Sign-up

VARIoT news about IoT security

The Log4j Log4Shell Vulnerability: Overview, Detection, and Remediation | Datadog

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 3.75

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 17, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228

Over 300,000 MikroTik Devices Found Vulnerable to Remote Hacking Bugs

Related entries in the VARIoT vulnerabilities database: VAR-202111-0616, VAR-201910-0547, VAR-201808-0384, VAR-201910-0546, VAR-201803-2171

Trust: 5.5

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 9, 2021, 11:15 a.m.
 Vulnerabilities: code execution, buffer overflow, directory traversal
Affected productsExternal IDs
vendor: tp-link model: routers
vendor: hikvision model: hikvision
vendor: mikrotik model: routeros
vendor: mikrotik model: routers
vendor: mikrotik model: mikrotik routers
vendor: mikrotik model: winbox
vendor: mikrotik model: mikrotik
db: NVD ids: CVE-2021-36260, CVE-2021-41653, CVE-2019-3978, CVE-2018-14847, CVE-2019-3977, CVE-2018-7445

Vulnerability Summary for the Week of December 6, 2021 | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202112-0382, VAR-202112-0334, VAR-202112-0049, VAR-202112-0376, VAR-202112-0134, VAR-202112-0524, VAR-202112-0224, VAR-202112-0242, VAR-202112-0420, VAR-202112-0423, VAR-202112-0105, VAR-202112-0347, VAR-202112-0133, VAR-202112-0257, VAR-202112-0285, VAR-202112-0343, VAR-202112-0358, VAR-202112-0401, VAR-202112-0239, VAR-202112-0222, VAR-202112-0399, VAR-202112-0379, VAR-202112-0385, VAR-202112-0244, VAR-202112-0330, VAR-202112-0136, VAR-202112-0327, VAR-202112-0138, VAR-202112-0286, VAR-202112-0233, VAR-202112-0426, VAR-202112-0253, VAR-202112-0338, VAR-202112-0346, VAR-202112-0523, VAR-202112-0248, VAR-202112-0250, VAR-202112-0335, VAR-202112-0243, VAR-202112-0234, VAR-202112-0228, VAR-202112-0380, VAR-202112-0345, VAR-202112-0357, VAR-202112-0331, VAR-202112-0297, VAR-202112-0732, VAR-202112-0249, VAR-202112-0378, VAR-202112-0391, VAR-202112-0227, VAR-202112-0367, VAR-202112-0349, VAR-202112-0329, VAR-202112-0230, VAR-202112-0232, VAR-202112-0526, VAR-202112-0231, VAR-202112-0296, VAR-202112-0226, VAR-202112-0247, VAR-202112-0353, VAR-202112-0350, VAR-202112-0235, VAR-202112-0258, VAR-202112-0137, VAR-202112-0255, VAR-202112-0328, VAR-202112-0336, VAR-202112-0348, VAR-202112-0333, VAR-202112-0236, VAR-202112-0400, VAR-202112-0340, VAR-202112-0339, VAR-202112-0241, VAR-202112-0237, VAR-202112-0245, VAR-202112-0332, VAR-202112-0405, VAR-202112-0252, VAR-202112-0246, VAR-202112-0342, VAR-202112-0421, VAR-202112-0289, VAR-202112-0223

