Sign-up

VARIoT news about IoT security

Vulnerabilities identified in the Abode IOTA security system: Fake image injection into timeline

Trust: 5.75

Fetched: Dec. 28, 2021, 9:20 a.m., Published: -
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: netgear model: orbi
vendor: netgear model: router
db: NVD ids: CVE-2020-8105

Vulnerability Scans (What They Do & Don't Tell You)

Trust: 3.5

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 8, 2021, 5:03 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: wireshark model: wireshark
vendor: trend model: security

Log4j “Log4Shell” vulnerability explained: what, why, and how? - 1E

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 3.75

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 13, 2021, 6:51 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: check point model: check point
db: NVD ids: CVE-2021-44228

Log4j may be the worst vulnerability yet, says Department of Homeland Security | AppleInsider

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 5.0

Fetched: Dec. 28, 2021, 9:20 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: icloud
db: NVD ids: CVE-2021-44228

Log4j vulnerability being used to empty victims' bank accounts | Express.co.uk

Trust: 3.0

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 21, 2021, 5:58 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: icloud

NVD - CVE-2021-45046

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566, VAR-202112-0562

Trust: 4.25

Fetched: Dec. 28, 2021, 9:20 a.m., Published: -
 Vulnerabilities: denial of service, information leak, code execution
Affected productsExternal IDs
vendor: sonicwall model: email_security
vendor: netapp model: oncommand_insight
vendor: netapp model: snapcenter
vendor: siemens model: comos
db: NVD ids: CVE-2021-44228, CVE-2021-45046

Log4j Vulnerability: Everything You Need To Know About the Zero-Day Flaw | Toolbox It Security

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 5.5

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Jan. 7, 2022, 6:40 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: check point model: check point
vendor: check point software technologies model: check point
vendor: cisco model: unity
vendor: cisco model: guard
vendor: apple model: macos
vendor: sonicwall model: web application firewall
vendor: broadcom model: broadcom
vendor: broadcom model: linux
db: NVD ids: CVE-2021-44228

Log4j vulnerability being used to empty victims' bank accounts | Express.co.uk

Trust: 3.0

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 21, 2021, 5:58 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: icloud

Log4Shell RCE Vulnerability - NHS Digital

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 4.25

Fetched: Dec. 28, 2021, 9:20 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228

Log4Shell Could be The Most Dangerous Software Vulnerability Ever

Trust: 3.75

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 15, 2021, 2:50 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: check point model: check point
vendor: cisco model: webex

Log4j Causes Nearly 900K Cyberattacks in 4 Days | PYMNTS.com

Trust: 3.0

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 14, 2021, 11:18 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: check point model: check point

December 2021 Patch Tuesday: Fixes for 67 vulnerabilities, including 6 zero-days - ManageEngine Blog

Trust: 3.75

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 15, 2021, 2:03 a.m.
 Vulnerabilities: memory corruption, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-43880, CVE-2021-43217, CVE-2021-43240, CVE-2021-43890, CVE-2021-43883, CVE-2021-43233, CVE-2021-41333, CVE-2021-43215, CVE-2021-43907, CVE-2021-43893, CVE-2021-42310, CVE-2021-43899, CVE-2021-43905

Log4j vulnerability, a bombshell zero-day exploit with global impact | CyberNews

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 5.0

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 10, 2021, 4:13 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

Trust: 5.5

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Jan. 7, 2022, 7:33 p.m.
 Vulnerabilities: buffer overflow, code execution, use after free
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: home
vendor: google model: google chrome
db: NVD ids: CVE-2021-4099, CVE-2021-4100, CVE-2021-4098, CVE-2021-4101, CVE-2021-4102

Ethical hackers found 20% more vulnerabilities in 2021 | CyberNews

Trust: 4.25

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 9, 2021, 12:16 p.m.
 Vulnerabilities: improper access control, cross-site scripting, information disclosure
Affected productsExternal IDs
vendor: huawei model: huawei
vendor: trend model: security

