VARIoT latest news about IoT security

How to Protect Healthcare Organizations from IoMT Risks \| LevelBlue Trust: 3.75 Fetched: Nov. 15, 2024, 9:16 a.m., Published: Nov. 15, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

palo

model:

networks

Critical Vulnerability in Cisco ASA (CVE-2024-20329) Trust: 4.5 Fetched: Nov. 15, 2024, 9:16 a.m., Published: Oct. 24, 2024, midnight	Vulnerabilities: code execution, command injection

Affected products

External IDs

vendor:

cisco

model:

adaptive security appliance

db:

NVD

ids:

CVE-2024-20329

It's official - FBI, CISA, and NSA reveal the most exploited vulnerabilities of 2023 \| TechRadar Trust: 4.75 Fetched: Nov. 15, 2024, 9:13 a.m., Published: Nov. 13, 2024, 11:55 p.m.	Vulnerabilities: code injection

Affected products

External IDs

vendor:	citrix	model:	netscaler adc
vendor:	citrix	model:	gateway
vendor:	citrix	model:	netscaler

db:

NVD

ids:

CVE-2023-20198, CVE-2023-3519

[2411.07114] TinyML Security: Exploring Vulnerabilities in Resource-Constrained Machine Learning Systems Trust: 3.0 Fetched: Nov. 13, 2024, 9:35 a.m., Published: Nov. 11, 2024, midnight	Vulnerabilities: information leakage

Affected products	External IDs

What is Cyber Security? Types, Importance & Threats Trust: 3.5 Fetched: Nov. 13, 2024, 9:27 a.m., Published: Oct. 18, 2024, 6:09 a.m.	Vulnerabilities: denial of service, sql injection

Affected products	External IDs

November 2024 Android Security Update Fixes Actively Exploited Vulnerabilities CVE-2024-43093, CVE-2024-43047 - SOCRadar® Cyber Intelligence Inc. Trust: 5.5 Fetched: Nov. 13, 2024, 9:27 a.m., Published: Nov. 5, 2024, 11:14 a.m.	Vulnerabilities: privilege escalation, memory corruption

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2024-43093, CVE-2024-43047

Recent IoT Security Breaches: What You Need to Know - TrainingCamp Trust: 4.5 Fetched: Nov. 13, 2024, 9:25 a.m., Published: Nov. 3, 2024, 7:07 a.m.	Vulnerabilities: default credentials

Affected products

External IDs

vendor:	palo alto networks	model:	networks
vendor:	cherokee	model:	cherokee
vendor:	palo	model:	networks

Samsung Galaxy Exynos Vulnerability Puts Devices at Risk Trust: 4.5 Fetched: Nov. 13, 2024, 9:24 a.m., Published: Oct. 27, 2024, 8:58 a.m.	Vulnerabilities: privilege escalation, code execution

Affected products

External IDs

vendor:	samsung	model:	galaxy s10
vendor:	samsung	model:	note
vendor:	samsung	model:	samsung
vendor:	samsung	model:	exynos
vendor:	samsung	model:	mobile
vendor:	samsung	model:	note 10
vendor:	samsung	model:	samsung galaxy
vendor:	samsung	model:	galaxy

db:

NVD

ids:

CVE-2024-44068

Cisco 7800, 8800, and 9800 Series Phones Information Disclosure Vulnerability - Cisco Trust: 4.75 Fetched: Nov. 13, 2024, 9:22 a.m., Published: Nov. 6, 2024, 10:18 a.m.	Vulnerabilities: information disclosure

Affected products

External IDs

vendor:	cisco	model:	ip phone 7800
vendor:	cisco	model:	series
vendor:	cisco	model:	ip phone

Unpatched Epson Devices at Risk: CVE-2024-47295 Allows Easy Hijacking Trust: 4.0 Fetched: Nov. 13, 2024, 9:21 a.m., Published: Nov. 11, 2024, 10:46 a.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2024-47295

16 Free CCTV Pentesting Tools To Test Your CCTV Cameras and Feeds Security Related entries in the VARIoT vulnerabilities database: VAR-202001-0839 Trust: 5.0 Fetched: Nov. 13, 2024, 9:20 a.m., Published: Oct. 12, 2024, 10:35 a.m.	Vulnerabilities: default credentials, file inclusion, default password...

Affected products

External IDs

vendor:	dahua	model:	ip camera
vendor:	dahua	model:	camera
vendor:	hikvision	model:	hikvision
vendor:	hikvision	model:	ip cameras

db:

NVD

ids:

CVE-2013-1599

Critical Vulnerability (CVE-2024-44068) in Samsung Mobile Processors Highlights Growing Mobile Security Threat Trust: 3.75 Fetched: Nov. 13, 2024, 9:19 a.m., Published: Oct. 23, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	android
vendor:	samsung	model:	mobile devices
vendor:	samsung	model:	samsung
vendor:	samsung	model:	exynos
vendor:	samsung	model:	mobile
vendor:	samsung	model:	samsung mobile

db:

NVD

ids:

CVE-2024-44068

Critical Patches for Android CVE-2024-43093 & 43047 Trust: 4.5 Fetched: Nov. 13, 2024, 9:19 a.m., Published: Nov. 9, 2024, midnight	Vulnerabilities: privilege escalation, memory corruption

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	pixel
vendor:	samsung	model:	samsung

db:

NVD

ids:

CVE-2024-43093, CVE-2024-43047

CVE-2024-10443: Over 1.4 Million Synology Devices Exposed to Zero-Click Vulnerability \| CIP Blog Trust: 4.5 Fetched: Nov. 13, 2024, 9:17 a.m., Published: Nov. 12, 2024, 5:28 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	draytek	model:	draytek routers
vendor:	draytek	model:	routers
vendor:	synology	model:	diskstation

db:

NVD

ids:

CVE-2024-10443

2023 Top Routinely Exploited Vulnerabilities \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202109-1874, VAR-202103-0654, VAR-201906-0815, VAR-201707-0964, VAR-202209-1931, VAR-202109-1875, VAR-202008-0248, VAR-202206-0004 Trust: 4.5 Fetched: Nov. 13, 2024, 9:16 a.m., Published: Nov. 13, 2023, midnight	Vulnerabilities: command execution, buffer overflow, authentication bypass...

