VARIoT latest news about IoT security

10 fatal mistakes in embedded systems security - Embedded.com Trust: 3.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Oct. 26, 2021, 1:03 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

db:

NVD

ids:

CVE-2021-21284

Zero Day Initiative - The November 2021 Security Update Review Related entries in the VARIoT vulnerabilities database: VAR-202111-0789, VAR-202111-0473, VAR-202111-0697, VAR-202111-0660 Trust: 3.5 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 9, 2021, midnight	Vulnerabilities: security feature bypass, cross-site scripting, cross-site request forgery...

Affected products

External IDs

db:

NVD

ids:

CVE-2021-42283, CVE-2021-41378, CVE-2021-42300, CVE-2021-41376, CVE-2021-41367, CVE-2021-41379, CVE-2021-42285, CVE-2021-41374, CVE-2021-42323, CVE-2021-41368, CVE-2021-42277, CVE-2021-41373, CVE-2021-42287, CVE-2021-42278, CVE-2021-42291, CVE-2021-42301, CVE-2021-26443, CVE-2021-42319, CVE-2021-42292, CVE-2021-26444, CVE-2021-42274, CVE-2021-41370, CVE-2021-42275, CVE-2021-43208, CVE-2021-43209, CVE-2021-42316, CVE-2021-41366, CVE-2021-42286, CVE-2021-42282, CVE-2021-42296, CVE-2021-41349, CVE-2021-41377, CVE-2021-42304, CVE-2021-42322, CVE-2021-42276, CVE-2021-42288, CVE-2021-41351, CVE-2021-42279, CVE-2021-42305, CVE-2021-42321, CVE-2021-42302, CVE-2021-42298, CVE-2021-38665, CVE-2021-41375, CVE-2021-40442, CVE-2021-41372, CVE-2021-42303, CVE-2021-38666, CVE-2021-3711, CVE-2021-41356, CVE-2021-42284, CVE-2021-41371, CVE-2021-42280, CVE-2021-36957, CVE-2021-38631

Google discovers ‘watering hole’ hacking campaign that used zero-day macOS flaw - SiliconANGLE Related entries in the VARIoT vulnerabilities database: VAR-202108-1374 Trust: 5.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 12, 2021, 6:28 p.m.	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:	apple	model:	webkit
vendor:	apple	model:	macos
vendor:	apple	model:	safari

db:

NVD

ids:

CVE-2021-30869

Non-root Containers And Devices \| Kubernetes Trust: 3.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 9, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

dpdk

model:

dpdk

db:

NVD

ids:

CVE-2019-5736, cve-2019-5736

NIST Special Publication 800-63B Trust: 3.5 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Jan. 15, 2022, 1:20 p.m.	Vulnerabilities: cross-site request forgery, request forgery, cross-site scripting...

Affected products

External IDs

vendor:

essential

model:

phone

Inside 1,602 pentests: Common vulnerabilities, findings and fixes - Infosec Resources Trust: 3.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Oct. 29, 2021, 10:14 p.m.	Vulnerabilities: cross-site scripting

Affected products

External IDs

vendor:

trend

model:

security

GS728TPv2 / GS728TPPv2 / GS752TPv2 / GS752TPP Firmware Version 6.0.9.3 \| Answer \| NETGEAR Support Trust: 3.0 Fetched: Nov. 22, 2021, 8:12 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	netgear	model:	gs728tpv2
vendor:	netgear	model:	gs752tpp
vendor:	netgear	model:	gs752tpp firmware
vendor:	netgear	model:	gs728tppv2
vendor:	netgear	model:	gs752tpv2

Microsoft Security Bulletin Coverage for November 2021 - SonicWall Related entries in the VARIoT vulnerabilities database: VAR-202111-0697, VAR-202111-0473, VAR-202111-0789, VAR-202111-0660 Trust: 4.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 15, 2021, midnight	Vulnerabilities: feature bypass, denial of service, information disclosure...

