Sign-up

VARIoT news about IoT security

CISA alerts to 13 vulnerabilities in Fresenius Kabi Agilia infusion systems

Trust: 4.0

Fetched: Dec. 30, 2021, 11:51 a.m., Published: Dec. 22, 2021, 12:57 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: lighttpd model: lighttpd

Microsoft Warns of Active Directory Vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202111-0660

Trust: 3.0

Fetched: Dec. 30, 2021, 11:51 a.m., Published: Dec. 21, 2021, 1:17 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2021-42278, CVE-2021-42287

Defender for Cloud finds machines affected by Log4j vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 3.0

Fetched: Dec. 30, 2021, 11:51 a.m., Published: Dec. 13, 2021, 3:20 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228

Apache Log4j Vulnerability - Log4Shell - Widely Under Active Attack

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 5.0

Fetched: Dec. 30, 2021, 11:51 a.m., Published: Dec. 13, 2021, 5:10 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: sonicwall model: email security
db: NVD ids: CVE-2021-26084, CVE-2021-44228

Log4j Zero Day Vulnerability: CISA Mitigation, Patch Guidance - MSSP Alert

Related entries in the VARIoT vulnerabilities database: VAR-202112-1782, VAR-202112-0566, VAR-202112-0562

Trust: 3.0

Fetched: Dec. 30, 2021, 11:51 a.m., Published: Dec. 22, 2021, 4 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-45105, CVE-2021-44228, CVE-2021-45046

Vulnerability in broadly-used software causes massive risk to internet users

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 3.75

Fetched: Dec. 30, 2021, 11:51 a.m., Published: Dec. 11, 2021, 3:58 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: icloud
db: NVD ids: CVE-2021-44228

Attacking TrustZone on devices lacking memory protection | SpringerLink

Trust: 3.75

Fetched: Dec. 30, 2021, 11:51 a.m., Published: Dec. 20, 2021, midnight
 Vulnerabilities: information leakage

5 Vulnerabilities in Medical Devices That Can Create Chaos

Trust: 3.5

Fetched: Dec. 30, 2021, 11:51 a.m., Published: Dec. 27, 2021, 10:13 a.m.
 Vulnerabilities: denial of service, code execution, password guessing...
Affected productsExternal IDs

F-Secure discovers vulnerabilities affecting over 150 HP printer models - IoT global network

Trust: 4.0

Fetched: Dec. 30, 2021, 11:51 a.m., Published: Dec. 1, 2021, 2:11 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-39238, CVE-2021-39237

Why Integrators Should Be Paying Attention to the Log4j Vulnerability - CE Pro

Trust: 3.75

Fetched: Dec. 30, 2021, 11:51 a.m., Published: Dec. 16, 2021, 6:19 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

Security Center | Digi International

Related entries in the VARIoT vulnerabilities database: VAR-201906-1176, VAR-202112-1782, VAR-202112-0566, VAR-201906-1174, VAR-201906-1175, VAR-202112-0562, VAR-201801-1712, VAR-201801-0826, VAR-201801-1711, VAR-202006-0258, VAR-201710-1433, VAR-201611-0386

Trust: 4.25

Fetched: Dec. 30, 2021, 11:51 a.m., Published: Dec. 23, 2021, midnight
 Vulnerabilities: improper memory management, denial of service, code execution
Affected productsExternal IDs
vendor: digi model: anywhereusb
vendor: digi model: portserver ts
vendor: dnsmasq model: dnsmasq
vendor: digi international model: anywhereusb
vendor: digi international model: portserver ts
db: NVD ids: CVE-2019-11478, CVE-2021-45105, CVE-2021-44228, CVE-2019-11479, CVE-2014-9222, CVE-2019-11477, CVE-2021-45046, CVE-2017-5753, CVE-2018-10933, CVE-2017-5715, CVE-2018-20162, CVE-2017-5754, CVE-2020-10136, CVE-2017-14491, CVE-2014-9223, CVE-2019-5599, CVE-2016-5195

Cisco IOS : List of security vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-201903-0571, VAR-202103-0550, VAR-202006-1097, VAR-201909-0181, VAR-201903-0569, VAR-201909-0184, VAR-201810-0339, VAR-201810-0567, VAR-201909-1523, VAR-201909-0165, VAR-202009-1160, VAR-201909-0160, VAR-201909-0166, VAR-201810-0561, VAR-201901-0473, VAR-202006-1150, VAR-201909-0158, VAR-201903-0596, VAR-201810-0346, VAR-201810-0569, VAR-202006-1084, VAR-201810-0565, VAR-202006-1092, VAR-202009-0479, VAR-202006-1148, VAR-202103-0545, VAR-201903-0567, VAR-202006-1151, VAR-201903-0559, VAR-201903-0574, VAR-201903-0597, VAR-201903-0592, VAR-202006-1098, VAR-201810-0568, VAR-201903-0563, VAR-201903-0599, VAR-202109-0747, VAR-201903-0558, VAR-201810-0345, VAR-201903-0565, VAR-201909-0161, VAR-202006-1095, VAR-201909-0186, VAR-202006-1093, VAR-201810-0351, VAR-202103-0540, VAR-201903-0595, VAR-202103-0537, VAR-202109-0601, VAR-201903-0600

