Sign-up

VARIoT news about IoT security

CVE-2024-10456 - Securin

Trust: 4.75

Fetched: Nov. 24, 2024, 10:26 a.m., Published: Nov. 3, 2024, 8:19 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-10456

Apple, Oracle, and Apache Issue Critical Updates for Actively Exploited and High-Risk Vulnerabilities - SOCRadar® Cyber Intelligence Inc.

Trust: 5.25

Fetched: Nov. 24, 2024, 10:22 a.m., Published: Nov. 20, 2024, 11:41 a.m.
 Vulnerabilities: cross-site scripting, code execution, request forgery...
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: macos
db: NVD ids: CVE-2024-48962, CVE-2024-44308, CVE-2024-47208, CVE-2024-44309, CVE-2024-21287

Samsung Electronics Scales Up Mobile Security Rewards Program To Boost Industry Collaboration and Safety

Trust: 3.5

Fetched: Nov. 24, 2024, 10:10 a.m., Published: Nov. 21, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: samsung model: mobile
vendor: samsung model: mobile devices
vendor: samsung model: samsung
vendor: samsung model: galaxy
vendor: samsung model: samsung galaxy
vendor: samsung model: samsung mobile

Apple issues urgent updates to address actively exploited zero-day vulnerabilities - Technology News | The Financial Express

Trust: 4.75

Fetched: Nov. 24, 2024, 9:58 a.m., Published: Nov. 20, 2024, 10:12 a.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: apple model: ipad air
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: safari
vendor: apple model: macos
vendor: apple model: ipad
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2024-44308, CVE-2024-44309

Bevy of smart doorbell bugs earn Ekon an FCC penalty for negligence | SC Media

Trust: 3.0

Fetched: Nov. 24, 2024, 9:57 a.m., Published: Nov. 22, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs

Apple’s Latest Updates Address Critical Security Vulnerabilities - AppleMagazine

Trust: 3.5

Fetched: Nov. 24, 2024, 9:57 a.m., Published: Nov. 20, 2024, 7:07 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: safari
vendor: apple model: watch
vendor: apple model: software update

Apple addresses two iPhone, Mac zero-days | Computer Weekly

Trust: 5.5

Fetched: Nov. 24, 2024, 9:56 a.m., Published: Nov. 20, 2024, midnight
 Vulnerabilities: cross-site scripting, code execution
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: safari
vendor: apple model: software update
db: NVD ids: CVE-2024-44308, CVE-2024-23222, CVE-2024-44309

Zero-day vulnerability in GeoVision devices exploited by a botnet

Trust: 5.0

Fetched: Nov. 24, 2024, 9:55 a.m., Published: Nov. 18, 2024, midnight
 Vulnerabilities: denial of service, os command injection, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-11120

D-Link Technical Support

Trust: 3.5

Fetched: Nov. 24, 2024, 9:55 a.m., Published: -
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
vendor: d-link model: dsr-150n
vendor: d-link model: dsr-500n
vendor: d-link model: dsr-250n firmware
vendor: d-link model: dsr-250 firmware
vendor: d-link model: dsr-150
vendor: d-link model: dsr-250
vendor: d-link model: router
vendor: d-link model: dsr-250n
vendor: d-link model: dsr-1000n

Apple Updates Block Two Zero-Day Security Vulnerabilities - TidBITS

Trust: 4.5

Fetched: Nov. 24, 2024, 9:53 a.m., Published: Nov. 19, 2024, 11:49 p.m.
 Vulnerabilities: cross-site scripting, code execution
Affected productsExternal IDs
vendor: apple model: watchos
vendor: apple model: tvos
vendor: apple model: safari
vendor: apple model: macos
vendor: apple model: webkit

Palo Alto Networks faces breach of over 2,000 devices amid exploit campaign

Trust: 4.5

Fetched: Nov. 24, 2024, 9:53 a.m., Published: Nov. 22, 2024, 11:51 a.m.
 Vulnerabilities: privilege escalation, code execution
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo model: pan-os
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: pan-os
db: NVD ids: CVE-2024-5910, CVE-2024-0012, CVE-2024-9474, CVE-2024-3400

Experts warn of Palo Alto firewall exploitation after 2,000 compromises spotted

Trust: 3.5

Fetched: Nov. 24, 2024, 9:51 a.m., Published: Nov. 22, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
db: NVD ids: CVE-2024-0012, CVE-2024-9474

Security Flaws Discovered in GoAhead might affect Web Servers

Trust: 5.25

Fetched: Nov. 24, 2024, 9:50 a.m., Published: Nov. 15, 2024, midnight
 Vulnerabilities: denial of service, memory access violation, service crash...
Affected productsExternal IDs
vendor: embedthis model: goahead
vendor: embedthis model: goahead web server
db: NVD ids: CVE-2024-3187, CVE-2024-3186, CVE-2024-3184

Mystery Palo Alto Networks 0-day RCE now actively exploited • The Register

Trust: 5.5

Fetched: Nov. 24, 2024, 9:49 a.m., Published: -
 Vulnerabilities: sql injection, code execution, command execution...
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo model: pan-os
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: pan-os
db: NVD ids: CVE-2024-9463, CVE-2024-9465

No Fix Coming for Critical D-Link Vulnerability - Lansweeper

Related entries in the VARIoT vulnerabilities database: VAR-202411-0293

Trust: 5.75

Fetched: Nov. 24, 2024, 9:49 a.m., Published: Nov. 12, 2024, 12:35 p.m.
 Vulnerabilities: privilege escalation, command execution, command injection
Affected productsExternal IDs
vendor: d-link model: dns-340l
vendor: d-link model: dns-320lw
vendor: d-link model: dns-325
vendor: d-link model: dns-320
db: NVD ids: CVE-2024-10914

Critical Exploit in MediaTek Wi-Fi Chipsets: Zero-Click Vulnerability (CVE-2024-20017) Threatens Routers and Smartphones

Trust: 4.75

Fetched: Nov. 24, 2024, 9:43 a.m., Published: -
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2024-20017

Samsung Electronics Scales Up Mobile Security Rewards Program To Boost Industry Collaboration and Safety - Samsung Global Newsroom

Trust: 3.5

Fetched: Nov. 24, 2024, 9:42 a.m., Published: Nov. 21, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: samsung model: samsung mobile
vendor: samsung model: mobile devices
vendor: samsung model: samsung galaxy
vendor: samsung model: mobile
vendor: samsung model: galaxy

Critical Vulnerability in FortiManager (CVE-2024-47575)

Trust: 3.75

Fetched: Nov. 24, 2024, 9:30 a.m., Published: Oct. 23, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-47575

Exploited PAN-OS Zero-Days Threaten Thousands of Firewalls (CVE-2024-0012 and CVE-2024-9474) - SOCRadar® Cyber Intelligence Inc.

Trust: 4.25

Fetched: Nov. 24, 2024, 9:27 a.m., Published: Nov. 19, 2024, 11:38 a.m.
 Vulnerabilities: privilege escalation, command execution, authentication bypass...
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo model: pan-os
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os
db: NVD ids: CVE-2024-1212, CVE-2024-0012, CVE-2024-9474

ASLR and Buffer Overflow Attacks - Blue Goat Cyber

Trust: 3.5

Fetched: Nov. 24, 2024, 9:26 a.m., Published: Feb. 10, 2024, 6:50 p.m.
 Vulnerabilities: information leak, buffer overflow
Affected productsExternal IDs