VARIoT latest news about IoT security

[Updated, again] Apache fixes zero-day vulnerability in HTTP Server \| Malwarebytes Labs Related entries in the VARIoT vulnerabilities database: VAR-202110-1691, VAR-202110-1571, VAR-202110-1690 Trust: 4.75 Fetched: Nov. 30, 2021, 11:30 a.m., Published: Oct. 6, 2021, 2:23 p.m.	Vulnerabilities: denial of service, path traversal, traversal attack

Affected products

External IDs

db:

NVD

ids:

CVE-2021-41773, CVE-2021-41524, CVE-2021-42013

Eighteen high severity vulnerabilities remediated in AMD's Radeon graphics driver packages \| TechSpot Trust: 3.0 Fetched: Nov. 30, 2021, 11:30 a.m., Published: Jan. 11, 2022, midnight	Vulnerabilities: code execution

Affected products	External IDs

Vulnerability in MediaTek chipsets discovered, promptly fixed - GSMArena.com news Trust: 3.75 Fetched: Nov. 30, 2021, 11:30 a.m., Published: Nov. 24, 2021, midnight	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:	huawei	model:	huawei
vendor:	check point	model:	check point

NVD - CVE-2021-34765 Related entries in the VARIoT vulnerabilities database: VAR-202109-0624 Trust: 3.5 Fetched: Nov. 30, 2021, 11:30 a.m., Published: Jan. 3, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco systems	model:	cisco systems
vendor:	cisco systems	model:	nexus
vendor:	cisco	model:	cisco systems
vendor:	cisco	model:	nexus

db:

NVD

ids:

CVE-2021-34765

Mobile Woman Sentenced for Social Security Benefits Fraud Scheme Targeting Vulnerable Residents of Her Group Homes \| USAO-SDAL \| Department of Justice Trust: 3.0 Fetched: Nov. 30, 2021, 11:30 a.m., Published: Sept. 14, 2021, 7:45 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

serve

model:

serve

Objects > Security Profiles > Vulnerability Protection Trust: 3.5 Fetched: Nov. 30, 2021, 11:30 a.m., Published: Jan. 5, 2022, 2:53 p.m.	Vulnerabilities: brute force attack

Affected products

External IDs

vendor:	palo alto networks	model:	firewall
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	palo alto networks
vendor:	palo	model:	firewall
vendor:	palo	model:	networks
vendor:	palo	model:	palo alto networks

Patched macOS Catalina vulnerability targeted Hong Kong users \| AppleInsider Related entries in the VARIoT vulnerabilities database: VAR-202108-1374 Trust: 3.75 Fetched: Nov. 30, 2021, 11:30 a.m., Published: -	Vulnerabilities: privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2021-30869

Objects > Security Profiles > Vulnerability Protection Trust: 3.5 Fetched: Nov. 30, 2021, 11:30 a.m., Published: Jan. 5, 2022, midnight	Vulnerabilities: brute force attack

Affected products

External IDs

vendor:	palo alto networks	model:	firewall
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	palo alto networks
vendor:	palo	model:	firewall
vendor:	palo	model:	networks
vendor:	palo	model:	palo alto networks

AMD Windows 10 graphics drivers with vulnerabilities (Nov. 2021) \| Born's Tech and Windows World Trust: 4.75 Fetched: Nov. 29, 2021, 2:59 p.m., Published: Nov. 16, 2021, 1:24 p.m.	Vulnerabilities: privilege escalation, denial of service, information disclosure...

Affected products

External IDs

db:

NVD

ids:

CVE-2020-12985, CVE-2020-12891, CVE-2020-12980, CVE-2020-12900, CVE-2020-12905, CVE-2020-12987, CVE-2020-12892, CVE-2020-12903, CVE-2020-12899, CVE-2020-12894, CVE-2020-12895, CVE-2020-12986, CVE-2020-12982, CVE-2020-12904, CVE-2020-12929, CVE-2020-12964, CVE-2020-12983, CVE-2020-12962, CVE-2020-12920, CVE-2020-12963, CVE-2020-12901, CVE-2020-12981, CVE-2020-12902, CVE-2020-12893, CVE-2020-12897, CVE-2020-12960, CVE-2020-12898

CVE-2021-0146: Intel Processor Escalation Privilege Vulnerability Alert Trust: 3.75 Fetched: Nov. 29, 2021, 2:59 p.m., Published: Nov. 17, 2021, 8:05 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	tesla	model:	model 3
vendor:	tesla	model:	model

db:

NVD

ids:

CVE-2021-0146

Windows 11 bug disclosed by researcher unhappy with Microsoft bug bounties \| Windows Central Trust: 4.25 Fetched: Nov. 29, 2021, 2:59 p.m., Published: Nov. 23, 2021, 6:08 p.m.	Vulnerabilities: privilege elevation

