VARIoT news about IoT security

Trust: 3.5

Fetched: Nov. 20, 2024, 9:41 a.m., Published: Nov. 18, 2024, 5:48 p.m.
Vulnerabilities: restriction bypass, request forgery, command injection...
Affected productsExternal IDs
db: NVD ids: CVE-2024-10524, CVE-2024-38428

Trust: 3.5

Fetched: Nov. 20, 2024, 9:40 a.m., Published: Nov. 20, 2023, midnight
Vulnerabilities: -
Affected productsExternal IDs
vendor: rockwell model: controllogix 5580
vendor: rockwell model: automation controllogix
vendor: rockwell model: compactlogix
vendor: rockwell model: guardlogix
vendor: rockwell model: controllogix
vendor: rockwell model: factorytalk
vendor: rockwell automation model: controllogix 5580
vendor: rockwell automation model: automation controllogix
vendor: rockwell automation model: compactlogix
vendor: rockwell automation model: guardlogix
vendor: rockwell automation model: controllogix
vendor: rockwell automation model: factorytalk
db: NVD ids: CVE-2024-6207

Trust: 5.5

Fetched: Nov. 20, 2024, 9:40 a.m., Published: Nov. 19, 2024, midnight
Vulnerabilities: privilege escalation, command execution, authentication bypass
Affected productsExternal IDs
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo model: pan-os
vendor: palo model: networks
vendor: palo model: firewall
db: NVD ids: CVE-2024-9474, CVE-2024-0012

Trust: 4.5

Fetched: Nov. 20, 2024, 9:38 a.m., Published: Nov. 18, 2024, 10:16 a.m.
Vulnerabilities: memory corruption, denial of service, system crash
Affected productsExternal IDs
vendor: embedthis model: goahead
vendor: embedthis model: goahead web server
vendor: cesanta model: mongoose
db: NVD ids: CVE-2024-42386, CVE-2024-42384

Trust: 4.75

Fetched: Nov. 20, 2024, 9:37 a.m., Published: Nov. 13, 2024, midnight
Vulnerabilities: improper memory management, memory leak
Affected productsExternal IDs
db: NVD ids: CVE-2024-53077

Trust: 4.25

Fetched: Nov. 20, 2024, 9:36 a.m., Published: Nov. 19, 2024, 3:41 p.m.
Vulnerabilities: command execution, code execution
Affected productsExternal IDs
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo model: pan-os
vendor: palo model: networks
vendor: palo model: firewall

Trust: 3.0

Fetched: Nov. 20, 2024, 9:35 a.m., Published: Sept. 18, 2024, 3:04 p.m.
Vulnerabilities: denial of service
Affected productsExternal IDs

Trust: 4.5

Fetched: Nov. 20, 2024, 9:34 a.m., Published: Sept. 2, 2024, 6:59 a.m.
Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-2231

Trust: 5.25

Fetched: Nov. 20, 2024, 9:30 a.m., Published: Nov. 10, 2024, midnight
Vulnerabilities: integer overflow, buffer overflow, memory corruption...
Affected productsExternal IDs
vendor: schneider model: concept
vendor: cesanta model: mongoose
vendor: schneider electric model: concept
db: NVD ids: CVE-2024-42389, CVE-2024-42388, CVE-2024-42384, CVE-2024-42387, CVE-2024-42385, CVE-2024-42386, CVE-2024-42391, CVE-2024-42383, CVE-2024-42390, CVE-2024-42392

Trust: 3.0

Fetched: Nov. 20, 2024, 9:30 a.m., Published: Oct. 7, 2024, 4:26 p.m.
Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2024-47191

Trust: 4.0

Fetched: Nov. 20, 2024, 9:29 a.m., Published: Aug. 22, 2024, 9:09 a.m.
Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: unified communications
vendor: cisco model: cisco unified communications manager
vendor: cisco model: unified communications manager
db: NVD ids: CVE-2024-20375

Trust: 5.75

Fetched: Nov. 20, 2024, 9:23 a.m., Published: Nov. 8, 2024, midnight
Vulnerabilities: denial of service, process crash
Affected productsExternal IDs
vendor: cisco model: nx-os
vendor: cisco model: cisco nx-os
vendor: cisco model: nx-os software
db: NVD ids: CVE-2024-20446

Trust: 5.5

Fetched: Nov. 20, 2024, 9:16 a.m., Published: Nov. 19, 2024, 8:34 p.m.
Vulnerabilities: cross-site scripting, code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: ipad air
vendor: apple model: webkit
vendor: apple model: ipad
vendor: apple model: iphone
db: NVD ids: CVE-2024-44308, CVE-2024-44309

Trust: 3.25

Fetched: Nov. 19, 2024, 9:56 a.m., Published: Nov. 19, 6012, midnight
Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2024-33700

Trust: 4.5

Fetched: Nov. 19, 2024, 9:55 a.m., Published: Nov. 18, 2024, 2:20 p.m.
Vulnerabilities: authentication bypass, privilege escalation
Affected productsExternal IDs
vendor: paloaltonetworks model: networks
vendor: paloaltonetworks model: pan-os
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os
vendor: palo model: networks
vendor: palo model: pan-os
db: NVD ids: CVE-2024-9474, CVE-2024-0012

Trust: 3.75

Fetched: Nov. 19, 2024, 9:54 a.m., Published: Nov. 4, 2024, 10:20 a.m.
Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2020-6287

Trust: 3.75

Fetched: Nov. 19, 2024, 9:53 a.m., Published: Nov. 13, 2024, 2:14 a.m.
Vulnerabilities: information disclosure, code execution, security feature bypass...
Affected productsExternal IDs
db: NVD ids: CVE-2024-43625, CVE-2024-43451, CVE-2024-43498, CVE-2024-49039, CVE-2024-49040, CVE-2024-43602, CVE-2024-49019, CVE-2024-43639
Related entries in the VARIoT vulnerabilities database: VAR-202411-0796

Trust: 5.75

Fetched: Nov. 19, 2024, 9:51 a.m., Published: Nov. 15, 2024, 2:45 p.m.
Vulnerabilities: denial of service, buffer overflow, memory corruption
Affected productsExternal IDs
vendor: tp-link model: routers
db: NVD ids: CVE-2024-11237

Trust: 4.25

Fetched: Nov. 19, 2024, 9:50 a.m., Published: Nov. 26, 2024, midnight
Vulnerabilities: default credentials, path traversal
Affected productsExternal IDs
vendor: sophos model: firewall
vendor: palo model: firewall
vendor: palo model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
db: NVD ids: CVE-2024-38821, CVE-2024-50388, CVE-2024-50387, CVE-2024-7475, CVE-2024-38030, CVE-2024-7474, CVE-2024-5982

Trust: 3.75

Fetched: Nov. 19, 2024, 9:50 a.m., Published: Nov. 15, 2024, 3:34 p.m.
Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco telepresence
vendor: cisco model: telepresence endpoint
vendor: cisco model: cisco roomos
vendor: cisco model: roomos
vendor: cisco model: telepresence
db: NVD ids: CVE-2022-20793