Sign-up

VARIoT news about IoT security

Windows Portable Device Enumerator Service Security... · CVE-2022-38032 · GitHub Advisory Database · GitHub

Trust: 4.0

Fetched: Dec. 3, 2024, 9:29 a.m., Published: Oct. 12, 2022, midnight
 Vulnerabilities: feature bypass, security feature bypass
Affected productsExternal IDs
db: NVD ids: CVE-2022-38032

Healthcare IoT, Medical Device Vulnerability Disclosures Skyrocket | TechTarget

Trust: 4.0

Fetched: Dec. 3, 2024, 9:27 a.m., Published: March 4, 2022, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: trend model: security

D-Link NAS device vulnerabilities exploited - no patch available | SC Media

Related entries in the VARIoT vulnerabilities database: VAR-202404-0070

Trust: 5.75

Fetched: Dec. 3, 2024, 9:26 a.m., Published: Feb. 13, 2024, 7 p.m.
 Vulnerabilities: code execution, command injection
Affected productsExternal IDs
vendor: d-link model: dns-327l
vendor: d-link model: dns-340l
vendor: d-link model: dns-325
vendor: d-link model: dns-320l
db: NVD ids: CVE-2024-3273, CVE-2024-3274

A Survey of the Security Analysis of Embedded Devices

Related entries in the VARIoT vulnerabilities database: VAR-202002-0930

Trust: 5.0

Fetched: Dec. 3, 2024, 9:24 a.m., Published: Jan. 3, 2023, midnight
 Vulnerabilities: buffer overflow, memory corruption, authentication bypass...
Affected productsExternal IDs
vendor: mbed model: mbed
vendor: canon model: inkjet printer
vendor: contiki model: contiki
vendor: qemu model: qemu
vendor: broadcom model: linux
vendor: cisco model: router
vendor: cisco model: routers
db: NVD ids: CVE-2019-11516, CVE-2023-20193

Cybersecurity vulnerabilities in medical devices: a complex environment and multifaceted problem - PMC

Trust: 4.5

Fetched: Dec. 3, 2024, 9:21 a.m., Published: July 20, 2015, midnight
 Vulnerabilities: buffer overflow, sql injection, configuration error...
Affected productsExternal IDs
vendor: parallels model: tools

IoT Vulnerabilities and Attacks: SILEX Malware Case Study

Trust: 3.5

Fetched: Dec. 3, 2024, 9:20 a.m., Published: Oct. 26, 2023, midnight
 Vulnerabilities: denial of service, default credentials
Affected productsExternal IDs

What is Security Vulnerability? Definition & Types

Trust: 5.5

Fetched: Dec. 3, 2024, 9:19 a.m., Published: Sept. 13, 2024, 6:36 a.m.
 Vulnerabilities: request forgery, sql injection, cross-site request forgery...
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2017-0199

Your IoT Devices Are More Dangerous Than You Think!

Trust: 4.25

Fetched: Dec. 1, 2024, 10:19 a.m., Published: Nov. 9, 2024, 5:26 p.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: samsung smartthings model: mobile
vendor: samsung smartthings model: samsung
vendor: google model: google home
vendor: google model: home
vendor: mesh model: mesh
vendor: serve model: serve
vendor: samsung model: mobile
vendor: samsung model: samsung
vendor: ecobee model: smart thermostat
vendor: amazon model: echo show

Embedded Sim Ecosystem, Security Risks and Measures | ENISA

Trust: 3.0

Fetched: Dec. 1, 2024, 10:18 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs

What is a Proxy Server? How They Work + Security Risks | UpGuard

Trust: 3.5

Fetched: Dec. 1, 2024, 10:17 a.m., Published: -
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: iphone
vendor: apple model: safari
vendor: google model: chrome
vendor: google model: google chrome
vendor: serve model: serve

Understanding vulnerabilities in software supply chains | Empirical Software Engineering

Related entries in the VARIoT vulnerabilities database: VAR-201805-1054

Trust: 3.75

Fetched: Dec. 1, 2024, 10:15 a.m., Published: Nov. 6, 2024, midnight
 Vulnerabilities: -

U.S. CISA adds Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog

Trust: 5.5

Fetched: Dec. 1, 2024, 10:15 a.m., Published: Nov. 22, 2024, 11:07 a.m.
 Vulnerabilities: authorization vulnerability, cross-site scripting, authorization issue...
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: macos
vendor: apple model: safari
db: NVD ids: CVE-2024-44308, CVE-2024-21287, CVE-2024-44309

Understanding and Mitigating CVE-2024-49764: LibreNMS Stored XSS Vulnerability

Trust: 3.75

Fetched: Dec. 1, 2024, 10:13 a.m., Published: -
 Vulnerabilities: script execution, cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2024-49764

From Cyber Security News - Epson Devices Vulnerability Let Attackers Create Rogue Admin Accounts - Threat Note

Trust: 3.25

Fetched: Dec. 1, 2024, 10:12 a.m., Published: Nov. 11, 2024, 11:56 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-47295

NVIDIA GeForce Users Must Update Their GPU Drivers As 8 High Risk Vulnerabilities Discovered

Trust: 3.0

Fetched: Dec. 1, 2024, 10:12 a.m., Published: Nov. 4, 2024, 10:05 a.m.
 Vulnerabilities: information disclosure, denial of service, code execution
Affected productsExternal IDs

German CERT Warns Zyxel Firewalls Exploited For Helldown Ransomware Deployment

Trust: 3.75

Fetched: Dec. 1, 2024, 10:11 a.m., Published: Nov. 28, 2024, 1:54 p.m.
 Vulnerabilities: directory traversal
Affected productsExternal IDs
db: NVD ids: CVE-2024-11667

Ivanti Avalanche SmartDeviceServer - XML External Entity (CVE-2024-38653) - Vulnerability & Exploit Database

Trust: 3.0

Fetched: Dec. 1, 2024, 10:11 a.m., Published: Dec. 7, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-38653

Network Vulnerabilities and Threats: Cyber Security Threats and Solutions in an Increasingly Connected Digital Environment

Trust: 3.5

Fetched: Dec. 1, 2024, 10:08 a.m., Published: Dec. 3, 2024, midnight
 Vulnerabilities: injection attack, sql injection
Affected productsExternal IDs
vendor: trend model: security

Patch your Apple devices now, XSS vulnerabilities top danger list, NFC traffic relayed to steal money...

Trust: 5.25

Fetched: Dec. 1, 2024, 10:07 a.m., Published: Dec. 3, 2024, midnight
 Vulnerabilities: request forgery, command injection, sql injection...
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: macos
vendor: apple model: iphone
vendor: apple model: software update
vendor: apple model: webkit
vendor: apple model: safari
vendor: broadcom model: linux
db: NVD ids: CVE-2024-38812, CVE-2024-38813, CVE-2024-44308, CVE-2024-44309

Microsoft Defender for Endpoint | Microsoft Community Hub

Trust: 3.5

Fetched: Dec. 1, 2024, 10:07 a.m., Published: May 1, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: hub model: hub