Sign-up

VARIoT news about IoT security

BusyBox vulnerabilities impact embedded Linux OS used in IoT and OT devices - Securezoo

Trust: 4.0

Fetched: Nov. 18, 2021, 2:22 p.m., Published: Nov. 9, 2021, 7:13 p.m.
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-42386, CVE-2021-42376, CVE-2021-42383, CVE-2021-42384, CVE-2021-42373, CVE-2021-42381, CVE-2021-42374, CVE-2021-42380, CVE-2021-42382, CVE-2021-42377, CVE-2021-42375, CVE-2021-42378, CVE-2021-42379, CVE-2021-42385

BotenaGo botnet targets millions of IoT devices with 33 exploits

Related entries in the VARIoT vulnerabilities database: VAR-201905-0651, VAR-202003-1707, VAR-202007-1256, VAR-202003-0363, VAR-202007-0064, VAR-201403-0306, VAR-201502-0201, VAR-201702-0952, VAR-201612-0015, VAR-201703-1017, VAR-202001-0633, VAR-201704-0303

Trust: 3.75

Fetched: Nov. 18, 2021, 2:22 p.m., Published: Nov. 11, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: comtrend model: vr-3033
vendor: realtek model: realtek sdk
db: NVD ids: CVE-2017-18368, CVE-2020-9054, CVE-2020-9377, CVE-2020-10173, CVE-2016-11021, CVE-2020-10987, CVE-2014-2321, CVE-2015-2051, CVE-2020-8958, CVE-2017-6077, CVE-2016-6277, CVE-2017-6334, CVE-2019-19824, CVE-2016-1555
db: POSIVITIVE TECHNOLOGY ids: ID:10

Discovering the Exploitable Security Gaps in Remote Work Spaces

Trust: 5.25

Fetched: Nov. 18, 2021, 2:22 p.m., Published: Nov. 8, 2021, midnight
 Vulnerabilities: default credentials, denial of service, buffer overflow...
Affected productsExternal IDs
vendor: samsung model: mobile devices
vendor: samsung model: printer
vendor: samsung model: galaxy
vendor: samsung model: printers
vendor: samsung model: samsung galaxy
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: tp-link model: routers
vendor: tp-link model: ac1750
vendor: cisco model: routers
vendor: cisco model: rv340
vendor: cisco model: router
vendor: cisco model: series
vendor: trend micro model: security
vendor: sonos model: sonos
vendor: google model: google home
vendor: google model: home
vendor: trend model: security

New Critical Vulnerabilities Found on Nucleus TCP/IP Stack - Forescout

Related entries in the VARIoT vulnerabilities database: VAR-202111-1605, VAR-202103-0365

Trust: 5.25

Fetched: Nov. 18, 2021, 2:22 p.m., Published: Nov. 9, 2021, 11:37 a.m.
 Vulnerabilities: denial of service, information leak, code execution
Affected productsExternal IDs
vendor: siemens model: nucleus
vendor: siemens model: nucleus net
vendor: siemens model: nucleus rtos
db: NVD ids: CVE-2021-31886, CVE-2016-20009

DSA-2021-217: Dell Wyse Device Agent for Windows 10 IoT Enterprise Security Update for an OpenSSL Vulnerability | Dell Polska

Trust: 3.5

Fetched: Nov. 18, 2021, 2:22 p.m., Published: Feb. 17, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: wyse 7040
vendor: dell model: wyse 5070
db: NVD ids: CVE-2021-3712
db: DEBIAN ids: DSA-2021

Medical Devices Affected by 13 Siemens Nucleus RTOS TCP/IP Stack Vulnerabilities

Trust: 4.75

Fetched: Nov. 18, 2021, 2:22 p.m., Published: Nov. 15, 2021, 2:30 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: siemens model: nucleus rtos
vendor: siemens model: nucleus source code
vendor: siemens model: vstar
vendor: siemens model: nucleus readystart
vendor: siemens model: nucleus net
vendor: siemens model: nucleus

