Sign-up

VARIoT news about IoT security

Patch Now Apache Log4j Vulnerability Called Log4Shell Actively Exploited

Related entries in the VARIoT vulnerabilities database: VAR-202112-1782, VAR-202112-2011, VAR-202112-0562, VAR-202112-0566

Trust: 3.0

Fetched: Dec. 27, 2021, 1:07 p.m., Published: Dec. 13, 2021, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2021-45105, CVE-2021-44832, CVE-2021-45046, CVE-2021-44228

Log4j: List of vulnerable products and vendor advisories

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 4.75

Fetched: Dec. 23, 2021, 11:55 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: sophos model: cloud optix
vendor: sophos model: endpoint protection
vendor: sophos model: mobile
vendor: cisco model: firepower
vendor: cisco model: cisco webex meetings server
vendor: cisco model: cisco webex
vendor: cisco model: identity services engine
vendor: cisco model: sd-wan vmanage
vendor: cisco model: meetings server
vendor: cisco model: cisco sd-wan
vendor: cisco model: series
vendor: cisco model: data center network manager
vendor: cisco model: webex meetings
vendor: cisco model: firepower threat defense
vendor: cisco model: webex meetings server
vendor: cisco model: sd-wan
vendor: cisco model: webex
vendor: cisco model: cisco webex meetings
vendor: tippingpoint model: tippingpoint
vendor: ubiquiti model: unifi
vendor: symantec model: endpoint protection
vendor: symantec model: web security
vendor: symantec model: symantec endpoint protection
vendor: cpanel model: cpanel
vendor: dovecot model: dovecot
vendor: trend model: security
vendor: trendmicro model: security
vendor: sonicwall model: email security
vendor: sonicwall model: analyzer
vendor: citrix model: gateway
vendor: broadcom model: api gateway
vendor: broadcom model: linux
vendor: broadcom model: broadcom
vendor: couchbase model: server
vendor: trend micro model: security
db: NVD ids: CVE-2021-44228

Log4j Vulnerability (CVE-2021-44228) - Does it Affect My Device? - 5Gstore Blog

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 3.0

Fetched: Dec. 23, 2021, 11:55 a.m., Published: Dec. 17, 2021, 5:33 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228

Vulnerability in recent MediaTek chips could allow apps to eavesdrop on you, but it's been fixed

Trust: 4.75

Fetched: Dec. 23, 2021, 9:32 a.m., Published: Nov. 24, 2021, 11 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: huawei model: huawei
vendor: nokia model: nokia
vendor: nokia model: series
vendor: check point model: check point
vendor: google model: android
vendor: xiaomi model: redmi

CISA releases advisory on five Apache HTTP server vulnerabilities affecting Cisco products | ZDNet

Related entries in the VARIoT vulnerabilities database: VAR-202109-1803, VAR-202109-1805, VAR-202109-1804, VAR-202109-1802

Trust: 3.75

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 9, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cups model: cups
vendor: cisco model: unified communications
vendor: cisco model: cisco prime collaboration provisioning
vendor: cisco model: prime optical
vendor: cisco model: cisco telepresence
vendor: cisco model: cisco ucs director
vendor: cisco model: prime infrastructure
vendor: cisco model: cisco ucs manager
vendor: cisco model: cisco security manager
vendor: cisco model: firepower
vendor: cisco model: telepresence
vendor: cisco model: firepower management center
vendor: cisco model: cisco policy suite
vendor: cisco model: fxos
vendor: cisco model: security manager
vendor: cisco model: ucs director
vendor: cisco model: policy suite
vendor: cisco model: smart net total care
vendor: cisco model: cisco prime infrastructure
vendor: cisco model: wide area application services
vendor: cisco model: cisco unified communications manager
vendor: cisco model: expressway series
vendor: cisco model: ucs manager
vendor: cisco model: cisco prime optical
vendor: cisco model: cisco prime collaboration
vendor: cisco model: cisco unified communications domain manager
vendor: cisco model: telepresence video communication server
vendor: cisco model: unified communications domain manager
vendor: cisco model: cisco cloud services platform 2100
vendor: cisco model: cisco firepower management center
vendor: cisco model: prime collaboration provisioning
vendor: cisco model: ucs central software
vendor: cisco model: unified communications manager
vendor: cisco model: dna center
vendor: cisco model: cloud services platform
vendor: cisco model: unified communications manager im & presence service
vendor: cisco model: cloud services platform 2100
vendor: cisco model: series
vendor: cisco model: expressway
vendor: cisco model: cisco expressway
vendor: cisco model: prime collaboration
vendor: cisco model: cisco telepresence video communication server
db: NVD ids: CVE-2021-39275, CVE-2021-34798, CVE-2021-36160, CVE-2021-33193, CVE-2021-40438

Lack of Patching Leaves 300,000 Routers at Risk for Attack

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 3.5

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 9, 2021, 10:25 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: mikrotik model: mikrotik
vendor: mikrotik model: winbox
vendor: mikrotik model: router
vendor: mikrotik model: routers
vendor: mikrotik model: routeros
vendor: mikrotik model: mikrotik routers
db: NVD ids: CVE-2021-44228, cve-2021-44228

