Sign-up

VARIoT news about IoT security

Millions of Windows 10 PCs exposed by nasty security vulnerability | TechRadar

Trust: 3.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 27, 2021, 3:04 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: asus model: asus

Apple products vulnerable to FORCEDENTRY zero-day attack - patch now! - Naked Security

Related entries in the VARIoT vulnerabilities database: VAR-202108-1057, VAR-202108-2172

Trust: 4.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 14, 2021, 6:45 p.m.
 Vulnerabilities: integer overflow, code execution, buffer overflow
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: ipad
vendor: apple model: webkit
vendor: apple model: macbook
vendor: apple model: watchos
vendor: apple model: watch
vendor: apple model: macos
vendor: apple model: safari
db: NVD ids: CVE-2021-30860, CVE-2021-30858

Unpatched MacOS vulnerability lets remote attackers execute code | Ars Technica

Trust: 3.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 22, 2021, 12:27 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: safari

How bad is that new Apple spyware vulnerability?

Trust: 3.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 14, 2021, 10:05 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone

Vulnerabilities in Realtek SDK put IoT devices at risk | Born's Tech and Windows World

Trust: 4.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 26, 2021, 9:21 a.m.
 Vulnerabilities: command injection, memory corruption
Affected productsExternal IDs
vendor: netgear model: router
vendor: belkin model: router
vendor: realtek model: realtek sdk
vendor: buffalo model: router
vendor: d-link model: router
vendor: asustek model: router
db: NVD ids: CVE-2021-35392, CVE-2021-35395, CVE-2021-35393, CVE-2021-35394

Best Practices for Communicating Medical Device Vulnerabilities to Patients - ComplianceJunction

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 12, 2021, 3:27 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: medtronic model: paradigm
vendor: medtronic model: minimed 508

Critical IoT security camera vulnerability allows attackers to remotely watch live video - and gain access to networks | ZDNet

Trust: 4.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 17, 2021, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: watch
db: NVD ids: CVE-2021-28372

Millions of IoT Devices Exposed to Attacks Due to Cloud Platform Vulnerability | SecurityWeek.Com

Trust: 5.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 14, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: realtek model: realtek sdk
db: NVD ids: CVE-2021-28372

NVD - CVE-2021-1534

Trust: 3.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 3, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco systems model: cisco systems
vendor: cisco systems model: cisco email security appliance
vendor: cisco systems model: asyncos software
vendor: cisco systems model: cisco asyncos
vendor: cisco systems model: email security appliance
vendor: cisco systems model: asyncos
vendor: cisco model: cisco systems
vendor: cisco model: cisco email security appliance
vendor: cisco model: asyncos software
vendor: cisco model: cisco asyncos
vendor: cisco model: email security appliance
vendor: cisco model: asyncos
db: NVD ids: CVE-2021-1534

Time to check software and security settings for Windows network vulnerabilities | CSO Online

Trust: 3.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 13, 2021, 7 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-40444

Researcher discloses several zero-day iOS, iPadOS vulnerabilities - The Mac Security Blog

Trust: 3.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 24, 2021, 9:42 p.m.
 Vulnerabilities: authentication vulnerability, information disclosure
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: watch
vendor: apple model: ipad
vendor: apple model: ipod touch

BrakTooth vulnerabilities impact closed-source Bluetooth stacks used in chips from Espressif, Intel, Qualcomm... - CNX Software

Trust: 4.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 13, 2021, 3:55 a.m.
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
vendor: espressif systems model: systems esp32
vendor: espressif systems model: esp32-devkitc
vendor: espressif model: systems esp32
vendor: espressif model: esp32-devkitc

Microsoft patches 66 vulnerabilities in September update

Trust: 4.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 15, 2021, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-36965, CVE-2021-38657, CVE-2021-36956, CVE-2021-40444, CVE-2021-38667, CVE-2021-38647, CVE-2021-38671, CVE-2021-26435, CVE-2021-40447

NVD - CVE-2021-34734

Related entries in the VARIoT vulnerabilities database: VAR-202108-0822

Trust: 5.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 26, 2021, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: cisco systems
vendor: cisco model: link layer discovery protocol
vendor: cisco model: series
vendor: cisco systems model: cisco systems
vendor: cisco systems model: link layer discovery protocol
vendor: cisco systems model: series
db: NVD ids: CVE-2021-34734

Update Apple devices immediately to close a critical security vulnerability | Access Tufts

Trust: 3.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 17, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: watchos

MikroTik blog - MÄ“ris botnet

Related entries in the VARIoT vulnerabilities database: VAR-201808-0384

Trust: 4.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 15, 2021, midnight
 Vulnerabilities: weak password
Affected productsExternal IDs
vendor: mikrotik model: routers
vendor: mikrotik model: mikrotik router
vendor: mikrotik model: routeros
vendor: mikrotik model: mikrotik
vendor: mikrotik model: router
db: NVD ids: CVE-2018-14847

Apple patches zero-day flaw affecting all devices - Security - iTnews

Trust: 3.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 4, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: watchos

How a Medical Device Vulnerability Can Compromise Privacy

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Dec. 18, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: zoom model: zoom

Devices From Many Vendors Can Be Hacked Remotely Due to Flaws in Realtek SDK | SecurityWeek.Com

Trust: 4.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 14, 2022, midnight
 Vulnerabilities: denial of service, command injection
Affected productsExternal IDs
vendor: realtek model: audio driver
vendor: realtek model: realtek sdk
vendor: asus model: asus
vendor: huawei model: huawei
db: NVD ids: CVE-2021-35392, CVE-2021-35395

Bluetooth devices proven to be vulnerable to unfixable security problems

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 1, 2021, 10:42 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: asus model: asus