Sign-up

VARIoT news about IoT security

CVE-2024-0012, CVE-2024-9474: Zero-Day Vulnerabilities in Palo Alto PAN-OS Exploited In The Wild - Security Boulevard

Trust: 4.25

Fetched: Nov. 22, 2024, 10:28 a.m., Published: Nov. 18, 2024, 7:22 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: palo model: pan-os
db: NVD ids: CVE-2024-0012, CVE-2024-9474

Differences in the IoT and the IoMT - Blue Goat Cyber

Trust: 3.75

Fetched: Nov. 22, 2024, 10:28 a.m., Published: March 1, 2024, 2:38 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security

Vulnerabilities in Realtek SD card Reader Driver Impacts Dell, Lenovo, & Others Laptops

Trust: 3.75

Fetched: Nov. 22, 2024, 10:27 a.m., Published: Oct. 28, 2024, 11:19 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: lenovo model: updates
vendor: lenovo model: system
db: NVD ids: CVE-2024-40432, CVE-2024-40431, CVE-2022-25478, CVE-2022-25480, CVE-2022-25477, CVE-2022-25479

Apple Releases Fixes for Actively Exploited Zero-day Vulnerabilities (CVE-2024-44308 & CVE-2024-44309) - Qualys ThreatPROTECT

Trust: 5.5

Fetched: Nov. 22, 2024, 10:27 a.m., Published: -
 Vulnerabilities: cross-site scripting, code execution
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: ipad air
vendor: apple model: webkit
vendor: apple model: macos
vendor: apple model: safari
vendor: apple model: iphone
db: NVD ids: CVE-2024-44308, CVE-2024-44309

RISK:STATION RCE Vulnerability Hits Synology NAS Devices

Trust: 5.5

Fetched: Nov. 22, 2024, 10:25 a.m., Published: Nov. 6, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: synology model: diskstation manager
vendor: synology model: diskstation
db: NVD ids: CVE-2024-10443

Apple Issues Emergency Security Update for Actively Exploited Flaws - Infosecurity Magazine

Trust: 4.75

Fetched: Nov. 22, 2024, 10:23 a.m., Published: Nov. 20, 2024, noon
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: macos
vendor: apple model: safari
db: NVD ids: CVE-2024-44308, CVE-2024-44309

About the security content of iOS 18.1.1 and iPadOS 18.1.1 - Apple Support

Trust: 4.5

Fetched: Nov. 22, 2024, 10:22 a.m., Published: Jan. 18, 2001, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: ipad air
vendor: apple model: iphone
db: NVD ids: CVE-2024-44308, CVE-2024-44309

You Should Update Your Apple Device to Protect Yourself From Getting Hacked

Trust: 3.75

Fetched: Nov. 22, 2024, 10 a.m., Published: Nov. 20, 2024, 2:59 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: ipad
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: ipad air
vendor: apple model: macos
db: NVD ids: CVE-2024-44308, CVE-2024-44309

Palo Alto Networks warns hackers are breaking into its customers' firewalls - again | TechCrunch

Trust: 3.75

Fetched: Nov. 22, 2024, 9:59 a.m., Published: Nov. 21, 2024, 2:09 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: check point model: check point
vendor: palo model: firewall
vendor: palo model: networks
vendor: palo model: pan-os
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os
db: NVD ids: CVE-2024-0012, CVE-2024-9474

Ensuring IoT Security in 5G Era: Examining Protocols, Architectures, and Security Measures | SpringerLink

Trust: 3.5

Fetched: Nov. 22, 2024, 9:59 a.m., Published: Nov. 22, 2024, midnight
 Vulnerabilities: -

【Vulnerability Alert】GeoVision End-of-Life Devices - OS Command Injection

Trust: 4.75

Fetched: Nov. 22, 2024, 9:46 a.m., Published: Nov. 20, 2024, midnight
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-11120

Update now! Apple confirms vulnerabilities are already being exploited | Malwarebytes

Trust: 5.5

Fetched: Nov. 22, 2024, 9:45 a.m., Published: Nov. 20, 2024, 1:12 p.m.
 Vulnerabilities: cross-site scripting, code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: safari
vendor: apple model: software update
vendor: apple model: webkit
db: NVD ids: CVE-2024-44308, CVE-2024-44309

Apple warns 2 macOS zero-day vulnerabilities under attack | TechTarget

Trust: 4.25

Fetched: Nov. 22, 2024, 9:44 a.m., Published: Nov. 20, 2024, midnight
 Vulnerabilities: cross-site scripting, code execution
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: macos
vendor: apple model: safari
vendor: canary model: canary
vendor: trend model: security
db: NVD ids: CVE-2024-44308, CVE-2024-44309

Samsung Electronics Scales Up Mobile Security Rewards Program to Boost Industry Collaboration and Safety - Samsung Mobile Press

Trust: 3.5

Fetched: Nov. 22, 2024, 9:44 a.m., Published: Nov. 21, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: samsung model: mobile devices
vendor: samsung model: samsung
vendor: samsung model: samsung galaxy
vendor: samsung model: galaxy
vendor: samsung model: mobile
vendor: samsung model: samsung mobile

【Vulnerability Alert】GeoVision End-of-Life Devices - OS Command Injection

Trust: 4.75

Fetched: Nov. 22, 2024, 9:43 a.m., Published: Nov. 20, 2024, midnight
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-11120

risk estimation study of native code vulnerabilities in Android applications | Journal of Cybersecurity | Oxford Academic

Trust: 3.25

Fetched: Nov. 22, 2024, 9:19 a.m., Published: Jan. 2, 2024, midnight
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: lenovo model: updates
vendor: lenovo model: system
vendor: google model: android
vendor: samsung model: note
vendor: samsung model: mobile devices
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: motorola model: android
vendor: motorola model: motorola

Disclosure of 7 Android and Google Pixel Vulnerabilities | Oversecured Blog

Trust: 3.5

Fetched: Nov. 22, 2024, 9:14 a.m., Published: Nov. 7, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2024-34719, CVE-2023-20963, CVE-2024-0017, CVE-2023-21292, CVE-2023-21383, CVE-2021-0600

Palo Alto Networks Fixes 2 Zero-Days in PAN-OS - Lansweeper

Trust: 5.5

Fetched: Nov. 20, 2024, 10:19 a.m., Published: Nov. 19, 2024, 3:14 p.m.
 Vulnerabilities: privilege escalation, authentication bypass
Affected productsExternal IDs
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo model: pan-os
vendor: palo model: networks
vendor: palo model: firewall
db: NVD ids: CVE-2024-9474, CVE-2024-0012

XillyUSB Device Endpoint Validation Vulnerability in Linux Kernel

Trust: 4.25

Fetched: Nov. 20, 2024, 10:18 a.m., Published: Nov. 12, 2024, midnight
 Vulnerabilities: endpoint validation vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2024-45011

CVE-2022-20931 Cisco Touch 10 Device Downgrade Attack Vulner... - vulnerability database | Vulners.com

Trust: 4.0

Fetched: Nov. 20, 2024, 10:17 a.m., Published: Nov. 15, 2024, 3:30 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco telepresence ce software
vendor: cisco model: telepresence ce software
vendor: cisco model: telepresence ce
vendor: cisco model: telepresence
vendor: cisco model: cisco telepresence
db: NVD ids: CVE-2022-20931