Sign-up

VARIoT news about IoT security

SD1682 | Security Advisory | Rockwell Automation

Trust: 3.75

Fetched: Dec. 27, 2024, 9:15 a.m., Published: May 16, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: rockwell automation model: guardlogix
vendor: rockwell automation model: controllogix
vendor: rockwell model: guardlogix
vendor: rockwell model: controllogix
db: NVD ids: CVE-2024-6242

Active Directory Certificate Services Vulnerability Let Attackers Escalate Privileges

Trust: 3.0

Fetched: Dec. 25, 2024, 9:26 a.m., Published: Nov. 29, 2024, 4:43 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-49019

Apache Foundation fixed a severe Tomcat vulnerability

Trust: 4.25

Fetched: Dec. 25, 2024, 9:25 a.m., Published: Dec. 24, 2024, 8:31 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-56337, CVE-2024-50379

Synology patches critical vulnerabilities, urges users…

Trust: 3.75

Fetched: Dec. 24, 2024, 9:24 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security

Critical Flaws detected in Sophos Firewall

Trust: 5.5

Fetched: Dec. 24, 2024, 9:22 a.m., Published: Dec. 24, 2024, 6:14 a.m.
 Vulnerabilities: code injection, code execution, sql injection
Affected productsExternal IDs
vendor: sophos model: firewall
db: NVD ids: CVE-2024-12729, CVE-2024-12727, CVE-2024-12728

Update Canonical Ubuntu Desktop: USN-7174-1: GStreamer vulnerability

Trust: 4.25

Fetched: Dec. 24, 2024, 9:22 a.m., Published: Jan. 24, 7174, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu

Sophos Firewall Fixes Critical Remote Code Execution Vulnerability - VULNERA

Trust: 4.5

Fetched: Dec. 24, 2024, 9:22 a.m., Published: Dec. 20, 2024, 3:31 p.m.
 Vulnerabilities: code execution, sql injection
Affected productsExternal IDs
vendor: sophos model: firewall
db: NVD ids: CVE-2024-12729, CVE-2024-12727, CVE-2024-12728

CISA Warns of Critical Vulnerabilities in NUUO and Reolink Devices | Windows Forum

Related entries in the VARIoT vulnerabilities database: VAR-201808-0424, VAR-202201-0642, VAR-202201-2026, VAR-201904-1024

Trust: 5.25

Fetched: Dec. 24, 2024, 9:21 a.m., Published: May 24, 2024, midnight
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
vendor: reolink model: rlc-410w
vendor: nuuo model: crystal
vendor: nuuo model: nvrmini
vendor: nuuo model: nvrmini 2
db: NVD ids: CVE-2018-14933, CVE-2021-40407, CVE-2022-23227, CVE-2019-11001

DigiEver IoT Devices Exploited for Mirai Malware Attack

Related entries in the VARIoT vulnerabilities database: VAR-202303-1268, VAR-201810-0455

Trust: 5.5

Fetched: Dec. 24, 2024, 9:20 a.m., Published: Dec. 20, 2024, 8:12 a.m.
 Vulnerabilities: command injection, default credentials, code execution
Affected productsExternal IDs
vendor: huawei model: huawei
vendor: tp-link model: routers
db: NVD ids: CVE-2023-1389, CVE-2018-17532

"Vulnerability Assessment for Smart Home Devices | Professional Certificate"

Trust: 3.0

Fetched: Dec. 24, 2024, 9:17 a.m., Published: Dec. 24, 2024, 9:17 a.m.
 Vulnerabilities: -
Affected productsExternal IDs

Understanding and Mitigating CVE-2024-47864: A Buffer Overflow Vulnerability in Sharp Devices

Trust: 5.0

Fetched: Dec. 24, 2024, 9:15 a.m., Published: -
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2024-47864

MediaTek Bluetooth Chipset Vulnerabilities Affected of 1.5 Billion Android Users

Related entries in the VARIoT vulnerabilities database: VAR-202412-0091, VAR-202412-0282, VAR-202412-0245

Trust: 3.75

Fetched: Dec. 24, 2024, 9:14 a.m., Published: Dec. 2, 2024, 5:38 a.m.
 Vulnerabilities: information disclosure, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2024-20132, CVE-2024-20133, CVE-2024-20134, CVE-2024-20136, CVE-2024-20135, CVE-2024-20137, CVE-2024-20128, CVE-2024-20130, CVE-2024-20138, CVE-2024-20139, CVE-2024-20129, CVE-2024-20125, CVE-2024-20131, CVE-2024-20127