Affected products

External IDs

db:

NVD

ids:

CVE-2021-41379, CVE-2021-42303, CVE-2021-42287, CVE-2021-41374, CVE-2021-26444, CVE-2021-41376, CVE-2021-38665, CVE-2021-42304, CVE-2021-42288, CVE-2021-42280, CVE-2021-36957, CVE-2021-42282, CVE-2021-42285, CVE-2021-40442, CVE-2021-42276, CVE-2021-42319, CVE-2021-42298, CVE-2021-41375, CVE-2021-41371, CVE-2021-42274, CVE-2021-41372, CVE-2021-41368, CVE-2021-41370, CVE-2021-43209, CVE-2021-41373, CVE-2021-42300, CVE-2021-42322, CVE-2021-41367, CVE-2021-42279, CVE-2021-42278, CVE-2021-42291, CVE-2021-42321, CVE-2021-26443, CVE-2021-42305, CVE-2021-42323, CVE-2021-42292, CVE-2021-41366, CVE-2021-42301, CVE-2021-41356, CVE-2021-43208, CVE-2021-42284, CVE-2021-41349, CVE-2021-38666, CVE-2021-42275, CVE-2021-42277, CVE-2021-42286, CVE-2021-41378, CVE-2021-41377, CVE-2021-42316, CVE-2021-3711, CVE-2021-42283, CVE-2021-42302, CVE-2021-38631, CVE-2021-41351, CVE-2021-42296

Researcher finds SSRF bug in internal Google Cloud project, nabs $10,000 bounty \| The Daily Swig Trust: 4.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 19, 2021, 3:45 p.m.	Vulnerabilities: request forgery

Affected products

External IDs

vendor:

serve

model:

serve

Clubhouse launches bug bounty program with $3,000 on offer for critical vulnerabilities \| The Daily Swig Trust: 4.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 18, 2021, 1:40 p.m.	Vulnerabilities: information disclosure

Affected products

External IDs

vendor:

sonos

model:

sonos

Analyzing a watering hole campaign using macOS exploits Related entries in the VARIoT vulnerabilities database: VAR-202108-1374 Trust: 6.0 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 11, 2021, midnight	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:

apple

model:

macos

db:

NVD

ids:

CVE-2021-30869

AMD's Radeon vulnerability haul shows why you should always update your GPU drivers \| PC Gamer Trust: 4.0 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 12, 2021, 11:58 a.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

serve

model:

serve

Shrootless: Microsoft finds Apple macOS vulnerability \| Malwarebytes Labs Related entries in the VARIoT vulnerabilities database: VAR-202108-2056 Trust: 4.0 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Oct. 29, 2021, 1:31 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

macos

db:

NVD

ids:

CVE-2021-30892

Google Patches 2 Actively Exploited Chrome Zero-Days Trust: 3.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Oct. 29, 2021, 8:42 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	chrome
vendor:	google	model:	google chrome
vendor:	node.js	model:	node.js

db:

NVD

ids:

CVE-2021-38000, CVE-2021-38001, CVE-2021-38002, CVE-2021-38003

Apple iPhone iOS 14.8 patches security exploit used by Pegasus spyware \| Euronews Trust: 3.5 Fetched: Nov. 22, 2021, 8:12 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	iphone
vendor:	apple	model:	macos

db:

NVD

ids:

cve-2021-30858

November Patch Tuesday: Microsoft release fixes for Windows 10 and Windows 11 - MSPoweruser Trust: 3.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 9, 2021, 8:30 p.m.	Vulnerabilities: feature bypass, denial of service, information disclosure...

Affected products	External IDs

Security Bulletin: Vulnerability in sed affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem V9000 products Related entries in the VARIoT vulnerabilities database: VAR-202110-0579 Trust: 4.75 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 18, 2021, midnight	Vulnerabilities: denial of service

Affected products

External IDs

db:

NVD

ids:

CVE-2021-29873

Vulnerabilities in NPM allowed threat actors to publish new version of any package \| The Daily Swig Trust: 3.0 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Nov. 17, 2021, 2:32 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

node.js

model:

node.js

NVD - CVE-2021-34727 Trust: 5.25 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Oct. 13, 2021, midnight	Vulnerabilities: buffer overflow, denial of service

Affected products

External IDs

vendor:	cisco systems	model:	ios xe sd-wan software
vendor:	cisco systems	model:	asr_1000
vendor:	cisco systems	model:	cisco systems
vendor:	cisco systems	model:	cisco ios xe
vendor:	cisco systems	model:	ios xe
vendor:	cisco systems	model:	cisco ios
vendor:	cisco systems	model:	sd-wan
vendor:	cisco	model:	ios xe sd-wan software
vendor:	cisco	model:	asr_1000
vendor:	cisco	model:	cisco systems
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	sd-wan

db:

NVD

ids:

CVE-2021-34727

Security Researcher Immediately Issues Bypass for Windows 0-Day Vulnerability Patch Related entries in the VARIoT vulnerabilities database: VAR-202108-1005 Trust: 3.0 Fetched: Nov. 22, 2021, 8:12 a.m., Published: Dec. 15, 2021, midnight	Vulnerabilities: privilege elevation

Affected products

External IDs

db:

NVD

ids:

CVE-2021-34484

VARIoT news about IoT security