VARIoT latest news about IoT security

Determined APT is exploiting ManageEngine ServiceDesk Plus vulnerability (CVE-2021-44077) - Help Net Security Trust: 4.5 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 3, 2021, 10:34 a.m.	Vulnerabilities: authentication bypass

Affected products

External IDs

vendor:	palo alto networks	model:	palo alto networks
vendor:	palo alto networks	model:	networks
vendor:	zoho	model:	manageengine servicedesk plus
vendor:	palo	model:	palo alto networks
vendor:	palo	model:	networks

db:

NVD

ids:

CVE-2021-33617, CVE-2021-44077

US warns hundreds of millions of devices at risk from newly revealed software vulnerability - KAKE Trust: 3.25 Fetched: Dec. 16, 2021, 8:11 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

cve-2021-44228

The Log4j security flaw could impact the entire internet. Here's what you should know - CNN Trust: 3.5 Fetched: Dec. 16, 2021, 8:11 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	canary	model:	canary
vendor:	check point	model:	check point

db:	NVD	ids:	cve-2021-44228
db:	USCERT	ids:	AB71-632D

CVE security vulnerability database. Security vulnerabilities, exploits, references and more Related entries in the VARIoT vulnerabilities database: VAR-202112-0566, VAR-202112-0785, VAR-202112-0784, VAR-202112-0786, VAR-202112-0105, VAR-202112-0562 Trust: 5.25 Fetched: Dec. 16, 2021, 8:11 p.m., Published: -	Vulnerabilities: code injection, code execution, os command injection...

Affected products

External IDs

vendor:	zoho	model:	opmanager
vendor:	zoho	model:	oputils
vendor:	zoho	model:	manageengine desktop central
vendor:	zoho	model:	manageengine opmanager
vendor:	google	model:	android

db:

NVD

ids:

CVE-2021-44557, CVE-2021-44686, CVE-2021-44680, CVE-2021-44514, CVE-2021-44228, CVE-2021-44847, CVE-2021-44556, CVE-2021-45015, CVE-2021-44948, CVE-2021-44657, CVE-2021-44480, CVE-2021-45014, CVE-2021-44966, CVE-2021-44679, CVE-2021-45043, CVE-2021-44523, CVE-2021-44513, CVE-2021-44937, CVE-2021-44942, CVE-2021-44677, CVE-2021-44518, CVE-2018-12699, CVE-2021-44682, CVE-2021-44524, CVE-2021-44522, CVE-2021-44527, CVE-2021-44681, CVE-2021-44515, CVE-2021-45046, CVE-2021-44549, CVE-2021-44512, CVE-2021-44479, CVE-2021-44529, CVE-2021-45017, CVE-2021-44450, CVE-2021-44685, CVE-2021-44725, CVE-2021-44538, CVE-2021-44833, CVE-2021-44949, CVE-2021-44726, CVE-2009-1234, CVE-2021-44655, CVE-2021-44684, CVE-2021-44848, CVE-2021-45078, CVE-2021-44965, CVE-2021-44653, CVE-2021-44935, CVE-2021-45018, CVE-2021-44449, CVE-2021-44448, CVE-2021-44678

2021 another record-breaker for vulnerability disclosure Trust: 3.75 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 8, 2021, midnight	Vulnerabilities: cross-site scripting

Affected products

External IDs

vendor:

trend

model:

security

Fortinet : Security vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-202112-0356, VAR-202112-0420, VAR-202111-0330, VAR-202112-0380, VAR-202112-0286, VAR-202108-0658, VAR-202112-0329, VAR-202112-0399, VAR-202108-0657, VAR-202111-0302, VAR-202111-0241, VAR-202112-0330, VAR-202112-0405, VAR-202112-0524, VAR-202111-0343, VAR-202112-0339, VAR-202109-0502, VAR-202111-0306, VAR-202111-0986, VAR-202112-0406, VAR-202111-0305, VAR-202112-0288, VAR-202111-0314, VAR-202112-0384, VAR-202112-0401, VAR-202108-0712, VAR-202112-0328, VAR-202111-0313, VAR-202112-0421, VAR-202112-0523, VAR-202112-0378, VAR-202112-0331, VAR-202112-0332, VAR-202111-0322, VAR-202111-0284, VAR-202110-0150, VAR-202110-0151, VAR-202109-0501, VAR-202112-0526, VAR-202112-0400, VAR-202112-0379, VAR-202112-0287, VAR-202112-0383, VAR-202111-0317, VAR-202112-0338, VAR-202110-0149, VAR-202112-0367, VAR-202112-0525, VAR-202112-0729, VAR-202111-0307 Trust: 5.75 Fetched: Dec. 16, 2021, 8:11 p.m., Published: -	Vulnerabilities: code execution, os command injection, buffer overflow...

Affected products

External IDs

vendor:

fortigate

model:

fortios

db:

NVD

ids:

CVE-2021-42760, CVE-2021-41030, CVE-2021-36176, CVE-2021-36191, CVE-2021-43067, CVE-2021-32603, CVE-2021-43064, CVE-2021-43204, CVE-2021-32602, CVE-2021-42754, CVE-2021-36172, CVE-2021-41024, CVE-2021-41017, CVE-2021-43071, CVE-2021-36183, CVE-2021-36180, CVE-2021-36182, CVE-2021-36186, CVE-2021-32600, CVE-2021-36195, CVE-2021-36187, CVE-2021-41029, CVE-2021-36174, CVE-2021-41021, CVE-2021-36189, CVE-2021-36168, CVE-2021-43063, CVE-2021-36185, CVE-2021-41013, CVE-2021-36188, CVE-2021-36190, CVE-2021-41015, CVE-2021-41014, CVE-2009-1234, CVE-2021-41019, CVE-2021-36192, CVE-2021-36175, CVE-2021-36178, CVE-2021-36179, CVE-2021-36167, CVE-2021-36194, CVE-2021-41027, CVE-2021-42752, CVE-2021-41025, CVE-2021-36181, CVE-2021-42757, CVE-2021-36170, CVE-2021-43068, CVE-2021-43065, CVE-2021-42758, CVE-2021-36184

Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021 Related entries in the VARIoT vulnerabilities database: VAR-202109-1802 Trust: 4.0 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 16, 2021, 9:24 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	socialminer
vendor:	cisco	model:	cisco unified communications manager
vendor:	cisco	model:	telepresence
vendor:	cisco	model:	prime collaboration
vendor:	cisco	model:	unified communications manager im & presence service
vendor:	cisco	model:	prime network services controller
vendor:	cisco	model:	series
vendor:	cisco	model:	prime network
vendor:	cisco	model:	unified communications manager
vendor:	cisco	model:	virtual topology system
vendor:	cisco	model:	cisco prime collaboration
vendor:	cisco	model:	nexus
vendor:	cisco	model:	cisco prime network services controller
vendor:	cisco	model:	cisco hosted collaboration mediation fulfillment
vendor:	cisco	model:	hosted collaboration mediation fulfillment
vendor:	cisco	model:	prime collaboration assurance
vendor:	cisco	model:	cisco virtual topology system
vendor:	cisco	model:	cisco unified communications domain manager
vendor:	cisco	model:	unified communications
vendor:	cisco	model:	virtual security gateway
vendor:	cisco	model:	cisco socialminer
vendor:	cisco	model:	unified communications domain manager
vendor:	cisco	model:	cisco prime network
vendor:	cisco	model:	video surveillance media server
vendor:	cisco	model:	cisco prime collaboration assurance
vendor:	cisco	model:	unified communications manager session management edition

db:

NVD

ids:

CVE-2021-40438

CVE-2021-44515\| ManageEngine Trust: 5.25 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 1, 2022, midnight	Vulnerabilities: authentication bypass

Affected products

External IDs

db:

NVD

ids:

CVE-2021-44515

Critical SonicWall VPN Vulnerability Allows Complete Takeover - Lansweeper Trust: 4.75 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 9, 2021, 1:52 p.m.	Vulnerabilities: code execution, buffer overflow

Affected products

External IDs

vendor:	sonicwall	model:	sma 100
vendor:	sonicwall	model:	secure mobile access

Current Activity \| CISA Trust: 3.25 Fetched: Dec. 16, 2021, 8:11 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-44077

Trane Symbio (Update B) \| CISA Trust: 3.75 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 1, 2022, midnight	Vulnerabilities: code injection

Affected products

External IDs

db:

NVD

ids:

CVE-2021-38448

Security flaw in widely-used logging system impacts Minecraft, iCloud, more Trust: 4.0 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 11, 2021, 5:27 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:

apple

model:

icloud

The Bug Report - November Edition \| McAfee Blogs Trust: 5.25 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 1, 2021, 5:01 a.m.	Vulnerabilities: buffer overflow, code execution

Affected products

External IDs

vendor:	dram	model:	dram
vendor:	palo	model:	networks
vendor:	palo	model:	pan-os
vendor:	palo	model:	firewall
vendor:	palo	model:	palo alto networks
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	pan-os
vendor:	palo alto networks	model:	firewall
vendor:	palo alto networks	model:	palo alto networks
vendor:	unbound	model:	unbound
vendor:	dnsmasq	model:	dnsmasq

db:

NVD

ids:

CVE-2021-3064, CVE-2021-42114, CVE-2021-20322

LIVEcommunity - Protect Your IoT Devices from Log4j 2 Vulnerability - LIVEcommunity - 453381 Related entries in the VARIoT vulnerabilities database: VAR-202112-1782, VAR-202112-0566, VAR-202112-0562 Trust: 4.5 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 15, 2021, 8:35 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	palo	model:	palo alto networks
vendor:	palo	model:	networks
vendor:	palo	model:	firewall
vendor:	palo alto networks	model:	palo alto networks
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	firewall

db:

NVD

ids:

CVE-2021-45105, CVE-2021-44228, CVE-2021-45046

CVE-2021-44228 - Log4j RCE 0-day mitigation Related entries in the VARIoT vulnerabilities database: VAR-202112-0566 Trust: 4.0 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 10, 2021, 11:39 a.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-44228

Kryptowire & Orange to Uncover Vulnerabilities in Mobile Devices \| AI-TechPark Trust: 3.75 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 2, 2022, midnight	Vulnerabilities: command execution, script execution

Affected products	External IDs

Vulnerabilities found in HP multi-function printers Trust: 4.0 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Nov. 30, 2021, 2 p.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-39237, CVE-2021-39238

Microsoft addresses a high-severity vulnerability in Azure AD Trust: 4.0 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Nov. 18, 2021, 11:26 p.m.	Vulnerabilities: information disclosure

Affected products

External IDs

db:

NVD

ids:

CVE-2021-42306

Millions Of Devices At Risk Over New Software Vulnerability - America HQ Related entries in the VARIoT vulnerabilities database: VAR-202112-0566 Trust: 4.75 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 15, 2021, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	canary	model:	canary
vendor:	apple	model:	icloud

db:

NVD

ids:

CVE-2021-44228

Countless Servers Are Vulnerable to Apache Log4j Zero-Day Exploit \| PCMag Related entries in the VARIoT vulnerabilities database: VAR-202112-0566 Trust: 5.0 Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 11, 2022, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:

apple

model:

watch

db:

NVD

ids:

CVE-2021-44228

VARIoT news about IoT security