Cyble Sensors Detect Attacks On Ivanti, PHP, SAML, Network Devices, And More

Related entries in the VARIoT vulnerabilities database: VAR-202303-1268

Trust: 5.5

Fetched: Dec. 24, 2024, 9:13 a.m., Published: Dec. 24, 2024, 7:58 a.m.
 Vulnerabilities: information disclosure, authentication bypass, brute force attack...
Affected productsExternal IDs
vendor: tp-link model: gateway
vendor: cisco model: cisco ios
vendor: cisco model: ios xe
vendor: cisco model: cisco ios xe
vendor: citrix model: netscaler adc
vendor: citrix model: netscaler
vendor: citrix model: gateway
db: NVD ids: CVE-2023-20198, CVE-2023-46747, CVE-2023-20273, CVE-2017-0147, CVE-2023-4966, CVE-2024-4577, CVE-2023-47643, CVE-2024-7593, CVE-2023-1389, CVE-2024-45409

New Androxgh0st botnet targets vulnerabilities in IoT devices and web applications via Mozi integration | TechRadar

Related entries in the VARIoT vulnerabilities database: VAR-202303-1268

Trust: 4.5

Fetched: Dec. 24, 2024, 9:12 a.m., Published: Dec. 22, 2024, 9:03 p.m.
 Vulnerabilities: code execution, file inclusion, command injection...
Affected productsExternal IDs
vendor: tp-link model: routers
vendor: cisco model: routers
db: NVD ids: CVE-2021-26086, CVE-2024-36401, CVE-2018-15133, CVE-2017-9841, CVE-2023-1389

SHARP Routers Vulnerabilities Lets Attacker Trigger RCE to Gain Root Acces

Trust: 4.75

Fetched: Dec. 24, 2024, 9:11 a.m., Published: Dec. 23, 2024, 5:23 a.m.
 Vulnerabilities: privilege escalation, os command injection, buffer overflow...
Affected productsExternal IDs
db: NVD ids: CVE-2024-46873, CVE-2024-54082, CVE-2024-45721, CVE-2024-47864, CVE-2024-52321

Hidden threats of IoT devices and side-channel attacks - Namecheap Blog

Trust: 3.5

Fetched: Dec. 24, 2024, 9:10 a.m., Published: Dec. 23, 2024, 9:32 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: tesla model: model

Mitigating CVE-2024-56010: Addressing the WordPress Device Detector Plugin Vulnerability

Trust: 5.0

Fetched: Dec. 24, 2024, 9:10 a.m., Published: April 2, 2000, midnight
 Vulnerabilities: script execution, cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2024-56010

TrueNAS device vulnerabilities exposed during hacking…

Trust: 4.0

Fetched: Dec. 24, 2024, 9:10 a.m., Published: Dec. 24, 2024, midnight
 Vulnerabilities: command injection, authentication bypass, sql injection
Affected productsExternal IDs

IT Vulnerability Report: Cleo, Windows Flaws Under Attack

Related entries in the VARIoT vulnerabilities database: VAR-202411-0293

Trust: 5.5

Fetched: Dec. 24, 2024, 9:08 a.m., Published: Dec. 16, 2024, 10:13 a.m.
 Vulnerabilities: code execution, command injection, authentication vulnerability...
Affected productsExternal IDs
vendor: palo model: networks
vendor: zabbix model: zabbix
vendor: palo alto networks model: networks
db: NVD ids: CVE-2023-6553, CVE-2024-35286, CVE-2024-51378, CVE-2024-50483, CVE-2024-49138, CVE-2024-11205, CVE-2024-50623, CVE-2024-41713, CVE-2024-11680, CVE-2024-10914, CVE-2024-42327, CVE-2024-38193, CVE-2024-49041, CVE-2024-11639, CVE-2024-38144

TrueNAS device vulnerabilities exposed during hacking competition | TechRadar

Trust: 3.0

Fetched: Dec. 24, 2024, 9:08 a.m., Published: Dec. 22, 2024, 7:38 p.m.
 Vulnerabilities: command injection, authentication bypass, sql injection
Affected productsExternal IDs