VARIoT latest news about IoT security

Security Bulletin: NVIDIA GPU Display Driver - October 2021 \| NVIDIA Trust: 4.25 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Oct. 16, 2021, midnight	Vulnerabilities: denial of service, code execution, information disclosure...

Affected products

External IDs

vendor:	citrix	model:	licensing
vendor:	citrix	model:	hypervisor

Software Vulnerability within Apple tvOS Actively Exploited Related entries in the VARIoT vulnerabilities database: VAR-202108-2057 Trust: 5.5 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Oct. 28, 2021, 4:30 p.m.	Vulnerabilities: memory corruption, integer overflow

Affected products

External IDs

vendor:	roku	model:	roku
vendor:	apple	model:	tvos
vendor:	apple	model:	apple tv
vendor:	apple	model:	watch

db:

NVD

ids:

CVE-2021-30883

Security Bulletin \| Zoom Trust: 3.25 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Dec. 30, 2021, 8:21 p.m.	Vulnerabilities: remote command injection, privilege escalation, request forgery...

Affected products

External IDs

vendor:	zoom	model:	zoom
vendor:	zoom	model:	client
vendor:	zoom	model:	zoom client
vendor:	blackberry	model:	blackberry
vendor:	blackberry	model:	link
vendor:	ringcentral	model:	ringcentral
vendor:	google	model:	chrome
vendor:	google	model:	chrome os
vendor:	google	model:	android

Swarm Intelligence May Be Just the Ticket for Improved Network & Device Security Trust: 3.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 18, 2021, 3 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

mesh

model:

mesh

db:

NVD

ids:

CVE-2021-42292, CVE-2021-43208, CVE-2021-43209, CVE-2021-42321, CVE-2021-42298, CVE-2021-41371, CVE-2021-38631, CVE-2021-26443

Apple hits the alarm with multi-OS emergency update to patch zero-click flaw \| Computerworld Trust: 4.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Sept. 14, 2021, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	ipad
vendor:	apple	model:	watchos
vendor:	apple	model:	macos

When will my Samsung Galaxy phone get a security update? - SamMobile Trust: 3.5 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 2, 2021, 8:58 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	samsung	model:	galaxy j7 duo
vendor:	samsung	model:	note
vendor:	samsung	model:	galaxy
vendor:	samsung	model:	galaxy s8
vendor:	samsung	model:	galaxy a7
vendor:	samsung	model:	mobile
vendor:	samsung	model:	samsung galaxy
vendor:	samsung	model:	j7 duo
vendor:	samsung	model:	galaxy s10
vendor:	samsung	model:	samsung
vendor:	samsung	model:	note 10
vendor:	samsung	model:	galaxy j4
vendor:	samsung	model:	galaxy j6
vendor:	samsung	model:	galaxy s9
vendor:	samsung	model:	galaxy j3
vendor:	samsung	model:	galaxy note
vendor:	google	model:	android

Security Vulnerabilities Found in BusyBox Could Lead to DoS Attacks Trust: 3.5 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 10, 2021, 2:55 p.m.	Vulnerabilities: code execution, information disclosure

Affected products

External IDs

db:

NVD

ids:

CVE-2021-42378, CVE-2021-42379, CVE-2021-42381, CVE-2021-42386, CVE-2021-42374, CVE-2021-42380, CVE-2021-42384, CVE-2021-42375, CVE-2021-42377, CVE-2021-42382, CVE-2021-42373, CVE-2021-42376, CVE-2021-42383, CVE-2021-42385

A set of vulnerabilities in TCP/IP stacks could leave millions of connected medical devices open to attack - Cyber Security Review Trust: 3.0 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 15, 2021, midnight	Vulnerabilities: -

Affected products	External IDs

Citrix Products Multiple Vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-202112-0296, VAR-202112-0297 Trust: 3.5 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 10, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-22956, CVE-2021-22955

"Trojan Source" technique can conceal vulnerabilities in code. BlackMatter affiliate uses custom tool for data exfiltration. Android malware gains root access. Related entries in the VARIoT vulnerabilities database: VAR-202108-2056 Trust: 3.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Dec. 20, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2021-42574, CVE-2021-30892

3 Medium Severity Vulnerabilities Identified in Philips MRI Solutions Trust: 3.0 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 10, 2021, 1:22 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-3084, CVE-2021-3083, CVE-2021-3085

