VARIoT latest news about IoT security

Serious security vulnerability - Samsung Community Trust: 3.0 Fetched: Nov. 26, 2024, 9:20 a.m., Published: Aug. 27, 2024, 6:31 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

samsung

model:

samsung

Android Operating System Vulnerabilities Types and Examples Trust: 5.5 Fetched: Nov. 26, 2024, 9:19 a.m., Published: Nov. 5, 2024, midnight	Vulnerabilities: code injection, use after free, sql injection...

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2023-26498, CVE-2023-26496, CVE-2023-26497, CVE-2023-24033, CVE-2024-43093

Infosec Press Reader Trust: 4.5 Fetched: Nov. 24, 2024, 11 a.m., Published: Nov. 24, 2024, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	macos
vendor:	palo alto networks	model:	networks
vendor:	google	model:	home
vendor:	google	model:	android
vendor:	citrix	model:	netscaler
vendor:	palo	model:	networks

db:

NVD

ids:

CVE-2024-9463, CVE-2024-9465

Apple macOS - Security Vulnerabilities in 2024 Trust: 5.25 Fetched: Nov. 24, 2024, 10:58 a.m., Published: Nov. 24, 2024, midnight	Vulnerabilities: information leakage, code execution, information disclosure...

Affected products

External IDs

vendor:	apple	model:	tvos
vendor:	apple	model:	watchos
vendor:	apple	model:	safari
vendor:	apple	model:	macos
vendor:	apple	model:	watch

db:

NVD

ids:

CVE-2024-44289, CVE-2024-44175, CVE-2024-44205, CVE-2024-44154, CVE-2024-44269, CVE-2024-44194, CVE-2024-44216, CVE-2024-44189, CVE-2024-44135, CVE-2024-44148, CVE-2024-44218, CVE-2024-44186, CVE-2024-44131, CVE-2024-44130, CVE-2024-40810, CVE-2024-44174, CVE-2024-40866, CVE-2024-44215, CVE-2024-44123, CVE-2024-44128, CVE-2024-44237, CVE-2024-44184, CVE-2024-44149, CVE-2024-44294, CVE-2024-44295, CVE-2024-40855, CVE-2024-44185, CVE-2024-44134, CVE-2024-44197, CVE-2024-44282, CVE-2024-44232, CVE-2024-44208, CVE-2024-44234, CVE-2024-44152, CVE-2024-44277, CVE-2024-44155, CVE-2024-44239, CVE-2024-44158, CVE-2024-44297, CVE-2024-44190, CVE-2024-44280, CVE-2024-44244, CVE-2024-40792, CVE-2024-44196, CVE-2024-44126, CVE-2024-44267, CVE-2024-44264, CVE-2024-27849, CVE-2024-27795, CVE-2024-44301, CVE-2024-44233, CVE-2024-44256, CVE-2024-44222, CVE-2024-44229, CVE-2024-44265, CVE-2024-44240, CVE-2024-44156, CVE-2024-44285, CVE-2024-44287, CVE-2024-44307, CVE-2024-44281, CVE-2024-44302, CVE-2024-44129, CVE-2024-44151, CVE-2024-44255, CVE-2024-44270, CVE-2024-44278, CVE-2024-44260, CVE-2024-44198, CVE-2024-44247, CVE-2024-44159, CVE-2024-44254, CVE-2024-44213, CVE-2024-44153, CVE-2024-44236, CVE-2024-44253, CVE-2024-44191, CVE-2024-40860, CVE-2024-44146, CVE-2024-44137, CVE-2024-44206, CVE-2024-44122, CVE-2024-44273, CVE-2024-44308, CVE-2024-44133, CVE-2024-44257, CVE-2024-44275, CVE-2024-44144, CVE-2024-44188, CVE-2024-44283, CVE-2024-44177, CVE-2024-44296, CVE-2024-44259, CVE-2024-44203, CVE-2024-44279, CVE-2024-44145, CVE-2024-44176, CVE-2024-44309, CVE-2024-40859, CVE-2024-44284

Indian govt. issues critical warning for THESE Apple users: How to protect your device \| Mint Trust: 3.5 Fetched: Nov. 24, 2024, 10:57 a.m., Published: Nov. 22, 2024, midnight	Vulnerabilities: cross-site scripting

Affected products

External IDs

vendor:	apple	model:	safari
vendor:	apple	model:	macos

LightSpy Malware Gains New Destructive Power - CyberMaterial Related entries in the VARIoT vulnerabilities database: VAR-202006-1651, VAR-202002-1163 Trust: 5.0 Fetched: Nov. 24, 2024, 10:57 a.m., Published: Oct. 31, 2024, 2:12 p.m.	Vulnerabilities: privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2020-9802, CVE-2020-3837

Another Apple update? Here's why this one actually matters Trust: 4.5 Fetched: Nov. 24, 2024, 10:55 a.m., Published: Nov. 20, 2024, 5:13 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	webkit
vendor:	apple	model:	safari
vendor:	apple	model:	macos
vendor:	google	model:	home

Testing for SQL injection vulnerabilities with Burp Suite - PortSwigger Trust: 4.0 Fetched: Nov. 24, 2024, 10:55 a.m., Published: Nov. 1, 2024, midnight	Vulnerabilities: sql injection

Affected products	External IDs

What is a JSON Injection and How to Prevent it Trust: 3.5 Fetched: Nov. 24, 2024, 10:53 a.m., Published: Aug. 29, 2021, 10:07 a.m.	Vulnerabilities: injection attack, sql injection, cross-site scripting...

