Sign-up

VARIoT news about IoT security

Zyxel Firewalls Exploited in Recent Ransomware Attacks - VULNERA

Trust: 4.75

Fetched: Nov. 26, 2024, 9:24 a.m., Published: Nov. 25, 2024, 9:03 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-42057

Wiz observes CVE-2024-0012 and CVE-2024-9474 exploitation | Wiz Blog

Trust: 5.25

Fetched: Nov. 26, 2024, 9:23 a.m., Published: Nov. 22, 2024, 1:50 p.m.
 Vulnerabilities: code execution, command execution, privilege escalation...
Affected productsExternal IDs
vendor: palo alto networks model: firewall
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: networks
vendor: palo model: firewall
vendor: palo model: pan-os
vendor: palo model: networks
db: NVD ids: CVE-2024-9474, CVE-2024-0012

Virat Kohli comments on recent Apple vulnerability

Trust: 4.75

Fetched: Nov. 26, 2024, 9:23 a.m., Published: Nov. 25, 2024, 5:50 p.m.
 Vulnerabilities: denial of service, cross-site scripting
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: software update
vendor: apple model: macos
vendor: apple model: iphone
vendor: apple model: safari
vendor: apple model: ipad
db: NVD ids: CVE-2024-44309, CVE-2024-44308

Second Critical Ivanti Cloud Services Appliance (CSA) Vulnerability Actively Exploited In Attacks

Trust: 3.75

Fetched: Nov. 26, 2024, 9:22 a.m., Published: Nov. 3, 2024, midnight
 Vulnerabilities: path traversal, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-8190, CVE-2024-8963

Hacking these IoT baby monitors is child's play, researchers reveal

Trust: 3.75

Fetched: Nov. 26, 2024, 9:22 a.m., Published: Dec. 2, 2024, midnight
 Vulnerabilities: default credentials
Affected productsExternal IDs

Access Denied

Trust: 3.25

Fetched: Nov. 26, 2024, 9:22 a.m., Published: May 19, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung

Serious security vulnerability - Samsung Community

Trust: 3.0

Fetched: Nov. 26, 2024, 9:20 a.m., Published: Aug. 27, 2024, 6:31 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung

Android Operating System Vulnerabilities Types and Examples

Trust: 5.5

Fetched: Nov. 26, 2024, 9:19 a.m., Published: Nov. 5, 2024, midnight
 Vulnerabilities: code injection, use after free, sql injection...
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2023-26498, CVE-2023-26496, CVE-2023-26497, CVE-2023-24033, CVE-2024-43093

Infosec Press Reader

Trust: 4.5

Fetched: Nov. 24, 2024, 11 a.m., Published: Nov. 24, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: palo alto networks model: networks
vendor: google model: home
vendor: google model: android
vendor: citrix model: netscaler
vendor: palo model: networks
db: NVD ids: CVE-2024-9463, CVE-2024-9465

Apple macOS - Security Vulnerabilities in 2024

Trust: 5.25

Fetched: Nov. 24, 2024, 10:58 a.m., Published: Nov. 24, 2024, midnight
 Vulnerabilities: information leakage, code execution, information disclosure...
Affected productsExternal IDs
vendor: apple model: tvos
vendor: apple model: watchos
vendor: apple model: safari
vendor: apple model: macos
vendor: apple model: watch
db: NVD ids: CVE-2024-44289, CVE-2024-44175, CVE-2024-44205, CVE-2024-44154, CVE-2024-44269, CVE-2024-44194, CVE-2024-44216, CVE-2024-44189, CVE-2024-44135, CVE-2024-44148, CVE-2024-44218, CVE-2024-44186, CVE-2024-44131, CVE-2024-44130, CVE-2024-40810, CVE-2024-44174, CVE-2024-40866, CVE-2024-44215, CVE-2024-44123, CVE-2024-44128, CVE-2024-44237, CVE-2024-44184, CVE-2024-44149, CVE-2024-44294, CVE-2024-44295, CVE-2024-40855, CVE-2024-44185, CVE-2024-44134, CVE-2024-44197, CVE-2024-44282, CVE-2024-44232, CVE-2024-44208, CVE-2024-44234, CVE-2024-44152, CVE-2024-44277, CVE-2024-44155, CVE-2024-44239, CVE-2024-44158, CVE-2024-44297, CVE-2024-44190, CVE-2024-44280, CVE-2024-44244, CVE-2024-40792, CVE-2024-44196, CVE-2024-44126, CVE-2024-44267, CVE-2024-44264, CVE-2024-27849, CVE-2024-27795, CVE-2024-44301, CVE-2024-44233, CVE-2024-44256, CVE-2024-44222, CVE-2024-44229, CVE-2024-44265, CVE-2024-44240, CVE-2024-44156, CVE-2024-44285, CVE-2024-44287, CVE-2024-44307, CVE-2024-44281, CVE-2024-44302, CVE-2024-44129, CVE-2024-44151, CVE-2024-44255, CVE-2024-44270, CVE-2024-44278, CVE-2024-44260, CVE-2024-44198, CVE-2024-44247, CVE-2024-44159, CVE-2024-44254, CVE-2024-44213, CVE-2024-44153, CVE-2024-44236, CVE-2024-44253, CVE-2024-44191, CVE-2024-40860, CVE-2024-44146, CVE-2024-44137, CVE-2024-44206, CVE-2024-44122, CVE-2024-44273, CVE-2024-44308, CVE-2024-44133, CVE-2024-44257, CVE-2024-44275, CVE-2024-44144, CVE-2024-44188, CVE-2024-44283, CVE-2024-44177, CVE-2024-44296, CVE-2024-44259, CVE-2024-44203, CVE-2024-44279, CVE-2024-44145, CVE-2024-44176, CVE-2024-44309, CVE-2024-40859, CVE-2024-44284

