Sign-up

VARIoT news about IoT security

Protect your Software from the Zero Day Wget Vulnerability

Trust: 3.5

Fetched: Nov. 20, 2024, 9:41 a.m., Published: Nov. 18, 2024, 5:48 p.m.
 Vulnerabilities: restriction bypass, request forgery, command injection...
Affected productsExternal IDs
db: NVD ids: CVE-2024-10524, CVE-2024-38428

Rockwell Automation ControlLogix | CISA

Trust: 3.5

Fetched: Nov. 20, 2024, 9:40 a.m., Published: Nov. 20, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: rockwell model: controllogix 5580
vendor: rockwell model: automation controllogix
vendor: rockwell model: compactlogix
vendor: rockwell model: guardlogix
vendor: rockwell model: controllogix
vendor: rockwell model: factorytalk
vendor: rockwell automation model: controllogix 5580
vendor: rockwell automation model: automation controllogix
vendor: rockwell automation model: compactlogix
vendor: rockwell automation model: guardlogix
vendor: rockwell automation model: controllogix
vendor: rockwell automation model: factorytalk
db: NVD ids: CVE-2024-6207

Palo Alto Networks customers grapple with another actively exploited zero-day | Cybersecurity Dive

Trust: 5.5

Fetched: Nov. 20, 2024, 9:40 a.m., Published: Nov. 19, 2024, midnight
 Vulnerabilities: privilege escalation, command execution, authentication bypass
Affected productsExternal IDs
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo model: pan-os
vendor: palo model: networks
vendor: palo model: firewall
db: NVD ids: CVE-2024-9474, CVE-2024-0012

Critical vulnerabilities found in Mongoose Web Server Library, updating to v7.15 remediates issues - Industrial Cyber

Trust: 4.5

Fetched: Nov. 20, 2024, 9:38 a.m., Published: Nov. 18, 2024, 10:16 a.m.
 Vulnerabilities: memory corruption, denial of service, system crash
Affected productsExternal IDs
vendor: embedthis model: goahead
vendor: embedthis model: goahead web server
vendor: cesanta model: mongoose
db: NVD ids: CVE-2024-42386, CVE-2024-42384

Memory Management Vulnerability in Linux Kernel: rpcrdma Device Memory Leak

Trust: 4.75

Fetched: Nov. 20, 2024, 9:37 a.m., Published: Nov. 13, 2024, midnight
 Vulnerabilities: improper memory management, memory leak
Affected productsExternal IDs
db: NVD ids: CVE-2024-53077

Palo Alto Networks has identified a critical zero-day vulnerability - ThinScale

Trust: 4.25

Fetched: Nov. 20, 2024, 9:36 a.m., Published: Nov. 19, 2024, 3:41 p.m.
 Vulnerabilities: command execution, code execution
Affected productsExternal IDs
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo model: pan-os
vendor: palo model: networks
vendor: palo model: firewall

Chinese Hackers Hijacked Routers & IoT Devices to Create Botnet, NSA Warns

Trust: 3.0

Fetched: Nov. 20, 2024, 9:35 a.m., Published: Sept. 18, 2024, 3:04 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs

Record-Breaking 3.15 Billion Packets Per Second DDOS Attack Towards Minecraft Server

Trust: 4.5

Fetched: Nov. 20, 2024, 9:34 a.m., Published: Sept. 2, 2024, 6:59 a.m.
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-2231

Hunting the Mongoose: Discovering 10 Vulnerabilities in the Mongoose Web Server Library

Trust: 5.25

Fetched: Nov. 20, 2024, 9:30 a.m., Published: Nov. 10, 2024, midnight
 Vulnerabilities: integer overflow, buffer overflow, memory corruption...
Affected productsExternal IDs
vendor: schneider model: concept
vendor: cesanta model: mongoose
vendor: schneider electric model: concept
db: NVD ids: CVE-2024-42389, CVE-2024-42388, CVE-2024-42384, CVE-2024-42387, CVE-2024-42385, CVE-2024-42386, CVE-2024-42391, CVE-2024-42383, CVE-2024-42390, CVE-2024-42392

Critical Oath-Toolkit Vulnerability Let Attackers Escalate Privilege

Trust: 3.0

Fetched: Nov. 20, 2024, 9:30 a.m., Published: Oct. 7, 2024, 4:26 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2024-47191

CVE-2024-20375 : CISCO UNIFIED COMMUNICATIONS MANAGER UP TO 15 SIP OUT-OF-BOUNDS WRITE - Cloud WAF

Trust: 4.0

Fetched: Nov. 20, 2024, 9:29 a.m., Published: Aug. 22, 2024, 9:09 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: unified communications
vendor: cisco model: cisco unified communications manager
vendor: cisco model: unified communications manager
db: NVD ids: CVE-2024-20375