What Is Computer Vulnerability? | myoddpc

Trust: 3.75

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 13, 2021, midnight
 Vulnerabilities: configuration vulnerability
Affected productsExternal IDs

Vulnerabilities in Billions of Wi-Fi and Bluetooth Modules Could Steal Passwords and Data - Aroged

Trust: 5.5

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 14, 2021, 5:21 a.m.
 Vulnerabilities: denial of service, privilege escalation, code execution
Affected productsExternal IDs
vendor: broadcom model: broadcom
db: NVD ids: CVE-2020-10367, CVE-2020-10368, CVE-2020-10370, CVE-2019-15063, CVE-2020-10369

Log4Shell: Critical log4j Vulnerability | Radware Blog

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 4.25

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 14, 2021, 3:14 p.m.
 Vulnerabilities: code execution, command execution, injection attack
Affected productsExternal IDs
vendor: canary model: canary
vendor: radware model: appwall
vendor: serve model: serve
db: NVD ids: CVE-2021-44228

The Log4j vulnerability is bad. Here's the good news | VentureBeat

Trust: 3.75

Fetched: Dec. 27, 2021, 1:07 p.m., Published: Dec. 10, 2021, 10:56 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: icloud

Fortinet : Security vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202111-0322, VAR-202112-0339, VAR-202111-0284, VAR-202112-0383, VAR-202112-0406, VAR-202109-0502, VAR-202111-0330, VAR-202112-0288, VAR-202111-0314, VAR-202112-0356, VAR-202110-0151, VAR-202112-0286, VAR-202112-0729, VAR-202111-0317, VAR-202112-0330, VAR-202111-0306, VAR-202112-0379, VAR-202112-0401, VAR-202112-0400, VAR-202112-0523, VAR-202111-0313, VAR-202111-0305, VAR-202112-0380, VAR-202111-0343, VAR-202112-0328, VAR-202112-0331, VAR-202112-0421, VAR-202112-0338, VAR-202108-0712, VAR-202112-0367, VAR-202108-0658, VAR-202112-0384, VAR-202112-0399, VAR-202111-0241, VAR-202112-0526, VAR-202112-0287, VAR-202110-0150, VAR-202112-0420, VAR-202112-1045, VAR-202112-0329, VAR-202112-0670, VAR-202110-0149, VAR-202112-0378, VAR-202111-0302, VAR-202112-0524, VAR-202109-0501, VAR-202112-0332, VAR-202111-0307, VAR-202112-0405, VAR-202112-0525

Trust: 5.75

Fetched: Dec. 27, 2021, 1:07 p.m., Published: -
 Vulnerabilities: authorization vulnerability, os command injection, privilege escalation...
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2021-41019, CVE-2021-36180, CVE-2021-36192, CVE-2021-41025, CVE-2021-36195, CVE-2021-36182, CVE-2021-36176, CVE-2021-41029, CVE-2021-36174, CVE-2021-42760, CVE-2021-36178, CVE-2021-43067, CVE-2021-42758, CVE-2021-36181, CVE-2021-41024, CVE-2021-36186, CVE-2021-41027, CVE-2021-36189, CVE-2021-36194, CVE-2021-36188, CVE-2021-36185, CVE-2021-36187, CVE-2021-36191, CVE-2021-36183, CVE-2021-43063, CVE-2021-41015, CVE-2021-41013, CVE-2021-42757, CVE-2021-36168, CVE-2021-43068, CVE-2021-32603, CVE-2021-41021, CVE-2021-43204, CVE-2021-36172, CVE-2021-36167, CVE-2021-42752, CVE-2021-36175, CVE-2021-41030, CVE-2021-41028, CVE-2021-43064, CVE-2021-36169, CVE-2021-36170, CVE-2021-36190, CVE-2021-42754, CVE-2021-43071, CVE-2021-36179, CVE-2021-41014, CVE-2021-36184, CVE-2021-41017, CVE-2021-43065