Sign-up

VARIoT news about IoT security

12 Online Free Tools to Scan Website Security Vulnerabilities & Malware

Trust: 3.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: command injection, sql injection, os command injection...
Affected productsExternal IDs

10 Web Security Vulnerabilities You Can Prevent | Toptal

Trust: 4.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 10, 2022, midnight
 Vulnerabilities: sql injection, session hijacking, request forgery...
Affected productsExternal IDs
vendor: serve model: serve

How Effectively are you Handling Hidden Vulnerabilities? - SecPod Blog

Related entries in the VARIoT vulnerabilities database: VAR-201803-1048

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 14, 2021, 1:28 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: huawei model: huawei
db: NVD ids: CVE-2017-17215

Problems Fixing Critically Vulnerable Hikvision Devices

Trust: 3.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 21, 2021, 2:39 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: hikvision model: hikvision

10 Tips to Tighten Security on Your Android Device - Hongkiat

Trust: 3.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 4, 2021, 1:01 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: essential model: phone
vendor: google model: android

Millions of IoT devices vulnerable to remote vulnerabilities

Trust: 6.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 20, 2021, 7:58 a.m.
 Vulnerabilities: command injection, buffer overflow, code execution
Affected productsExternal IDs
vendor: realtek model: realtek sdk
db: NVD ids: CVE-2021-35394, CVE-2021-28372, CVE-2021-35392, CVE-2021-35393, CVE-2021-35395
db: ICS CERT ids: ICSA-21-229-01
db: US CERT ids: ICSA-21-229-01

Zero Day Initiative - Analysis of a Parallels Desktop Stack Clash Vulnerability and Variant Hunting using Binary Ninja

Trust: 4.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 9, 2021, 2:59 p.m.
 Vulnerabilities: memory allocation vulnerability
Affected productsExternal IDs
vendor: parallels model: desktop
vendor: parallels model: parallels desktop

Security Advisory: Vulnerabilities in Crestron Touch Panel Devices

Related entries in the VARIoT vulnerabilities database: VAR-201808-0436

Trust: 5.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 7, 2022, 6:34 p.m.
 Vulnerabilities: code execution, command injection
Affected productsExternal IDs
vendor: crestron model: tsw-760
vendor: crestron model: toolbox protocol
db: NVD ids: CVE-2018-13341

Singapore University of Technology and Design: Research News

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 1, 2021, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: asus model: asus

NVD - CVE-2021-34781

Related entries in the VARIoT vulnerabilities database: VAR-202110-1395

Trust: 4.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 3, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: sourcefire_defense_center
vendor: cisco model: firepower_management_center_virtual_appliance
vendor: cisco model: firepower_threat_defense
db: NVD ids: CVE-2021-34781

BlackBerry QNX flaw left cars and medical devices vulnerable to attack | Engadget

Trust: 3.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: blackberry model: blackberry

CISA Warns of Vulnerabilities in Banned Chinese Surveillance Tech - Nextgov

Trust: 3.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 28, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-36260

Zero-click RCE vulnerability in Hikvision security cameras could lead to network compromise | The Daily Swig

Trust: 5.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 20, 2021, 3:02 p.m.
 Vulnerabilities: injection attack, code execution, command injection
Affected productsExternal IDs
vendor: hikvision model: hikvision
vendor: hikvision model: camera
db: NVD ids: CVE-2021-36260

Google Releases Chrome Update Fixing Seven Severe Vulnerabilities | iPhone in Canada Blog

Trust: 6.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 29, 2021, 2:37 p.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: google model: chrome
db: NVD ids: CVE-2021-38000, CVE-2021-38003

Dissection of Winbox critical vulnerability - n0p Blog

Related entries in the VARIoT vulnerabilities database: VAR-201808-0384

Trust: 3.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: mikrotik model: mikrotik router
vendor: mikrotik model: winbox
vendor: mikrotik model: routeros
vendor: mikrotik model: mikrotik
vendor: mikrotik model: routers
vendor: mikrotik model: router
vendor: cisco model: routers
vendor: cisco model: router
db: NVD ids: CVE-2018-14847

Pixel Update Bulletin-November 2021 | Android Open Source Project

Related entries in the VARIoT vulnerabilities database: VAR-202111-1788, VAR-202111-1790, VAR-202111-1789, VAR-202111-1791, VAR-202111-0778, VAR-202111-0517

Trust: 4.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Nov. 16, 2021, midnight
 Vulnerabilities: denial of service, code execution, information disclosure
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
vendor: broadcom model: broadcom
db: NVD ids: CVE-2021-1041, CVE-2021-1042, CVE-2018-25015, CVE-2021-1045, CVE-2021-1043, CVE-2021-1903, CVE-2021-30265, CVE-2021-30263, CVE-2021-30264, CVE-2021-1044

Column | Destigmatizing Medical Device Vulnerability Disclosures to Improve Healthcare Cybersecurity - MedTech Intelligence

Trust: 3.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macbook
vendor: apple model: safari
vendor: apple model: ipad
vendor: apple model: macbook air
vendor: apple model: iphone
vendor: apple model: apple tv
vendor: google model: android
vendor: google model: home
db: ICS CERT ids: ICSMA-20-049-02, ICSMA-20-023-01

Dangerous XSS bug in Google Chrome’s ‘New Tab’ page bypassed security features | The Daily Swig

Trust: 4.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Nov. 3, 2021, 3:02 p.m.
 Vulnerabilities: cross-site request forgery, request forgery, cross-site scripting...
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: google chrome

Industrial Internet Of Things (IoT) Identifying The Vulnerabilities Of Field Devices

Trust: 3.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: -
 Vulnerabilities: data injection
Affected productsExternal IDs
vendor: serve model: serve
vendor: rapid model: scada

What is Vulnerability Assessment? Testing Process, VAPT Scan Tool

Trust: 3.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Dec. 27, 2021, 8:32 a.m.
 Vulnerabilities: sql injection, cross-site scripting
Affected productsExternal IDs
vendor: wireshark model: wireshark