CVE-2024-20446 - Cisco NX-OS Software DHCPv6 Relay Agent Denial of Service Vulnerability

Trust: 5.75

Fetched: Nov. 20, 2024, 9:23 a.m., Published: Nov. 8, 2024, midnight
 Vulnerabilities: denial of service, process crash
Affected productsExternal IDs
vendor: cisco model: nx-os
vendor: cisco model: cisco nx-os
vendor: cisco model: nx-os software
db: NVD ids: CVE-2024-20446

CVE-2024-44308 and CVE-2024-44309: Apple Addresses Zero-Day Vulnerabilities

Trust: 5.5

Fetched: Nov. 20, 2024, 9:16 a.m., Published: Nov. 19, 2024, 8:34 p.m.
 Vulnerabilities: cross-site scripting, code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: ipad air
vendor: apple model: webkit
vendor: apple model: ipad
vendor: apple model: iphone
db: NVD ids: CVE-2024-44308, CVE-2024-44309

Firmware Vulnerability Affects LevelOne WBR-6012 Router, Leading to Denial of Service and Device Reboots (CVE-2024-33700) | SecurityVulnerability.io - SecuirtyVulnerability.io

Trust: 3.25

Fetched: Nov. 19, 2024, 9:56 a.m., Published: Nov. 19, 6012, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2024-33700

CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)

Trust: 4.5

Fetched: Nov. 19, 2024, 9:55 a.m., Published: Nov. 18, 2024, 2:20 p.m.
 Vulnerabilities: authentication bypass, privilege escalation
Affected productsExternal IDs
vendor: paloaltonetworks model: networks
vendor: paloaltonetworks model: pan-os
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os
vendor: palo model: networks
vendor: palo model: pan-os
db: NVD ids: CVE-2024-9474, CVE-2024-0012

SAP Vulnerability Management: Best Practices for Securing Your Business

Trust: 3.75

Fetched: Nov. 19, 2024, 9:54 a.m., Published: Nov. 4, 2024, 10:20 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2020-6287

Microsoft November Patch Tuesday: 4 Zero-Days and 89 Vulnerabilities Patched

Trust: 3.75

Fetched: Nov. 19, 2024, 9:53 a.m., Published: Nov. 13, 2024, 2:14 a.m.
 Vulnerabilities: information disclosure, code execution, security feature bypass...
Affected productsExternal IDs
db: NVD ids: CVE-2024-43625, CVE-2024-43451, CVE-2024-43498, CVE-2024-49039, CVE-2024-49040, CVE-2024-43602, CVE-2024-49019, CVE-2024-43639

Critical TP-Link DHCP Vulnerability Let Attackers Execute Remote Code

Related entries in the VARIoT vulnerabilities database: VAR-202411-0796

Trust: 5.75

Fetched: Nov. 19, 2024, 9:51 a.m., Published: Nov. 15, 2024, 2:45 p.m.
 Vulnerabilities: denial of service, buffer overflow, memory corruption
Affected productsExternal IDs
vendor: tp-link model: routers
db: NVD ids: CVE-2024-11237

SANS NewsBites Vol. 26 Num. 84 : Change Healthcare Breach Prompts Proposed US Healthcare Cybersecurity Legislation; Protect AI Bug Bounty Program Reveals 24 Vulnerabilities; Sophos X-Ops’ Five-Year Investigation into State-Sponsored Attacks on Perimeter Devices - SANS Institute

Trust: 4.25

Fetched: Nov. 19, 2024, 9:50 a.m., Published: Nov. 26, 2024, midnight
 Vulnerabilities: default credentials, path traversal
Affected productsExternal IDs
vendor: sophos model: firewall
vendor: palo model: firewall
vendor: palo model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
db: NVD ids: CVE-2024-38821, CVE-2024-50388, CVE-2024-50387, CVE-2024-7475, CVE-2024-38030, CVE-2024-7474, CVE-2024-5982

CVE-2022-20793 Cisco Touch 10 Device Insufficient Identity V... - vulnerability database | Vulners.com

Trust: 3.75

Fetched: Nov. 19, 2024, 9:50 a.m., Published: Nov. 15, 2024, 3:34 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco telepresence
vendor: cisco model: telepresence endpoint
vendor: cisco model: cisco roomos
vendor: cisco model: roomos
vendor: cisco model: telepresence
db: NVD ids: CVE-2022-20793