Trust: 5.25

Fetched: Dec. 30, 2021, 11:51 a.m., Published: -
 Vulnerabilities: cross-site request forgery, process crash, improper memory handling...
Affected productsExternal IDs
vendor: cisco model: nx-os software
vendor: cisco model: cisco ios xe
vendor: cisco model: isr g2
vendor: cisco model: ios xe software
vendor: cisco model: cisco iox
vendor: cisco model: 4451-x integrated services router
vendor: cisco model: ios software
vendor: cisco model: ios xe
vendor: cisco model: cisco iox application
vendor: cisco model: cisco nx-os
vendor: cisco model: integrated services router
vendor: cisco model: industrial integrated services routers
vendor: cisco model: iox application
vendor: cisco model: ios xr software
vendor: cisco model: isr4451-x
vendor: cisco model: series
vendor: cisco model: nx-os
vendor: cisco model: catalyst cdb-8p switches
vendor: cisco model: integrated services routers
vendor: cisco model: router
vendor: cisco model: cisco ios
vendor: cisco model: isr4451
vendor: cisco model: catalyst 6500
vendor: cisco model: hsrp
vendor: cisco model: series switches
vendor: cisco model: catalyst 6500 series
vendor: cisco model: routers
vendor: cisco model: cisco ios xr
vendor: cisco model: ios xr
vendor: cisco model: catalyst
vendor: cisco model: 4451-x
vendor: cisco model: catalyst 2960-l series switches
db: NVD ids: CVE-2019-1756, CVE-2021-1391, CVE-2020-3230, CVE-2019-12668, CVE-2019-1758, CVE-2019-12670, CVE-2018-0466, CVE-2018-15375, CVE-2019-12665, CVE-2019-12655, CVE-2020-3476, CVE-2019-12650, CVE-2019-12656, CVE-2018-15369, CVE-2018-0484, CVE-2020-3204, CVE-2019-12649, CVE-2019-1747, CVE-2018-0475, CVE-2018-15377, CVE-2020-3217, CVE-2018-15373, CVE-2020-3225, CVE-2019-16009, CVE-2020-3201, CVE-2021-1385, CVE-2019-1751, CVE-2020-3200, CVE-2019-1748, CVE-2019-1762, CVE-2019-1740, CVE-2019-1737, CVE-2020-3231, CVE-2018-15376, CVE-2019-1752, CVE-2019-1739, CVE-2021-34699, CVE-2019-1761, CVE-2018-0473, CVE-2019-1757, CVE-2019-12651, CVE-2020-3228, CVE-2019-12672, CVE-2020-3226, CVE-2018-0485, CVE-2021-1377, CVE-2019-1746, CVE-2021-1392, CVE-2021-34705, CVE-2019-1738

CVE-2021-45046: New Log4j Vulnerability Discovered - Netskope

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566, VAR-202112-0562

Trust: 3.0

Fetched: Dec. 30, 2021, 11:51 a.m., Published: -
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228, CVE-2021-45046

“Internet’s On Fire Right Now”: Millions Of Devices At Risk Over New Software Vulnerability | Tea Party | Before It's News

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 4.75

Fetched: Dec. 30, 2021, 11:51 a.m., Published: Dec. 15, 2021, 8:57 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: canary model: canary
vendor: apple model: icloud
db: NVD ids: CVE-2021-44228

Apple Patched a macOS Gatekeeper Bypass Vulnerability - Veille Techno

Trust: 3.5

Fetched: Dec. 30, 2021, 11:51 a.m., Published: Dec. 28, 2021, 11:49 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos

Forescout’s Response to Apache Log4j Vulnerabilities - Forescout

Related entries in the VARIoT vulnerabilities database: VAR-202112-1782, VAR-202112-0562, VAR-202112-0566, VAR-202112-2011

Trust: 4.5

Fetched: Dec. 30, 2021, 11:51 a.m., Published: Dec. 13, 2021, 2:19 a.m.
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-45105, CVE-2021-45046, CVE-2021-44228, CVE-2021-44832

Threat actors targeting MikroTik routers, devices

Trust: 3.5

Fetched: Dec. 30, 2021, 11:51 a.m., Published: Dec. 9, 2021, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: mikrotik model: mikrotik routers
vendor: mikrotik model: mikrotik
vendor: mikrotik model: routers
vendor: mikrotik model: mikrotik router
vendor: mikrotik model: router
vendor: mikrotik model: winbox
vendor: mikrotik model: routeros

Fixing software vulnerabilities

Trust: 3.0

Fetched: Dec. 30, 2021, 11:51 a.m., Published: -
 Vulnerabilities: configuration vulnerability
Affected productsExternal IDs

0patch fixes LPE vulnerability (CVE-2021-24084) in Mobile Device Management Service | Born's Tech and Windows World

Related entries in the VARIoT vulnerabilities database: VAR-202109-1909, VAR-202108-1005, VAR-202008-0248, VAR-202107-1010

Trust: 5.75

Fetched: Dec. 30, 2021, 11:51 a.m., Published: Nov. 27, 2021, 11:38 a.m.
 Vulnerabilities: privilege escalation, information disclosure
Affected productsExternal IDs
vendor: zoom model: zoom
db: NVD ids: CVE-2020-0687, CVE-2020-1337, CVE-2021-40444, CVE-2021-24084, CVE-2021-26877, CVE-2020-1530, CVE-2021-26415, CVE-2020-08810, CVE-2021-34484, CVE-2020-06830, CVE-2020-1048, CVE-2020-1113, CVE-2020-1472, CVE-2020-06740, CVE-2020-1300, CVE-2020-1062, CVE-2021-34527, CVE-2020-1013, CVE-2020-1015, CVE-2021-319590

Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 4.25

Fetched: Dec. 30, 2021, 11:51 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228