Sign-up

VARIoT news about IoT security

Cisco Identity Services Engine Authorization Bypass and Cross-Site Scripting Vulnerabilities - Cisco

Trust: 5.5

Fetched: Dec. 1, 2024, 10:05 a.m., Published: Nov. 6, 2024, 10:18 a.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: cisco model: cisco identity services engine
vendor: cisco model: identity services engine
db: NVD ids: CVE-2024-20539, CVE-2024-20537, CVE-2024-20538

CVE-2024-11120 GeoVision EOL devices - OS Command Injection - vulnerability database | Vulners.com

Trust: 4.0

Fetched: Dec. 1, 2024, 10:05 a.m., Published: Nov. 15, 2024, 2 a.m.
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-11120

Bing.com XSS Vulnerability Let Attackers Send Crafted Malicious Requests

Trust: 3.0

Fetched: Dec. 1, 2024, 9:59 a.m., Published: Nov. 25, 2024, 11:50 a.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs

Home Device Security: Guide to Protecting Your Digital Life - Secure Debug

Trust: 4.25

Fetched: Dec. 1, 2024, 9:57 a.m., Published: Nov. 26, 2024, 1:58 p.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: wireshark model: wireshark
vendor: sophos model: mobile
vendor: sophos model: firewall
vendor: snort model: snort
vendor: apple model: macos
vendor: google model: google chrome
vendor: google model: android
vendor: google model: home
vendor: google model: chrome
vendor: avast model: antivirus

Critical Vulnerabilities in Schneider Electric PowerLogic Devices: Risks & Mitigations | Windows Forum

Related entries in the VARIoT vulnerabilities database: VAR-202106-0542, VAR-202106-0541

Trust: 5.75

Fetched: Dec. 1, 2024, 9:56 a.m., Published: May 1, 2024, midnight
 Vulnerabilities: weak password
Affected productsExternal IDs
vendor: schneider electric model: powerlogic pm8ecc
vendor: schneider electric model: powerlogic pm5560
vendor: schneider model: powerlogic pm8ecc
vendor: schneider model: powerlogic pm5560
db: NVD ids: CVE-2021-22764, CVE-2021-22763

CERT-In Issues High-Severity Alert for Apple Users: Is Your iOS Device Safe? - The420.in

Trust: 3.75

Fetched: Dec. 1, 2024, 9:55 a.m., Published: Nov. 12, 2024, 8:26 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: apple model: watchos
vendor: apple model: macos
vendor: apple model: safari
vendor: apple model: tvos

Chrome 131 Released: Major Update Fixes 12 Significant Vulnerabilities

Trust: 5.25

Fetched: Dec. 1, 2024, 9:55 a.m., Published: -
 Vulnerabilities: heap corruption, denial of service, code execution
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: google chrome
db: NVD ids: CVE-2024-11114, CVE-2024-11113, CVE-2024-11115, CVE-2024-11116, CVE-2024-11111, CVE-2024-11117, CVE-2024-11110

Zero-Day Attacks on Network Edge Devices: Why NDR Matters by Lucie Cardiet

Trust: 4.25

Fetched: Dec. 1, 2024, 9:54 a.m., Published: -
 Vulnerabilities: privilege escalation, authentication bypass, code execution
Affected productsExternal IDs
vendor: citrix model: netscaler
vendor: citrix model: netscaler adc
vendor: cisco model: routers
vendor: cisco model: cisco routers
vendor: sonicwall model: remote access
vendor: trend model: security
vendor: palo model: networks
vendor: palo model: pan-os
vendor: palo model: firewall
db: NVD ids: CVE-2023-3519, CVE-2024-3400

What is Vulnerability Management? | UpGuard

Trust: 3.75

Fetched: Dec. 1, 2024, 9:53 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2019-0708

Update Canonical Ubuntu Server: USN-7084-2: pip vulnerability

Trust: 3.25

Fetched: Dec. 1, 2024, 9:53 a.m., Published: Feb. 1, 7084, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

Scanning Attack: What It Is and How to Protect Your Organization Against It?

Trust: 3.75

Fetched: Dec. 1, 2024, 9:52 a.m., Published: March 3, 2023, 4:06 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: essential model: phone

Critical Vulnerabilities Uncovered in Industrial Wireless Access Point - Infosecurity Magazine

Trust: 4.75

Fetched: Dec. 1, 2024, 9:34 a.m., Published: Nov. 28, 2024, 11:15 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-50375, CVE-2024-50370, CVE-2024-50373, CVE-2024-50374, CVE-2024-50372, CVE-2024-50371

Security of Cloud-Based Health Data and Telemedicine - DEV Community

Trust: 3.0

Fetched: Dec. 1, 2024, 9:33 a.m., Published: Nov. 30, 2024, 9:05 p.m.
 Vulnerabilities: -
Affected productsExternal IDs

A Vulnerability in Android OS Could Allow for Remote Code Execution

Trust: 3.25

Fetched: Dec. 1, 2024, 9:30 a.m., Published: Nov. 7, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

LogoFAIL Exploited to Deploy Bootkitty, the first UEFI bootkit for Linux

Trust: 4.5

Fetched: Dec. 1, 2024, 9:29 a.m., Published: May 1, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: lenovo model: ideacentre
vendor: lenovo model: yoga
vendor: lenovo model: system
vendor: serve model: serve
db: NVD ids: CVE-2023-40238

Forescout Vedere Labs Unveils Riskiest Connected Medical Devices - Forescout

Trust: 4.5

Fetched: Dec. 1, 2024, 9:28 a.m., Published: Oct. 28, 2024, 11:23 p.m.
 Vulnerabilities: information disclosure, denial of service, code execution
Affected productsExternal IDs

Over-the-Air Vulnerabilities in Advantech EKI Access Points Put Industrial Networks at Risk

Trust: 3.75

Fetched: Dec. 1, 2024, 9:28 a.m., Published: Dec. 1, 2024, 1:06 a.m.
 Vulnerabilities: command injection, cross-site scripting, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2024-50375, CVE-2024-50359, CVE-2024-50370, CVE-2024-50376

‘Downfall’ CPU Vulnerability Could Expose Billions of Devices to Data Theft

Trust: 3.75

Fetched: Dec. 1, 2024, 9:25 a.m., Published: Dec. 2, 2024, midnight
 Vulnerabilities: value injection
Affected productsExternal IDs
db: NVD ids: CVE-2022-40982

Understanding Nmap for Vulnerability Scanning - Web Asha

Trust: 3.75

Fetched: Dec. 1, 2024, 9:24 a.m., Published: Nov. 29, 2024, 11 p.m.
 Vulnerabilities: sql injection
Affected productsExternal IDs

Apple SWOT Analysis 2024: In-Depth Tech Insights

Trust: 3.5

Fetched: Dec. 1, 2024, 9:22 a.m., Published: Sept. 30, 2024, 11:52 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: apple model: ipad
vendor: apple model: watch
vendor: apple model: icloud
vendor: apple model: iphone
vendor: apple model: apple tv
vendor: google model: home
vendor: huawei model: huawei