VARIoT latest news about IoT security

Exploitation of the CVE-2021-40444 vulnerability in MSHTML \| Securelist Related entries in the VARIoT vulnerabilities database: VAR-202107-1010, VAR-202106-0639, VAR-202109-1909 Trust: 4.0 Fetched: Nov. 4, 2021, 1:02 p.m., Published: -	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-34527, CVE-2021-1675, CVE-2021-40444

Are your IoT devices leaving you vulnerable to cyberattacks? - INTRUSION Trust: 3.75 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 13, 2021, 6:51 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

home

Multiple Vulnerabilities Fix Trust: 3.25 Fetched: Nov. 4, 2021, 1:02 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2020-28050

Vulnerability Database Trust: 4.75 Fetched: Nov. 4, 2021, 1:02 p.m., Published: -	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:	google	model:	chrome
vendor:	google	model:	google chrome

db:

NVD

ids:

CVE-2021-43350

November Related entries in the VARIoT vulnerabilities database: VAR-202103-0287, VAR-202105-1432, VAR-202110-1864, VAR-202111-1769, VAR-202112-0354, VAR-202110-1869, VAR-202105-0585, VAR-202105-1431, VAR-202110-1487, VAR-202111-1766, VAR-202111-1764, VAR-202112-0345, VAR-202105-1477, VAR-202111-1768, VAR-202012-1546, VAR-202112-0224, VAR-202112-0344, VAR-202110-1499, VAR-202105-0257, VAR-202110-1865, VAR-202111-1765, VAR-202110-1134, VAR-202111-1770, VAR-202006-0946, VAR-202105-1428, VAR-202111-1767, VAR-202109-0009, VAR-202111-1763, VAR-202110-1119, VAR-202110-1133, VAR-202110-1851, VAR-202012-1547, VAR-202105-0449 Trust: 5.5 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Nov. 9, 2021, 11:12 a.m.	Vulnerabilities: code execution, input verification vulnerability, directory traversal

Affected products

External IDs

vendor:	huawei	model:	hisuite
vendor:	huawei	model:	emui
vendor:	huawei	model:	huawei

db:

NVD

ids:

CVE-2020-27825, CVE-2021-0643, CVE-2020-35508, CVE-2021-0706, CVE-2020-24587, CVE-2021-0129, CVE-2021-37125, CVE-2021-39974, CVE-2021-0703, CVE-2021-0937, CVE-2021-37039, CVE-2021-31916, CVE-2021-0870, CVE-2021-0935, CVE-2021-32399, CVE-2021-39978, CVE-2021-1891, CVE-2020-25641, CVE-2020-24588, CVE-2020-12352, CVE-2021-1967, CVE-2021-29647, CVE-2021-36988, CVE-2021-27666, CVE-2021-39966, CVE-2021-39967, CVE-2021-37069, CVE-2020-25656, CVE-2021-0651, CVE-2020-26146, CVE-2020-14314, CVE-2021-39973, CVE-2020-29661, CVE-2021-37096, CVE-2021-0708, CVE-2021-37074, CVE-2020-27786, CVE-2021-22481, CVE-2020-26145, CVE-2021-37126, CVE-2019-25045, CVE-2020-17541, CVE-2021-37112, CVE-2021-0483, CVE-2021-0936, CVE-2021-0702, CVE-2021-1977, CVE-2021-39969, CVE-2020-15358, CVE-2020-26141, CVE-2021-30305, CVE-2021-3564, CVE-2021-0691, CVE-2019-20934, CVE-2021-1969, CVE-2021-37133, CVE-2021-1966, CVE-2020-11264, CVE-2020-24490, CVE-2021-37118, CVE-2021-0705, CVE-2021-30306, CVE-2021-0941, CVE-2021-1980, CVE-2021-37110, CVE-2020-29660, CVE-2021-0652, CVE-2021-1927

