Sign-up

VARIoT news about IoT security

Best Vulnerability Management Tools

Trust: 3.25

Fetched: Nov. 24, 2024, 10:44 a.m., Published: Nov. 5, 2024, 6:49 a.m.
 Vulnerabilities: default credentials, directory traversal, cross-site scripting
Affected productsExternal IDs
vendor: trend model: security
vendor: apple model: macos

Security Vulnerability in KYOCERA Device Manager

Trust: 3.25

Fetched: Nov. 24, 2024, 10:38 a.m., Published: Nov. 1, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-50916

Update now! Apple releases software to patch critical security flaws

Trust: 4.5

Fetched: Nov. 24, 2024, 10:37 a.m., Published: Nov. 20, 2024, 5:24 p.m.
 Vulnerabilities: cross-site scripting, code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: webkit
db: NVD ids: CVE-2024-44308, CVE-2024-44309

Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474

Trust: 5.25

Fetched: Nov. 24, 2024, 10:34 a.m., Published: Nov. 19, 2024, 9:31 a.m.
 Vulnerabilities: code execution, privilege escalation, authentication bypass...
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo model: pan-os
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: pan-os
db: NVD ids: CVE-2024-3400, CVE-2024-0012, CVE-2024-9474

CISA: Over Half of Top Routinely Exploited Vulnerabilities in 2023 Affected Network Devices and Infrastructure - Eclypsium | Supply Chain Security for the Modern Enterprise

Related entries in the VARIoT vulnerabilities database: VAR-202209-1931

Trust: 3.5

Fetched: Nov. 24, 2024, 10:34 a.m., Published: Nov. 22, 2024, 5 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
vendor: cisco model: series
db: NVD ids: CVE-2022-3236

The Best Streaming Sticks and Devices for Your Smart TV - The Ambient

Trust: 3.25

Fetched: Nov. 24, 2024, 10:31 a.m., Published: Oct. 17, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: watch
vendor: apple model: apple tv
vendor: apple model: ipad
vendor: google model: home
vendor: google model: chromecast
vendor: google model: android
vendor: mesh model: mesh
vendor: roku model: roku
vendor: roku model: ultra
vendor: roku model: roku ultra
vendor: roku model: roku express
vendor: roku model: express
vendor: roku model: streaming stick
vendor: essential model: phone
vendor: amazon model: fire tv
vendor: amazon model: echo show

CVE-2024-10456 - Securin

Trust: 4.75

Fetched: Nov. 24, 2024, 10:26 a.m., Published: Nov. 3, 2024, 8:19 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-10456

Apple, Oracle, and Apache Issue Critical Updates for Actively Exploited and High-Risk Vulnerabilities - SOCRadar® Cyber Intelligence Inc.

Trust: 5.25

Fetched: Nov. 24, 2024, 10:22 a.m., Published: Nov. 20, 2024, 11:41 a.m.
 Vulnerabilities: cross-site scripting, code execution, request forgery...
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: macos
db: NVD ids: CVE-2024-48962, CVE-2024-44308, CVE-2024-47208, CVE-2024-44309, CVE-2024-21287

Samsung Electronics Scales Up Mobile Security Rewards Program To Boost Industry Collaboration and Safety

Trust: 3.5

Fetched: Nov. 24, 2024, 10:10 a.m., Published: Nov. 21, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: samsung model: mobile
vendor: samsung model: mobile devices
vendor: samsung model: samsung
vendor: samsung model: galaxy
vendor: samsung model: samsung galaxy
vendor: samsung model: samsung mobile

Apple issues urgent updates to address actively exploited zero-day vulnerabilities - Technology News | The Financial Express

Trust: 4.75

Fetched: Nov. 24, 2024, 9:58 a.m., Published: Nov. 20, 2024, 10:12 a.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: apple model: ipad air
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: safari
vendor: apple model: macos
vendor: apple model: ipad
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2024-44308, CVE-2024-44309

Bevy of smart doorbell bugs earn Ekon an FCC penalty for negligence | SC Media

Trust: 3.0

Fetched: Nov. 24, 2024, 9:57 a.m., Published: Nov. 22, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs

Apple’s Latest Updates Address Critical Security Vulnerabilities - AppleMagazine

Trust: 3.5

Fetched: Nov. 24, 2024, 9:57 a.m., Published: Nov. 20, 2024, 7:07 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: safari
vendor: apple model: watch
vendor: apple model: software update

Apple addresses two iPhone, Mac zero-days | Computer Weekly

Trust: 5.5

Fetched: Nov. 24, 2024, 9:56 a.m., Published: Nov. 20, 2024, midnight
 Vulnerabilities: cross-site scripting, code execution
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: safari
vendor: apple model: software update
db: NVD ids: CVE-2024-44308, CVE-2024-23222, CVE-2024-44309

Zero-day vulnerability in GeoVision devices exploited by a botnet

Trust: 5.0

Fetched: Nov. 24, 2024, 9:55 a.m., Published: Nov. 18, 2024, midnight
 Vulnerabilities: denial of service, os command injection, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-11120

D-Link Technical Support

Trust: 3.5

Fetched: Nov. 24, 2024, 9:55 a.m., Published: -
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
vendor: d-link model: dsr-150n
vendor: d-link model: dsr-500n
vendor: d-link model: dsr-250n firmware
vendor: d-link model: dsr-250 firmware
vendor: d-link model: dsr-150
vendor: d-link model: dsr-250
vendor: d-link model: router
vendor: d-link model: dsr-250n
vendor: d-link model: dsr-1000n

Apple Updates Block Two Zero-Day Security Vulnerabilities - TidBITS

Trust: 4.5

Fetched: Nov. 24, 2024, 9:53 a.m., Published: Nov. 19, 2024, 11:49 p.m.
 Vulnerabilities: cross-site scripting, code execution
Affected productsExternal IDs
vendor: apple model: watchos
vendor: apple model: tvos
vendor: apple model: safari
vendor: apple model: macos
vendor: apple model: webkit

Palo Alto Networks faces breach of over 2,000 devices amid exploit campaign

Trust: 4.5

Fetched: Nov. 24, 2024, 9:53 a.m., Published: Nov. 22, 2024, 11:51 a.m.
 Vulnerabilities: privilege escalation, code execution
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo model: pan-os
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: pan-os
db: NVD ids: CVE-2024-5910, CVE-2024-0012, CVE-2024-9474, CVE-2024-3400

Experts warn of Palo Alto firewall exploitation after 2,000 compromises spotted

Trust: 3.5

Fetched: Nov. 24, 2024, 9:51 a.m., Published: Nov. 22, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
db: NVD ids: CVE-2024-0012, CVE-2024-9474

Security Flaws Discovered in GoAhead might affect Web Servers

Trust: 5.25

Fetched: Nov. 24, 2024, 9:50 a.m., Published: Nov. 15, 2024, midnight
 Vulnerabilities: denial of service, memory access violation, service crash...
Affected productsExternal IDs
vendor: embedthis model: goahead
vendor: embedthis model: goahead web server
db: NVD ids: CVE-2024-3187, CVE-2024-3186, CVE-2024-3184

Mystery Palo Alto Networks 0-day RCE now actively exploited • The Register

Trust: 5.5

Fetched: Nov. 24, 2024, 9:49 a.m., Published: -
 Vulnerabilities: sql injection, code execution, command execution...
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo model: pan-os
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: pan-os
db: NVD ids: CVE-2024-9463, CVE-2024-9465