Sign-up

VARIoT news about IoT security

Instagram

Trust: 3.5

Fetched: Dec. 30, 2021, 11:51 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: serve model: serve

Document - Notice: (Revision) Apache Software Log4j - Security Vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-4104, CVE-2021-45105, CVE-2021-44832) | HPE Support

Related entries in the VARIoT vulnerabilities database: VAR-202112-1782, VAR-202112-0566, VAR-202112-2011, VAR-202112-0562

Trust: 4.75

Fetched: Dec. 30, 2021, 11:51 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: aruba model: clearpass policy manager
vendor: aruba model: arubaos
vendor: aruba model: cx switches
vendor: aruba model: clearpass
vendor: aruba model: aruba instant
vendor: aruba model: instant
vendor: brocade model: fibre channel san
db: NVD ids: CVE-2021-45105, CVE-2021-44228, CVE-2021-4104, CVE-2021-44832, CVE-2021-45046

Cisco : Security vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202111-0393, VAR-202110-1402, VAR-202110-1353, VAR-202109-0631, VAR-202110-1367, VAR-202112-0566, VAR-202110-0203, VAR-202111-1198, VAR-202110-0617, VAR-202110-1395, VAR-202110-1305, VAR-202111-0417, VAR-202110-1298, VAR-202110-0212, VAR-202111-0401, VAR-202110-1286, VAR-202110-0623, VAR-202110-0211, VAR-202109-0622, VAR-202111-0418, VAR-202110-1366, VAR-202110-1375, VAR-202110-1350, VAR-202110-1352, VAR-202110-1354, VAR-202111-0413, VAR-202110-1377, VAR-202110-0622, VAR-202110-1392, VAR-202111-1197, VAR-202110-0213, VAR-202109-0623, VAR-202110-1394, VAR-202110-0619, VAR-202110-0618, VAR-202108-0824, VAR-202110-1393, VAR-202109-0617, VAR-202111-0412, VAR-202110-1376, VAR-202110-1065, VAR-202111-0419, VAR-202110-0209, VAR-202109-0618, VAR-202111-0400, VAR-202110-1297, VAR-202111-1196, VAR-202110-1351, VAR-202109-0624, VAR-202111-0664

Trust: 5.25

Fetched: Dec. 28, 2021, 9:20 a.m., Published: -
 Vulnerabilities: directory traversal, improper validation, cross-site request forgery...
Affected productsExternal IDs
vendor: mesh model: mesh
vendor: snort model: snort
vendor: cisco model: cisco prime infrastructure
vendor: cisco model: telepresence management suite
vendor: cisco model: unified communications manager session management edition
vendor: cisco model: unified communications manager
vendor: cisco model: meeting
vendor: cisco model: cisco policy suite
vendor: cisco model: prime infrastructure
vendor: cisco model: webex meetings
vendor: cisco model: firepower
vendor: cisco model: evolved programmable network manager
vendor: cisco model: cisco telepresence
vendor: cisco model: unified communications
vendor: cisco model: cisco firepower management center
vendor: cisco model: cisco small business
vendor: cisco model: series routers
vendor: cisco model: series
vendor: cisco model: small business
vendor: cisco model: roomos
vendor: cisco model: firepower management center
vendor: cisco model: cisco ios xr
vendor: cisco model: ios xr
vendor: cisco model: cisco evolved programmable network manager
vendor: cisco model: common services platform collector
vendor: cisco model: policy suite
vendor: cisco model: meeting server
vendor: cisco model: cisco unified communications manager
vendor: cisco model: ios xr software
vendor: cisco model: adaptive security appliance
vendor: cisco model: cisco meeting server
vendor: cisco model: webex
vendor: cisco model: web security appliance
vendor: cisco model: telepresence collaboration endpoint
vendor: cisco model: cisco ios
vendor: cisco model: cisco identity services engine
vendor: cisco model: identity services engine
vendor: cisco model: telepresence
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: cisco meeting
vendor: cisco model: small business rv
vendor: cisco model: nexus
vendor: cisco model: routers
vendor: cisco model: cisco web security appliance
vendor: cisco model: cisco webex meetings
vendor: cisco model: cisco webex
vendor: cisco model: umbrella
vendor: cisco model: cisco telepresence management suite
vendor: cisco model: anyconnect secure mobility client
vendor: cisco model: webex video mesh
vendor: cisco model: cisco roomos
vendor: cisco model: dna center
vendor: cisco model: small business rv series routers
vendor: cisco model: cisco anyconnect secure mobility client
vendor: cisco model: firepower threat defense
db: NVD ids: CVE-2021-40126, CVE-2021-40125, CVE-2021-40114, CVE-2021-34771, CVE-2021-34763, CVE-2021-44228, CVE-2021-34782, CVE-2021-40129, CVE-2021-40123, CVE-2021-34781, CVE-2021-34761, CVE-2021-34784, CVE-2021-34755, CVE-2021-34766, CVE-2021-40115, CVE-2021-34754, CVE-2021-34760, CVE-2021-34758, CVE-2021-34746, CVE-2021-34774, CVE-2021-34764, CVE-2021-34794, CVE-2021-40118, CVE-2021-40116, CVE-2021-34787, CVE-2021-40120, CVE-2021-34792, CVE-2021-34789, CVE-2021-34791, CVE-2021-40130, CVE-2021-34772, CVE-2021-34759, CVE-2021-34783, CVE-2021-40121, CVE-2021-40122, CVE-2021-34749, CVE-2021-34790, CVE-2021-34785, CVE-2021-40124, CVE-2021-34793, CVE-2021-34762, CVE-2021-34773, CVE-2021-34748, CVE-2021-34786, CVE-2021-40128, CVE-2021-34756, CVE-2021-40131, CVE-2021-40117, CVE-2021-34765, CVE-2021-40119

Google Android : List of security vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202112-0360, VAR-202110-0165, VAR-202112-0549, VAR-202112-0423, VAR-202112-0548, VAR-202112-0528, VAR-202110-0189, VAR-202110-0188, VAR-202110-0187

Trust: 4.25

Fetched: Dec. 28, 2021, 9:20 a.m., Published: -
 Vulnerabilities: pointer dereference vulnerability, improper validation, input validation vulnerability...
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: samsung model: exynos
vendor: samsung model: mobile devices
vendor: samsung model: mobile
vendor: google model: android
db: NVD ids: CVE-2021-25510, CVE-2021-39646, CVE-2021-25512, CVE-2021-25483, CVE-2021-39637, CVE-2021-39645, CVE-2021-25513, CVE-2021-25485, CVE-2021-39643, CVE-2021-25515, CVE-2021-39653, CVE-2021-25519, CVE-2021-39636, CVE-2021-25511, CVE-2021-25482, CVE-2021-39642, CVE-2021-26687, CVE-2021-25516, CVE-2021-25514, CVE-2021-26689, CVE-2021-27901, CVE-2021-25474, CVE-2021-25501, CVE-2021-25463, CVE-2021-25486, CVE-2021-39655, CVE-2021-39656, CVE-2021-39650, CVE-2021-39640, CVE-2021-39652, CVE-2021-38591, CVE-2021-39657, CVE-2021-25517, CVE-2021-25484, CVE-2021-25473, CVE-2021-39649, CVE-2021-39648, CVE-2021-30162, CVE-2021-25502, CVE-2021-39651, CVE-2021-39644, CVE-2021-39647, CVE-2021-39639, CVE-2021-25462, CVE-2021-30161, CVE-2021-39638, CVE-2021-25518, CVE-2021-25472, CVE-2021-25490, CVE-2021-39641

SMA 100 flaws in SonicWall VPN expose devices to remote takeover

Related entries in the VARIoT vulnerabilities database: VAR-202112-0732, VAR-202112-0730, VAR-202112-0425, VAR-202112-0424, VAR-202112-0361, VAR-202112-0389, VAR-202112-0731, VAR-202112-0426

Trust: 5.5

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 9, 2021, 4:18 p.m.
 Vulnerabilities: buffer overflow, code execution, path traversal...
Affected productsExternal IDs
vendor: sonicwall model: secure mobile access
vendor: sonicwall model: sma 100
vendor: sonicwall model: remote access
db: NVD ids: CVE-2021-20040, CVE-2021-20042, CVE-2021-20044, CVE-2021-20045, CVE-2021-20038, CVE-2021-20039, CVE-2021-20041, CVE-2021-20043

Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 4.25

Fetched: Dec. 28, 2021, 9:20 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228

VMware products threatened by log4j vulnerability CVE-2021-44228 | Born's Tech and Windows World

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 6.25

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 14, 2021, 7:25 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228

Warning to Windows users after security hole is found which leaves computers vulnerable to hackers despite TWO updates

Related entries in the VARIoT vulnerabilities database: VAR-202111-0697

Trust: 3.75

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 12, 2021, 6:56 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: google model: android
db: NVD ids: CVE-2021-41379

Log4Shell: The race is on to fix millions of systems and internet-connected devices • Graham Cluley

Trust: 3.75

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 13, 2021, 11:37 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

CVE-2021-44228 vulnerability in Apache Log4j library | Securelist

Related entries in the VARIoT vulnerabilities database: VAR-202112-0562, VAR-202112-0566

Trust: 4.5

Fetched: Dec. 28, 2021, 9:20 a.m., Published: -
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-45046, CVE-2021-44228

Around 300,000 MikroTik Devices Vulnerable to Hacker Intrusions

Related entries in the VARIoT vulnerabilities database: VAR-201803-2171, VAR-201910-0546, VAR-201808-0384, VAR-201910-0547

Trust: 5.75

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 10, 2021, 10:59 a.m.
 Vulnerabilities: buffer overflow, weak password, directory traversal
Affected productsExternal IDs
vendor: mikrotik model: winbox
vendor: mikrotik model: routers
vendor: mikrotik model: mikrotik routers
vendor: mikrotik model: routeros
vendor: mikrotik model: mikrotik
vendor: mikrotik model: router
db: NVD ids: CVE-2018-7445, CVE-2019-3977, CVE-2018-14847, CVE-2019-3978

Using DeceptionGrid to Detect and Defeat Exploits of Log4j Remote Code Execution (RCE) Vulnerability - TrapX Security

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 3.75

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 15, 2021, 1:30 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-22005, CVE-2021-44228

US Warns Hundreds of Millions of Devices at Risk Over New Software Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 4.75

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 14, 2021, 10:35 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: icloud
vendor: canary model: canary
db: NVD ids: CVE-2021-44228

The Log4j bug exposes a bigger issue: Open-source funding (Updated)

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 3.5

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 13, 2021, 1:22 p.m.
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228

Urgent Microsoft warning as hackers target huge weakness to hold you to ransom - how to protect yourself NOW

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 4.75

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 15, 2021, 8:01 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: check point model: check point
vendor: zoho model: manageengine adselfservice plus
db: NVD ids: CVE-2021-44228

13 Best VAPT Tools Ranked for 2021 (Paid, Free Trials & Open-source)

Trust: 3.25

Fetched: Dec. 28, 2021, 9:20 a.m., Published: -
 Vulnerabilities: cross-site scripting, sql injection
Affected productsExternal IDs
vendor: netbsd model: current
vendor: netbsd model: netbsd
vendor: wireshark model: wireshark
vendor: cisco model: routers
vendor: aircrack-ng model: aircrack-ng

Launch extended detection and response steps to manage Log4j vulnerability - OpenText Blogs

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 5.0

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 15, 2021, 12:25 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228

‘Internet’s on Fire Right Now’: Millions of Devices at Risk Over New Software Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 4.75

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 15, 2021, 11 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: icloud
vendor: canary model: canary
db: NVD ids: CVE-2021-44228

Vulnerability in Widely Used Logging System Could Be Behind Recent Cyber Attacks

Trust: 3.0

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 13, 2021, 9:06 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

Log4j: Just How Screwed Are We?

Related entries in the VARIoT vulnerabilities database: VAR-202112-0562, VAR-202112-0566

Trust: 4.75

Fetched: Dec. 28, 2021, 9:20 a.m., Published: Dec. 15, 2021, 2:30 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: icloud
vendor: huawei model: huawei
vendor: huawei model: nice
vendor: check point model: check point
vendor: trendmicro model: security
vendor: blackberry model: blackberry
db: NVD ids: CVE-2021-45046, CVE-2021-44228