Sign-up

VARIoT news about IoT security

EETimes - IoT Device Vendors: Why Resist Vulnerability Reporting?

Trust: 4.5

Fetched: Jan. 18, 2022, 11:14 a.m., Published: April 17, 2020, 8 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android
vendor: google model: home
vendor: sony model: camera
vendor: apple model: watch
vendor: huawei model: huawei
vendor: ring model: ring
vendor: lenovo model: system
vendor: lenovo model: updates
vendor: motorola model: android
vendor: motorola model: motorola
vendor: samsung model: notes
vendor: samsung model: samsung

SweynTooth Vulnerabilities | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202002-0294, VAR-202002-0394, VAR-202002-0295, VAR-202002-0391, VAR-202002-0491, VAR-202002-0487, VAR-202002-0393, VAR-202002-0418, VAR-202002-0392

Trust: 3.5

Fetched: Jan. 18, 2022, 11:14 a.m., Published: March 4, 2020, midnight
 Vulnerabilities: memory corruption, security bypass, buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2019-17060, CVE-2019-17519, CVE-2019-17061, CVE-2019-19193, CVE-2019-17520, CVE-2019-19196, CVE-2019-19192, CVE-2019-17518, CVE-2019-16336, CVE-2019-19194, CVE-2019-19195, CVE-2019-17517

VU#941987 - Apple devices vulnerable to arbitrary code execution in SecureROM

Trust: 4.0

Fetched: Jan. 18, 2022, 11:14 a.m., Published: Oct. 8, 2020, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: ipod touch
vendor: apple model: ipad
vendor: apple model: watch
vendor: apple model: apple tv

INTEL-SA-00306

Related entries in the VARIoT vulnerabilities database: VAR-202001-0482

Trust: 4.0

Fetched: Jan. 18, 2022, 11:14 a.m., Published: Jan. 7, 2020, 10:27 p.m.
 Vulnerabilities: improper access control, denial of service, information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2019-14596

Understanding Vulnerability Scoring: CVSS Explained

Trust: 3.25

Fetched: Jan. 18, 2022, 11:14 a.m., Published: May 7, 2020, 3:50 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: serve model: serve

A 5-Minute Guide on How to Secure IoT Devices Within Your Enterprise - Hashed Out by The SSL Store™

Trust: 3.75

Fetched: Jan. 18, 2022, 11:14 a.m., Published: Dec. 23, 2021, 3:39 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: serve model: serve

Microsoft: powerdir bug gives access to protected macOS user data

Related entries in the VARIoT vulnerabilities database: VAR-202010-1252, VAR-202010-1253, VAR-202108-1285, VAR-202109-1380

Trust: 4.5

Fetched: Jan. 18, 2022, 11:14 a.m., Published: Jan. 6, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: netgear model: router
vendor: netgear model: netgear router
vendor: apple model: macos
db: NVD ids: CVE-2020-9934, CVE-2020-9771, CVE-2021-30970, CVE-2021-30713

Apple accused of recklessness over iOS security vulnerability | TechRadar

Trust: 5.0

Fetched: Jan. 18, 2022, 11:14 a.m., Published: Jan. 4, 2022, 2:20 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: apple model: icloud

Your PC could be hacked in seconds just by making a surprisingly simple mistake

Trust: 3.0

Fetched: Jan. 18, 2022, 11:14 a.m., Published: Jan. 12, 2022, 4:08 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: watch

security settings: Why Microsoft has urged Apple users to apply macOS security settings immediately - Times of India

Related entries in the VARIoT vulnerabilities database: VAR-202108-1285

Trust: 5.0

Fetched: Jan. 18, 2022, 11:14 a.m., Published: Jan. 23, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: icloud
db: NVD ids: CVE-2021-30970

Critical, “Wormable” Microsoft Vulnerability Could Lead to Cyberattacks

Related entries in the VARIoT vulnerabilities database: VAR-202105-1269

Trust: 4.0

Fetched: Jan. 18, 2022, 11:14 a.m., Published: Jan. 12, 2022, 5 p.m.
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-31166, CVE-2022-21846, CVE-2022-21907

Security researcher shares HomeKit security bug

Trust: 3.0

Fetched: Jan. 18, 2022, 11:14 a.m., Published: Jan. 2, 2022, 7:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: icloud