November Related entries in the VARIoT vulnerabilities database: VAR-202103-0287, VAR-202105-1432, VAR-202110-1864, VAR-202111-1769, VAR-202112-0354, VAR-202110-1869, VAR-202105-0585, VAR-202105-1431, VAR-202110-1487, VAR-202111-1766, VAR-202111-1764, VAR-202112-0345, VAR-202105-1477, VAR-202111-1768, VAR-202012-1546, VAR-202112-0224, VAR-202112-0344, VAR-202110-1499, VAR-202105-0257, VAR-202110-1865, VAR-202111-1765, VAR-202110-1134, VAR-202111-1770, VAR-202006-0946, VAR-202105-1428, VAR-202111-1767, VAR-202109-0009, VAR-202111-1763, VAR-202110-1119, VAR-202110-1133, VAR-202110-1851, VAR-202012-1547, VAR-202105-0449 Trust: 5.5 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Nov. 8, 2021, 10:30 a.m.	Vulnerabilities: code execution, input verification vulnerability, directory traversal

Affected products

External IDs

vendor:	huawei	model:	hisuite
vendor:	huawei	model:	emui
vendor:	huawei	model:	huawei

db:

NVD

ids:

CVE-2020-27825, CVE-2021-0643, CVE-2020-35508, CVE-2021-0706, CVE-2020-24587, CVE-2021-0129, CVE-2021-37125, CVE-2021-39974, CVE-2021-0703, CVE-2021-0937, CVE-2021-37039, CVE-2021-31916, CVE-2021-0870, CVE-2021-0935, CVE-2021-32399, CVE-2021-39978, CVE-2021-1891, CVE-2020-25641, CVE-2020-24588, CVE-2020-12352, CVE-2021-1967, CVE-2021-29647, CVE-2021-36988, CVE-2021-27666, CVE-2021-39966, CVE-2021-39967, CVE-2021-37069, CVE-2020-25656, CVE-2021-0651, CVE-2020-26146, CVE-2020-14314, CVE-2021-39973, CVE-2020-29661, CVE-2021-37096, CVE-2021-0708, CVE-2021-37074, CVE-2020-27786, CVE-2021-22481, CVE-2020-26145, CVE-2021-37126, CVE-2019-25045, CVE-2020-17541, CVE-2021-37112, CVE-2021-0483, CVE-2021-0936, CVE-2021-0702, CVE-2021-1977, CVE-2021-39969, CVE-2020-15358, CVE-2020-26141, CVE-2021-30305, CVE-2021-3564, CVE-2021-0691, CVE-2019-20934, CVE-2021-1969, CVE-2021-37133, CVE-2021-1966, CVE-2020-11264, CVE-2020-24490, CVE-2021-37118, CVE-2021-0705, CVE-2021-30306, CVE-2021-0941, CVE-2021-1980, CVE-2021-37110, CVE-2020-29660, CVE-2021-0652, CVE-2021-1927

NVD - CVE-2021-34793 Related entries in the VARIoT vulnerabilities database: VAR-202110-1376 Trust: 5.5 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 3, 2022, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco systems	model:	cisco adaptive security appliance
vendor:	cisco systems	model:	asa_5545-x_firmware
vendor:	cisco systems	model:	firepower
vendor:	cisco systems	model:	firepower_threat_defense
vendor:	cisco systems	model:	asa_5580
vendor:	cisco systems	model:	asa_5505_firmware
vendor:	cisco systems	model:	asa_5555-x_firmware
vendor:	cisco systems	model:	asa_5585-x
vendor:	cisco systems	model:	firepower threat defense
vendor:	cisco systems	model:	asa_5580_firmware
vendor:	cisco systems	model:	adaptive security appliance
vendor:	cisco systems	model:	cisco systems
vendor:	cisco systems	model:	adaptive_security_appliance
vendor:	cisco systems	model:	asa_5585-x_firmware
vendor:	cisco systems	model:	asa_5525-x_firmware
vendor:	cisco systems	model:	asa_5505
vendor:	cisco systems	model:	asa_5512-x_firmware
vendor:	cisco systems	model:	asa_5515-x_firmware
vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	asa_5545-x_firmware
vendor:	cisco	model:	firepower
vendor:	cisco	model:	firepower_threat_defense
vendor:	cisco	model:	asa_5580
vendor:	cisco	model:	asa_5505_firmware
vendor:	cisco	model:	asa_5555-x_firmware
vendor:	cisco	model:	asa_5585-x
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	asa_5580_firmware
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	cisco systems
vendor:	cisco	model:	adaptive_security_appliance
vendor:	cisco	model:	asa_5585-x_firmware
vendor:	cisco	model:	asa_5525-x_firmware
vendor:	cisco	model:	asa_5505
vendor:	cisco	model:	asa_5512-x_firmware
vendor:	cisco	model:	asa_5515-x_firmware

db:

