Sign-up

VARIoT news about IoT security

Chrome 131 Released: Major Update Fixes 12 Significant Vulnerabilities

Trust: 5.25

Fetched: Dec. 1, 2024, 9:55 a.m., Published: -
 Vulnerabilities: heap corruption, denial of service, code execution
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: google chrome
db: NVD ids: CVE-2024-11114, CVE-2024-11113, CVE-2024-11115, CVE-2024-11116, CVE-2024-11111, CVE-2024-11117, CVE-2024-11110

Zero-Day Attacks on Network Edge Devices: Why NDR Matters by Lucie Cardiet

Trust: 4.25

Fetched: Dec. 1, 2024, 9:54 a.m., Published: -
 Vulnerabilities: privilege escalation, authentication bypass, code execution
Affected productsExternal IDs
vendor: citrix model: netscaler
vendor: citrix model: netscaler adc
vendor: cisco model: routers
vendor: cisco model: cisco routers
vendor: sonicwall model: remote access
vendor: trend model: security
vendor: palo model: networks
vendor: palo model: pan-os
vendor: palo model: firewall
db: NVD ids: CVE-2023-3519, CVE-2024-3400

What is Vulnerability Management? | UpGuard

Trust: 3.75

Fetched: Dec. 1, 2024, 9:53 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2019-0708

Update Canonical Ubuntu Server: USN-7084-2: pip vulnerability

Trust: 3.25

Fetched: Dec. 1, 2024, 9:53 a.m., Published: Feb. 1, 7084, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

Scanning Attack: What It Is and How to Protect Your Organization Against It?

Trust: 3.75

Fetched: Dec. 1, 2024, 9:52 a.m., Published: March 3, 2023, 4:06 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: essential model: phone

Critical Vulnerabilities Uncovered in Industrial Wireless Access Point - Infosecurity Magazine

Trust: 4.75

Fetched: Dec. 1, 2024, 9:34 a.m., Published: Nov. 28, 2024, 11:15 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-50375, CVE-2024-50370, CVE-2024-50373, CVE-2024-50374, CVE-2024-50372, CVE-2024-50371

Security of Cloud-Based Health Data and Telemedicine - DEV Community

Trust: 3.0

Fetched: Dec. 1, 2024, 9:33 a.m., Published: Nov. 30, 2024, 9:05 p.m.
 Vulnerabilities: -
Affected productsExternal IDs

A Vulnerability in Android OS Could Allow for Remote Code Execution

Trust: 3.25

Fetched: Dec. 1, 2024, 9:30 a.m., Published: Nov. 7, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

LogoFAIL Exploited to Deploy Bootkitty, the first UEFI bootkit for Linux

Trust: 4.5

Fetched: Dec. 1, 2024, 9:29 a.m., Published: May 1, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: lenovo model: ideacentre
vendor: lenovo model: yoga
vendor: lenovo model: system
vendor: serve model: serve
db: NVD ids: CVE-2023-40238

Forescout Vedere Labs Unveils Riskiest Connected Medical Devices - Forescout

Trust: 4.5

Fetched: Dec. 1, 2024, 9:28 a.m., Published: Oct. 28, 2024, 11:23 p.m.
 Vulnerabilities: information disclosure, denial of service, code execution
Affected productsExternal IDs

Over-the-Air Vulnerabilities in Advantech EKI Access Points Put Industrial Networks at Risk

Trust: 3.75

Fetched: Dec. 1, 2024, 9:28 a.m., Published: Dec. 1, 2024, 1:06 a.m.
 Vulnerabilities: command injection, cross-site scripting, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2024-50375, CVE-2024-50359, CVE-2024-50370, CVE-2024-50376

‘Downfall’ CPU Vulnerability Could Expose Billions of Devices to Data Theft

Trust: 3.75

Fetched: Dec. 1, 2024, 9:25 a.m., Published: Dec. 2, 2024, midnight
 Vulnerabilities: value injection
Affected productsExternal IDs
db: NVD ids: CVE-2022-40982

Understanding Nmap for Vulnerability Scanning - Web Asha

Trust: 3.75

Fetched: Dec. 1, 2024, 9:24 a.m., Published: Nov. 29, 2024, 11 p.m.
 Vulnerabilities: sql injection
Affected productsExternal IDs

Apple SWOT Analysis 2024: In-Depth Tech Insights

Trust: 3.5

Fetched: Dec. 1, 2024, 9:22 a.m., Published: Sept. 30, 2024, 11:52 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: apple model: ipad
vendor: apple model: watch
vendor: apple model: icloud
vendor: apple model: iphone
vendor: apple model: apple tv
vendor: google model: home
vendor: huawei model: huawei

Zyxel Firewalls Exploited for Ransomware Attacks; 20 Security Flaws Discovered in Advantech Access Points - SOCRadar® Cyber Intelligence Inc.

Trust: 4.5

Fetched: Dec. 1, 2024, 9:16 a.m., Published: Nov. 29, 2024, 12:27 p.m.
 Vulnerabilities: denial of service, cross-site scripting, os command injection...
Affected productsExternal IDs
vendor: serve model: serve
db: NVD ids: CVE-2024-50375, CVE-2024-50370, CVE-2024-50376, CVE-2024-50374, CVE-2024-50359, CVE-2024-11667

CVE-2024-11120 - Securin

Trust: 3.5

Fetched: Dec. 1, 2024, 9:15 a.m., Published: Nov. 24, 2024, 7:10 a.m.
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-11120

Business.Scoop " Over-The-Air Vulnerabilities Discovered In Advantech EKI Access Points

Trust: 5.5

Fetched: Nov. 29, 2024, 9:17 a.m., Published: -
 Vulnerabilities: cross-site scripting, code execution, command injection...
Affected productsExternal IDs
vendor: nozomi model: guardian
db: NVD ids: CVE-2024-50376, CVE-2024-50359

The Authentication Dilemma: Rising Vulnerabilities and Reluctance to Patch in OT

Related entries in the VARIoT vulnerabilities database: VAR-202410-3402, VAR-202410-0128

Trust: 4.25

Fetched: Nov. 29, 2024, 9:16 a.m., Published: Nov. 8, 2024, midnight
 Vulnerabilities: weak password, authentication vulnerability
Affected productsExternal IDs
vendor: siemens model: modbus tcp
vendor: mitsubishi electric model: melsec iq-r series
vendor: mitsubishi electric model: melsec iq-r
vendor: mitsubishi model: melsec iq-r series
vendor: mitsubishi model: melsec iq-r
db: NVD ids: CVE-2024-10386, CVE-2024-41798, CVE-2023-2060, CVE-2024-45274

CVE-2024-7029 scanner - Command Injection vulnerability in AVTECH IP Camera

Trust: 7.0

Fetched: Nov. 29, 2024, 9:16 a.m., Published: -
 Vulnerabilities: command injection, code execution
Affected productsExternal IDs
vendor: avtech model: ip camera
db: NVD ids: CVE-2024-7029

Penetration Testing for IoT Devices: Ensuring Security in a Connected World | by Akitra | Medium

Trust: 3.75

Fetched: Nov. 29, 2024, 9:15 a.m., Published: Sept. 20, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: wireshark model: wireshark