VARIoT latest news about IoT security

No Fix Coming for Critical D-Link Vulnerability - Lansweeper Related entries in the VARIoT vulnerabilities database: VAR-202411-0293 Trust: 5.75 Fetched: Nov. 24, 2024, 9:49 a.m., Published: Nov. 12, 2024, 12:35 p.m.	Vulnerabilities: privilege escalation, command execution, command injection

Affected products

External IDs

vendor:	d-link	model:	dns-340l
vendor:	d-link	model:	dns-320lw
vendor:	d-link	model:	dns-325
vendor:	d-link	model:	dns-320

db:

NVD

ids:

CVE-2024-10914

Critical Exploit in MediaTek Wi-Fi Chipsets: Zero-Click Vulnerability (CVE-2024-20017) Threatens Routers and Smartphones Trust: 4.75 Fetched: Nov. 24, 2024, 9:43 a.m., Published: -	Vulnerabilities: code execution, buffer overflow

Affected products

External IDs

db:

NVD

ids:

CVE-2024-20017

Samsung Electronics Scales Up Mobile Security Rewards Program To Boost Industry Collaboration and Safety - Samsung Global Newsroom Trust: 3.5 Fetched: Nov. 24, 2024, 9:42 a.m., Published: Nov. 21, 2024, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	samsung	model:	samsung
vendor:	samsung	model:	samsung mobile
vendor:	samsung	model:	mobile devices
vendor:	samsung	model:	samsung galaxy
vendor:	samsung	model:	mobile
vendor:	samsung	model:	galaxy

Critical Vulnerability in FortiManager (CVE-2024-47575) Trust: 3.75 Fetched: Nov. 24, 2024, 9:30 a.m., Published: Oct. 23, 2024, midnight	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2024-47575

Exploited PAN-OS Zero-Days Threaten Thousands of Firewalls (CVE-2024-0012 and CVE-2024-9474) - SOCRadar® Cyber Intelligence Inc. Trust: 4.25 Fetched: Nov. 24, 2024, 9:27 a.m., Published: Nov. 19, 2024, 11:38 a.m.	Vulnerabilities: privilege escalation, command execution, authentication bypass...

Affected products

External IDs

vendor:	palo	model:	networks
vendor:	palo	model:	pan-os
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	pan-os

db:

NVD

ids:

CVE-2024-1212, CVE-2024-0012, CVE-2024-9474

ASLR and Buffer Overflow Attacks - Blue Goat Cyber Trust: 3.5 Fetched: Nov. 24, 2024, 9:26 a.m., Published: Feb. 10, 2024, 6:50 p.m.	Vulnerabilities: information leak, buffer overflow

Affected products	External IDs

Top 10 Cyber Security Threats in Healthcare Trust: 3.75 Fetched: Nov. 24, 2024, 9:25 a.m., Published: Aug. 30, 2024, 7:41 a.m.	Vulnerabilities: denial of service

Affected products	External IDs

Understanding IoT Vulnerabilities and Their Impacts - cyber splendid Trust: 3.5 Fetched: Nov. 24, 2024, 9:23 a.m., Published: Nov. 5, 2024, 5:50 p.m.	Vulnerabilities: default credentials

Affected products	External IDs

Buffer Overflow Attacks Explained - Blue Goat Cyber Trust: 3.5 Fetched: Nov. 24, 2024, 9:20 a.m., Published: Feb. 1, 2024, 8:37 p.m.	Vulnerabilities: denial of service, validation bypass, code execution...

Affected products	External IDs

CVE-2024-10915 - Securin Related entries in the VARIoT vulnerabilities database: VAR-202411-0368 Trust: 5.5 Fetched: Nov. 24, 2024, 9:17 a.m., Published: Nov. 10, 2024, 2 p.m.	Vulnerabilities: os command injection, command injection

Affected products

External IDs

vendor:	d-link	model:	dns-320lw
vendor:	d-link	model:	dns-320
vendor:	d-link	model:	dns-340l
vendor:	d-link	model:	dns-325

db:

NVD

ids:

CVE-2024-10915

Vulnerability Assessment Methodology: A Step-by-Step Guide Trust: 3.5 Fetched: Nov. 24, 2024, 9:16 a.m., Published: Oct. 14, 2024, 12:53 p.m.	Vulnerabilities: sql injection, cross-site scripting

