Sign-up

VARIoT news about IoT security

CVE-2024-44308 and CVE-2024-44309: Apple Addresses Zero-Day Vulnerabilities

Trust: 5.5

Fetched: Nov. 20, 2024, 9:16 a.m., Published: Nov. 19, 2024, 8:34 p.m.
 Vulnerabilities: cross-site scripting, code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: ipad air
vendor: apple model: webkit
vendor: apple model: ipad
vendor: apple model: iphone
db: NVD ids: CVE-2024-44308, CVE-2024-44309

Firmware Vulnerability Affects LevelOne WBR-6012 Router, Leading to Denial of Service and Device Reboots (CVE-2024-33700) | SecurityVulnerability.io - SecuirtyVulnerability.io

Trust: 3.25

Fetched: Nov. 19, 2024, 9:56 a.m., Published: Nov. 19, 6012, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2024-33700

CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)

Trust: 4.5

Fetched: Nov. 19, 2024, 9:55 a.m., Published: Nov. 18, 2024, 2:20 p.m.
 Vulnerabilities: authentication bypass, privilege escalation
Affected productsExternal IDs
vendor: paloaltonetworks model: networks
vendor: paloaltonetworks model: pan-os
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os
vendor: palo model: networks
vendor: palo model: pan-os
db: NVD ids: CVE-2024-9474, CVE-2024-0012

SAP Vulnerability Management: Best Practices for Securing Your Business

Trust: 3.75

Fetched: Nov. 19, 2024, 9:54 a.m., Published: Nov. 4, 2024, 10:20 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2020-6287

Microsoft November Patch Tuesday: 4 Zero-Days and 89 Vulnerabilities Patched

Trust: 3.75

Fetched: Nov. 19, 2024, 9:53 a.m., Published: Nov. 13, 2024, 2:14 a.m.
 Vulnerabilities: information disclosure, code execution, security feature bypass...
Affected productsExternal IDs
db: NVD ids: CVE-2024-43625, CVE-2024-43451, CVE-2024-43498, CVE-2024-49039, CVE-2024-49040, CVE-2024-43602, CVE-2024-49019, CVE-2024-43639

Critical TP-Link DHCP Vulnerability Let Attackers Execute Remote Code

Related entries in the VARIoT vulnerabilities database: VAR-202411-0796

Trust: 5.75

Fetched: Nov. 19, 2024, 9:51 a.m., Published: Nov. 15, 2024, 2:45 p.m.
 Vulnerabilities: denial of service, buffer overflow, memory corruption
Affected productsExternal IDs
vendor: tp-link model: routers
db: NVD ids: CVE-2024-11237

SANS NewsBites Vol. 26 Num. 84 : Change Healthcare Breach Prompts Proposed US Healthcare Cybersecurity Legislation; Protect AI Bug Bounty Program Reveals 24 Vulnerabilities; Sophos X-Ops’ Five-Year Investigation into State-Sponsored Attacks on Perimeter Devices - SANS Institute

Trust: 4.25

Fetched: Nov. 19, 2024, 9:50 a.m., Published: Nov. 26, 2024, midnight
 Vulnerabilities: default credentials, path traversal
Affected productsExternal IDs
vendor: sophos model: firewall
vendor: palo model: firewall
vendor: palo model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
db: NVD ids: CVE-2024-38821, CVE-2024-50388, CVE-2024-50387, CVE-2024-7475, CVE-2024-38030, CVE-2024-7474, CVE-2024-5982

CVE-2022-20793 Cisco Touch 10 Device Insufficient Identity V... - vulnerability database | Vulners.com

Trust: 3.75

Fetched: Nov. 19, 2024, 9:50 a.m., Published: Nov. 15, 2024, 3:34 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco telepresence
vendor: cisco model: telepresence endpoint
vendor: cisco model: cisco roomos
vendor: cisco model: roomos
vendor: cisco model: telepresence
db: NVD ids: CVE-2022-20793

