Sign-up

VARIoT news about IoT security

Update Canonical Ubuntu Desktop: USN-7207-1: Git vulnerabilities

Trust: 4.25

Fetched: Jan. 19, 2025, 9:24 a.m., Published: Jan. 19, 7207, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2024-52006, CVE-2024-50349

Security Weekly News | SC Media

Trust: 3.0

Fetched: Jan. 19, 2025, 9:24 a.m., Published: Dec. 17, 2024, noon
 Vulnerabilities: -
Affected productsExternal IDs
vendor: motorola model: motorola

CVE-2025-0103 : SQL Injection Vulnerability in Palo Alto Networks Expedition | SecurityVulnerability.io

Trust: 5.75

Fetched: Jan. 19, 2025, 9:24 a.m., Published: Jan. 11, 2025, 3:15 a.m.
 Vulnerabilities: sql injection
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo alto networks model: networks
db: NVD ids: CVE-2025-0103

CVE-2024-12987 : Web Management Interface Command Injection Vulnerability in DrayTek Vigor Devices | SecurityVulnerability.io

Related entries in the VARIoT vulnerabilities database: VAR-202412-2441

Trust: 5.25

Fetched: Jan. 19, 2025, 9:23 a.m., Published: Dec. 27, 2024, 4 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: draytek model: vigor
db: NVD ids: CVE-2024-12987

Smart Yet Flawed: IoT Device Vulnerabilities Explained | 趨勢科技 (TW)

Related entries in the VARIoT vulnerabilities database: VAR-202003-1707

Trust: 4.25

Fetched: Jan. 19, 2025, 9:21 a.m., Published: -
 Vulnerabilities: denial of service, default credentials
Affected productsExternal IDs
vendor: trend model: internet security
vendor: trend model: home network security
vendor: trend model: security
vendor: sonos model: sonos
vendor: trend micro model: internet security
vendor: trend micro model: home network security
vendor: trend micro model: security
db: NVD ids: CVE-2020-9054

Top 10 Hardware Vulnerabilities MSPs Should Watch Out For

Trust: 3.75

Fetched: Jan. 19, 2025, 9:20 a.m., Published: Dec. 13, 2022, 5:34 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security

New Protocol Vulnerabilities: CVE-2024-7595/7596 & CVE-2025-23018/23019

Trust: 4.5

Fetched: Jan. 19, 2025, 9:19 a.m., Published: Jan. 4, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2024-7595, CVE-2025-23018

The Dark Side of Smart Homes: Cybersecurity Concerns - Canary Trap

Trust: 3.5

Fetched: Jan. 19, 2025, 9:13 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canary model: canary

Smart Yet Flawed: IoT Device Vulnerabilities Explained | Trend Micro (MX)

Related entries in the VARIoT vulnerabilities database: VAR-202003-1707

Trust: 4.25

Fetched: Jan. 19, 2025, 9:11 a.m., Published: -
 Vulnerabilities: denial of service, default credentials
Affected productsExternal IDs
vendor: trend model: internet security
vendor: trend model: home network security
vendor: trend model: security
vendor: sonos model: sonos
vendor: trend micro model: internet security
vendor: trend micro model: home network security
vendor: trend micro model: security
db: NVD ids: CVE-2020-9054

Huawei HG532 Routers: CVE-2017-17215 Exploited

Related entries in the VARIoT vulnerabilities database: VAR-201803-1048

Trust: 4.5

Fetched: Jan. 17, 2025, 9:42 a.m., Published: Jan. 5, 2025, noon
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: trend model: security
vendor: huawei model: hg532
vendor: huawei model: huawei
db: NVD ids: CVE-2017-17215

Vulnerabilities in Ruijie Networks’ Cloud Platform Could Allow Remote Attacks on 50,000 Devices - Rewterz

Trust: 3.5

Fetched: Jan. 17, 2025, 9:41 a.m., Published: Dec. 26, 2024, 6:37 a.m.
 Vulnerabilities: weak password, request forgery
Affected productsExternal IDs
db: NVD ids: CVE-2024-47146, CVE-2024-45722, CVE-2024-48874, CVE-2024-52324, CVE-2024-47547