NVD

ids:

CVE-2021-34793

Vulnerability Assessment API - Carbon Black Developer Network Related entries in the VARIoT vulnerabilities database: VAR-202008-0248 Trust: 3.75 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 2, 2022, midnight	Vulnerabilities: directory traversal

Affected products

External IDs

db:

NVD

ids:

CVE-2020-1472, CVE-0001-001, CVE-2007-4559, CVE-2014-4650, CVE-2001-1267, CVE-2020-1350

Apple releases patches for Catalina and iOS 12.5.5 vulnerabilities Trust: 4.75 Fetched: Nov. 4, 2021, 1:02 p.m., Published: -	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	ipad
vendor:	apple	model:	macos
vendor:	apple	model:	ipod touch
vendor:	apple	model:	iphone
vendor:	apple	model:	ipad air

CVE - CVE-2021-1499 Related entries in the VARIoT vulnerabilities database: VAR-202105-0617 Trust: 3.75 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 3, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco systems	model:	hyperflex
vendor:	cisco systems	model:	cisco systems
vendor:	cisco systems	model:	cisco hyperflex
vendor:	cisco systems	model:	hyperflex hx data platform
vendor:	cisco	model:	hyperflex
vendor:	cisco	model:	cisco systems
vendor:	cisco	model:	cisco hyperflex
vendor:	cisco	model:	hyperflex hx data platform

db:

NVD

ids:

CVE-2021-1499

All PrintNightmare Vulnerabilities Fixed Related entries in the VARIoT vulnerabilities database: VAR-202107-1010 Trust: 4.0 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 15, 2021, 11:04 a.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-34527, CVE-2021-36958

Export software vulnerabilities assessment per device \| Microsoft Docs Trust: 3.5 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Dec. 2, 2021, 6:37 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	chrome
vendor:	google	model:	google chrome

db:

NVD

ids:

CVE-2020-16011, CVE-2020-26971

Cybersecurity Vulnerabilities Affecting Medtronic Implantable Cardiac Devices, Programmers, and Home Monitors: FDA Safety Communication \| FDA Trust: 4.5 Fetched: Nov. 4, 2021, 1:02 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	medtronic	model:	carelink monitor
vendor:	medtronic	model:	concerto ii crt-d
vendor:	medtronic	model:	nayamed nd icd
vendor:	medtronic	model:	virtuoso ii icd
vendor:	medtronic	model:	secura icd
vendor:	medtronic	model:	concerto crt-d
vendor:	medtronic	model:	carelink 2090 programmer
vendor:	medtronic	model:	maximo ii crt-d
vendor:	medtronic	model:	encore programmer
vendor:	medtronic	model:	viva crt-d
vendor:	medtronic	model:	virtuoso icd
vendor:	medtronic	model:	evera icd
vendor:	medtronic	model:	mycarelink monitor
vendor:	medtronic	model:	visia af icd
vendor:	medtronic	model:	carelink 2090
vendor:	medtronic	model:	carelink programmer
vendor:	medtronic	model:	protecta crt-d
vendor:	medtronic	model:	consulta crt-d

Microsoft Fixes 4 Critical Vulnerabilities in Windows 7 Trust: 3.0 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 10, 2021, 7:22 p.m.	Vulnerabilities: code execution, memory corruption

Affected products

External IDs

db:

NVD

ids:

CVE-2021-34481, CVE-2021-34480, CVE-2021-34535, CVE-2021-36936, CVE-2021-26424

Weaknesses in health care system and device security - Pinnacle Trust: 3.5 Fetched: Nov. 4, 2021, 1:02 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	trend micro	model:	security
vendor:	trend	model:	security

Cybersecurity \| FDA Trust: 3.5 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Dec. 22, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	blackberry	model:	playbook
vendor:	blackberry	model:	blackberry
vendor:	blackberry	model:	link
vendor:	hospira	model:	lifecare pca3
vendor:	medtronic	model:	paradigm

HTTP and HTTPS Access Vulnerability \| Allied Telesis Trust: 3.0 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Dec. 14, 2021, 9:42 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2018-8715