Affected products

External IDs

vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	netscaler gateway
vendor:	cisco	model:	routers
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	series
vendor:	cisco	model:	ios 12.0
vendor:	cisco	model:	cisco ios xe
vendor:	citrix	model:	gateway
vendor:	citrix	model:	netscaler gateway
vendor:	citrix	model:	netscaler
vendor:	citrix	model:	netscaler adc
vendor:	coreos	model:	linux
vendor:	rarlab	model:	winrar
vendor:	sophos	model:	mobile
vendor:	sophos	model:	firewall
vendor:	pulse secure	model:	pulse connect secure
vendor:	pulse secure	model:	pulse policy secure
vendor:	pulse secure	model:	connect secure
vendor:	pulse secure	model:	policy secure
vendor:	apple	model:	macos
vendor:	apple	model:	watchos
vendor:	zoho	model:	manageengine adselfservice plus
vendor:	unitronics	model:	visilogic
vendor:	barracuda networks	model:	barracuda
vendor:	barracuda	model:	barracuda
vendor:	pulse	model:	secure pulse connect secure

db:

NVD

ids:

CVE-2023-6448, CVE-2021-27860, CVE-2021-33045, CVE-2021-22986, CVE-2019-0708, CVE-2021-26084, CVE-2021-22205, CVE-2018-13379, CVE-2023-0669, CVE-2023-4967, CVE-2023-36845, CVE-2023-22515, CVE-2023-41061, CVE-2023-22518, CVE-2017-6742, CVE-2023-3519, CVE-2023-3467, CVE-2023-27350, CVE-2023-35078, CVE-2022-3236, CVE-2023-20273, CVE-2023-36844, CVE-2021-40539, CVE-2021-34473, CVE-2023-36846, CVE-2021-33044, CVE-2023-2868, CVE-2020-1472, CVE-2023-36847, CVE-2022-41040, CVE-2023-35081, CVE-2021-4034, CVE-2023-20198, CVE-2023-23397, CVE-2023-38831, CVE-2023-3466, CVE-2023-4966, CVE-2022-47966, CVE-2023-41064, CVE-2019-18935, CVE-2023-29492, CVE-2023-49103, CVE-2019-11510, CVE-2023-42793, CVE-2022-26134, CVE-2023-27997, CVE-2023-34362

CVE-2024-43047 Qualcomm DSP Vulnerability• TrueFort Trust: 5.75 Fetched: Nov. 12, 2024, 9:27 a.m., Published: Oct. 16, 2024, 9:07 p.m.	Vulnerabilities: buffer overflow, code injection, code execution...

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2024-43047

Vulnerabilities reported in Apple devices impact iPhone, iPad and Macs, attackers may access sensitive information - The Hindu Trust: 3.0 Fetched: Nov. 12, 2024, 9:26 a.m., Published: Nov. 12, 2024, 7 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	safari
vendor:	apple	model:	iphone
vendor:	apple	model:	watchos
vendor:	apple	model:	ipad
vendor:	apple	model:	tvos

D-Link Technical Support Trust: 3.5 Fetched: Nov. 12, 2024, 9:25 a.m., Published: -	Vulnerabilities: command injection, command execution

Affected products

External IDs

vendor:	d-link	model:	dns-320lw
vendor:	d-link	model:	dns-340l
vendor:	d-link	model:	dns-327l
vendor:	d-link	model:	dns-320l
vendor:	d-link	model:	dnr-326
vendor:	d-link	model:	dns-323
vendor:	d-link	model:	dnr-322l
vendor:	d-link	model:	dns-325
vendor:	d-link	model:	dns-320
vendor:	d-link	model:	dns-345

Response to vulnerabilities in Toshiba Tec's digital multi-function peripherals Related entries in the VARIoT vulnerabilities database: VAR-202410-1676, VAR-202410-1672, VAR-202410-1675, VAR-202410-1671, VAR-202410-1679, VAR-202410-1673 Trust: 4.75 Fetched: Nov. 12, 2024, 9:25 a.m., Published: May 12, 2024, midnight	Vulnerabilities: cross-site scripting, improper access control, header injection...

Affected products

External IDs

db:

NVD

ids:

CVE-2024-47549, CVE-2024-47406, CVE-2024-47005, CVE-2024-47801, CVE-2024-42420, CVE-2024-45842

[Al-137]Multiple Vulnerabilities in Palo Alto Networks Expedition Trust: 5.5 Fetched: Nov. 12, 2024, 9:24 a.m., Published: Nov. 12, 2024, midnight	Vulnerabilities: os command injection, command injection, sql injection

Affected products

External IDs

vendor:	palo	model:	pan-os
vendor:	palo	model:	networks
vendor:	palo	model:	firewall
vendor:	paloaltonetworks	model:	pan-os
vendor:	paloaltonetworks	model:	networks
vendor:	paloaltonetworks	model:	firewall
vendor:	palo alto networks	model:	pan-os
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	firewall

db:

NVD

ids:

CVE-2024-9467, CVE-2024-5910, CVE-2024-9464, CVE-2024-9465, CVE-2024-9466, CVE-2024-9463

VARIoT news about IoT security