WordPress, PayPal & CrowdStrike Targeted | Samsung, SonicWall & IBM Patches | Medusind, BayMark Health Services & Bank of America Breaches

Trust: 4.25

Fetched: Jan. 17, 2025, 9:40 a.m., Published: Jan. 3, 2025, midnight
 Vulnerabilities: code execution, buffer overflow, path traversal...
Affected productsExternal IDs
vendor: mitel model: micollab
vendor: sonicwall model: sonicos
vendor: check point model: check point
vendor: samsung model: samsung
vendor: samsung model: galaxy
vendor: apple model: macos
db: NVD ids: CVE-2025-0282, CVE-2023-47731, CVE-2024-53704, CVE-2025-0283, CVE-2024-40762, CVE-2024-55550, CVE-2024-41713

🚨 Ruijie Networks’ Cloud Platform Vulnerabilities Could Expose 50,000 Devices to Remote Attacks 🚨

Trust: 4.75

Fetched: Jan. 17, 2025, 9:36 a.m., Published: Jan. 3, 2025, midnight
 Vulnerabilities: weak password, data injection, request forgery...
Affected productsExternal IDs
db: NVD ids: CVE-2024-45722, CVE-2024-48874, CVE-2024-52324, CVE-2024-47547

UNDERSTANDING AND MITIGATING SECURITY VULNERABILITIES IN MULTI-DEVICE SMART HOME ARCHITECTURES, INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING AND TECHNOLOGY (IJCET), © IAEME Publication

Trust: 3.5

Fetched: Jan. 17, 2025, 9:35 a.m., Published: Jan. 3, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: lg electronics model: mobile
vendor: apple model: java
vendor: google model: home

Fortinet Patches Exploited Zero-Day Vulnerability in FortiOS and FortiProxy - Lansweeper

Trust: 4.5

Fetched: Jan. 17, 2025, 9:34 a.m., Published: Jan. 15, 2025, 2:19 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: node.js model: node.js
vendor: fortigate model: fortios
db: NVD ids: CVE-2024-55591

CVE-2024-57857 - RDMA/siw: Remove direct link to net_device - SecAlerts

Trust: 3.25

Fetched: Jan. 17, 2025, 9:33 a.m., Published: Jan. 15, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-57857

Critical Vulnerabilities Found In Ivanti Endpoint Manager Versions

Trust: 4.25

Fetched: Jan. 17, 2025, 9:32 a.m., Published: Jan. 16, 2025, 3:16 p.m.
 Vulnerabilities: path traversal
Affected productsExternal IDs
db: NVD ids: CVE-2024-13159, CVE-2025-0070, CVE-2025-0066, CVE-2024-13160, CVE-2024-10811, CVE-2024-13161

CISA warns of critical Oracle, Mitel flaws exploited in attacks

Trust: 4.75

Fetched: Jan. 17, 2025, 9:27 a.m., Published: Jan. 7, 2025, 7 p.m.
 Vulnerabilities: code execution, privilege escalation, path traversal...
Affected productsExternal IDs
vendor: mitel model: micollab
db: NVD ids: CVE-2024-11639, CVE-2024-35286, CVE-2024-50623, CVE-2024-11773, CVE-2024-41713, CVE-2024-11772

Microsoft’s January Security Update of High-Risk Vulnerabilities in Multiple Products - NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.

