VARIoT latest news about IoT security

BlackBerry QNX flaw left cars and medical devices vulnerable to attack \| Engadget Trust: 3.25 Fetched: Nov. 4, 2021, 1:02 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:

blackberry

model:

blackberry

CISA Warns of Vulnerabilities in Banned Chinese Surveillance Tech - Nextgov Trust: 3.0 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 28, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2021-36260

Zero-click RCE vulnerability in Hikvision security cameras could lead to network compromise \| The Daily Swig Trust: 5.5 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 20, 2021, 3:02 p.m.	Vulnerabilities: injection attack, code execution, command injection

Affected products

External IDs

vendor:	hikvision	model:	hikvision
vendor:	hikvision	model:	camera

db:

NVD

ids:

CVE-2021-36260

Google Releases Chrome Update Fixing Seven Severe Vulnerabilities \| iPhone in Canada Blog Trust: 6.25 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 29, 2021, 2:37 p.m.	Vulnerabilities: memory corruption

Affected products

External IDs

vendor:

google

model:

chrome

db:

NVD

ids:

CVE-2021-38000, CVE-2021-38003

Dissection of Winbox critical vulnerability - n0p Blog Related entries in the VARIoT vulnerabilities database: VAR-201808-0384 Trust: 3.5 Fetched: Nov. 4, 2021, 1:02 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	mikrotik	model:	mikrotik router
vendor:	mikrotik	model:	winbox
vendor:	mikrotik	model:	routeros
vendor:	mikrotik	model:	mikrotik
vendor:	mikrotik	model:	routers
vendor:	mikrotik	model:	router
vendor:	cisco	model:	routers
vendor:	cisco	model:	router

db:

NVD

ids:

CVE-2018-14847

Pixel Update Bulletin-November 2021 \| Android Open Source Project Related entries in the VARIoT vulnerabilities database: VAR-202111-1788, VAR-202111-1790, VAR-202111-1789, VAR-202111-1791, VAR-202111-0778, VAR-202111-0517 Trust: 4.5 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Nov. 16, 2021, midnight	Vulnerabilities: denial of service, code execution, information disclosure

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	pixel
vendor:	broadcom	model:	broadcom

db:

NVD

ids:

CVE-2021-1041, CVE-2021-1042, CVE-2018-25015, CVE-2021-1045, CVE-2021-1043, CVE-2021-1903, CVE-2021-30265, CVE-2021-30263, CVE-2021-30264, CVE-2021-1044

Column \| Destigmatizing Medical Device Vulnerability Disclosures to Improve Healthcare Cybersecurity - MedTech Intelligence Trust: 3.5 Fetched: Nov. 4, 2021, 1:02 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	macbook
vendor:	apple	model:	safari
vendor:	apple	model:	ipad
vendor:	apple	model:	macbook air
vendor:	apple	model:	iphone
vendor:	apple	model:	apple tv
vendor:	google	model:	android
vendor:	google	model:	home

db:

ICS CERT

ids:

ICSMA-20-049-02, ICSMA-20-023-01

Dangerous XSS bug in Google Chrome’s ‘New Tab’ page bypassed security features \| The Daily Swig Trust: 4.5 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Nov. 3, 2021, 3:02 p.m.	Vulnerabilities: cross-site request forgery, request forgery, cross-site scripting...

Affected products

External IDs

vendor:	google	model:	chrome
vendor:	google	model:	google chrome

Industrial Internet Of Things (IoT) Identifying The Vulnerabilities Of Field Devices Trust: 3.5 Fetched: Nov. 4, 2021, 1:02 p.m., Published: -	Vulnerabilities: data injection

Affected products

External IDs

vendor:	serve	model:	serve
vendor:	rapid	model:	scada

What is Vulnerability Assessment? Testing Process, VAPT Scan Tool Trust: 3.5 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Dec. 27, 2021, 8:32 a.m.	Vulnerabilities: sql injection, cross-site scripting

Affected products

External IDs

vendor:

wireshark

model:

wireshark

NVD - CVE-2021-41503 Related entries in the VARIoT vulnerabilities database: VAR-202109-1107 Trust: 3.75 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 1, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	d-link	model:	dcs-5000l_firmware
vendor:	d-link	model:	dcs-5000l
vendor:	d-link	model:	dcs-932l
vendor:	d-link	model:	dcs-932l_firmware
vendor:	dlink	model:	dcs-5000l_firmware
vendor:	dlink	model:	dcs-5000l
vendor:	dlink	model:	dcs-932l
vendor:	dlink	model:	dcs-932l_firmware

db:

NVD

ids:

CVE-2021-41503

Dahua Authentication Bypass ≈ Packet Storm Related entries in the VARIoT vulnerabilities database: VAR-202109-1875, VAR-202109-1874 Trust: 3.75 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 6, 2021, midnight	Vulnerabilities: authentication bypass

Affected products

External IDs

db:

NVD

ids:

CVE-2021-33044, CVE-2021-33045

Fixing the authentication bypass vulnerability affecting REST APIs \| ManageEngine ADSelfService Plus Trust: 4.5 Fetched: Nov. 4, 2021, 1:02 p.m., Published: -	Vulnerabilities: code execution, authentication bypass, command execution...