Cisco : Security vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202110-0582, VAR-202110-1305, VAR-202111-0418, VAR-202110-1351, VAR-202110-1394, VAR-202110-0623, VAR-202110-1367, VAR-202110-1065, VAR-202110-1297, VAR-202110-1286, VAR-202110-0617, VAR-202110-1298, VAR-202109-0622, VAR-202110-1376, VAR-202109-0631, VAR-202110-0619, VAR-202111-0412, VAR-202110-0209, VAR-202108-0823, VAR-202111-0419, VAR-202110-1392, VAR-202111-0413, VAR-202109-0623, VAR-202110-1350, VAR-202110-0211, VAR-202110-0212, VAR-202110-1377, VAR-202109-0617, VAR-202110-0203, VAR-202111-0401, VAR-202110-0583, VAR-202109-0624, VAR-202110-1393, VAR-202110-0207, VAR-202108-0824, VAR-202110-0213, VAR-202111-0417, VAR-202110-1366, VAR-202111-0664, VAR-202111-0400, VAR-202109-0618, VAR-202110-1352, VAR-202111-0393, VAR-202110-1395, VAR-202110-1375, VAR-202110-1353, VAR-202110-1354, VAR-202110-1402, VAR-202110-0622, VAR-202110-0618

Trust: 5.25

Fetched: Nov. 18, 2021, 2:22 p.m., Published: Jan. 2, 2021, midnight
 Vulnerabilities: resource exhaustion, command injection, cross-site scripting...
Affected productsExternal IDs
vendor: snort model: snort
vendor: mesh model: mesh
vendor: cisco model: web security appliance
vendor: cisco model: cisco prime infrastructure
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: common services platform collector
vendor: cisco model: cisco unified communications manager
vendor: cisco model: routers
vendor: cisco model: telepresence
vendor: cisco model: cisco webex meetings
vendor: cisco model: cisco anyconnect secure mobility client
vendor: cisco model: prime infrastructure
vendor: cisco model: webex video mesh
vendor: cisco model: umbrella
vendor: cisco model: cisco identity services engine
vendor: cisco model: cisco ios xr
vendor: cisco model: small business
vendor: cisco model: anyconnect secure mobility client
vendor: cisco model: cisco policy suite
vendor: cisco model: unified communications manager
vendor: cisco model: cisco evolved programmable network manager
vendor: cisco model: cisco ios
vendor: cisco model: nexus
vendor: cisco model: cisco firepower management center
vendor: cisco model: small business rv series routers
vendor: cisco model: small business rv
vendor: cisco model: webex
vendor: cisco model: cisco small business
vendor: cisco model: cisco web security appliance
vendor: cisco model: meeting server
vendor: cisco model: cisco meeting
vendor: cisco model: series routers
vendor: cisco model: policy suite
vendor: cisco model: identity services engine
vendor: cisco model: meeting
vendor: cisco model: cisco meeting server
vendor: cisco model: cisco webex
vendor: cisco model: webex meetings
vendor: cisco model: cisco telepresence
vendor: cisco model: firepower
vendor: cisco model: series
vendor: cisco model: adaptive security appliance
vendor: cisco model: cisco roomos
vendor: cisco model: telepresence collaboration endpoint
vendor: cisco model: firepower management center
vendor: cisco model: firepower threat defense
vendor: cisco model: ios xr software
vendor: cisco model: telepresence management suite
vendor: cisco model: roomos
vendor: cisco model: ios xr
vendor: cisco model: unified communications manager session management edition
vendor: cisco model: unified communications
vendor: cisco model: dna center
vendor: cisco model: cisco telepresence management suite
vendor: cisco model: evolved programmable network manager
db: NVD ids: CVE-2021-34743, CVE-2021-34761, CVE-2021-34774, CVE-2021-40117, CVE-2021-34783, CVE-2021-34760, CVE-2021-34763, CVE-2021-34762, CVE-2021-34756, CVE-2021-34754, CVE-2021-40123, CVE-2021-34755, CVE-2021-34746, CVE-2021-34793, CVE-2021-34771, CVE-2021-40121, CVE-2009-1234, CVE-2021-40124, CVE-2021-34748, CVE-2021-34745, CVE-2021-34773, CVE-2021-34791, CVE-2021-40120, CVE-2021-34759, CVE-2021-40118, CVE-2021-34758, CVE-2021-34766, CVE-2021-34792, CVE-2021-34785, CVE-2021-34782, CVE-2021-40115, CVE-2021-34738, CVE-2021-34765, CVE-2021-34790, CVE-2021-34742, CVE-2021-34749, CVE-2021-34772, CVE-2021-34784, CVE-2021-34764, CVE-2021-40119, CVE-2021-40128, CVE-2021-34786, CVE-2021-40116, CVE-2021-40126, CVE-2021-34781, CVE-2021-34794, CVE-2021-40114, CVE-2021-34787, CVE-2021-40125, CVE-2021-34789, CVE-2021-40122