Affected products	External IDs

Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution Trust: 4.25 Fetched: Nov. 29, 2021, 2:59 p.m., Published: Jan. 7, 2022, 7:33 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:

google

model:

android

A Vulnerability in Multiple NETGEAR Products Could Allow for Arbitrary Code Execution \| New York State Office of Information Technology Services Trust: 3.25 Fetched: Nov. 29, 2021, 2:59 p.m., Published: Nov. 18, 2021, 5:19 p.m.	Vulnerabilities: code execution

Affected products	External IDs

New Critical Vulnerabilities Found on Nucleus TCP/IP Stack - Security Boulevard Related entries in the VARIoT vulnerabilities database: VAR-202111-1605, VAR-202103-0365 Trust: 5.25 Fetched: Nov. 29, 2021, 2:59 p.m., Published: Nov. 9, 2021, 11 a.m.	Vulnerabilities: denial of service, information leak, code execution

Affected products

External IDs

vendor:	siemens	model:	nucleus
vendor:	siemens	model:	nucleus net
vendor:	siemens	model:	nucleus rtos

db:

NVD

ids:

CVE-2021-31886, CVE-2016-20009

'Hackers' manage to exploit a vulnerability in Windows 11 and all versions of the operating system - Market Research Telecast Related entries in the VARIoT vulnerabilities database: VAR-202111-0697 Trust: 3.0 Fetched: Nov. 29, 2021, 2:59 p.m., Published: Nov. 26, 2021, 1:03 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-41379

Vulnerability Summary for the Week of November 15, 2021 \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202111-0809, VAR-202111-1069, VAR-202111-0787, VAR-202111-0593, VAR-202111-0617, VAR-202111-1089, VAR-202111-0777, VAR-202111-1087, VAR-202111-1179, VAR-202111-0611, VAR-202111-0539, VAR-202111-0521, VAR-202111-1051, VAR-202111-0509, VAR-202111-1058, VAR-202111-0514, VAR-202111-1088, VAR-202111-0624, VAR-202111-0808, VAR-202111-0510, VAR-202111-0778, VAR-202111-0835, VAR-202111-0625, VAR-202111-0517 Trust: 5.25 Fetched: Nov. 29, 2021, 2:59 p.m., Published: Nov. 15, 2021, midnight	Vulnerabilities: authentication bypass, request forgery, code execution...

Affected products

External IDs

vendor:	dell emc	model:	bios
vendor:	dell	model:	bios
vendor:	lenovo	model:	bios
vendor:	lenovo	model:	updates
vendor:	lenovo	model:	system
vendor:	lenovo	model:	desktop
vendor:	ruijie	model:	switch
vendor:	asus	model:	asus
vendor:	broadcom	model:	linux
vendor:	broadcom	model:	broadcom
vendor:	motorola	model:	motorola
vendor:	motorola	model:	android
vendor:	osisoft	model:	pi_vision
vendor:	osisoft	model:	pi vision
vendor:	advantech	model:	webaccess_hmi_designer
vendor:	advantech	model:	webaccess
vendor:	google	model:	wifi
vendor:	google	model:	android
vendor:	cacti	model:	cacti
vendor:	qnap	model:	helpdesk

db:

NVD

ids:

