Sign-up

VARIoT news about IoT security

Android Security Bulletin-July 2021 | Android Open Source Project

Related entries in the VARIoT vulnerabilities database: VAR-202107-0026

Trust: 4.25

Fetched: Dec. 28, 2021, 9:20 a.m., Published: July 16, 2021, midnight
 Vulnerabilities: denial of service, code execution, information disclosure
Affected productsExternal IDs
vendor: motorola model: android
vendor: motorola model: motorola
vendor: huawei model: huawei
vendor: google model: pixel
vendor: google model: android
vendor: nokia model: nokia
vendor: broadcom model: broadcom
vendor: samsung model: mobile
vendor: samsung model: samsung
vendor: samsung model: notes
db: NVD ids: CVE-2021-0600, CVE-2021-0587, CVE-2021-0589, CVE-2021-1953, CVE-2020-0417, CVE-2021-0590, CVE-2021-0604, CVE-2021-0441, CVE-2021-1938, CVE-2021-0597, CVE-2021-0599, CVE-2021-0592, CVE-2021-0585, CVE-2021-0586, CVE-2021-0596, CVE-2021-0601, CVE-2021-0602, CVE-2021-0594, CVE-2021-0515, CVE-2021-0588, CVE-2020-11307, CVE-2021-0603, CVE-2020-0368, CVE-2021-0514, CVE-2021-0486, CVE-2021-0577

Every Android Device Since 2012 Impacted by RAMpage Vulnerability

Trust: 3.5

Fetched: Dec. 28, 2021, 9:20 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: google model: home
db: NVD ids: CVE-2018-9442

Cisco Firepower Device Manager Software Filesystem Space Exhaustion Denial of Service Vulnerability

Trust: 4.75

Fetched: Dec. 28, 2021, 9:20 a.m., Published: April 19, 2021, 2:06 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: device manager
vendor: cisco model: firepower
vendor: cisco model: cisco firepower management center
vendor: cisco model: firepower management center

Millions of Google, Roku, and Sonos Devices Are Vulnerable to a Web Attack | WIRED

Trust: 4.75

Fetched: Dec. 28, 2021, 9:20 a.m., Published: -
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: roku model: roku
vendor: google model: home
vendor: google model: google home
vendor: google model: chromecast
vendor: sonos model: sonos

New botnet targets network security devices with critical exploits

Related entries in the VARIoT vulnerabilities database: VAR-202102-0290, VAR-202002-0403, VAR-202010-0585

Trust: 5.5

Fetched: Dec. 28, 2021, 9:20 a.m., Published: -
 Vulnerabilities: command injection, command execution, code execution...
Affected productsExternal IDs
vendor: sonicwall model: ssl-vpn
vendor: sonicwall model: sonicwall ssl-vpn
vendor: netgear model: prosafe
vendor: netgear model: router
vendor: netis model: wf2419
vendor: palo alto networks model: firewall
vendor: palo alto networks model: palo alto networks
vendor: palo alto networks model: networks
vendor: palo model: firewall
vendor: palo model: palo alto networks
vendor: palo model: networks
vendor: d-link model: dns-320
vendor: d-link model: router
db: NVD ids: CVE-2021-27561, CVE-2021-22502, CVE-2020-25506, CVE-2021-27562, CVE-2019-19356, CVE-2020-26919

'BadAlloc' vulnerabilities spell trouble for IoT, OT devices

Trust: 4.5

Fetched: Dec. 28, 2021, 9:20 a.m., Published: May 6, 2021, midnight
 Vulnerabilities: integer overflow, code execution, system crash
Affected productsExternal IDs
vendor: mbed model: mbed
db: NVD ids: CVE-2021-3420

CVE-2020-6925, CVE-2020-6926, CVE-2020-6927: Multiple Vulnerabilities in HP Device Manager - Blog | TenableĀ®

Trust: 3.75

Fetched: Dec. 28, 2021, 9:20 a.m., Published: -
 Vulnerabilities: command execution
Affected productsExternal IDs
db: NVD ids: CVE-2020-6927, CVE-2020-6925, CVE-2020-6926

Threat actors start attacking F5 devices using recent vulnerability - The Record by Recorded Future

Related entries in the VARIoT vulnerabilities database: VAR-202007-1393, VAR-202103-0654

Trust: 4.75

Fetched: Dec. 28, 2021, 9:20 a.m., Published: -
 Vulnerabilities: command execution
Affected productsExternal IDs
db: NVD ids: CVE-2020-5902, CVE-2021-22986

Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability

Trust: 3.75

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Sept. 22, 2021, 3:48 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: cisco model: ios xe
vendor: cisco model: cisco ios xe
vendor: cisco model: ios xe software
vendor: cisco model: cisco ios

Siemens SIMATIC HMI Devices Vulnerabilities (Update E) | CISA

Related entries in the VARIoT vulnerabilities database: VAR-201504-0031, VAR-201504-0235, VAR-201504-0234