Log4j Flaw: Top 10 Affected Vendors and Best Solutions to Mitigate Exploitations | Toolbox It Security

Related entries in the VARIoT vulnerabilities database: VAR-202112-1782, VAR-202112-0566

Trust: 4.75

Fetched: Jan. 18, 2022, 11:14 a.m., Published: Dec. 23, 2021, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: broadcom model: api gateway
vendor: broadcom model: broadcom
vendor: broadcom model: linux
vendor: symantec model: symantec endpoint protection
vendor: symantec model: web security
vendor: symantec model: endpoint protection
vendor: symantec model: scan engine
vendor: cisco model: cisco sd-wan
vendor: cisco model: sd-wan
vendor: cisco model: identity services engine
vendor: cisco model: webex meetings
vendor: cisco model: meetings server
vendor: cisco model: data center network manager
vendor: cisco model: firepower
vendor: cisco model: firepower threat defense
vendor: cisco model: cisco webex meetings
vendor: cisco model: cisco webex
vendor: cisco model: webex
vendor: cisco model: webex meetings server
vendor: cisco model: sd-wan vmanage
vendor: cisco model: cisco webex meetings server
vendor: check point model: check point
db: NVD ids: CVE-2021-45105, CVE-2021-44228

Data Theorem Releases Critical Insight into Log4Shell Vulnerability to Assist Security Teams in Addressing the Exploit | Business Wire

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 3.75

Fetched: Jan. 18, 2022, 11:14 a.m., Published: Dec. 23, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2021-44228

Microsoft: macOS 'Powerdir' Flaw Could Enable Access to User Data

Related entries in the VARIoT vulnerabilities database: VAR-202010-1252, VAR-202010-1253, VAR-202108-1285, VAR-202109-1380

Trust: 4.75

Fetched: Jan. 18, 2022, 11:14 a.m., Published: Jan. 10, 2022, 10:05 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: icloud
db: NVD ids: CVE-2020-9934, CVE-2020-9771, CVE-2021-30970, CVE-2021-30713

Hackers Exploit Log4j Bug to Attack Belgium Defense Ministry

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 3.0

Fetched: Jan. 18, 2022, 11:14 a.m., Published: Dec. 24, 2021, 9:31 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228

Thousands of enterprise servers are running vulnerable BMCs, researchers find | CSO Online

Related entries in the VARIoT vulnerabilities database: VAR-201808-0934

Trust: 3.5

Fetched: Jan. 18, 2022, 11:14 a.m., Published: Jan. 14, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: hewlett packard enterprise model: hewlett packard
vendor: hewlett packard enterprise model: integrated lights-out
vendor: hewlett packard enterprise model: hewlett packard enterprise
vendor: supermicro model: intelligent platform management interface
vendor: supermicro model: intelligent platform management
vendor: hewlett packard model: hewlett packard
vendor: hewlett packard model: integrated lights-out
vendor: hewlett packard model: hewlett packard enterprise
db: NVD ids: CVE-2018-7078, CVE-2018-7113

JFrog researchers find JNDI vulnerability in H2 database consoles similar to Log4Shell | ZDNet

Trust: 4.75

Fetched: Jan. 18, 2022, 11:14 a.m., Published: Jan. 6, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-42392

Juniper Networks

Related entries in the VARIoT vulnerabilities database: VAR-202110-0410, VAR-202112-0566, VAR-202112-0562, VAR-202201-0633, VAR-202201-1488

Trust: 4.25

Fetched: Jan. 18, 2022, 11:14 a.m., Published: Oct. 18, 2021, midnight
 Vulnerabilities: path traversal
Affected productsExternal IDs
db: NVD ids: CVE-2021-31385, CVE-2021-44228, CVE-2021-45046, CVE-2022-22152, CVE-2021-4104, CVE-2022-22153, CVE-2021-42550, CVE-2022-22177

Microsoft Discovered New 'Powerdir' macOS Vulnerability, Fixed in 12.1 Update - MacRumors

Related entries in the VARIoT vulnerabilities database: VAR-202108-1285

Trust: 4.5

Fetched: Jan. 18, 2022, 11:14 a.m., Published: Jan. 12, 2022, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: ipad air
vendor: apple model: ipad
vendor: apple model: webkit
vendor: apple model: watchos
vendor: apple model: icloud
vendor: apple model: tvos
vendor: apple model: watch
db: NVD ids: CVE-2021-30970