CVE-2021-42379, CVE-2021-26321, CVE-2021-43496, CVE-2021-42337, CVE-2021-43574, CVE-2021-41271, CVE-2021-43620, CVE-2021-38978, CVE-2021-43336, CVE-2021-41269, CVE-2020-12903, CVE-2021-24804, CVE-2021-41266, CVE-2021-42384, CVE-2021-21701, CVE-2021-3787, CVE-2021-43276, CVE-2021-43331, CVE-2021-0655, CVE-2021-34357, CVE-2021-41244, CVE-2021-36305, CVE-2021-43492, CVE-2021-3840, CVE-2021-43277, CVE-2021-3519, CVE-2021-41950, CVE-2021-38974, CVE-2020-4146, CVE-2021-39231, CVE-2021-38972, CVE-2020-12902, CVE-2021-43553, CVE-2021-26336, CVE-2021-25965, CVE-2021-43577, CVE-2021-24796, CVE-2021-0078, CVE-2021-43337, CVE-2021-40745, CVE-2020-12898, CVE-2020-21639, CVE-2021-43275, CVE-2021-24802, CVE-2021-39233, CVE-2021-3577, CVE-2021-3934, CVE-2020-12900, CVE-2021-33481, CVE-2021-33480, CVE-2021-30266, CVE-2020-12892, CVE-2021-43977, CVE-2021-42381, CVE-2021-24776, CVE-2021-38979, CVE-2021-43610, CVE-2021-43611, CVE-2020-14424, CVE-2021-42956, CVE-2021-38981, CVE-2021-39235, CVE-2020-12895, CVE-2021-43390, CVE-2021-38983, CVE-2021-26315, CVE-2020-12929, CVE-2020-21627, CVE-2021-25940, CVE-2021-0096, CVE-2021-24852, CVE-2021-38977, CVE-2021-43493, CVE-2021-43975, CVE-2021-0657, CVE-2021-24758, CVE-2021-3932, CVE-2021-0013, CVE-2021-0071, CVE-2021-42386, CVE-2021-41263, CVE-2021-3683, CVE-2021-0079, CVE-2021-33056, CVE-2021-1981, CVE-2021-43576, CVE-2021-1921, CVE-2021-30263, CVE-2021-3931, CVE-2021-42773, CVE-2021-3776, CVE-2021-42703, CVE-2021-0063, CVE-2021-42378, CVE-2021-43280, CVE-2021-26322, CVE-2020-12946, CVE-2021-43279, CVE-2021-30284, CVE-2021-1903, CVE-2021-0121, CVE-2021-39236, CVE-2021-24834, CVE-2021-25983, CVE-2021-0064, CVE-2021-38985, CVE-2021-33086, CVE-2021-36908, CVE-2021-33089, CVE-2021-26323, CVE-2021-42775, CVE-2021-42954, CVE-2020-21141, CVE-2021-41972, CVE-2021-3793, CVE-2021-38975, CVE-2021-43618, CVE-2021-33479, CVE-2020-12944, CVE-2021-40756, CVE-2021-25984, CVE-2021-24851, CVE-2021-0065, CVE-2020-12964, CVE-2021-3945, CVE-2020-12962, CVE-2021-36909, CVE-2021-33087, CVE-2021-22959, CVE-2021-43273, CVE-2021-42250, CVE-2021-0656, CVE-2020-12893, CVE-2021-0658, CVE-2021-0667, CVE-2021-33106, CVE-2021-39234, CVE-2021-42362, CVE-2021-24847, CVE-2021-42563, CVE-2021-42525, CVE-2021-42382, CVE-2021-43391, CVE-2021-39222, CVE-2021-38984, CVE-2021-3788, CVE-2021-1982, CVE-2021-25976, CVE-2020-12951, CVE-2021-41951, CVE-2020-8741, CVE-2021-43274, CVE-2021-34992, CVE-2021-26795, CVE-2021-21528, CVE-2021-42706, CVE-2021-24772, CVE-2021-3792, CVE-2021-41532, CVE-2021-43578, CVE-2021-0664, CVE-2021-42380, CVE-2021-43494, CVE-2021-25982, CVE-2021-42838, CVE-2021-42377, CVE-2021-24853, CVE-2021-43278, CVE-2021-30265, CVE-2021-3921, CVE-2021-42725, CVE-2021-43332, CVE-2021-42383, CVE-2021-42385, CVE-2021-43495, CVE-2020-12961, CVE-2021-39232, CVE-2021-38973, CVE-2021-40761, CVE-2021-42363, CVE-2021-3775, CVE-2021-37910, CVE-2021-30264, CVE-2021-42268

Security Advisory - Possible Out-Of-Bounds Read Vulnerability in Some Huawei Products Related entries in the VARIoT vulnerabilities database: VAR-202111-1479 Trust: 5.0 Fetched: Nov. 29, 2021, 2:59 p.m., Published: Nov. 15, 2021, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

huawei

model:

huawei

db:

NVD

ids:

CVE-2021-39995

Security flaw identified in smartphone chip used in Android devices Trust: 3.75 Fetched: Nov. 29, 2021, 2:59 p.m., Published: Nov. 25, 2021, 9:29 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	vivo	model:	vivo
vendor:	google	model:	android
vendor:	check point	model:	check point

db:

NVD

ids:

CVE-2021-0662, CVE-2021-0661, CVE-2021-0663, CVE-2021-0673

Cisco vulnerability could cause your firewalls to fail \| TechRadar Related entries in the VARIoT vulnerabilities database: VAR-202110-1796 Trust: 5.75 Fetched: Nov. 29, 2021, 2:59 p.m., Published: Nov. 23, 2021, 3:20 a.m.	Vulnerabilities: denial of service, buffer overflow

Affected products

External IDs

vendor:	cisco	model:	firepower
vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	firepower threat defense

db:

NVD

ids:

CVE-2021-34704

What are Android security updates, and why do they matter? Trust: 3.5 Fetched: Nov. 29, 2021, 2:59 p.m., Published: Nov. 19, 2021, 5:22 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	samsung	model:	note
vendor:	samsung	model:	galaxy
vendor:	samsung	model:	android phone
vendor:	samsung	model:	samsung galaxy
vendor:	samsung	model:	notes
vendor:	samsung	model:	samsung
vendor:	samsung	model:	mobile
vendor:	samsung	model:	galaxy note
vendor:	nokia	model:	nokia
vendor:	nokia	model:	series
vendor:	oneplus	model:	oneplus
vendor:	oneplus	model:	one
vendor:	google	model:	android
vendor:	google	model:	pixel

VARIoT news about IoT security