2021 marks another record year for security vulnerabilities - TechRepublic

Trust: 3.5

Fetched: Dec. 16, 2021, 8:11 p.m., Published: March 16, 2021, midnight
 Vulnerabilities: sql injection
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: google chrome
vendor: trend model: security

Threat Signal Report | FortiGuard

Trust: 4.75

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Nov. 19, 2021, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-21972, CVE-2021-21973
db: VMWARE ids: VMSA-2021-0002

OpenEuler open source community Log4j high-risk security vulnerability repair is completed - Huawei Update

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 4.25

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 12, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: huawei model: huawei
db: NVD ids: CVE-2021-44228

Vulnerability in Windows 10 URI handler leads to remote code execution | Malwarebytes Labs

Trust: 3.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 8, 2021, 2:52 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

Researchers Finds Security Flaw Affecting 37% of Smartphones

Trust: 5.75

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Nov. 24, 2021, 4:29 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: xiaomi model: miui
vendor: xiaomi model: redmi
vendor: vivo model: vivo
vendor: check point model: check point
db: NVD ids: CVE-2021-0662, CVE-2021-0661, CVE-2021-0663, CVE-2021-0673

Patch Now: Sonicwall Fixes Multiple Vulnerabilities in SMA 100 Devices | Rapid7 Blog

Related entries in the VARIoT vulnerabilities database: VAR-202112-0361, VAR-202112-0426, VAR-202112-0425, VAR-202112-0424, VAR-202112-0389, VAR-202112-0732, VAR-202112-0731, VAR-202112-0730

Trust: 5.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 8, 2021, 6:57 p.m.
 Vulnerabilities: command injection, buffer overflow, path traversal...
Affected productsExternal IDs
vendor: sonicwall model: sma 100
db: NVD ids: CVE-2021-20038, CVE-2021-20043, CVE-2021-20044, CVE-2021-20045, CVE-2021-20039, CVE-2021-20040, CVE-2021-20041, CVE-2021-20042

A Vulnerability in HP Printer Products Could Allow for Arbitrary Code Execution.

Trust: 3.75

Fetched: Dec. 16, 2021, 8:11 p.m., Published: -
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2021-39238

Multiple Vulnerabilities in Distributed Data Systems WebHMI Could Allow for Arbitrary Code Execution

Trust: 5.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 7, 2022, 7:33 p.m.
 Vulnerabilities: code execution, authentication vulnerability, file upload vulnerability...
Affected productsExternal IDs
db: NVD ids: CVE-2021-43936, CVE-2021-43931

Hackers actively exploiting 0-day in Ubiquitous Apache Log4j tool

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 4.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 11, 2021, 4:18 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228

CISA Adds Thirteen Known Exploited Vulnerabilities to Catalog | CISA

Related entries in the VARIoT vulnerabilities database: VAR-201907-1641, VAR-202112-1044, VAR-201712-0864, VAR-202112-0566

Trust: 4.75

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 24, 2021, midnight
 Vulnerabilities: authentication bypass, access control vulnerability, privilege management vulnerability...
Affected productsExternal IDs
vendor: embedthis model: goahead
db: NVD ids: CVE-2019-13272, CVE-2021-44168, CVE-2017-17562, CVE-2020-8816, CVE-2021-35394, CVE-2019-0193, CVE-2019-10758, CVE-2010-1871, CVE-2021-44228, CVE-2019-7238, CVE-2021-44515, CVE-2020-17463, CVE-2017-12149

Protect your smartphone from cyber attacks. With the innovation of Samsung - Siamphone.com

Trust: 3.5

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 12, 2021, 5:21 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: galaxy
vendor: samsung model: knox
vendor: samsung model: samsung
vendor: samsung model: mobile

What the Pentagon Must do to Defend Itself from Cyber Attacks | The National Interest

Trust: 3.5

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Nov. 18, 2021, 2 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: huawei model: huawei

Zyxel security advisory for pre-configured password management vulnerability of home routers and WiFi systems | Zyxel

Trust: 3.75

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 23, 2021, 8:32 a.m.
 Vulnerabilities: password management vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2021-35033

NVD - CVE-2021-34794

Related entries in the VARIoT vulnerabilities database: VAR-202110-1375

Trust: 4.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 3, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: firepower_threat_defense
vendor: cisco model: asa_5580_firmware
vendor: cisco model: adaptive_security_appliance
vendor: cisco model: asa_5545-x_firmware
vendor: cisco model: asa_5580
vendor: cisco model: asa_5505_firmware
vendor: cisco model: asa_5555-x_firmware
vendor: cisco model: asa_5585-x
vendor: cisco model: asa_5525-x_firmware
vendor: cisco model: asa_5585-x_firmware
vendor: cisco model: asa_5505
vendor: cisco model: asa_5512-x_firmware
vendor: cisco model: asa_5515-x_firmware
db: NVD ids: CVE-2021-34794