Trust: 4.5

Fetched: Jan. 17, 2025, 9:26 a.m., Published: Jan. 16, 2025, 3:08 a.m.
 Vulnerabilities: information disclosure, denial of service, code execution...
Affected productsExternal IDs
db: NVD ids: CVE-2025-21301, CVE-2025-21218, CVE-2025-21302, CVE-2025-21296, CVE-2025-21293, CVE-2025-21265, CVE-2025-21193, CVE-2025-21292, CVE-2025-21343, CVE-2025-21364, CVE-2025-21256, CVE-2025-21187, CVE-2025-21348, CVE-2025-21186, CVE-2025-21244, CVE-2025-21219, CVE-2025-21250, CVE-2025-21266, CVE-2025-21238, CVE-2025-21229, CVE-2025-21225, CVE-2025-21323, CVE-2025-21311, CVE-2025-21288, CVE-2025-21268, CVE-2025-21233, CVE-2025-21281, CVE-2025-21227, CVE-2025-21402, CVE-2025-21335, CVE-2025-21417, CVE-2025-21340, CVE-2025-21278, CVE-2025-21215, CVE-2025-21362, CVE-2025-21223, CVE-2025-21273, CVE-2025-21287, CVE-2025-21176, CVE-2025-21310, CVE-2025-21189, CVE-2025-21356, CVE-2025-21291, CVE-2025-21345, CVE-2025-21338, CVE-2025-21409, CVE-2025-21213, CVE-2025-21314, CVE-2025-21354, CVE-2025-21242, CVE-2025-21284, CVE-2025-21389, CVE-2025-21306, CVE-2025-21277, CVE-2025-21382, CVE-2025-21320, CVE-2025-21232, CVE-2025-21275, CVE-2025-21246, CVE-2025-21309, CVE-2025-21321, CVE-2025-21285, CVE-2025-21251, CVE-2025-21286, CVE-2025-21339, CVE-2025-21295, CVE-2025-21249, CVE-2025-21317, CVE-2025-21331, CVE-2025-21307, CVE-2025-21360, CVE-2025-21173, CVE-2025-21313, CVE-2025-21378, CVE-2025-21298, CVE-2025-21202, CVE-2025-21241, CVE-2025-21210, CVE-2025-21318, CVE-2025-21289, CVE-2025-21395, CVE-2025-21346, CVE-2025-21365, CVE-2025-21214, CVE-2025-21334, CVE-2025-21326, CVE-2025-21308, CVE-2025-21327, CVE-2025-21261, CVE-2025-21299, CVE-2025-21315, CVE-2025-21258, CVE-2025-21324, CVE-2025-21276, CVE-2025-21344, CVE-2025-21252, CVE-2025-21257, CVE-2025-21385, CVE-2025-21290, CVE-2025-21341, CVE-2025-21211, CVE-2025-21297, CVE-2025-21372, CVE-2025-21411, CVE-2025-21231, CVE-2025-21234, CVE-2025-21316, CVE-2025-21361, CVE-2025-21380, CVE-2025-21269, CVE-2025-21245, CVE-2025-21305, CVE-2025-21336, CVE-2025-21363, CVE-2025-21413, CVE-2025-21312, CVE-2025-21172, CVE-2025-21270, CVE-2025-21272, CVE-2025-21237, CVE-2025-21236, CVE-2025-21239, CVE-2025-21243, CVE-2025-21224, CVE-2025-21280, CVE-2025-21304, CVE-2025-21228, CVE-2025-21207, CVE-2025-21226, CVE-2025-21374, CVE-2025-21303, CVE-2025-21235, CVE-2025-21328, CVE-2025-21282, CVE-2025-21332, CVE-2025-21178, CVE-2025-21300, CVE-2025-21366, CVE-2025-21255, CVE-2025-21260, CVE-2025-21393, CVE-2025-21357, CVE-2025-21274, CVE-2025-21271, CVE-2025-21220, CVE-2025-21248, CVE-2025-21403, CVE-2025-21171, CVE-2025-21370, CVE-2025-21263, CVE-2025-21405, CVE-2025-21319, CVE-2025-21217, CVE-2025-21294, CVE-2025-21330, CVE-2025-21333, CVE-2025-21240, CVE-2025-21230, CVE-2025-21329

Fortinet Under Cyber Attack: Zero-Day Vulnerability Suspected in FortiGate Firewalls - The420.in

Trust: 4.75

Fetched: Jan. 17, 2025, 9:25 a.m., Published: Jan. 14, 2025, 4:38 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: node.js model: node.js
vendor: fortigate model: fortios
db: NVD ids: CVE-2024-55591