Vulnerabilities fixed in PAX POS terminals could be exploited to commit fraud

Trust: 5.0

Fetched: Nov. 18, 2021, 2:22 p.m., Published: Jan. 8, 2022, midnight
 Vulnerabilities: code execution, privilege escalation, buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2020-28892, CVE-2020-28891, CVE-2020-29044

Philips discloses TASY EMR vulnerabilities pose risk to patient data

Trust: 3.75

Fetched: Nov. 18, 2021, 2:22 p.m., Published: Nov. 4, 2021, 2:56 p.m.
 Vulnerabilities: sql injection, injection attack
Affected productsExternal IDs
vendor: philips model: tasy emr

Seamlessly Discovering Netgear Universal Plug-and-Pwn (UPnP) 0-days

Trust: 5.25

Fetched: Nov. 18, 2021, 2:22 p.m., Published: Nov. 16, 2021, midnight
 Vulnerabilities: authentication vulnerability, code execution, buffer overflow
Affected productsExternal IDs
vendor: netgear model: xr300
vendor: netgear model: rs400
vendor: netgear model: r6700v3
vendor: netgear model: router
vendor: netgear model: r7000

Researchers show how to exploit Bluetooth Classic security flaws | Network World

Trust: 4.0

Fetched: Nov. 18, 2021, 2:22 p.m., Published: Nov. 16, 2021, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

DSA-2021-106: Aktualizacja zabezpieczeń platformy klienckiej firmy Dell dla wielu luk w funkcjach BIOSConnect i HTTPS Boot jako część klienckiego systemu BIOS firmy Dell | Dell Polska

Trust: 3.75

Fetched: Nov. 18, 2021, 2:22 p.m., Published: Jan. 5, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: optiplex
vendor: dell model: latitude 5420
vendor: dell model: chengming
vendor: dell model: latitude
vendor: dell model: bios
db: NVD ids: CVE-2021-21572, CVE-2021-21574, CVE-2021-21571, CVE-2021-21573

DDoS botnet exploiting known GitLab vulnerability

Trust: 5.0

Fetched: Nov. 18, 2021, 2:22 p.m., Published: Nov. 4, 2021, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: cve-2021-22205, CVE-2021-22205

Cybersecurity, DRAM memory | Homeland Security Newswire

Trust: 3.75

Fetched: Nov. 18, 2021, 2:22 p.m., Published: Nov. 17, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dram model: dram
db: POSIVITIVE TECHNOLOGY ids: ID:11

Intel CPUs With New Security Vulnerabilities | gamepressure.com

Trust: 3.75

Fetched: Nov. 18, 2021, 2:22 p.m., Published: Nov. 17, 2021, 2:11 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: tesla model: model
vendor: tesla model: model 3
db: NVD ids: CVE-2021-0146

Siemens software vulnerabilities potentially put millions of medical devices at risk|Medigy

Trust: 3.0

Fetched: Nov. 18, 2021, 2:22 p.m., Published: Nov. 16, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: nucleus

New vulnerabilities found in Intel processors - Russian Reality

Related entries in the VARIoT vulnerabilities database: VAR-202111-1151, VAR-202111-1193

Trust: 3.25

Fetched: Nov. 18, 2021, 2:22 p.m., Published: Nov. 17, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-0157, CVE-2021-0146, CVE-2021-0158

Apple Pay users ‘vulnerable to security hack’ | News | The Times

Trust: 3.0

Fetched: Nov. 18, 2021, 2:22 p.m., Published: Jan. 16, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone

Industrial Cybersecurity Safety, Vulnerability Disclosure

Trust: 3.25

Fetched: Nov. 18, 2021, 2:22 p.m., Published: Nov. 17, 2021, 2 p.m.
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
vendor: codesys model: codesys
vendor: codesys model: control
vendor: schneider model: concept
vendor: schneider electric model: concept

GitLab vulnerability exploit detected by AI | Blog | Darktrace

Trust: 4.0

Fetched: Nov. 18, 2021, 2:22 p.m., Published: Nov. 8, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: serve model: serve
db: NVD ids: CVE-2021-22205