Indian govt. issues critical warning for THESE Apple users: How to protect your device | Mint

Trust: 3.5

Fetched: Nov. 24, 2024, 10:57 a.m., Published: Nov. 22, 2024, midnight
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: macos

LightSpy Malware Gains New Destructive Power - CyberMaterial

Related entries in the VARIoT vulnerabilities database: VAR-202006-1651, VAR-202002-1163

Trust: 5.0

Fetched: Nov. 24, 2024, 10:57 a.m., Published: Oct. 31, 2024, 2:12 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2020-9802, CVE-2020-3837

Another Apple update? Here's why this one actually matters

Trust: 4.5

Fetched: Nov. 24, 2024, 10:55 a.m., Published: Nov. 20, 2024, 5:13 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: safari
vendor: apple model: macos
vendor: google model: home

Testing for SQL injection vulnerabilities with Burp Suite - PortSwigger

Trust: 4.0

Fetched: Nov. 24, 2024, 10:55 a.m., Published: Nov. 1, 2024, midnight
 Vulnerabilities: sql injection
Affected productsExternal IDs

What is a JSON Injection and How to Prevent it

Trust: 3.5

Fetched: Nov. 24, 2024, 10:53 a.m., Published: Aug. 29, 2021, 10:07 a.m.
 Vulnerabilities: injection attack, sql injection, cross-site scripting...
Affected productsExternal IDs

CISA Warns of Critical Software Vulnerabilities in Industrial Devices - OSINT without borders

Related entries in the VARIoT vulnerabilities database: VAR-202410-3402, VAR-202410-2617

Trust: 4.5

Fetched: Nov. 24, 2024, 10:52 a.m., Published: Nov. 1, 2024, 12:30 p.m.
 Vulnerabilities: authentication bypass, weak password
Affected productsExternal IDs
vendor: mitsubishi electric model: melsec iq-r
vendor: mitsubishi electric model: melsec iq-r series
vendor: rockwell model: automation factorytalk
vendor: rockwell model: factorytalk
vendor: mitsubishi model: melsec iq-r
vendor: mitsubishi model: melsec iq-r series
vendor: rockwell automation model: automation factorytalk
vendor: rockwell automation model: factorytalk
db: NVD ids: CVE-2023-6943, CVE-2024-10386, CVE-2023-2060, CVE-2024-10387

How to Identify Vulnerable Third-Party Software (Quickly) | UpGuard

Trust: 3.75

Fetched: Nov. 24, 2024, 10:51 a.m., Published: -
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: node.js model: node.js

Traditional Cybersecurity vs Medical Device Cybersecurity - Blue Goat Cyber

Trust: 3.75

Fetched: Nov. 24, 2024, 10:50 a.m., Published: Nov. 17, 2024, 4:15 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs

What is an Open Port? Definition & Free Checking Tools | UpGuard

Trust: 3.75

Fetched: Nov. 24, 2024, 10:49 a.m., Published: -
 Vulnerabilities: denial of service
Affected productsExternal IDs

CISA adds D-Link multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog

Related entries in the VARIoT vulnerabilities database: VAR-202404-0069, VAR-202404-0070

Trust: 5.75

Fetched: Nov. 24, 2024, 10:47 a.m., Published: April 11, 2024, 9:48 p.m.
 Vulnerabilities: code execution, command injection
Affected productsExternal IDs
vendor: d-link model: dns-340l
vendor: d-link model: dns-327l
vendor: d-link model: dns-325
vendor: d-link model: dns-320l
db: NVD ids: CVE-2024-3272, CVE-2024-3273