Trust: 5.25

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 6, 2021, midnight
 Vulnerabilities: authentication bypass, request forgery, format string vulnerability...
Affected productsExternal IDs
vendor: couchbase model: server
vendor: couchbase model: sync_gateway
vendor: couchbase model: couchbase server
vendor: couchbase model: sync gateway
vendor: couchbase model: couchbase sync gateway
vendor: citrix model: gateway
vendor: citrix model: application_delivery_controller_firmware
vendor: citrix model: hypervisor
vendor: wso2 model: api_manager
vendor: wso2 model: wso2 identity server
vendor: wso2 model: identity server
vendor: node.js model: node.js
vendor: qemu model: qemu
vendor: huawei model: emui
vendor: huawei model: huawei
vendor: huawei model: ar150
vendor: huawei model: ar150_firmware
vendor: fortigate model: fortios
vendor: sonicwall model: switch
vendor: sonicwall model: sma100
vendor: sonicwall model: web application firewall
vendor: sonicwall model: ssl vpn
vendor: solarwinds model: serv-u
vendor: google model: chrome
vendor: google model: android
db: NVD ids: CVE-2021-26108, CVE-2021-37021, CVE-2021-44512, CVE-2021-38510, CVE-2021-24938, CVE-2021-36198, CVE-2021-43805, CVE-2021-20047, CVE-2021-37047, CVE-2021-43071, CVE-2021-43544, CVE-2021-37096, CVE-2021-37073, CVE-2021-41030, CVE-2021-24924, CVE-2021-25511, CVE-2021-43176, CVE-2021-43537, CVE-2021-43037, CVE-2021-40578, CVE-2021-43528, CVE-2021-43535, CVE-2021-44185, CVE-2021-43538, CVE-2021-43415, CVE-2021-44527, CVE-2021-37053, CVE-2021-37055, CVE-2021-37048, CVE-2021-41311, CVE-2021-44045, CVE-2021-4049, CVE-2021-25517, CVE-2021-37040, CVE-2021-37092, CVE-2021-44048, CVE-2021-43546, CVE-2021-43963, CVE-2021-36189, CVE-2021-43531, CVE-2021-22170, CVE-2021-43673, CVE-2021-43784, CVE-2021-43800, CVE-2021-43808, CVE-2021-37078, CVE-2021-37100, CVE-2021-29719, CVE-2021-37940, CVE-2021-43204, CVE-2021-42133, CVE-2021-40313, CVE-2021-34544, CVE-2021-43536, CVE-2021-41027, CVE-2021-43539, CVE-2021-42717, CVE-2021-42125, CVE-2021-43542, CVE-2021-37071, CVE-2021-41024, CVE-2021-37042, CVE-2021-37075, CVE-2021-29756, CVE-2021-4069, CVE-2021-37038, CVE-2021-43067, CVE-2021-25041, CVE-2021-43798, CVE-2021-37083, CVE-2021-43039, CVE-2021-38506, CVE-2021-44046, CVE-2021-20043, CVE-2021-37060, CVE-2021-28703, CVE-2021-24939, CVE-2021-42757, CVE-2021-37054, CVE-2021-4075, CVE-2021-36188, CVE-2021-44680, CVE-2021-31850, CVE-2021-37066, CVE-2021-35242, CVE-2021-37064, CVE-2021-24914, CVE-2021-37020, CVE-2021-37072, CVE-2021-42129, CVE-2021-38505, CVE-2021-43041, CVE-2021-37082, CVE-2021-37090, CVE-2021-44725, CVE-2021-36191, CVE-2021-37069, CVE-2021-43781, CVE-2021-42567, CVE-2021-26103, CVE-2021-43545, CVE-2021-41015, CVE-2021-22955, CVE-2021-20040, CVE-2021-25514, CVE-2021-37065, CVE-2021-4005, CVE-2021-44681, CVE-2021-43034, CVE-2021-36190, CVE-2021-29113, CVE-2021-37061, CVE-2021-43469, CVE-2021-42110, CVE-2021-20470, CVE-2021-29716, CVE-2021-44186, CVE-2021-42131, CVE-2021-4081, CVE-2021-3980, CVE-2021-24917, CVE-2021-37091, CVE-2021-44044, CVE-2021-38509, CVE-2020-19611, CVE-2021-43810, CVE-2021-23562, CVE-2021-43068, CVE-2021-38507, CVE-2021-36173, CVE-2021-44187, CVE-2021-37051, CVE-2021-43064, CVE-2021-44148, CVE-2021-37088, CVE-2021-35245, CVE-2021-37086, CVE-2021-25512, CVE-2021-44686, CVE-2021-43038, CVE-2021-36167, CVE-2021-34543, CVE-2021-37087, CVE-2021-22956, CVE-2021-37094, CVE-2021-37067, CVE-2021-43043, CVE-2021-37044, CVE-2021-24935, CVE-2021-37050, CVE-2021-44513, CVE-2021-37081, CVE-2021-37014, CVE-2021-43530, CVE-2021-37041, CVE-2021-43543, CVE-2021-44678, CVE-2021-37058, CVE-2021-43063, CVE-2021-37056, CVE-2021-44682, CVE-2021-38508, CVE-2021-42126, CVE-2021-37052, CVE-2021-43540, CVE-2020-22421, CVE-2021-37043, CVE-2021-3370, CVE-2021-4000, CVE-2021-37080, CVE-2021-36194, CVE-2021-36760, CVE-2021-29116, CVE-2021-42130, CVE-2021-44047, CVE-2021-20493, CVE-2021-29867, CVE-2021-36180, CVE-2021-44726, CVE-2021-40095, CVE-2021-31631, CVE-2021-37076, CVE-2021-37079, CVE-2021-37070, CVE-2021-43040, CVE-2021-42132, CVE-2021-25510, CVE-2021-41014, CVE-2021-41017, CVE-2021-37062, CVE-2021-29115, CVE-2021-37068, CVE-2021-41309, CVE-2021-35413, CVE-2021-37093, CVE-2021-44677, CVE-2021-4050, CVE-2021-43541, CVE-2021-44679, CVE-2021-43175, CVE-2021-41013, CVE-2021-43532, CVE-2021-43533, CVE-2021-26110, CVE-2021-37099, CVE-2021-42124, CVE-2021-43534

How Do I Find My Servers With the Log4j Vulnerability?

