Sign-up

VARIoT news about IoT security

Several critical vulnerabilities, $$$ for hacker info and new attack vectors - Vulners Blog

Related entries in the VARIoT vulnerabilities database: VAR-202111-0579, VAR-202111-0609

Trust: 5.0

Fetched: Dec. 6, 2021, 2:33 p.m., Published: Dec. 13, 2021, 8:26 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2021-1924, CVE-2021-0889, CVE-2021-42694, CVE-2021-22205, CVE-2021-43267, CVE-2021-42574, CVE-2021-0930, CVE-2021-1975, CVE-2021-1048, CVE-2021-0918

Hackers are Exploiting Zero-Day Flaw in macOS: Google Warns | Cyware Alerts - Hacker News

Related entries in the VARIoT vulnerabilities database: VAR-202104-0612, VAR-201912-0480, VAR-202108-1374

Trust: 3.25

Fetched: Dec. 6, 2021, 2:33 p.m., Published: Nov. 15, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-1789, CVE-2019-8506, CVE-2021-30869

TOR Vulnerability Allows Attackers to View Exact Timestamp a User Connected to a v2 Onion Address

Trust: 3.0

Fetched: Dec. 6, 2021, 2:33 p.m., Published: Nov. 21, 2021, 3:17 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-39246

If You Have an HP Printer, Install this Patch Right Now

Trust: 3.75

Fetched: Dec. 6, 2021, 2:33 p.m., Published: Nov. 30, 2021, 5:20 p.m.
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2021-39237, CVE-2021-39238

Millions of Wi-Fi routers at risk as hundreds of security vulnerabilities discovered | Technology News,The Indian Express

Trust: 4.75

Fetched: Dec. 6, 2021, 2:33 p.m., Published: Dec. 4, 2021, 4:26 a.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: d-link model: router
vendor: asus model: asus
vendor: asus model: router
vendor: tp-link model: routers
vendor: netgear model: router

Top 10 Threat Modeling Tools in 2021 | Toolbox It-security

Trust: 3.5

Fetched: Dec. 6, 2021, 2:33 p.m., Published: Dec. 7, 2021, midnight
 Vulnerabilities: information disclosure, denial of service
Affected productsExternal IDs
vendor: essential model: phone

What Is Hacking? Types of Hackers and Examples

Trust: 4.75

Fetched: Dec. 6, 2021, 2:33 p.m., Published: Sept. 25, 2021, 8:33 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: serve model: serve

Zoom security issues: Everything that's gone wrong (so far) | Tom's Guide

Trust: 3.25

Fetched: Dec. 6, 2021, 2:33 p.m., Published: Dec. 7, 2021, 8:02 p.m.
 Vulnerabilities: code execution, encryption issue
Affected productsExternal IDs
vendor: cisco model: small business
vendor: cisco model: webex
vendor: cisco model: cisco webex
vendor: cisco model: series
vendor: cisco model: meeting
vendor: check point model: check point
vendor: zoom model: zoom client
vendor: zoom model: zoom
vendor: zoom model: client
vendor: trend micro model: antivirus
vendor: trend micro model: security
vendor: trend model: antivirus
vendor: trend model: security
vendor: apple model: macos
vendor: apple model: ipad
vendor: apple model: iphone
vendor: google model: chrome os
vendor: google model: home
vendor: google model: chrome
vendor: google model: android

Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center: Software Vulnerability Information: Software: Hitachi

Trust: 3.5

Fetched: Dec. 6, 2021, 2:33 p.m., Published: Nov. 12, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: hitachi model: ops center analyzer viewpoint
vendor: hitachi model: hitachi global link manager
vendor: hitachi model: ops center common services
vendor: hitachi model: tuning manager
vendor: hitachi model: hitachi compute systems manager
vendor: hitachi model: hitachi device manager
vendor: hitachi model: device manager
vendor: hitachi model: hitachi tiered storage manager
vendor: hitachi model: compute systems manager
vendor: hitachi model: hitachi tuning manager
vendor: hitachi model: hitachi replication manager
vendor: hitachi model: tiered storage manager
vendor: hitachi model: hitachi infrastructure analytics advisor
vendor: hitachi model: replication manager
vendor: hitachi model: hitachi ops center common services
vendor: hitachi model: infrastructure analytics advisor
vendor: hitachi model: global link manager
vendor: hitachi model: hitachi ops center analyzer viewpoint
db: NVD ids: CVE-2021-2369, CVE-2021-2341, CVE-2021-2388

Mageia alert MGASA-2021-0532 (bluez) [LWN.net]

Related entries in the VARIoT vulnerabilities database: VAR-202111-1603

Trust: 4.75

Fetched: Dec. 6, 2021, 2:33 p.m., Published: Dec. 2, 2021, 4:50 p.m.
 Vulnerabilities: memory leak
Affected productsExternal IDs
vendor: mageia.org model: mageia
vendor: mageia model: mageia
db: NVD ids: CVE-2021-43400, CVE-2021-41229

Severe vulnerability found in Cisco firewalls | CyberNews

Related entries in the VARIoT vulnerabilities database: VAR-202110-1796

Trust: 5.75

Fetched: Dec. 6, 2021, 2:33 p.m., Published: Nov. 23, 2021, 1:51 p.m.
 Vulnerabilities: denial of service, buffer overflow
Affected productsExternal IDs
vendor: cisco model: adaptive security appliance
vendor: cisco model: firepower threat defense
vendor: cisco model: firepower
db: NVD ids: CVE-2021-34704

Over 9 million Android devices infected with new trojan from Huawei's app store | CyberNews

Trust: 3.0

Fetched: Dec. 6, 2021, 2:33 p.m., Published: Nov. 24, 2021, 11 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: huawei model: huawei

Vulnerability Archives • Penetration Testing

Trust: 3.25

Fetched: Dec. 6, 2021, 2:33 p.m., Published: Dec. 19, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: cve-2021-42321, CVE-2021-21980, CVE-2021-44077, CVE-2021-43527, cve-2021-0673, cve-2021-41277, cve-2021-39237, cve-2021-0663, cve-2021-44077, CVE-2021-0663, CVE-2021-0662, CVE-2021-41277, cve-2021-43267, cve-2021-0146, CVE-2021-42321, cve-2021-21980, cve-2021-0661, CVE-2021-0661, cve-2021-39238, CVE-2021-39237, CVE-2021-0146, cve-2021-0662, cve-2021-43527, CVE-2021-43267

ESB-2021.3874

Related entries in the VARIoT vulnerabilities database: VAR-202110-1663, VAR-202109-1792, VAR-202111-1607, VAR-202111-1612, VAR-202111-1616, VAR-202110-1632, VAR-202110-1633, VAR-202111-1610, VAR-202111-0484, VAR-202110-1635, VAR-202111-1613, VAR-202111-1605, VAR-202111-0483, VAR-202111-1611, VAR-202111-1606, VAR-202110-1631, VAR-202111-1609, VAR-202109-1791, VAR-202111-0671, VAR-202110-1634, VAR-202111-1604, VAR-202111-1615, VAR-202111-0482, VAR-202111-1608, VAR-202111-1614

Trust: 5.25

Fetched: Dec. 6, 2021, 2:33 p.m., Published: Jan. 14, 2021, midnight
 Vulnerabilities: information disclosure, arbitrary command execution, improper validation...
Affected productsExternal IDs
vendor: trend model: security
vendor: siemens model: scalance w1750d
vendor: siemens model: talon tc compact
vendor: siemens model: simatic wincc
vendor: siemens model: apogee pxc modular
vendor: siemens model: wincc
vendor: siemens model: scalance
vendor: siemens model: talon tc
vendor: siemens model: nucleus
vendor: siemens model: apogee mec
vendor: siemens model: apogee mbc
vendor: siemens model: nucleus rtos
vendor: siemens model: apogee pxc compact
vendor: siemens model: simatic pcs
vendor: siemens model: apogee pxc
vendor: siemens model: w1750d
vendor: siemens model: talon tc modular
vendor: siemens model: simatic
vendor: siemens model: pcs 7
vendor: siemens model: simatic pcs 7
vendor: aruba model: instant
vendor: aruba model: aruba instant
vendor: trend micro model: security
db: NVD ids: CVE-2021-37735, CVE-2021-42015, CVE-2021-41535, CVE-2021-31884, CVE-2021-31345, CVE-2021-31888, CVE-2021-37732, CVE-2021-42026, CVE-2021-37730, CVE-2021-31881, CVE-2021-42025, CVE-2021-40358, CVE-2021-37726, CVE-2021-31344, CVE-2021-31886, CVE-2021-40359, CVE-2021-31346, CVE-2021-31885, CVE-2021-37734, CVE-2021-31882, CVE-2021-41538, CVE-2021-40366, CVE-2021-37727, CVE-2021-31887, CVE-2021-31889, CVE-2021-40364, CVE-2021-37207, CVE-2021-31883, CVE-2021-31890

Espionage campaign exploits ManageEngine ADSelfService Plus vulnerability. TA505 exploits SolarWinds Serv-U flaw to deploy ransomware.

Trust: 3.0

Fetched: Dec. 6, 2021, 2:33 p.m., Published: Jan. 8, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: solarwinds model: serv-u

Mediatek Vulnerabilities Impact Android Smartphones

Trust: 5.0

Fetched: Dec. 6, 2021, 2:33 p.m., Published: Nov. 25, 2021, 12:43 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2021-0661, CVE-2021-0662, CVE-2021-0673, CVE-2021-0663

Energy sector trends, grid vulnerabilities, and cyber resilience

Trust: 3.75

Fetched: Dec. 6, 2021, 2:33 p.m., Published: Nov. 8, 2021, 6:38 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: rapid model: scada

Multiple D-Link Router Authentication Bypass Vulnerabilities

Trust: 4.5

Fetched: Dec. 6, 2021, 2:33 p.m., Published: Jan. 14, 2022, 1:10 p.m.
 Vulnerabilities: authentication bypass, request forgery, cross-site request forgery
Affected productsExternal IDs
vendor: dlink model: router
vendor: dlink model: dir-615
vendor: d-link model: router
vendor: d-link model: dir-615

CVE-2021-33716|A vulnerability has been identified... - 信息安全漏洞门户 VULHUB

Related entries in the VARIoT vulnerabilities database: VAR-202109-0846

Trust: 3.25

Fetched: Dec. 6, 2021, 2:33 p.m., Published: Dec. 28, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-33716

CISA Warns of Actively Exploited Critical Zoho ManageEngine ServiceDesk Vulnerability - BEKER

Trust: 4.75

Fetched: Dec. 6, 2021, 2:33 p.m., Published: Dec. 3, 2021, 5:24 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: palo alto networks model: palo alto networks
vendor: palo alto networks model: networks
vendor: palo model: palo alto networks
vendor: palo model: networks
vendor: zoho model: manageengine servicedesk plus
vendor: zoho model: manageengine adselfservice plus
vendor: solarwinds model: serv-u
db: NVD ids: CVE-2021-44077, CVE-2021-40539