Affected products

External IDs

db:

NVD

ids:

CVE-2021-40539

NVD - CVE-2021-1587 Trust: 5.5 Fetched: Nov. 4, 2021, 1:02 p.m., Published: -	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	nx-os software
vendor:	cisco	model:	nx-os
vendor:	cisco	model:	cisco systems
vendor:	cisco	model:	nexus_3000
vendor:	cisco	model:	cisco nx-os
vendor:	cisco	model:	nexus_3048
vendor:	cisco systems	model:	nx-os software
vendor:	cisco systems	model:	nx-os
vendor:	cisco systems	model:	cisco systems
vendor:	cisco systems	model:	nexus_3000
vendor:	cisco systems	model:	cisco nx-os
vendor:	cisco systems	model:	nexus_3048

db:

NVD

ids:

CVE-2021-1587

New 'Shrootless' Bug Could Let Attackers Install Rootkit on macOS Systems Related entries in the VARIoT vulnerabilities database: VAR-202108-2056 Trust: 3.75 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 29, 2021, 11:03 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

macos

db:

NVD

ids:

CVE-2021-30892

New AbstractEmu malware roots Android devices, evades detection Related entries in the VARIoT vulnerabilities database: VAR-201910-0902, VAR-202003-0573 Trust: 3.75 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 28, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	android
vendor:	samsung	model:	galaxy
vendor:	samsung	model:	samsung galaxy
vendor:	samsung	model:	samsung

db:

NVD

ids:

CVE-2019-2215, CVE-2020-0069, CVE-2020-0041

Cisco : Security vulnerabilities Related entries in the VARIoT vulnerabilities database: VAR-202110-0212, VAR-202110-1376, VAR-202110-1375, VAR-202110-0622, VAR-202110-1298, VAR-202111-0418, VAR-202111-0412, VAR-202109-0617, VAR-202110-1065, VAR-202109-0622, VAR-202110-0583, VAR-202110-1366, VAR-202110-0211, VAR-202111-0413, VAR-202110-0618, VAR-202110-1402, VAR-202110-1350, VAR-202109-0631, VAR-202110-1354, VAR-202109-0624, VAR-202110-0619, VAR-202110-0213, VAR-202111-0393, VAR-202110-1351, VAR-202110-0207, VAR-202110-1367, VAR-202110-1352, VAR-202110-0617, VAR-202110-1392, VAR-202111-0400, VAR-202110-0582, VAR-202111-0419, VAR-202109-0623, VAR-202110-1297, VAR-202110-1394, VAR-202111-0664, VAR-202108-0824, VAR-202110-1353, VAR-202108-0823, VAR-202109-0618, VAR-202110-0203, VAR-202110-0209, VAR-202110-1305, VAR-202110-0623, VAR-202111-0417, VAR-202110-1395, VAR-202110-1286, VAR-202111-0401, VAR-202110-1393, VAR-202110-1377 Trust: 5.25 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 2, 2021, midnight	Vulnerabilities: command injection, cross-site request forgery, directory traversal...

Affected products

External IDs

vendor:	cisco	model:	prime infrastructure
vendor:	cisco	model:	cisco meeting server
vendor:	cisco	model:	cisco prime infrastructure
vendor:	cisco	model:	series
vendor:	cisco	model:	sd-wan vmanage software
vendor:	cisco	model:	sd-wan
vendor:	cisco	model:	firepower
vendor:	cisco	model:	ios xr software
vendor:	cisco	model:	meeting
vendor:	cisco	model:	telepresence video communication server
vendor:	cisco	model:	routers
vendor:	cisco	model:	cisco webex
vendor:	cisco	model:	firepower management center
vendor:	cisco	model:	rv110w
vendor:	cisco	model:	cisco telepresence management suite
vendor:	cisco	model:	cisco web security appliance
vendor:	cisco	model:	cisco firepower management center
vendor:	cisco	model:	cisco prime collaboration
vendor:	cisco	model:	nexus
vendor:	cisco	model:	cisco prime collaboration provisioning
vendor:	cisco	model:	telepresence collaboration endpoint
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	rv130
vendor:	cisco	model:	rv215w
vendor:	cisco	model:	telepresence management suite
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	cisco meeting
vendor:	cisco	model:	link layer discovery protocol
vendor:	cisco	model:	small business
vendor:	cisco	model:	cisco expressway
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	sd-wan vmanage
vendor:	cisco	model:	meeting server
vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	telepresence
vendor:	cisco	model:	cisco sd-wan
vendor:	cisco	model:	webex
vendor:	cisco	model:	roomos
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	dna center
vendor:	cisco	model:	cisco ios xr
vendor:	cisco	model:	prime collaboration provisioning
vendor:	cisco	model:	cisco telepresence video communication server
vendor:	cisco	model:	cisco small business
vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	expressway series
vendor:	cisco	model:	ios xe sd-wan software
vendor:	cisco	model:	prime collaboration
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	cisco telepresence
vendor:	cisco	model:	rv130w
vendor:	cisco	model:	expressway
vendor:	cisco	model:	ios xr
vendor:	cisco	model:	cisco roomos
vendor:	cisco	model:	cisco identity services engine
vendor:	cisco	model:	web security appliance
vendor:	snort	model:	snort