Affected products	External IDs

Security+: Security implications of embedded systems \| Infosec Trust: 3.5 Fetched: Nov. 22, 2024, 10:40 a.m., Published: Nov. 26, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

trend

model:

security

Install iOS 18.1.1 to protect iPhone agains exploited vulnerabilities Trust: 4.5 Fetched: Nov. 22, 2024, 10:38 a.m., Published: Nov. 19, 2024, 8:44 p.m.	Vulnerabilities: cross-site scripting, code execution

Affected products

External IDs

vendor:	apple	model:	ipad
vendor:	apple	model:	webkit
vendor:	apple	model:	macos
vendor:	apple	model:	safari
vendor:	apple	model:	software update
vendor:	apple	model:	iphone

All iPhone users warned 'update now' over two serious security risks \| The Sun Trust: 5.25 Fetched: Nov. 22, 2024, 10:38 a.m., Published: Nov. 20, 2024, 2:38 p.m.	Vulnerabilities: cross-site scripting, code execution

Affected products

External IDs

vendor:	apple	model:	webkit
vendor:	apple	model:	safari
vendor:	apple	model:	iphone
vendor:	google	model:	android
vendor:	google	model:	home

db:

NVD

ids:

CVE-2024-44308, CVE-2024-44309

What Is Sensitive Data Exposure & How To Prevent It Trust: 3.5 Fetched: Nov. 22, 2024, 10:37 a.m., Published: Nov. 3, 2024, 8 a.m.	Vulnerabilities: configuration error, sql injection

Affected products

External IDs

vendor:

essential

model:

phone

Apple releases security patches for zero-day vulnerabilities - The Hindu Trust: 5.5 Fetched: Nov. 22, 2024, 10:34 a.m., Published: Nov. 20, 2024, 5:12 a.m.	Vulnerabilities: cross-site scripting, code execution

Affected products

External IDs

vendor:	apple	model:	webkit
vendor:	apple	model:	macos
vendor:	apple	model:	safari

db:

NVD

ids:

CVE-2024-44308, CVE-2024-44309

Apple is sending emergency zero-day patch to several devices Trust: 4.5 Fetched: Nov. 22, 2024, 10:34 a.m., Published: Nov. 20, 2024, 7:38 p.m.	Vulnerabilities: cross-site scripting, code execution

Affected products

External IDs

vendor:	apple	model:	macos
vendor:	apple	model:	safari
vendor:	apple	model:	webkit
vendor:	samsung	model:	galaxy
vendor:	samsung	model:	samsung galaxy
vendor:	samsung	model:	samsung

db:

NVD

ids:

CVE-2024-44308, CVE-2024-44309

What is an Intrusion Detection System (IDS)? + Best IDS Tools \| UpGuard Trust: 3.75 Fetched: Nov. 22, 2024, 10:33 a.m., Published: -	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

snort

model:

snort

Cyble reports surge in cyberattacks targeting critical infrastructure and open-source vulnerabilities - Industrial Cyber Related entries in the VARIoT vulnerabilities database: VAR-201908-0702, VAR-201908-0712, VAR-201908-0701, VAR-201908-0704 Trust: 5.5 Fetched: Nov. 22, 2024, 10:33 a.m., Published: Oct. 29, 2024, 9:32 a.m.	Vulnerabilities: command injection, brute force attack

Affected products

External IDs

vendor:	cisco	model:	series
vendor:	treck	model:	tcp/ip stack
vendor:	siemens	model:	siprotec 5
vendor:	siemens	model:	siprotec
vendor:	siemens	model:	ruggedcom

db:

NVD

ids:

CVE-2019-12261, CVE-2019-12255, CVE-2019-12260, CVE-2020-11910, CVE-2020-11900, CVE-2024-8517, CVE-2024-7029, CVE-2024-38816, CVE-2019-12263, CVE-2024-4577, CVE-2020-11899, CVE-2024-36401

Apple fixed two zero-day vulnerabilities weaponized against Intel-based macOS systems \| TechSpot Trust: 5.5 Fetched: Nov. 22, 2024, 10:32 a.m., Published: Nov. 11, 2024, midnight	Vulnerabilities: cross-site scripting, code execution

Affected products

External IDs

vendor:	apple	model:	webkit
vendor:	apple	model:	macos
vendor:	apple	model:	safari

db:

NVD

ids:

CVE-2024-44308, CVE-2024-44309

VARIoT news about IoT security