Sign-up

VARIoT news about IoT security

What is Security Vulnerability? Definition & Types

Trust: 5.5

Fetched: Dec. 3, 2024, 9:19 a.m., Published: Sept. 13, 2024, 6:36 a.m.
 Vulnerabilities: request forgery, sql injection, cross-site request forgery...
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2017-0199

Your IoT Devices Are More Dangerous Than You Think!

Trust: 4.25

Fetched: Dec. 1, 2024, 10:19 a.m., Published: Nov. 9, 2024, 5:26 p.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: samsung smartthings model: mobile
vendor: samsung smartthings model: samsung
vendor: google model: google home
vendor: google model: home
vendor: mesh model: mesh
vendor: serve model: serve
vendor: samsung model: mobile
vendor: samsung model: samsung
vendor: ecobee model: smart thermostat
vendor: amazon model: echo show

Embedded Sim Ecosystem, Security Risks and Measures | ENISA

Trust: 3.0

Fetched: Dec. 1, 2024, 10:18 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs

What is a Proxy Server? How They Work + Security Risks | UpGuard

Trust: 3.5

Fetched: Dec. 1, 2024, 10:17 a.m., Published: -
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: iphone
vendor: apple model: safari
vendor: google model: chrome
vendor: google model: google chrome
vendor: serve model: serve

Understanding vulnerabilities in software supply chains | Empirical Software Engineering

Related entries in the VARIoT vulnerabilities database: VAR-201805-1054

Trust: 3.75

Fetched: Dec. 1, 2024, 10:15 a.m., Published: Nov. 6, 2024, midnight
 Vulnerabilities: -

U.S. CISA adds Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog

Trust: 5.5

Fetched: Dec. 1, 2024, 10:15 a.m., Published: Nov. 22, 2024, 11:07 a.m.
 Vulnerabilities: authorization vulnerability, cross-site scripting, authorization issue...
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: macos
vendor: apple model: safari
db: NVD ids: CVE-2024-44308, CVE-2024-21287, CVE-2024-44309

Understanding and Mitigating CVE-2024-49764: LibreNMS Stored XSS Vulnerability

Trust: 3.75

Fetched: Dec. 1, 2024, 10:13 a.m., Published: -
 Vulnerabilities: script execution, cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2024-49764

From Cyber Security News - Epson Devices Vulnerability Let Attackers Create Rogue Admin Accounts - Threat Note

Trust: 3.25

Fetched: Dec. 1, 2024, 10:12 a.m., Published: Nov. 11, 2024, 11:56 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-47295

NVIDIA GeForce Users Must Update Their GPU Drivers As 8 High Risk Vulnerabilities Discovered

Trust: 3.0

Fetched: Dec. 1, 2024, 10:12 a.m., Published: Nov. 4, 2024, 10:05 a.m.
 Vulnerabilities: information disclosure, denial of service, code execution
Affected productsExternal IDs

German CERT Warns Zyxel Firewalls Exploited For Helldown Ransomware Deployment

Trust: 3.75

Fetched: Dec. 1, 2024, 10:11 a.m., Published: Nov. 28, 2024, 1:54 p.m.
 Vulnerabilities: directory traversal
Affected productsExternal IDs
db: NVD ids: CVE-2024-11667

Ivanti Avalanche SmartDeviceServer - XML External Entity (CVE-2024-38653) - Vulnerability & Exploit Database

Trust: 3.0

Fetched: Dec. 1, 2024, 10:11 a.m., Published: Dec. 7, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-38653

Network Vulnerabilities and Threats: Cyber Security Threats and Solutions in an Increasingly Connected Digital Environment

Trust: 3.5

Fetched: Dec. 1, 2024, 10:08 a.m., Published: Dec. 3, 2024, midnight
 Vulnerabilities: injection attack, sql injection
Affected productsExternal IDs
vendor: trend model: security

Patch your Apple devices now, XSS vulnerabilities top danger list, NFC traffic relayed to steal money...

Trust: 5.25

Fetched: Dec. 1, 2024, 10:07 a.m., Published: Dec. 3, 2024, midnight
 Vulnerabilities: request forgery, command injection, sql injection...
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: macos
vendor: apple model: iphone
vendor: apple model: software update
vendor: apple model: webkit
vendor: apple model: safari
vendor: broadcom model: linux
db: NVD ids: CVE-2024-38812, CVE-2024-38813, CVE-2024-44308, CVE-2024-44309

Microsoft Defender for Endpoint | Microsoft Community Hub

Trust: 3.5

Fetched: Dec. 1, 2024, 10:07 a.m., Published: May 1, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: hub model: hub

Cisco Identity Services Engine Authorization Bypass and Cross-Site Scripting Vulnerabilities - Cisco

Trust: 5.5

Fetched: Dec. 1, 2024, 10:05 a.m., Published: Nov. 6, 2024, 10:18 a.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: cisco model: cisco identity services engine
vendor: cisco model: identity services engine
db: NVD ids: CVE-2024-20539, CVE-2024-20537, CVE-2024-20538

CVE-2024-11120 GeoVision EOL devices - OS Command Injection - vulnerability database | Vulners.com

Trust: 4.0

Fetched: Dec. 1, 2024, 10:05 a.m., Published: Nov. 15, 2024, 2 a.m.
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-11120

Bing.com XSS Vulnerability Let Attackers Send Crafted Malicious Requests

Trust: 3.0

Fetched: Dec. 1, 2024, 9:59 a.m., Published: Nov. 25, 2024, 11:50 a.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs

Home Device Security: Guide to Protecting Your Digital Life - Secure Debug

Trust: 4.25

Fetched: Dec. 1, 2024, 9:57 a.m., Published: Nov. 26, 2024, 1:58 p.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: wireshark model: wireshark
vendor: sophos model: mobile
vendor: sophos model: firewall
vendor: snort model: snort
vendor: apple model: macos
vendor: google model: google chrome
vendor: google model: android
vendor: google model: home
vendor: google model: chrome
vendor: avast model: antivirus

Critical Vulnerabilities in Schneider Electric PowerLogic Devices: Risks & Mitigations | Windows Forum

Related entries in the VARIoT vulnerabilities database: VAR-202106-0542, VAR-202106-0541

Trust: 5.75

Fetched: Dec. 1, 2024, 9:56 a.m., Published: May 1, 2024, midnight
 Vulnerabilities: weak password
Affected productsExternal IDs
vendor: schneider electric model: powerlogic pm8ecc
vendor: schneider electric model: powerlogic pm5560
vendor: schneider model: powerlogic pm8ecc
vendor: schneider model: powerlogic pm5560
db: NVD ids: CVE-2021-22764, CVE-2021-22763

CERT-In Issues High-Severity Alert for Apple Users: Is Your iOS Device Safe? - The420.in

Trust: 3.75

Fetched: Dec. 1, 2024, 9:55 a.m., Published: Nov. 12, 2024, 8:26 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: apple model: watchos
vendor: apple model: macos
vendor: apple model: safari
vendor: apple model: tvos