Google Chrome Software Vulnerability Exploited in The Wild Trust: 3.0 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 27, 2021, 2:32 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	chrome
vendor:	google	model:	google chrome

Vulnerability Assessment for Network Devices - Now More Than Ever! \| BeyondTrust Trust: 3.25 Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 15, 2021, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

serve

model:

serve

Security Advisory for Fragment and Forge vulnerabilities on some WiFi capable devices, PSV-2021-0014 & PSV-2021-0080 \| Answer \| NETGEAR Support Related entries in the VARIoT vulnerabilities database: VAR-202105-1431, VAR-202105-1477, VAR-202105-1432 Trust: 3.75 Fetched: Nov. 4, 2021, 1:02 p.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	netgear	model:	r7850
vendor:	netgear	model:	rbw30
vendor:	netgear	model:	rbr40
vendor:	netgear	model:	rbr750
vendor:	netgear	model:	wn3000rpv2
vendor:	netgear	model:	r7000p
vendor:	netgear	model:	rbs750
vendor:	netgear	model:	rbr50
vendor:	netgear	model:	rax45
vendor:	netgear	model:	rax120
vendor:	netgear	model:	ex6410
vendor:	netgear	model:	router
vendor:	netgear	model:	ex6400v2
vendor:	netgear	model:	ex7000
vendor:	netgear	model:	r6700v3
vendor:	netgear	model:	r7900p
vendor:	netgear	model:	ex3700
vendor:	netgear	model:	r8300
vendor:	netgear	model:	ex7500
vendor:	netgear	model:	rax35
vendor:	netgear	model:	r6900p
vendor:	netgear	model:	ex6130
vendor:	netgear	model:	ex7700
vendor:	netgear	model:	r6220
vendor:	netgear	model:	rax15
vendor:	netgear	model:	xr300
vendor:	netgear	model:	rbs50
vendor:	netgear	model:	r8500
vendor:	netgear	model:	r7900
vendor:	netgear	model:	orbi
vendor:	netgear	model:	r6400v2
vendor:	netgear	model:	r8000p
vendor:	netgear	model:	ex2700
vendor:	netgear	model:	r6350
vendor:	netgear	model:	r6020
vendor:	netgear	model:	r7000
vendor:	netgear	model:	r6850
vendor:	netgear	model:	r6120
vendor:	netgear	model:	rbr20
vendor:	netgear	model:	srs60
vendor:	netgear	model:	r6230
vendor:	netgear	model:	mr60
vendor:	netgear	model:	ex6150v2
vendor:	netgear	model:	ex8000
vendor:	netgear	model:	wac505
vendor:	netgear	model:	ex6200v2
vendor:	netgear	model:	rbs850
vendor:	netgear	model:	ex3800
vendor:	netgear	model:	rs400
vendor:	netgear	model:	c6900
vendor:	netgear	model:	ex6250
vendor:	netgear	model:	ex6420
vendor:	netgear	model:	wn3000rpv3
vendor:	netgear	model:	rbs10
vendor:	netgear	model:	r7100lg
vendor:	netgear	model:	rbs40
vendor:	netgear	model:	rbr850
vendor:	netgear	model:	rbs50y
vendor:	netgear	model:	ex6120
vendor:	netgear	model:	dc112a
vendor:	netgear	model:	rax40
vendor:	netgear	model:	rax20
vendor:	netgear	model:	ex6100v2
vendor:	netgear	model:	r6400
vendor:	netgear	model:	ex7300v2
vendor:	netgear	model:	rbs20
vendor:	netgear	model:	ex7320
vendor:	netgear	model:	r8000
vendor:	netgear	model:	rax38
vendor:	netgear	model:	r6080
vendor:	netgear	model:	lax20
vendor:	netgear	model:	r6260
vendor:	netgear	model:	srr60
vendor:	netgear	model:	rbr10
vendor:	netgear	model:	wac510
vendor:	netgear	model:	rax50
vendor:	netgear	model:	r6700v2
vendor:	netgear	model:	lbr20
vendor:	mesh	model:	mesh

db:

NVD

ids:

CVE-2020-24588, CVE-2020-26146, CVE-2020-24587

VARIoT news about IoT security