Trust: 3.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 13, 2021, 10:41 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canary model: canary

Microsoft warns China, Iran, North Korea and Turkey are exploiting recently revealed software vulnerability - KRDO

Trust: 3.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 14, 2021, 8:55 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: cve-2021-44228

Microsoft warns China, Iran, North Korea and Turkey are exploiting recently revealed software vulnerability - CNNPolitics

Trust: 3.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 15, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: cve-2021-44228

Dell Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) | Dell Polska

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 5.75

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 10, 2021, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: dell model: vnx1
vendor: dell model: vnx2
vendor: dell model: unisphere
vendor: dell model: latitude
vendor: dell model: bios
vendor: dell model: optiplex
vendor: dell model: precision optimizer
vendor: dell model: chengming
vendor: dell emc model: vnx1
vendor: dell emc model: vnx2
vendor: dell emc model: unisphere
vendor: dell emc model: latitude
vendor: dell emc model: bios
vendor: dell emc model: optiplex
vendor: dell emc model: precision optimizer
vendor: dell emc model: chengming
vendor: ansible model: ansible
db: NVD ids: CVE-2021-44228

Microsoft wraps up 2021 with 64 patched vulnerabilities-including Windows 7 fixes - Sophos News

Trust: 6.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 14, 2021, 6:41 p.m.
 Vulnerabilities: code execution, buffer overflow, information disclosure
Affected productsExternal IDs
vendor: sophos model: mobile
db: NVD ids: CVE-2021-43207, CVE-2021-43226, CVE-2021-43883, CVE-2021-43907, CVE-2021-43905, CVE-2021-43217, CVE-2021-41333, CVE-2021-43215, CVE-2021-43233, CVE-2021-42310, CVE-2021-43234, CVE-2021-43880

Microsoft warns China, Iran, North Korea and Turkey are exploiting recently revealed software vulnerability - ABC17NEWS

Trust: 3.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 14, 2021, 8:55 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: cve-2021-44228

[no-title]

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 5.25

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 2, 2022, midnight
 Vulnerabilities: code execution, sql injection, cross-site scripting
Affected productsExternal IDs
vendor: rapid model: scada
vendor: sophos model: endpoint protection
db: NVD ids: CVE-2021-44228

CVE-2021-44228 Impact of Log4j Vulnerabilities CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832

Related entries in the VARIoT vulnerabilities database: VAR-202112-2011, VAR-202112-1782, VAR-202112-0562, VAR-202112-0566

Trust: 4.25

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 10, 2021, 9:45 p.m.
 Vulnerabilities: code execution, code injection
Affected productsExternal IDs
vendor: palo model: palo alto networks
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo model: wf-500
vendor: palo model: pan-os
vendor: paloaltonetworks model: palo alto networks
vendor: paloaltonetworks model: networks
vendor: paloaltonetworks model: firewall
vendor: paloaltonetworks model: wf-500
vendor: paloaltonetworks model: pan-os
vendor: palo alto networks model: palo alto networks
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: wf-500
vendor: palo alto networks model: pan-os
db: NVD ids: CVE-2021-44832, CVE-2021-451052021, CVE-2021-45105, CVE-2021-45046, CVE-2021-448322021, CVE-2021-44228

SonicWall Patches Critical Vulnerability in SMA Appliances | SecurityWeek.Com

Related entries in the VARIoT vulnerabilities database: VAR-202109-1777

Trust: 5.5

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 16, 2022, midnight
 Vulnerabilities: privilege escalation, command injection, code injection
Affected productsExternal IDs
vendor: sonicwall model: remote access
vendor: sonicwall model: email security
vendor: sonicwall model: sma 100
vendor: sonicwall model: secure mobile access
db: NVD ids: CVE-2021-20034

Broadcom Response to Log4j Vulnerability

Trust: 3.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 29, 2021, 7:39 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: broadcom model: broadcom

Log4j Vulnerability: What Security Leaders Need To Know and Do

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 4.75

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 16, 2021, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: filezilla model: server
vendor: filezilla model: filezilla
vendor: cisco model: webex
vendor: cisco model: routers
vendor: cisco model: cisco webex
db: NVD ids: CVE-2021-44228

Log4j vulnerability: Experts say it can lead to leakage of sensitive data | Technology News,The Indian Express

Related entries in the VARIoT vulnerabilities database: VAR-202112-0562

Trust: 6.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 16, 2021, 10:26 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: icloud
db: NVD ids: CVE-2021-45046

Shrootless: macOS Vulnerability Found by Microsoft Allows Rootkit Installation | SecurityWeek.Com

Related entries in the VARIoT vulnerabilities database: VAR-202108-2056

Trust: 3.75

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 16, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2021-30892

Billions of Wi-Fi and Bluetooth devices vulnerable to password and data theft attacks | TechRadar

Trust: 4.75

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 15, 2021, 2 a.m.
 Vulnerabilities: privilege escalation, denial of service, code execution
Affected productsExternal IDs
vendor: broadcom model: broadcom

Microsoft warns China, Iran, North Korea and Turkey are exploiting recently revealed software vulnerability - KTVZ

Trust: 3.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 14, 2021, 8:55 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: cve-2021-44228

Microsoft warns China, Iran, North Korea and Turkey are exploiting recently revealed software vulnerability - KION546

Trust: 3.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 14, 2021, 8:55 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: cve-2021-44228

Microsoft warns of security vulnerability in Minecraft Java • Eurogamer.net

Trust: 4.25

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 13, 2021, 10:42 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs