Sign-up

VARIoT news about IoT security

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution | New York State Office of Information Technology Services

Trust: 3.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 27, 2021, 4:24 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

Protecting Your Fortinet Devices With Firmware Security - Security Boulevard

Related entries in the VARIoT vulnerabilities database: VAR-201906-0815, VAR-202008-0193, VAR-201901-0568, VAR-202007-0079

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Nov. 2, 2021, 5:58 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2018-13379, CVE-2019-5591, CVE-2018-13374, CVE-2020-12812

Cybersecurity report reveals critical business vulnerabilities | VentureBeat

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 14, 2021, 6:31 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: citrix model: netscaler
vendor: cisco model: adaptive security appliance
vendor: trend model: security

Top 20 most exploited software vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202008-0248, VAR-201703-0755, VAR-202007-1393

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 30, 2021, noon
 Vulnerabilities: -
Affected productsExternal IDs
vendor: citrix model: gateway
vendor: citrix model: application delivery controller
vendor: pulse secure model: pulse policy secure
vendor: pulse secure model: pulse connect secure
vendor: pulse secure model: connect secure
vendor: pulse secure model: policy secure
vendor: mobileiron model: sentry
vendor: cisco model: integrated services router
vendor: cisco model: router
db: NVD ids: CVE-2020-1472, CVE-2019-19781, CVE-2017-5638, CVE-2020-5902, CVE-2017-0143, CVE-2021-27102, CVE-2017-8759, CVE-2015-1641, CVE-2019-11510, CVE-2020-15505, CVE-2021-27101, CVE-2019-0406, CVE-2018-7600, CVE-2012-0158, CVE-2017-0199, CVE-2017-11882, CVE-2020-0688, CVE-2018-4878

Top 10 Most Exploited Vulnerabilities - SYXSENSE

Trust: 4.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 17, 2021, 6:53 p.m.
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: citrix model: netscaler
vendor: citrix model: gateway
db: NVD ids: CVE-2019-19781, CVE-2019-3396, CVE-2019-11510, CVE-2020-15505, CVE-2017-11882, CVE-2020-0688

Cisco Small Business RV Series Routers Command Injection Vulnerability

Trust: 4.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Nov. 3, 2021, 3:46 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: cisco model: cisco small business
vendor: cisco model: routers
vendor: cisco model: small business
vendor: cisco model: series routers
vendor: cisco model: small business rv series routers
vendor: cisco model: small business rv
vendor: cisco model: series

Security Researcher Immediately Issues Bypass for Windows 0-Day Vulnerability Patch

Related entries in the VARIoT vulnerabilities database: VAR-202108-1005

Trust: 3.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 10, 2022, midnight
 Vulnerabilities: privilege elevation
Affected productsExternal IDs
db: NVD ids: CVE-2021-34484

Android Security Bulletin-October 2021 | Android Open Source Project

Related entries in the VARIoT vulnerabilities database: VAR-202110-1118, VAR-202110-1132, VAR-202110-1125, VAR-202110-1126, VAR-202110-1123, VAR-202012-1547, VAR-202110-1131, VAR-202110-1128, VAR-202110-1032, VAR-202110-1127, VAR-202105-1475, VAR-202110-1207, VAR-202110-1208, VAR-202110-1139, VAR-202110-1130, VAR-202110-1034, VAR-202110-1129, VAR-202110-1124, VAR-202105-1429

Trust: 4.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 16, 2021, midnight
 Vulnerabilities: denial of service, code execution, information disclosure
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: samsung model: notes
vendor: nokia model: nokia
vendor: broadcom model: broadcom
vendor: huawei model: huawei
vendor: google model: android
vendor: google model: pixel
vendor: motorola model: android
vendor: motorola model: motorola
db: NVD ids: CVE-2021-30310, CVE-2021-0870, CVE-2021-1983, CVE-2021-30291, CVE-2021-0703, CVE-2021-30288, CVE-2021-30302, CVE-2021-30297, CVE-2020-29660, CVE-2021-1984, CVE-2021-1932, CVE-2021-0483, CVE-2021-30257, CVE-2021-27666, CVE-2021-1949, CVE-2021-30258, CVE-2021-1913, CVE-2020-26147, CVE-2021-1917, CVE-2021-1936, CVE-2021-29647, CVE-2021-1959, CVE-2021-1985, CVE-2020-11303, CVE-2021-30256, CVE-2020-10768, CVE-2021-30292, CVE-2020-26140

Apple releases emergency update to fix spyware vulnerability | Healthcare IT News

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 14, 2021, 6:54 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: watchos
vendor: apple model: macos
vendor: trend model: security

Cybersecurity Vulnerabilities in BlackBerry QNX Could Compromise Certain Medical Devices and Drug Manufacturing Equipment - MedTech Intelligence

Trust: 3.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 18, 2021, 12:39 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: blackberry model: blackberry

Aviso de Segurança - Vulnerabilidade de autorização imprópria em alguns produtos da Huawei

Related entries in the VARIoT vulnerabilities database: VAR-202109-1642

Trust: 4.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Sept. 8, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: huawei model: huawei
db: NVD ids: CVE-2021-37101

Microsoft issues advisory for Surface Pro 3 TPM bypass vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-202110-1321

Trust: 4.0

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Jan. 3, 2022, midnight
 Vulnerabilities: security feature bypass, feature bypass
Affected productsExternal IDs
db: NVD ids: CVE-2021-42299

Critical macOS Bug Could Allow Threat Actors Install Undetectable Malware In Apple Devices

Related entries in the VARIoT vulnerabilities database: VAR-202108-2056

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Nov. 2, 2021, 3:39 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: macbook air
vendor: apple model: macbook
vendor: apple model: ipad
db: NVD ids: CVE-2021-30892

Google warns Android users of zero-day vulnerability being actively attacked

Trust: 3.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Nov. 25, 2021, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
db: NVD ids: CVE-2021-1048

Apple just fixed zero-day iPhone flaw with iOS 15.0.2 - update now | Tom's Guide

Related entries in the VARIoT vulnerabilities database: VAR-202108-2057

Trust: 4.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 12, 2021, 8:46 p.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: apple model: ipad air
vendor: apple model: iphone
vendor: apple model: ipod touch
vendor: apple model: ipad
db: NVD ids: CVE-2021-30883

Patch now! Microsoft fixes 71 Windows vulnerabilities in October Patch Tuesday | Malwarebytes Labs

Related entries in the VARIoT vulnerabilities database: VAR-202110-1687

Trust: 4.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 13, 2021, 3:41 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-38672, CVE-2021-40461, CVE-2021-40469, CVE-2021-40449, CVE-2021-36970, CVE-2021-26427, CVE-2021-40486

Which countries have the highest rate of phone hacking? - Zatltd

Related entries in the VARIoT vulnerabilities database: VAR-201605-0441, VAR-201502-0126

Trust: 4.75

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 8, 2021, 3:24 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: sony model: playstation
db: NVD ids: CVE-2016-1799, CVE-2017-0126, CVE-2015-0596

Update now! Apple patches another privilege escalation bug in iOS and iPadOS | Malwarebytes Labs

Related entries in the VARIoT vulnerabilities database: VAR-202104-0750, VAR-202108-2057, VAR-202109-1420, VAR-202108-1057, VAR-202104-0751, VAR-202108-2172, VAR-202109-1316, VAR-202109-1311, VAR-202104-0647, VAR-202109-1380, VAR-202110-0332, VAR-202109-1307, VAR-202108-1374, VAR-202104-0753, VAR-202109-1419, VAR-202109-1313, VAR-202109-1315

Trust: 5.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Oct. 12, 2021, 4:07 p.m.
 Vulnerabilities: memory corruption, privilege escalation, code execution
Affected productsExternal IDs
vendor: apple model: ipad air
vendor: apple model: ipad
vendor: apple model: macos
vendor: apple model: itunes
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: ipod touch
db: NVD ids: CVE-2021-1870, CVE-2021-30883, CVE-2021-30762, CVE-2021-30860, CVE-2021-1871, CVE-2021-30858, CVE-2021-30666, CVE-2021-30661, CVE-2021-1782, CVE-2021-30713, CVE-2021-30807, CVE-2021-30657, CVE-2021-30869, CVE-2021-1879, CVE-2021-30761, CVE-2021-30663, CVE-2021-30665

McAfee Enterprise ATR Uncovers Vulnerabilities in Globally Used B. Braun Infusion Pump | McAfee Blogs

Related entries in the VARIoT vulnerabilities database: VAR-202108-1770, VAR-202108-1299, VAR-202108-1773

Trust: 5.25

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 24, 2021, 1 p.m.
 Vulnerabilities: replay attack, memory corruption, privilege escalation...
Affected productsExternal IDs
vendor: bbraun model: station
db: NVD ids: CVE-2021-33883, CVE-2021-33884, CVE-2020-16238, CVE-2021-33882, CVE-2021-33885, CVE-2021-33886

INFRA:HALT vulnerabilities target OT, IoT devices, exploit weakness in NicheStack TCP/IP stack - Industrial CyberIndustrial Cyber

Trust: 3.5

Fetched: Nov. 4, 2021, 1:02 p.m., Published: Aug. 15, 2021, 6:59 a.m.
 Vulnerabilities: information leak, denial of service, memory corruption...
Affected productsExternal IDs
vendor: schneider electric model: monitor
vendor: schneider model: monitor