Sign-up

VARIoT news about IoT security

Microsoft warns of dangerous vulnerability in Surface Pro 3 devices

Related entries in the VARIoT vulnerabilities database: VAR-202108-1285, VAR-202110-1321, VAR-202002-0458

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 21, 2021, 7:58 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
vendor: broadcom model: broadcom
vendor: broadcom model: linux
db: NVD ids: CVE-2021-30970, CVE-2021-42299, CVE-2019-15126

NVD - CVE-2021-1623

Trust: 5.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 8, 2022, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco systems model: cisco systems
vendor: cisco systems model: cbr-8 converged broadband routers
vendor: cisco systems model: routers
vendor: cisco systems model: cbr-8
vendor: cisco model: cisco systems
vendor: cisco model: cbr-8 converged broadband routers
vendor: cisco model: routers
vendor: cisco model: cbr-8
db: NVD ids: CVE-2021-1623

NVD - CVE-2021-34746

Related entries in the VARIoT vulnerabilities database: VAR-202109-0622

Trust: 4.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 3, 2022, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: cisco systems model: cisco systems
vendor: cisco model: cisco systems
db: NVD ids: CVE-2021-34746

RCE Vulnerability in Hikvision Cameras (CVE-2021-36260) | CISA

Trust: 4.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 29, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: hikvision model: hikvision
db: NVD ids: CVE-2021-36260

Apple Patches New Zero-Day iOS Vulnerability Possibly Under Exploitation

Related entries in the VARIoT vulnerabilities database: VAR-202108-2057

Trust: 5.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 11, 2021, 7:50 p.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: apple model: ipad air
vendor: apple model: ipad
vendor: apple model: iphone
db: NVD ids: CVE-2021-30883

New BrakTooth Bluetooth vulnerabilities affect billions of devices around the world | TechSpot

Trust: 4.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 11, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: optiplex
vendor: asus model: asus
db: NVD ids: CVE-2021-28139

A Vulnerability In an NPM Package Could Allow for Remote Code Execution

Trust: 5.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 7, 2022, 7:33 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: node.js model: node.js

Vulnerability Affecting Routers From Many Vendors Exploited Days After Disclosure | SecurityWeek.Com

Related entries in the VARIoT vulnerabilities database: VAR-202104-0768, VAR-202104-0769

Trust: 5.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 15, 2022, midnight
 Vulnerabilities: path traversal
Affected productsExternal IDs
vendor: cisco model: routers
vendor: cisco model: series
vendor: palo alto networks model: palo alto networks
vendor: palo alto networks model: networks
vendor: asus model: asus
vendor: palo model: palo alto networks
vendor: palo model: networks
db: NVD ids: CVE-2021-20090, CVE-2021-20091

Details Disclosed for Critical Vulnerability in Sophos Appliances | SecurityWeek.Com

Trust: 5.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 15, 2022, midnight
 Vulnerabilities: privilege escalation, code execution
Affected productsExternal IDs
vendor: sophos model: cyberoam
db: NVD ids: CVE-2020-25223

NETGEAR Patches Severe Vulnerabilities in Business Switches | SecurityWeek.Com

Trust: 3.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 15, 2022, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: netgear model: netgear router
vendor: netgear model: netgear router firmware
vendor: netgear model: gs750e
vendor: netgear model: router
vendor: netgear model: gs752tpp
vendor: netgear model: gs728tppv2

Cisco Patches Critical Enterprise NFVIS Vulnerability for Which PoC Exploit Is Available | SecurityWeek.Com

Related entries in the VARIoT vulnerabilities database: VAR-202109-0622

Trust: 5.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 15, 2022, midnight
 Vulnerabilities: code execution, authentication bypass
Affected productsExternal IDs
vendor: cisco model: prime infrastructure
vendor: cisco model: firepower
vendor: cisco model: identity services engine
vendor: cisco model: device manager
vendor: cisco model: routers
vendor: cisco model: prime collaboration provisioning
vendor: cisco model: nexus
vendor: cisco model: prime collaboration
db: NVD ids: CVE-2021-34746

Newly Discovered IoT Vulnerability Could Threaten 83 Million Devices - Security Sales & Integration

Trust: 3.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 17, 2021, 9:06 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

IoT Medical Devices Security Wi-Fi Vulnerabilities - IoT Executive Retained Search

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 28, 2021, 2:11 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: serve model: serve

How Effectively are you Handling Hidden Vulnerabilities? - SecPod Blog

Related entries in the VARIoT vulnerabilities database: VAR-201803-1048

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 14, 2021, 1:28 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: huawei model: huawei
db: NVD ids: CVE-2017-17215

Zero Day Initiative - Analysis of a Parallels Desktop Stack Clash Vulnerability and Variant Hunting using Binary Ninja

Trust: 4.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 9, 2021, 2:59 p.m.
 Vulnerabilities: memory allocation vulnerability
Affected productsExternal IDs
vendor: parallels model: desktop
vendor: parallels model: parallels desktop

CISA Warns of Vulnerabilities in Banned Chinese Surveillance Tech - Nextgov

Trust: 3.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 28, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-36260

Apple releases update fixing NSO spyware vulnerability affecting Macs, iPhones, iPads and Watches | ZDNet

Related entries in the VARIoT vulnerabilities database: VAR-202108-1057

Trust: 3.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 13, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: watch
vendor: apple model: ipad
vendor: apple model: ipod touch
vendor: apple model: watchos
vendor: apple model: ipad air
vendor: apple model: iphone
db: NVD ids: CVE-2021-30860, CVE-2019-3568

Researchers Develop Toolkit to Test Apple Security, Find Vulnerability • Electrical and Computer Engineering

Trust: 4.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 13, 2021, 4:26 p.m.
 Vulnerabilities: timing attack
Affected productsExternal IDs
vendor: apple model: iphone

Apple patches zero-click vulnerability discovered by Canadian researchers | IT World Canada News

Related entries in the VARIoT vulnerabilities database: VAR-202108-1057, VAR-202108-2172

Trust: 4.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 14, 2021, 1:28 p.m.
 Vulnerabilities: code execution, integer overflow
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: ipad
vendor: apple model: ipod touch
vendor: apple model: watchos
vendor: apple model: ipad air
vendor: apple model: safari
vendor: apple model: macos
vendor: apple model: iphone
vendor: google model: android
db: NVD ids: CVE-2021-30860, CVE-2019-3568, CVE-2021-30858

Pixel Update Bulletin-November 2021 | Android Open Source Project

Related entries in the VARIoT vulnerabilities database: VAR-202111-1788, VAR-202111-1790, VAR-202111-1789, VAR-202111-1791, VAR-202111-0778, VAR-202111-0517

Trust: 4.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Nov. 16, 2021, midnight
 Vulnerabilities: denial of service, code execution, information disclosure
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
vendor: broadcom model: broadcom
db: NVD ids: CVE-2021-1041, CVE-2021-1042, CVE-2018-25015, CVE-2021-1045, CVE-2021-1043, CVE-2021-1903, CVE-2021-30265, CVE-2021-30263, CVE-2021-30264, CVE-2021-1044