PfSense Stored XSS Vulnerability Leads To RCE Attacks, PoC Published

Trust: 5.5

Fetched: Nov. 19, 2024, 9:49 a.m., Published: Nov. 4, 2024, 11:50 a.m.
 Vulnerabilities: cross-site scripting, code execution
Affected productsExternal IDs
vendor: pfsense model: pfsense
vendor: netgate model: pfsense
db: NVD ids: CVE-2024-46538

Risks of IoT devices - Blue Goat Cyber

Related entries in the VARIoT vulnerabilities database: VAR-202108-0736

Trust: 3.75

Fetched: Nov. 19, 2024, 9:49 a.m., Published: Sept. 26, 2023, 7:47 p.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs
db: NVD ids: CVE-2021-27954

VMware vCenter Server Vulnerabilites Let Attackers Execute Remote Code

Trust: 5.25

Fetched: Nov. 19, 2024, 9:48 a.m., Published: Oct. 22, 2024, 6:19 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2024-38812, CVE-2024-38813

Forescout Research reveals 162 vulnerabilities in connected medical devices, elevating risks to patient data and safety - IndustrialCyber - Medical Device Market

Trust: 3.25

Fetched: Nov. 19, 2024, 9:46 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs

Hackers Exploiting SharePoint RCE Vulnerability to Compromise Entire Domain

Trust: 5.0

Fetched: Nov. 19, 2024, 9:45 a.m., Published: Nov. 1, 2024, 9:06 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-38094

Deserialization Vulnerability Affects Delta Electronics' InfraSuite Device Master (CVE-2024-10456) | SecurityVulnerability.io - SecuirtyVulnerability.io

Trust: 3.0

Fetched: Nov. 19, 2024, 9:39 a.m., Published: Oct. 30, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-10456

GreyNoise Intelligence Discovers Zero-Day Vulnerabilities in Live Streaming Cameras with the Help of AI | GreyNoise Blog

Trust: 3.5

Fetched: Nov. 19, 2024, 9:37 a.m., Published: Oct. 31, 2024, midnight
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-8956, CVE-2024-8957

Cisco fixed tens of vulnerabilities, including an actively exploited one

Trust: 5.5

Fetched: Nov. 19, 2024, 9:35 a.m., Published: Oct. 24, 2024, 3:58 p.m.
 Vulnerabilities: denial of service, remote command injection, command injection...
Affected productsExternal IDs
vendor: cisco model: series
vendor: cisco model: adaptive security appliance software
vendor: cisco model: adaptive security appliance
vendor: cisco model: cisco firepower threat defense software
vendor: cisco model: firepower threat defense software
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: cisco adaptive security appliance software
vendor: cisco model: firepower threat defense
vendor: cisco model: firepower
db: NVD ids: CVE-2024-20481, CVE-2024-20412, CVE-2024-20424, CVE-2024-20329

Top 10 Medical Device Operating Systems - Blue Goat Cyber

Trust: 3.75

Fetched: Nov. 19, 2024, 9:31 a.m., Published: March 30, 2024, 1:40 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: contiki model: contiki

Top 50 Medical Device Cybersecurity Issues - Blue Goat Cyber

Trust: 3.5

Fetched: Nov. 19, 2024, 9:30 a.m., Published: Jan. 10, 2024, 10:05 p.m.
 Vulnerabilities: weak password, cross-site scripting, sql injection...
Affected productsExternal IDs

Researchers Warn of Active GeoVision Botnet Used in DDoS and Cryptocurrency Attacks

Trust: 3.5

Fetched: Nov. 19, 2024, 9:27 a.m., Published: Nov. 1, 2024, midnight
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-11120

CVE-2024-0012, CVE-2024-9474: Zero-Day Vulnerabilities in Palo Alto PAN-OS Exploited In The Wild - Blog | Tenable®

Trust: 4.5

Fetched: Nov. 19, 2024, 9:26 a.m., Published: Nov. 18, 2024, 7:22 p.m.
 Vulnerabilities: authentication bypass, privilege escalation
Affected productsExternal IDs
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os
vendor: palo model: firewall
vendor: palo model: networks
vendor: palo model: pan-os
db: NVD ids: CVE-2024-9474, CVE-2024-0012