Sign-up

VARIoT news about IoT security

Security Bulletin: Multiple vulnerabilities in the NVIDIA Windows GPU Display Driver kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape and a vulnerability in the Linux GPU Display Driver kernel mode layer (nvidia.ko) | NVIDIA

Trust: 5.5

Fetched: Jan. 14, 2022, 12:26 p.m., Published: Sept. 29, 2021, 1:04 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: device manager
vendor: cisco model: series
db: NVD ids: CVE-2016-8826, CVE-2016-8825, CVE-2016-8821, CVE-2016-8824, CVE-2016-8822, CVE-2016-8823

Apple Addresses “Shrootless” Vulnerability - Binary Defense

Related entries in the VARIoT vulnerabilities database: VAR-202108-2056

Trust: 5.0

Fetched: Jan. 14, 2022, 12:26 p.m., Published: Jan. 4, 2022, midnight
 Vulnerabilities: security feature bypass, feature bypass
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2021-30892

Zero-Day Disclosure: PAN GlobalProtect CVE-2021-3064

Trust: 5.25

Fetched: Jan. 14, 2022, 12:19 p.m., Published: Dec. 10, 2021, 3:41 p.m.
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: firewall
vendor: palo alto networks model: palo alto networks
vendor: palo model: networks
vendor: palo model: pan-os
vendor: palo model: firewall
vendor: palo model: palo alto networks
db: NVD ids: CVE-2021-3064

Hackers Can Exploit Apple AirTag Vulnerability to Lure Users to Malicious Sites | SecurityWeek.Com

Trust: 3.75

Fetched: Jan. 14, 2022, 12:19 p.m., Published: Jan. 17, 2022, midnight
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: apple model: icloud

Positive Technologies Discovers Vulnerability in Intel Processors used in Laptops, Cars and Other devices

Trust: 4.75

Fetched: Jan. 14, 2022, 12:19 p.m., Published: Jan. 8, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: tesla model: model 3
vendor: tesla model: model
db: NVD ids: CVE-2021-0146

13 critical Nucleus TCP/IP flaws pose denial-of-service risk to medical devices

Related entries in the VARIoT vulnerabilities database: VAR-202103-0365

Trust: 4.5

Fetched: Jan. 14, 2022, 12:15 p.m., Published: Nov. 15, 2021, 12:20 p.m.
 Vulnerabilities: improper validation, code execution
Affected productsExternal IDs
vendor: siemens model: nucleus
vendor: siemens model: nucleus net
db: NVD ids: CVE-2016-20009

Siemens software vulnerabilities potentially put millions of medical devices at risk | MedTech Dive

Trust: 3.5

Fetched: Jan. 14, 2022, 11:53 a.m., Published: Nov. 11, 2021, midnight
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
vendor: siemens model: nucleus

BrakTooth Bluetooth Vulnerability Crashes Devices, Reveals Need for IoT Device Testing - Embedded Computing Design

Trust: 3.75

Fetched: Jan. 14, 2022, 11:53 a.m., Published: Jan. 17, 2022, midnight
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs

Forescout, JFrog reveal new vulnerabilities in industrial systems, showing challenges in edge network, device security | Edge Industry Review

Trust: 3.0

Fetched: Jan. 14, 2022, 11:53 a.m., Published: Aug. 8, 2021, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs

Vulnerabilities Discovered in IoT Software Suite " ADMIN Magazine

Trust: 3.25

Fetched: Jan. 14, 2022, 11:53 a.m., Published: Jan. 14, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

Researchers Discover 13 Medical Device Security Vulnerabilities

Trust: 4.0

Fetched: Jan. 14, 2022, 11:53 a.m., Published: Nov. 12, 2021, 1:30 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: siemens model: nucleus

VU#142629 - Silicon Labs Z-Wave chipsets contain multiple vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202201-0274, VAR-202201-0277, VAR-202201-0275, VAR-202201-0276, VAR-202201-0287, VAR-202201-0285

Trust: 5.0

Fetched: Jan. 14, 2022, 11:48 a.m., Published: Jan. 9, 2022, midnight
 Vulnerabilities: denial of service, resource exhaustion
Affected productsExternal IDs
db: NVD ids: CVE-2020-9060, CVE-2020-9057, CVE-2020-9059, CVE-2020-9058, CVE-2020-9061, CVE-2020-10137

Log4Shell: The New Zero-Day Vulnerability in Log4j

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 4.75

Fetched: Jan. 14, 2022, 11:48 a.m., Published: Dec. 15, 2021, 9:57 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: icloud
db: NVD ids: CVE-2021-44228

Vulnerabilities CVE-2021-3922, CVE-2021-3969 in ImController of Lenovo Notebooks | Born's Tech and Windows World

Related entries in the VARIoT vulnerabilities database: VAR-202112-2487, VAR-202112-2486

Trust: 3.75

Fetched: Jan. 14, 2022, 11:48 a.m., Published: Dec. 20, 2021, 10:25 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: lenovo model: system
vendor: lenovo model: yoga
vendor: lenovo model: thinkpad
vendor: lenovo model: notebook
db: NVD ids: CVE-2021-3969, CVE-2021-3922

What is Log4j vulnerability, and who’s affected? | NordPass

Trust: 3.0

Fetched: Jan. 14, 2022, 11:48 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: icloud

Newly Found Malware Threatens IoT Devices

Related entries in the VARIoT vulnerabilities database: VAR-202111-1151

Trust: 5.75

Fetched: Jan. 14, 2022, 11:48 a.m., Published: Jan. 4, 2022, 7:58 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: serve model: serve
db: NVD ids: CVE-2021-0157

Security Notice: NVIDIA Response to Log4j Vulnerabilities - December 2021 | NVIDIA

Related entries in the VARIoT vulnerabilities database: VAR-202112-1782

Trust: 3.75

Fetched: Jan. 14, 2022, 11:48 a.m., Published: Dec. 17, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2021-45105

How To Mitigate Log4j Vulnerabilities For F5 Devices Using ADC+

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 5.5

Fetched: Jan. 14, 2022, 11:48 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: watch
vendor: apple model: icloud
db: NVD ids: CVE-2021-44228

More than a hundred HP printer models are vulnerable to hacking | CyberNews

Trust: 5.0

Fetched: Jan. 14, 2022, 11:48 a.m., Published: Dec. 6, 2021, 12:52 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-39238, CVE-2021-39237

Microsoft observed many attackers adding exploits of Log4j vulnerabilities - MSPoweruser

Related entries in the VARIoT vulnerabilities database: VAR-202112-2011, VAR-202112-0566, VAR-202112-0562

Trust: 4.25

Fetched: Jan. 14, 2022, 11:48 a.m., Published: Jan. 6, 2022, 12:02 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-44832, CVE-2021-44228, CVE-2021-45046