendor:	cisco	model:	small business 300 series managed switches
vendor:	cisco	model:	cisco asyncos
vendor:	cisco	model:	catalyst

db:

NVD

ids:

CVE-2021-40119, CVE-2021-34741, CVE-2021-40112, CVE-2021-34739, CVE-2021-34795, CVE-2021-40113

VARIoT news about IoT security