Trust: 4.75

Fetched: Dec. 28, 2021, 9:20 a.m., Published: -
 Vulnerabilities: resource exhaustion
Affected productsExternal IDs
vendor: siemens model: simatic net pc-software
vendor: siemens model: wincc runtime advanced
vendor: siemens model: siemens simatic hmi
vendor: siemens model: simatic pcs 7
vendor: siemens model: simatic wincc runtime advanced
vendor: siemens model: simatic net
vendor: siemens model: simatic wincc runtime professional
vendor: siemens model: wincc
vendor: siemens model: simatic pcs
vendor: siemens model: simatic hmi panels
vendor: siemens model: tia portal
vendor: siemens model: simatic wincc
vendor: siemens model: simatic automation tool
vendor: siemens model: simatic wincc runtime
vendor: siemens model: wincc tia portal
vendor: siemens model: pcs 7
vendor: siemens model: simatic
vendor: siemens model: simatic wincc comfort
vendor: siemens model: simatic net pc
vendor: siemens model: simatic hmi
vendor: siemens model: simatic hmi basic panels 2nd generation
db: NVD ids: CVE-2015-1601, CVE-2015-2823, CVE-2015-2822

'CallStranger' vulnerability affects billions of UPNP devices

Related entries in the VARIoT vulnerabilities database: VAR-202006-0391

Trust: 5.5

Fetched: Dec. 28, 2021, 9:20 a.m., Published: -
 Vulnerabilities: request forgery
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: broadcom model: broadcom
vendor: cisco model: routers
db: NVD ids: CVE-2020-12695

Vulnerabilities in Medtronic Product Can Allow Hackers to Control Cardiac Devices | SecurityWeek.Com

Trust: 3.75

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Jan. 16, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2020-27252, CVE-2020-25183, CVE-2020-25187

US warns Log4j flaw puts hundreds of millions of devices at risk | ZDNet

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 3.0

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 14, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228

Threat Intel: Log4j - Critical Zero Day Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-202112-1782, VAR-202112-0566

Trust: 3.75

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 13, 2021, midnight
 Vulnerabilities: denial of service, service disruption, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-45105, CVE-2021-44228, CVE-2021-4104

Log4j under siege, millions of devices vulnerable | Cybersecurity Dive

Trust: 3.0

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 14, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: check point model: check point

Critical Vulnerability in Ubiquitous Apache Log4j Library Under Active Attack - Medigate Blog

Related entries in the VARIoT vulnerabilities database: VAR-202112-1782, VAR-202112-0566, VAR-202112-2011, VAR-202112-0562

Trust: 3.75

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 13, 2021, 7:06 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-45105, CVE-2021-44228, CVE-2021-4104, CVE-2021-44832, CVE-2021-45046

NVD - CVE-2021-34758

Related entries in the VARIoT vulnerabilities database: VAR-202110-0211

Trust: 5.5

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Jan. 3, 2022, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco systems model: telepresence
vendor: cisco systems model: telepresence collaboration endpoint
vendor: cisco systems model: cisco systems
vendor: cisco systems model: roomos
vendor: cisco systems model: cisco telepresence
vendor: cisco systems model: cisco roomos
vendor: cisco model: telepresence
vendor: cisco model: telepresence collaboration endpoint
vendor: cisco model: cisco systems
vendor: cisco model: roomos
vendor: cisco model: cisco telepresence
vendor: cisco model: cisco roomos
db: NVD ids: CVE-2021-34758

[no-title]

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566, VAR-202112-0562

Trust: 4.5

Fetched: Dec. 28, 2021, 9:20 a.m., Published: -
 Vulnerabilities: cross-site request forgery, cross-site scripting, request forgery...
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2014-4829, CVE-2021-44228, CVE-2021-20401, CVE-2020-4786, CVE-2021-45046, CVE-2015-1997, CVE-2021-20400, CVE-2017-1724

Enterprise Cybersecurity Roundup [September 2021]

Related entries in the VARIoT vulnerabilities database: VAR-202109-1909

Trust: 4.25

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Sept. 16, 2021, midnight
 Vulnerabilities: command execution, privilege escalation, code execution
Affected productsExternal IDs
vendor: serve model: serve
vendor: palo model: networks
vendor: palo model: palo alto networks
vendor: apple model: macos
vendor: palo alto networks model: networks
vendor: palo alto networks model: palo alto networks
db: NVD ids: CVE-2021-38649, CVE-2021-40444, CVE-2021-38645, CVE-2021-38648, CVE-2021-38647

What is Log4Shell? The Log4j vulnerability explained | Dynatrace news

Related entries in the VARIoT vulnerabilities database: VAR-202112-2011, VAR-202112-1782, VAR-202112-0566, VAR-202112-0562

Trust: 5.5

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 17, 2021, 7:15 a.m.
 Vulnerabilities: information leak, code execution
Affected productsExternal IDs
vendor: google model: home
db: NVD ids: CVE-2021-44832, CVE-2021-45105, CVE-2021-44228, CVE-2021-45046