Sign-up

VARIoT news about IoT security

Security Vulnerability: Update to the latest version of Zoom on your devices | IT Matters

Trust: 3.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Nov. 28, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: zoom model: zoom
vendor: zoom model: zoom client
vendor: zoom model: client

Apache Log4j Vulnerability Guidance | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 5.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 2, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228

Researchers trigger new exploit by renaming an iPhone and a Tesla - The Verge

Trust: 3.75

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 13, 2021, 8:29 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone
db: NVD ids: cve-2021-44228

Apache Log4j RCE vulnerability & Bosch IoT Suite - Developer Bosch IoT Suite

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 3.25

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 14, 2021, 11:04 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228

‘Extremely bad’ vulnerability found in widely used logging system - The Verge

Trust: 3.75

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 10, 2021, 8:52 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: icloud

Update: Notice on potential impact of Apache Log4j vulnerability towards Ricoh products and services | Global | Ricoh

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 3.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 15, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228

After Log4j, December's Patch Tuesday has snuck up on us | Malwarebytes Labs

Trust: 5.5

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 16, 2021, 10:47 a.m.
 Vulnerabilities: buffer overflow, memory corruption, code execution
Affected productsExternal IDs
vendor: google model: chrome
vendor: apple model: webkit
vendor: apple model: safari
db: NVD ids: CVE-2021-43217, CVE-2021-43890, CVE-2021-43883, CVE-2021-41333, CVE-2021-43215, CVE-2021-42310, CVE-2021-43899, CVE-2021-43905

Microsoft Defender for Endpoint - Mobile Threat Defense | Microsoft Docs

Trust: 3.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 4, 2022, 4:10 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

Apache Log4j 2 Vulnerability (CVE-2021-44228) Information | Zebra

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566, VAR-202112-0562

Trust: 4.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 2, 2022, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228, CVE-2021-45046

Severe Chrome bug allowed RCE on devices running remote headless interface | The Daily Swig

Trust: 3.75

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 14, 2021, 1:45 p.m.
 Vulnerabilities: code execution, cross-site scripting
Affected productsExternal IDs
vendor: google model: chrome

Security Notification - Command Injection Vulnerability in Some Hikvision products | Command Injection Vulnerability | Hikvision

Trust: 5.25

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 16, 2022, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: hikvision model: hikvision

U.S. warns new software flaw leaves millions of computers vulnerable

Trust: 3.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: cve-2021-44228

Vulnerability methods and properties | Microsoft Docs

Trust: 3.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 3, 2021, midnight
 Vulnerabilities: denial of service, privilege escalation
Affected productsExternal IDs

Chinese hackers are already exploiting 'fully weaponised' Log4shell software vulnerability | Daily Mail Online

Trust: 3.5

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 11, 2021, 11:23 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: icloud
vendor: google model: android
vendor: check point model: check point

Cybersecurity, multiple vulnerabilities in Android OS

Trust: 3.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 13, 2021, 5:27 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

Mama Always Told Me Not to Trust Strangers without Certificates

Related entries in the VARIoT vulnerabilities database: VAR-202109-1063

Trust: 6.5

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Sept. 21, 2021, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: netgear model: r6900p
vendor: netgear model: r6700
vendor: netgear model: r7000
vendor: netgear model: r7000p
vendor: netgear model: r7850
vendor: netgear model: r6400v2
vendor: netgear model: r6900
vendor: netgear model: r7900
vendor: netgear model: r6700v3
vendor: netgear model: rs400
vendor: netgear model: r8000
vendor: netgear model: router
vendor: serve model: serve
db: NVD ids: CVE-2021-40847

The Log4j Log4Shell Vulnerability: Overview, Detection, and Remediation | Datadog

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 3.75

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Jan. 17, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228

Over 300,000 MikroTik Devices Found Vulnerable to Remote Hacking Bugs

Related entries in the VARIoT vulnerabilities database: VAR-202111-0616, VAR-201910-0547, VAR-201808-0384, VAR-201910-0546, VAR-201803-2171

Trust: 5.5

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 9, 2021, 11:15 a.m.
 Vulnerabilities: code execution, buffer overflow, directory traversal
Affected productsExternal IDs
vendor: tp-link model: routers
vendor: hikvision model: hikvision
vendor: mikrotik model: routeros
vendor: mikrotik model: routers
vendor: mikrotik model: mikrotik routers
vendor: mikrotik model: winbox
vendor: mikrotik model: mikrotik
db: NVD ids: CVE-2021-36260, CVE-2021-41653, CVE-2019-3978, CVE-2018-14847, CVE-2019-3977, CVE-2018-7445