db:

NVD

ids:

CVE-2021-34766, CVE-2021-34793, CVE-2021-34794, CVE-2021-34789, CVE-2021-34755, CVE-2021-34774, CVE-2021-40124, CVE-2021-34785, CVE-2021-34762, CVE-2021-34746, CVE-2021-34738, CVE-2021-34764, CVE-2021-34758, CVE-2021-40120, CVE-2021-40122, CVE-2021-40125, CVE-2021-40118, CVE-2021-34771, CVE-2021-34787, CVE-2021-34765, CVE-2021-40121, CVE-2021-34772, CVE-2021-40126, CVE-2021-40117, CVE-2021-34742, CVE-2021-34763, CVE-2021-40116, CVE-2021-40123, CVE-2021-34791, CVE-2021-40128, CVE-2009-1234, CVE-2021-34743, CVE-2021-34773, CVE-2021-34759, CVE-2021-34756, CVE-2021-34783, CVE-2021-40119, CVE-2021-34749, CVE-2021-40114, CVE-2021-34745, CVE-2021-34786, CVE-2021-34782, CVE-2021-34748, CVE-2021-34761, CVE-2021-34760, CVE-2021-34784, CVE-2021-34781, CVE-2021-34754, CVE-2021-40115, CVE-2021-34790, CVE-2021-34792

Apple fixes zero-day in iOS and iPadOS 15.0.2 emergency release: Detect and Prioritize Vulnerabilities using VMDR for Mobile Devices - REAL security Related entries in the VARIoT vulnerabilities database: VAR-202104-0750, VAR-202108-2172, VAR-202108-1374, VAR-202109-1311, VAR-202109-1315, VAR-202109-1316, VAR-202109-1420, VAR-202109-1419, VAR-202104-0751, VAR-202109-1313, VAR-202110-0332, VAR-202104-0753, VAR-202108-1057, VAR-202108-2057, VAR-202104-0647 Trust: 4.5 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 19, 2021, 6:08 a.m.	Vulnerabilities: integer overflow

Affected products

External IDs

vendor:	google	model:	android
vendor:	apple	model:	iphone
vendor:	apple	model:	ipad air
vendor:	apple	model:	ipad
vendor:	apple	model:	ipod touch

db:

NVD

ids:

CVE-2021-1870, CVE-2021-30858, CVE-2021-30869, CVE-2021-30661, CVE-2021-30665, CVE-2021-30666, CVE-2021-30762, CVE-2021-30761, CVE-2021-1871, CVE-2021-30663, CVE-2021-30807, CVE-2021-1879, CVE-2021-30860, CVE-2021-30883, CVE-2021-1782

Apple iOS 15.0.2 is here; check what’s up with the new update \| PINKVILLA Related entries in the VARIoT vulnerabilities database: VAR-202108-2057 Trust: 3.5 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 12, 2021, 2:35 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	ipad air
vendor:	apple	model:	iphone
vendor:	apple	model:	ipad

db:

NVD

ids:

CVE-2021-30883

Cisco Bug: CSCuw77959 - Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability Trust: 5.75 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 25, 2021, midnight	Vulnerabilities: buffer overflow, denial of service, code execution

Affected products

External IDs

vendor:	cisco	model:	series switches
vendor:	cisco	model:	asr 1000 series
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	asr 1000
vendor:	cisco	model:	series wireless controllers
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	integrated services routers
vendor:	cisco	model:	routers
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	series integrated services routers
vendor:	cisco	model:	integrated services virtual router
vendor:	cisco	model:	catalyst 9800
vendor:	cisco	model:	router
vendor:	cisco	model:	series
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	cisco asr 1000 series

db:

CISCO

ids:

CISCO-SA-20170927-DHCP

VARIoT news about IoT security