Exploit Files ≈ Packet Storm Trust: 4.0 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Dec. 17, 2021, midnight	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-42237, CVE-2021-38146, CVE-2021-42580, CVE-2021-38294, CVE-2020-28328, CVE-2021-43140, CVE-2021-22205, CVE-2021-35323, CVE-2020-16152, CVE-2021-43397, CVE-2021-22204, CVE-2021-26795, CVE-2021-24664, CVE-2021-42840

USN-5009-2: libslirp vulnerabilities Trust: 3.0 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Oct. 27, 2021, 6:13 a.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-3595, CVE-2021-3594, CVE-2021-3592, CVE-2020-29130, CVE-2020-29129, CVE-2021-3593

AMD EPYC Processors Hit by 22 Security Vulnerabilities, Patch is Already Out \| TechPowerUp Forums Trust: 3.25 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 15, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

db:

SCHNEIDER

ids:

SB950

How Telecom Providers Can Prevent IoT Attacks \| Toolbox Tech Trust: 3.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Oct. 26, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

mesh

model:

mesh

Researchers wait 12 months to report vulnerability with 9.8 out of 10 severity rating \| Ars Technica Trust: 5.25 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Jan. 12, 2022, midnight	Vulnerabilities: code execution, buffer overflow

Affected products

External IDs

vendor:	palo alto networks	model:	palo alto networks
vendor:	palo alto networks	model:	palo alto networks globalprotect
vendor:	palo alto networks	model:	networks globalprotect
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	firewall
vendor:	palo alto networks	model:	pan-os
vendor:	palo	model:	palo alto networks
vendor:	palo	model:	palo alto networks globalprotect
vendor:	palo	model:	networks globalprotect
vendor:	palo	model:	networks
vendor:	palo	model:	firewall
vendor:	palo	model:	pan-os

db:

NVD

ids:

CVE-2021-3064

25th October - Threat Intelligence Report - Check Point Research Trust: 4.25 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Oct. 25, 2021, 12:13 p.m.	Vulnerabilities: code execution, memory corruption

Affected products

External IDs

vendor:	google	model:	android
vendor:	check point	model:	check point

db:

NVD

ids:

CVE-2021-41355, CVE-2017-11882, CVE-2020-0951

Vulnerability Discovered in Ubiquiti Inc. UniFi Protect Software Related entries in the VARIoT vulnerabilities database: VAR-202108-0413 Trust: 3.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Sept. 2, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

ubiquiti

model:

unifi

db:

NVD

ids:

CVE-2021-22944

Microsoft November 2021 Patch Tuesday Related entries in the VARIoT vulnerabilities database: VAR-202111-0697, VAR-202111-0473, VAR-202111-0789, VAR-202111-0660 Trust: 3.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 15, 2021, midnight	Vulnerabilities: feature bypass, denial of service, information disclosure...

Affected products

External IDs

db:

NVD

ids:

CVE-2021-41379, CVE-2021-42303, CVE-2021-42287, CVE-2021-41374, CVE-2021-26444, CVE-2021-41376, CVE-2021-38665, CVE-2021-42304, CVE-2021-42288, CVE-2021-42280, CVE-2021-42282, CVE-2021-36957, CVE-2021-42319, CVE-2021-40442, CVE-2021-42276, CVE-2021-42285, CVE-2021-41375, CVE-2021-42298, CVE-2021-42274, CVE-2021-41371, CVE-2021-41372, CVE-2021-41368, CVE-2021-41370, CVE-2021-43209, CVE-2021-41373, CVE-2021-42300, CVE-2021-42322, CVE-2021-41367, CVE-2021-42279, CVE-2021-42278, CVE-2021-42291, CVE-2021-42321, CVE-2021-26443, CVE-2021-42305, CVE-2021-42323, CVE-2021-42292, CVE-2021-42301, CVE-2021-41366, CVE-2021-41356, CVE-2021-43208, CVE-2021-42284, CVE-2021-38666, CVE-2021-41349, CVE-2021-42275, CVE-2021-42277, CVE-2021-42286, CVE-2021-41378, CVE-2021-41377, CVE-2021-42316, CVE-2021-3711, CVE-2021-42302, CVE-2021-42283, CVE-2021-38631, CVE-2021-41351, CVE-2021-42296

New Windows update patches 55 bugs and major vulnerabilities Trust: 3.25 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 11, 2021, 8 a.m.	Vulnerabilities: code execution

Affected products	External IDs

VARIoT news about IoT security