Vulnerability Summary for the Week of December 6, 2021 | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202112-0382, VAR-202112-0334, VAR-202112-0049, VAR-202112-0376, VAR-202112-0134, VAR-202112-0524, VAR-202112-0224, VAR-202112-0242, VAR-202112-0420, VAR-202112-0423, VAR-202112-0105, VAR-202112-0347, VAR-202112-0133, VAR-202112-0257, VAR-202112-0285, VAR-202112-0343, VAR-202112-0358, VAR-202112-0401, VAR-202112-0239, VAR-202112-0222, VAR-202112-0399, VAR-202112-0379, VAR-202112-0385, VAR-202112-0244, VAR-202112-0330, VAR-202112-0136, VAR-202112-0327, VAR-202112-0138, VAR-202112-0286, VAR-202112-0233, VAR-202112-0426, VAR-202112-0253, VAR-202112-0338, VAR-202112-0346, VAR-202112-0523, VAR-202112-0248, VAR-202112-0250, VAR-202112-0335, VAR-202112-0243, VAR-202112-0234, VAR-202112-0228, VAR-202112-0380, VAR-202112-0345, VAR-202112-0357, VAR-202112-0331, VAR-202112-0297, VAR-202112-0732, VAR-202112-0249, VAR-202112-0378, VAR-202112-0391, VAR-202112-0227, VAR-202112-0367, VAR-202112-0349, VAR-202112-0329, VAR-202112-0230, VAR-202112-0232, VAR-202112-0526, VAR-202112-0231, VAR-202112-0296, VAR-202112-0226, VAR-202112-0247, VAR-202112-0353, VAR-202112-0350, VAR-202112-0235, VAR-202112-0258, VAR-202112-0137, VAR-202112-0255, VAR-202112-0328, VAR-202112-0336, VAR-202112-0348, VAR-202112-0333, VAR-202112-0236, VAR-202112-0400, VAR-202112-0340, VAR-202112-0339, VAR-202112-0241, VAR-202112-0237, VAR-202112-0245, VAR-202112-0332, VAR-202112-0405, VAR-202112-0252, VAR-202112-0246, VAR-202112-0342, VAR-202112-0421, VAR-202112-0289, VAR-202112-0223

