VARIoT latest news about IoT security

Determined APT is exploiting ManageEngine ServiceDesk Plus vulnerability (CVE-2021-44077) - Help Net Security Trust: 4.5 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 3, 2021, 10:34 a.m.	Vulnerabilities: authentication bypass

Affected products

External IDs

vendor:	palo alto networks	model:	palo alto networks
vendor:	palo alto networks	model:	networks
vendor:	zoho	model:	manageengine servicedesk plus
vendor:	palo	model:	palo alto networks
vendor:	palo	model:	networks

db:

NVD

ids:

CVE-2021-33617, CVE-2021-44077

2021 another record-breaker for vulnerability disclosure Trust: 3.75 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 8, 2021, midnight	Vulnerabilities: cross-site scripting

Affected products

External IDs

vendor:

trend

model:

security

Critical SonicWall VPN Vulnerability Allows Complete Takeover - Lansweeper Trust: 4.75 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 9, 2021, 1:52 p.m.	Vulnerabilities: code execution, buffer overflow

Affected products

External IDs

vendor:	sonicwall	model:	sma 100
vendor:	sonicwall	model:	secure mobile access

Security flaw in widely-used logging system impacts Minecraft, iCloud, more Trust: 4.0 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 11, 2021, 5:27 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:

apple

model:

icloud

The Bug Report - November Edition \| McAfee Blogs Trust: 5.25 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 1, 2021, 5:01 a.m.	Vulnerabilities: buffer overflow, code execution

Affected products

External IDs

vendor:	dram	model:	dram
vendor:	palo	model:	networks
vendor:	palo	model:	pan-os
vendor:	palo	model:	firewall
vendor:	palo	model:	palo alto networks
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	pan-os
vendor:	palo alto networks	model:	firewall
vendor:	palo alto networks	model:	palo alto networks
vendor:	unbound	model:	unbound
vendor:	dnsmasq	model:	dnsmasq

db:

NVD

ids:

CVE-2021-3064, CVE-2021-42114, CVE-2021-20322

LIVEcommunity - Protect Your IoT Devices from Log4j 2 Vulnerability - LIVEcommunity - 453381 Related entries in the VARIoT vulnerabilities database: VAR-202112-1782, VAR-202112-0566, VAR-202112-0562 Trust: 4.5 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 15, 2021, 8:35 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	palo	model:	palo alto networks
vendor:	palo	model:	networks
vendor:	palo	model:	firewall
vendor:	palo alto networks	model:	palo alto networks
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	firewall

db:

NVD

ids:

CVE-2021-45105, CVE-2021-44228, CVE-2021-45046

CVE-2021-44228 - Log4j RCE 0-day mitigation Related entries in the VARIoT vulnerabilities database: VAR-202112-0566 Trust: 4.0 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 10, 2021, 11:39 a.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-44228

Kryptowire & Orange to Uncover Vulnerabilities in Mobile Devices \| AI-TechPark Trust: 3.75 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 2, 2022, midnight	Vulnerabilities: command execution, script execution

Affected products	External IDs

Vulnerabilities found in HP multi-function printers Trust: 4.0 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Nov. 30, 2021, 2 p.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-39237, CVE-2021-39238

Microsoft addresses a high-severity vulnerability in Azure AD Trust: 4.0 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Nov. 18, 2021, 11:26 p.m.	Vulnerabilities: information disclosure

Affected products

External IDs

db:

NVD

ids:

CVE-2021-42306

Millions Of Devices At Risk Over New Software Vulnerability - America HQ Related entries in the VARIoT vulnerabilities database: VAR-202112-0566 Trust: 4.75 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 15, 2021, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	canary	model:	canary
vendor:	apple	model:	icloud

db:

NVD

ids:

CVE-2021-44228

Countless Servers Are Vulnerable to Apache Log4j Zero-Day Exploit \| PCMag Related entries in the VARIoT vulnerabilities database: VAR-202112-0566 Trust: 5.0 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 11, 2022, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:

apple

model:

watch

db:

NVD

ids:

CVE-2021-44228

A Vulnerability in HP Printer Products Could Allow for Arbitrary Code Execution. \| New York State Office of Information Technology Services Trust: 3.5 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 1, 2021, 9:35 p.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-39238

Critical vulnerability in something? @ AskWoody Related entries in the VARIoT vulnerabilities database: VAR-202112-0566 Trust: 5.0 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 11, 2021, 2 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:

apple

model:

icloud

db:

NVD

ids:

CVE-2021-44228

Researchers discover serious server vulnerability in iPhone and Tesla devices \| TechGig Trust: 4.75 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 14, 2021, 10:54 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	icloud
vendor:	apple	model:	iphone

PSA: PATCH YOUR DEVICES NOW. The log4shell vulnerability allows remote code execution on all devices running log4j, a popular Java library. PATCH YOUR DEVICES NOW. \| Java LibHunt Related entries in the VARIoT vulnerabilities database: VAR-202112-0566 Trust: 4.25 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 11, 2021, midnight	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-44228

Multiple Vulnerabilities in Distributed Data Systems WebHMI Could Allow for Arbitrary Code Execution \| New York State Office of Information Technology Services Trust: 3.25 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 7, 2021, 5:49 p.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-43931, CVE-2021-43936

Millions Of Devices At Risk Over New Software Vulnerability \| The Original MinuteMan Project Related entries in the VARIoT vulnerabilities database: VAR-202112-0566 Trust: 4.75 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 16, 2021, 2 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	canary	model:	canary
vendor:	apple	model:	icloud

db:

NVD

ids:

CVE-2021-44228

Kryptowire Collaborates with Orange and Uncovers Major Vulnerabilities in Mobile Devices at Scale \| Tech Times Trust: 4.0 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 14, 2021, 6 p.m.	Vulnerabilities: command execution

Affected products

External IDs

vendor:

check point

model:

check point

Moobot botnet exploits CVE-2021-36260 flaw in Hikvision productsSecurity Affairs Trust: 4.25 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 9, 2021, 7:47 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

hikvision

model:

hikvision

db:

NVD

ids:

CVE-2021-36260

VARIoT news about IoT security