Sign-up

VARIoT news about IoT security

SSA-354569

Trust: 5.5

Fetched: Dec. 17, 2024, 9:57 a.m., Published: Dec. 1, 2024, midnight
 Vulnerabilities: authentication bypass, privilege escalation, command injection...
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo model: pan-os
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: pan-os
db: NVD ids: CVE-2024-2552, CVE-2024-9474, CVE-2024-2550, CVE-2024-0012

Vulnerability (CVE-2024-54143 ) Discovered in OpenWrt's Firmware Upgrade System

Trust: 4.25

Fetched: Dec. 17, 2024, 9:57 a.m., Published: Dec. 13, 2024, 12:19 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-54143

Update Barco ClickShare C-10: Fix vulnerability CVE-2024-53919

Trust: 3.75

Fetched: Dec. 17, 2024, 9:56 a.m., Published: Dec. 10, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: pixel
vendor: barco model: clickshare
db: NVD ids: CVE-2024-53919

QNAP Fixes Several Vulnerabilities Affecting High-End NAS Devices - Cyber Security Review

Trust: 4.75

Fetched: Dec. 17, 2024, 9:56 a.m., Published: Dec. 10, 2024, 7:12 a.m.
 Vulnerabilities: certificate validation vulnerability
Affected productsExternal IDs
vendor: apple model: software update
vendor: apple model: safari
vendor: sonicwall model: netextender
vendor: sonicwall model: sma100
vendor: sonicwall model: ssl vpn
db: NVD ids: CVE-2024-48865, CVE-2024-29014

Authentication Bypass Vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer: Software Vulnerability Information: Software: Hitachi

Trust: 4.0

Fetched: Dec. 17, 2024, 9:49 a.m., Published: Dec. 9, 2024, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: hitachi model: hitachi infrastructure analytics advisor

Project Zero: The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit

Related entries in the VARIoT vulnerabilities database: VAR-202409-0013

Trust: 4.25

Fetched: Dec. 17, 2024, 9:46 a.m., Published: Dec. 15, 2024, midnight
 Vulnerabilities: kernel panic, privilege escalation, code execution...
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: google model: android
db: NVD ids: CVE-2024-43047, CVE-2024-21455, CVE-2024-33060, CVE-2024-49848

16th December - Threat Intelligence Report - Check Point Research

Trust: 4.5

Fetched: Dec. 17, 2024, 9:45 a.m., Published: Dec. 16, 2024, 7:36 a.m.
 Vulnerabilities: privilege escalation, use after free
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: google chrome
vendor: check point model: check point
db: NVD ids: CVE-2024-49138, CVE-2024-54526, CVE-2024-12381, CVE-2024-12382

Cleo File Transfer Vulnerabilities (CVE-2024-50623, CVE-2024-55956) - Cl0P's Latest Attack Vector - SOCRadar® Cyber Intelligence Inc.

Trust: 5.25

Fetched: Dec. 17, 2024, 9:45 a.m., Published: Dec. 16, 2024, 1:34 p.m.
 Vulnerabilities: command execution, code execution
Affected productsExternal IDs
vendor: trend model: security
vendor: sophos model: firewall
db: NVD ids: CVE-2024-55956, CVE-2024-50623

Nine Updated Security Measures For The Modern Smart Home

Trust: 3.5

Fetched: Dec. 17, 2024, 9:43 a.m., Published: Dec. 17, 2024, 5:16 a.m.
 Vulnerabilities: default password
Affected productsExternal IDs

INTEL-SA-01185

Trust: 5.75

Fetched: Dec. 17, 2024, 9:41 a.m., Published: Dec. 3, 2024, 10:26 p.m.
 Vulnerabilities: information disclosure, denial of service, improper access control
Affected productsExternal IDs
vendor: asus model: asus
db: NVD ids: CVE-2024-23498, CVE-2024-36297, CVE-2024-23197, CVE-2024-34159, CVE-2024-36483

Update now! Apple releases new security patches for vulnerabilities in iPhones, Macs, and more | Malwarebytes

Trust: 3.75

Fetched: Dec. 17, 2024, 9:41 a.m., Published: Dec. 12, 2024, 3:14 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: software update
vendor: apple model: safari
vendor: apple model: macos
db: NVD ids: CVE-2024-54529, CVE-2024-45490

New NoviSpy Android Spyware Exploits Flaw in Qualcomm Chips

Trust: 4.75

Fetched: Dec. 17, 2024, 9:41 a.m., Published: Dec. 16, 2024, 12:49 p.m.
 Vulnerabilities: kernel panic, code execution, heap corruption
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2024-43047

Samsung Electronics Scales Up Mobile Security Rewards Program To Boost Industry Collaboration and Safety - Samsung Newsroom Malaysia

Trust: 3.5

Fetched: Dec. 17, 2024, 9:40 a.m., Published: Dec. 16, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: samsung model: mobile
vendor: samsung model: samsung galaxy
vendor: samsung model: samsung
vendor: samsung model: samsung mobile
vendor: samsung model: galaxy
vendor: samsung model: mobile devices

Data | Smart Security Enhancer as a Device Guardian to Mitigate Software Vulnerabilities | Dell Technologies Info Hub

Trust: 3.0

Fetched: Dec. 17, 2024, 9:29 a.m., Published: Dec. 1, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2020-9558

Command Injection Vulnerability in D-Link NAS Devices: Recommended Fixes -SecureMyOrg - SecureMyOrg

Trust: 4.25

Fetched: Dec. 17, 2024, 9:29 a.m., Published: Dec. 12, 2024, 5:01 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs

Firefox and Chrome Mobile Vulnerabilities | Threat Intel

Trust: 5.0

Fetched: Dec. 17, 2024, 9:27 a.m., Published: Oct. 30, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: android
vendor: google model: google chrome
db: NVD ids: CVE-2024-9956, CVE-2024-10231, CVE-2024-9966, CVE-2024-9955, CVE-2024-9936, CVE-2024-10230, CVE-2024-9680, CVE-2024-9954

Notes on ThroughTek Kalay Vulnerabilities and Their Impact on the IoT Ecosystem

Trust: 4.5

Fetched: Dec. 17, 2024, 9:19 a.m., Published: Dec. 3, 2024, midnight
 Vulnerabilities: command execution, code execution, buffer overflow
Affected productsExternal IDs
vendor: roku model: roku
db: NVD ids: CVE-2023-6324, CVE-2023-6322, CVE-2023-6321, CVE-2023-6323

Open Sesame Attack: Ruijie Networks Devices Vulnerable to Remote Takeover

Trust: 3.75

Fetched: Dec. 17, 2024, 9:19 a.m., Published: Dec. 16, 2024, 2:23 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-52324, CVE-2024-47146

2024-12-10: Improved naming convention for vulnerabilities using Device Agent

Trust: 3.25

Fetched: Dec. 15, 2024, 10:05 a.m., Published: Dec. 10, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

Internet of Risks: Cybersecurity Risk in the Internet of Things | UpGuard

Trust: 3.25

Fetched: Dec. 15, 2024, 10:04 a.m., Published: Dec. 15, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: google home
vendor: google model: home
vendor: google model: wifi