VARIoT latest news about IoT security

Remote code execution vulnerability present in SonicWall SMA 100 series appliances \| Cyber.gov.au Related entries in the VARIoT vulnerabilities database: VAR-202112-0361 Trust: 5.75 Fetched: Feb. 10, 2022, 2:48 p.m., Published: -	Vulnerabilities: code execution

Affected products

External IDs

vendor:	sonicwall	model:	remote access
vendor:	sonicwall	model:	sma 100

db:

NVD

ids:

CVE-2021-20038

Alert Regarding Vulnerabilities in SonicWall SMA 100 Series Related entries in the VARIoT vulnerabilities database: VAR-202112-0361 Trust: 4.75 Fetched: Feb. 10, 2022, 2:48 p.m., Published: -	Vulnerabilities: buffer overflow

Affected products

External IDs

vendor:	sonicwall	model:	sma100
vendor:	sonicwall	model:	sma 100

db:

NVD

ids:

CVE-2021-20038

Researcher Reveals Alleged Zero-Day Vulnerabilities in NUUO NVRmini2 Recording Device - Annuaire 770 Trust: 5.5 Fetched: Feb. 10, 2022, 2:48 p.m., Published: -	Vulnerabilities: code execution, path traversal, command injection

Affected products

External IDs

vendor:	nuuo	model:	network video recorder
vendor:	nuuo	model:	nvrmini2

db:

NVD

ids:

CVE-2011-5325

log4shell/README.md at main · NCSC-NL/log4shell · GitHub Related entries in the VARIoT vulnerabilities database: VAR-202112-2011 Trust: 3.0 Fetched: Feb. 10, 2022, 2:48 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-44832

Basefarm Blog - Security, Cloud and Big Data Trust: 3.0 Fetched: Feb. 10, 2022, 2:48 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	macos
vendor:	apple	model:	iphone

Vulnerability In This Cisco Software Could Allow Hackers Access \| TRG Networking Trust: 5.5 Fetched: Feb. 8, 2022, 12:54 p.m., Published: -	Vulnerabilities: code execution

Affected products

External IDs

vendor:	cisco	model:	staros
vendor:	cisco	model:	cisco staros

db:

NVD

ids:

CVE-2022-20649

Log4j: The Vulnerability and Solution \| Developer.com Related entries in the VARIoT vulnerabilities database: VAR-202112-2011, VAR-202112-0566, VAR-202112-1782, VAR-202112-0562 Trust: 5.75 Fetched: Feb. 3, 2022, 11:02 a.m., Published: -	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-44832, CVE-2021-44228, CVE-2021-45105, CVE-2021-45046

How Hidden Vulnerabilities will Lead to Mobile Device Compromises - MalwareDefinition.com Trust: 5.0 Fetched: Feb. 3, 2022, 11:02 a.m., Published: -	Vulnerabilities: session hijacking

Affected products

External IDs

vendor:

google

model:

wifi

Report: Fifty-three Percent of Connected Medical Devices Have a Vulnerability \| Healthcare Innovation Trust: 3.0 Fetched: Feb. 3, 2022, 11:02 a.m., Published: -	Vulnerabilities: -

Affected products	External IDs

How Hidden Vulnerabilities will Lead to Mobile Device Compromises - MalwareDefinition.com Trust: 5.0 Fetched: Feb. 3, 2022, 11:02 a.m., Published: -	Vulnerabilities: session hijacking

Affected products

External IDs

vendor:

google

model:

wifi

More Than Half of Medical Devices Have Critical Vulnerabilities \| News \| Communications of the ACM Trust: 3.0 Fetched: Jan. 31, 2022, 10:16 a.m., Published: -	Vulnerabilities: -

Affected products	External IDs

Over 300,000 MikroTik Devices Were Found Vulnerable to Remote Hacking Bugs - Airzero Sec Related entries in the VARIoT vulnerabilities database: VAR-201910-0547, VAR-201808-0384, VAR-202111-0616, VAR-201910-0546, VAR-201803-2171 Trust: 5.5 Fetched: Jan. 31, 2022, 10:16 a.m., Published: -	Vulnerabilities: directory traversal, buffer overflow, code execution

Affected products

External IDs

vendor:	mikrotik	model:	router
vendor:	mikrotik	model:	mikrotik routers
vendor:	mikrotik	model:	routers
vendor:	mikrotik	model:	winbox
vendor:	mikrotik	model:	routeros
vendor:	tp-link	model:	routers

db:

NVD

ids:

CVE-2019-3978, CVE-2018-14847, CVE-2021-41653, CVE-2019-3977, CVE-2018-7445, CVE-2021-36260

Log4Shell: ESET blocks hundreds of thousands of attack attempts \| ESET Blog Related entries in the VARIoT vulnerabilities database: VAR-202112-0566 Trust: 4.0 Fetched: Jan. 31, 2022, 10:16 a.m., Published: -	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-44228

iOS Devices Can Freeze, Crash Due to a HomeKit Vulnerability - TechBea Trust: 3.5 Fetched: Jan. 31, 2022, 10:16 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	iphone
vendor:	apple	model:	ipad
vendor:	apple	model:	macos
vendor:	apple	model:	icloud

URL confusion vulnerabilities in the wild: Exploring parser inconsistencies \| Snyk Trust: 3.5 Fetched: Jan. 31, 2022, 10:16 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	nagios	model:	nagios xi
vendor:	google	model:	chrome

db:

NVD

ids:

CVE-2021-33056, CVE-2021-23401, CVE-2021-23385, CVE-2021-23414, CVE-2021-37352, CVE-2021-23435, CVE-2021-32618, CVE-2021-23393

CVE-2022-20698 \| WhiteSource Vulnerability Database Trust: 5.75 Fetched: Jan. 31, 2022, 10:16 a.m., Published: -	Vulnerabilities: process crash, denial of service

Affected products

External IDs

vendor:

clam

model:

clamav

db:

NVD

ids:

CVE-2022-20698

The Underground Economist: Volume 1, Issue 7 \| ZeroFox Related entries in the VARIoT vulnerabilities database: VAR-202112-0566 Trust: 4.75 Fetched: Jan. 31, 2022, 10:16 a.m., Published: -	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-44228, CVE-2021-45232

FTC notifies companies to take measures against Log4j software vulnerability - Industrial Cyber Related entries in the VARIoT vulnerabilities database: VAR-202112-0566 Trust: 3.0 Fetched: Jan. 31, 2022, 10:16 a.m., Published: -	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-44228

Log4Shell critical vulnerability's impact on Genetec products Related entries in the VARIoT vulnerabilities database: VAR-202112-0566 Trust: 3.25 Fetched: Jan. 31, 2022, 10:16 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-44228

PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034) \| Web Hosting Talk Trust: 3.75 Fetched: Jan. 31, 2022, 10:16 a.m., Published: -	Vulnerabilities: privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2021-4034

VARIoT news about IoT security