Sign-up

VARIoT news about IoT security

A Vulnerability in HP Printer Products Could Allow for Arbitrary Code Execution. | New York State Office of Information Technology Services

Trust: 3.5

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 1, 2021, 9:35 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-39238

Critical vulnerability in something? @ AskWoody

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 5.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 11, 2021, 2 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: icloud
db: NVD ids: CVE-2021-44228

Researchers discover serious server vulnerability in iPhone and Tesla devices | TechGig

Trust: 4.75

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 14, 2021, 10:54 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: icloud
vendor: apple model: iphone

PSA: PATCH YOUR DEVICES NOW. The log4shell vulnerability allows remote code execution on all devices running log4j, a popular Java library. PATCH YOUR DEVICES NOW. | Java LibHunt

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 4.25

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 11, 2021, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228

Multiple Vulnerabilities in Distributed Data Systems WebHMI Could Allow for Arbitrary Code Execution | New York State Office of Information Technology Services

Trust: 3.25

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 7, 2021, 5:49 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-43931, CVE-2021-43936

Millions Of Devices At Risk Over New Software Vulnerability | The Original MinuteMan Project

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 4.75

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 16, 2021, 2 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: canary model: canary
vendor: apple model: icloud
db: NVD ids: CVE-2021-44228

Kryptowire Collaborates with Orange and Uncovers Major Vulnerabilities in Mobile Devices at Scale | Tech Times

Trust: 4.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 14, 2021, 6 p.m.
 Vulnerabilities: command execution
Affected productsExternal IDs
vendor: check point model: check point

Moobot botnet exploits CVE-2021-36260 flaw in Hikvision productsSecurity Affairs

Trust: 4.25

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 9, 2021, 7:47 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: hikvision model: hikvision
db: NVD ids: CVE-2021-36260

Multiple Vulnerabilities in SonicWall SMA 100 Series Could Allow for Arbitrary Code Execution | New York State Office of Information Technology Services

Trust: 4.25

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 9, 2021, 8:20 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: sonicwall model: sma 100

Forescout Research Labs concludes Project Memoria - Lessons Learned after 18 months of vulnerability research - Forescout

Related entries in the VARIoT vulnerabilities database: VAR-202103-0365, VAR-202104-1830, VAR-202104-1925

Trust: 3.5

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Nov. 11, 2021, 12:33 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: nucleus
vendor: siemens model: nucleus net
db: NVD ids: CVE-2016-20009, CVE-2021-25664, CVE-2021-25663, CVE-2020-17529, CVE-2020-17528

Why techies are losing sleep over Log4j vulnerability - The Federal

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 3.75

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 14, 2021, 6:12 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228

Microsoft Informs Users of High-Severity Vulnerability in Azure AD

Trust: 3.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Nov. 18, 2021, 6:30 p.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2021-42306

Hillrom Welch Allyn Cardio vulnerability poses unauthorized access risk

Trust: 3.5

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 10, 2021, 2:57 p.m.
 Vulnerabilities: authentication bypass, authentication vulnerability
Affected productsExternal IDs

Kryptowire Collaborates with Orange and Uncovers Major Vulnerabilities in Mobile Devices at Scale

Trust: 3.75

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 13, 2021, 1 p.m.
 Vulnerabilities: script execution, command execution
Affected productsExternal IDs

IoT under attack: Security is still not good enough on these edge devices | ZDNet

Trust: 3.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 9, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sonicwall model: remote access
vendor: sonicwall model: sma 100

Vulnerabilities Identified in Hillrom Medical Device Management Products

Trust: 4.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: June 4, 2021, 10 a.m.
 Vulnerabilities: memory corruption, code execution, information leakage
Affected productsExternal IDs
db: NVD ids: CVE-2021-27410, CVE-2021-27408

Security Advisory: Apache Log4j Vulnerability - Product Announcements and Alerts - AppDynamics Documentation

Related entries in the VARIoT vulnerabilities database: VAR-202112-1782, VAR-202112-2011, VAR-202112-0566, VAR-202112-0562

Trust: 4.5

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 14, 2022, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: node.js model: node.js
vendor: cisco model: meeting
db: NVD ids: CVE-2021-45105, CVE-2021-44832, CVE-2021-44228, CVE-2021-45046

Apache Log4j Vulnerability | Fortinet Blog

Related entries in the VARIoT vulnerabilities database: VAR-202112-1782, VAR-202112-0562, VAR-202112-0566

Trust: 5.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 12, 2021, 8 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2021-45105, CVE-2021-45046, CVE-2021-4428, CVE-2021-45104, CVE-2021-44228

Kryptowire Collaborates With Orange and Finds Vulnerabilities in Mobile Devices

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 3.75

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 15, 2021, 2 p.m.
 Vulnerabilities: command execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228, cve-2021-44228

'Moobot' Botnet Targets Hikvision Devices via Recent Vulnerability | SecurityWeek.Com

Trust: 3.5

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 16, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: hikvision model: hikvision
vendor: hikvision model: camera
vendor: hikvision model: hikvision camera
db: NVD ids: CVE-2021-36260