Affected products	External IDs

CISA Warns of Critical Software Vulnerabilities in Industrial Devices - OSINT without borders Related entries in the VARIoT vulnerabilities database: VAR-202410-3402, VAR-202410-2617 Trust: 4.5 Fetched: Nov. 24, 2024, 10:52 a.m., Published: Nov. 1, 2024, 12:30 p.m.	Vulnerabilities: authentication bypass, weak password

Affected products

External IDs

vendor:	mitsubishi electric	model:	melsec iq-r
vendor:	mitsubishi electric	model:	melsec iq-r series
vendor:	rockwell	model:	automation factorytalk
vendor:	rockwell	model:	factorytalk
vendor:	mitsubishi	model:	melsec iq-r
vendor:	mitsubishi	model:	melsec iq-r series
vendor:	rockwell automation	model:	automation factorytalk
vendor:	rockwell automation	model:	factorytalk

db:

NVD

ids:

CVE-2023-6943, CVE-2024-10386, CVE-2023-2060, CVE-2024-10387

How to Identify Vulnerable Third-Party Software (Quickly) \| UpGuard Trust: 3.75 Fetched: Nov. 24, 2024, 10:51 a.m., Published: -	Vulnerabilities: cross-site scripting

Affected products

External IDs

vendor:

node.js

model:

node.js

Traditional Cybersecurity vs Medical Device Cybersecurity - Blue Goat Cyber Trust: 3.75 Fetched: Nov. 24, 2024, 10:50 a.m., Published: Nov. 17, 2024, 4:15 p.m.	Vulnerabilities: denial of service

Affected products	External IDs

What is an Open Port? Definition & Free Checking Tools \| UpGuard Trust: 3.75 Fetched: Nov. 24, 2024, 10:49 a.m., Published: -	Vulnerabilities: denial of service

Affected products	External IDs

CISA adds D-Link multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog Related entries in the VARIoT vulnerabilities database: VAR-202404-0069, VAR-202404-0070 Trust: 5.75 Fetched: Nov. 24, 2024, 10:47 a.m., Published: April 11, 2024, 9:48 p.m.	Vulnerabilities: code execution, command injection

Affected products

External IDs

vendor:	d-link	model:	dns-340l
vendor:	d-link	model:	dns-327l
vendor:	d-link	model:	dns-325
vendor:	d-link	model:	dns-320l

db:

NVD

ids:

CVE-2024-3272, CVE-2024-3273

Best Vulnerability Management Tools Trust: 3.25 Fetched: Nov. 24, 2024, 10:44 a.m., Published: Nov. 5, 2024, 6:49 a.m.	Vulnerabilities: default credentials, directory traversal, cross-site scripting

Affected products

External IDs

vendor:	trend	model:	security
vendor:	apple	model:	macos

Security Vulnerability in KYOCERA Device Manager Trust: 3.25 Fetched: Nov. 24, 2024, 10:38 a.m., Published: Nov. 1, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2023-50916

Update now! Apple releases software to patch critical security flaws Trust: 4.5 Fetched: Nov. 24, 2024, 10:37 a.m., Published: Nov. 20, 2024, 5:24 p.m.	Vulnerabilities: cross-site scripting, code execution

Affected products

External IDs

vendor:	apple	model:	macos
vendor:	apple	model:	webkit

db:

NVD

ids:

CVE-2024-44308, CVE-2024-44309

Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474 Trust: 5.25 Fetched: Nov. 24, 2024, 10:34 a.m., Published: Nov. 19, 2024, 9:31 a.m.	Vulnerabilities: code execution, privilege escalation, authentication bypass...

Affected products

External IDs

vendor:	palo	model:	networks
vendor:	palo	model:	firewall
vendor:	palo	model:	pan-os
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	firewall
vendor:	palo alto networks	model:	pan-os

db:

NVD

ids:

CVE-2024-3400, CVE-2024-0012, CVE-2024-9474

CISA: Over Half of Top Routinely Exploited Vulnerabilities in 2023 Affected Network Devices and Infrastructure - Eclypsium \| Supply Chain Security for the Modern Enterprise Related entries in the VARIoT vulnerabilities database: VAR-202209-1931 Trust: 3.5 Fetched: Nov. 24, 2024, 10:34 a.m., Published: Nov. 22, 2024, 5 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	trend	model:	security
vendor:	cisco	model:	series

db:

NVD

ids:

CVE-2022-3236

The Best Streaming Sticks and Devices for Your Smart TV - The Ambient Trust: 3.25 Fetched: Nov. 24, 2024, 10:31 a.m., Published: Oct. 17, 2022, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	iphone
vendor:	apple	model:	watch
vendor:	apple	model:	apple tv
vendor:	apple	model:	ipad
vendor:	google	model:	home
vendor:	google	model:	chromecast
vendor:	google	model:	android
vendor:	mesh	model:	mesh
vendor:	roku	model:	roku
vendor:	roku	model:	ultra
vendor:	roku	model:	roku ultra
vendor:	roku	model:	roku express
vendor:	roku	model:	express
vendor:	roku	model:	streaming stick
vendor:	essential	model:	phone
vendor:	amazon	model:	fire tv
vendor:	amazon	model:	echo show

VARIoT news about IoT security