Trust: 5.25

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 6, 2021, midnight
 Vulnerabilities: authentication bypass, request forgery, format string vulnerability...
Affected productsExternal IDs
vendor: couchbase model: server
vendor: couchbase model: sync_gateway
vendor: couchbase model: couchbase server
vendor: couchbase model: sync gateway
vendor: couchbase model: couchbase sync gateway
vendor: citrix model: gateway
vendor: citrix model: application_delivery_controller_firmware
vendor: citrix model: hypervisor
vendor: wso2 model: api_manager
vendor: wso2 model: wso2 identity server
vendor: wso2 model: identity server
vendor: node.js model: node.js
vendor: qemu model: qemu
vendor: huawei model: emui
vendor: huawei model: huawei
vendor: huawei model: ar150
vendor: huawei model: ar150_firmware
vendor: fortigate model: fortios
vendor: sonicwall model: switch
vendor: sonicwall model: sma100
vendor: sonicwall model: web application firewall
vendor: sonicwall model: ssl vpn
vendor: solarwinds model: serv-u
vendor: google model: chrome
vendor: google model: android
db: NVD ids: CVE-2021-26108, CVE-2021-37021, CVE-2021-44512, CVE-2021-38510, CVE-2021-24938, CVE-2021-36198, CVE-2021-43805, CVE-2021-20047, CVE-2021-37047, CVE-2021-43071, CVE-2021-43544, CVE-2021-37096, CVE-2021-37073, CVE-2021-41030, CVE-2021-24924, CVE-2021-25511, CVE-2021-43176, CVE-2021-43537, CVE-2021-43037, CVE-2021-40578, CVE-2021-43528, CVE-2021-43535, CVE-2021-44185, CVE-2021-43538, CVE-2021-43415, CVE-2021-44527, CVE-2021-37053, CVE-2021-37055, CVE-2021-37048, CVE-2021-41311, CVE-2021-44045, CVE-2021-4049, CVE-2021-25517, CVE-2021-37040, CVE-2021-37092, CVE-2021-44048, CVE-2021-43546, CVE-2021-43963, CVE-2021-36189, CVE-2021-43531, CVE-2021-22170, CVE-2021-43673, CVE-2021-43784, CVE-2021-43800, CVE-2021-43808, CVE-2021-37078, CVE-2021-37100, CVE-2021-29719, CVE-2021-37940, CVE-2021-43204, CVE-2021-42133, CVE-2021-40313, CVE-2021-34544, CVE-2021-43536, CVE-2021-41027, CVE-2021-43539, CVE-2021-42717, CVE-2021-42125, CVE-2021-43542, CVE-2021-37071, CVE-2021-41024, CVE-2021-37042, CVE-2021-37075, CVE-2021-29756, CVE-2021-4069, CVE-2021-37038, CVE-2021-43067, CVE-2021-25041, CVE-2021-43798, CVE-2021-37083, CVE-2021-43039, CVE-2021-38506, CVE-2021-44046, CVE-2021-20043, CVE-2021-37060, CVE-2021-28703, CVE-2021-24939, CVE-2021-42757, CVE-2021-37054, CVE-2021-4075, CVE-2021-36188, CVE-2021-44680, CVE-2021-31850, CVE-2021-37066, CVE-2021-35242, CVE-2021-37064, CVE-2021-24914, CVE-2021-37020, CVE-2021-37072, CVE-2021-42129, CVE-2021-38505, CVE-2021-43041, CVE-2021-37082, CVE-2021-37090, CVE-2021-44725, CVE-2021-36191, CVE-2021-37069, CVE-2021-43781, CVE-2021-42567, CVE-2021-26103, CVE-2021-43545, CVE-2021-41015, CVE-2021-22955, CVE-2021-20040, CVE-2021-25514, CVE-2021-37065, CVE-2021-4005, CVE-2021-44681, CVE-2021-43034, CVE-2021-36190, CVE-2021-29113, CVE-2021-37061, CVE-2021-43469, CVE-2021-42110, CVE-2021-20470, CVE-2021-29716, CVE-2021-44186, CVE-2021-42131, CVE-2021-4081, CVE-2021-3980, CVE-2021-24917, CVE-2021-37091, CVE-2021-44044, CVE-2021-38509, CVE-2020-19611, CVE-2021-43810, CVE-2021-23562, CVE-2021-43068, CVE-2021-38507, CVE-2021-36173, CVE-2021-44187, CVE-2021-37051, CVE-2021-43064, CVE-2021-44148, CVE-2021-37088, CVE-2021-35245, CVE-2021-37086, CVE-2021-25512, CVE-2021-44686, CVE-2021-43038, CVE-2021-36167, CVE-2021-34543, CVE-2021-37087, CVE-2021-22956, CVE-2021-37094, CVE-2021-37067, CVE-2021-43043, CVE-2021-37044, CVE-2021-24935, CVE-2021-37050, CVE-2021-44513, CVE-2021-37081, CVE-2021-37014, CVE-2021-43530, CVE-2021-37041, CVE-2021-43543, CVE-2021-44678, CVE-2021-37058, CVE-2021-43063, CVE-2021-37056, CVE-2021-44682, CVE-2021-38508, CVE-2021-42126, CVE-2021-37052, CVE-2021-43540, CVE-2020-22421, CVE-2021-37043, CVE-2021-3370, CVE-2021-4000, CVE-2021-37080, CVE-2021-36194, CVE-2021-36760, CVE-2021-29116, CVE-2021-42130, CVE-2021-44047, CVE-2021-20493, CVE-2021-29867, CVE-2021-36180, CVE-2021-44726, CVE-2021-40095, CVE-2021-31631, CVE-2021-37076, CVE-2021-37079, CVE-2021-37070, CVE-2021-43040, CVE-2021-42132, CVE-2021-25510, CVE-2021-41014, CVE-2021-41017, CVE-2021-37062, CVE-2021-29115, CVE-2021-37068, CVE-2021-41309, CVE-2021-35413, CVE-2021-37093, CVE-2021-44677, CVE-2021-4050, CVE-2021-43541, CVE-2021-44679, CVE-2021-43175, CVE-2021-41013, CVE-2021-43532, CVE-2021-43533, CVE-2021-26110, CVE-2021-37099, CVE-2021-42124, CVE-2021-43534

How Do I Find My Servers With the Log4j Vulnerability?

Trust: 3.0

Fetched: Dec. 16, 2021, 8:11 p.m., Published: Dec. 13, 2021, 10:41 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canary model: canary