Sign-up

VARIoT news about IoT security

Chinese Hackers Hijacked Routers & IoT Devices to Create Botnet, NSA Warns

Trust: 3.0

Fetched: Nov. 20, 2024, 9:35 a.m., Published: Sept. 18, 2024, 3:04 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs

Record-Breaking 3.15 Billion Packets Per Second DDOS Attack Towards Minecraft Server

Trust: 4.5

Fetched: Nov. 20, 2024, 9:34 a.m., Published: Sept. 2, 2024, 6:59 a.m.
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-2231

Hunting the Mongoose: Discovering 10 Vulnerabilities in the Mongoose Web Server Library

Trust: 5.25

Fetched: Nov. 20, 2024, 9:30 a.m., Published: Nov. 10, 2024, midnight
 Vulnerabilities: integer overflow, buffer overflow, memory corruption...
Affected productsExternal IDs
vendor: schneider model: concept
vendor: cesanta model: mongoose
vendor: schneider electric model: concept
db: NVD ids: CVE-2024-42389, CVE-2024-42388, CVE-2024-42384, CVE-2024-42387, CVE-2024-42385, CVE-2024-42386, CVE-2024-42391, CVE-2024-42383, CVE-2024-42390, CVE-2024-42392

Critical Oath-Toolkit Vulnerability Let Attackers Escalate Privilege

Trust: 3.0

Fetched: Nov. 20, 2024, 9:30 a.m., Published: Oct. 7, 2024, 4:26 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2024-47191

CVE-2024-20375 : CISCO UNIFIED COMMUNICATIONS MANAGER UP TO 15 SIP OUT-OF-BOUNDS WRITE - Cloud WAF

Trust: 4.0

Fetched: Nov. 20, 2024, 9:29 a.m., Published: Aug. 22, 2024, 9:09 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: unified communications
vendor: cisco model: cisco unified communications manager
vendor: cisco model: unified communications manager
db: NVD ids: CVE-2024-20375

CVE-2024-20446 - Cisco NX-OS Software DHCPv6 Relay Agent Denial of Service Vulnerability

Trust: 5.75

Fetched: Nov. 20, 2024, 9:23 a.m., Published: Nov. 8, 2024, midnight
 Vulnerabilities: denial of service, process crash
Affected productsExternal IDs
vendor: cisco model: nx-os
vendor: cisco model: cisco nx-os
vendor: cisco model: nx-os software
db: NVD ids: CVE-2024-20446

CVE-2024-44308 and CVE-2024-44309: Apple Addresses Zero-Day Vulnerabilities

Trust: 5.5

Fetched: Nov. 20, 2024, 9:16 a.m., Published: Nov. 19, 2024, 8:34 p.m.
 Vulnerabilities: cross-site scripting, code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: ipad air
vendor: apple model: webkit
vendor: apple model: ipad
vendor: apple model: iphone
db: NVD ids: CVE-2024-44308, CVE-2024-44309

Firmware Vulnerability Affects LevelOne WBR-6012 Router, Leading to Denial of Service and Device Reboots (CVE-2024-33700) | SecurityVulnerability.io - SecuirtyVulnerability.io

Trust: 3.25

Fetched: Nov. 19, 2024, 9:56 a.m., Published: Nov. 19, 6012, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2024-33700

CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015)

Trust: 4.5

Fetched: Nov. 19, 2024, 9:55 a.m., Published: Nov. 18, 2024, 2:20 p.m.
 Vulnerabilities: authentication bypass, privilege escalation
Affected productsExternal IDs
vendor: paloaltonetworks model: networks
vendor: paloaltonetworks model: pan-os
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os
vendor: palo model: networks
vendor: palo model: pan-os
db: NVD ids: CVE-2024-9474, CVE-2024-0012

SAP Vulnerability Management: Best Practices for Securing Your Business

Trust: 3.75

Fetched: Nov. 19, 2024, 9:54 a.m., Published: Nov. 4, 2024, 10:20 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2020-6287

Microsoft November Patch Tuesday: 4 Zero-Days and 89 Vulnerabilities Patched

Trust: 3.75

Fetched: Nov. 19, 2024, 9:53 a.m., Published: Nov. 13, 2024, 2:14 a.m.
 Vulnerabilities: information disclosure, code execution, security feature bypass...
Affected productsExternal IDs
db: NVD ids: CVE-2024-43625, CVE-2024-43451, CVE-2024-43498, CVE-2024-49039, CVE-2024-49040, CVE-2024-43602, CVE-2024-49019, CVE-2024-43639

Critical TP-Link DHCP Vulnerability Let Attackers Execute Remote Code

Related entries in the VARIoT vulnerabilities database: VAR-202411-0796

Trust: 5.75

Fetched: Nov. 19, 2024, 9:51 a.m., Published: Nov. 15, 2024, 2:45 p.m.
 Vulnerabilities: denial of service, buffer overflow, memory corruption
Affected productsExternal IDs
vendor: tp-link model: routers
db: NVD ids: CVE-2024-11237

SANS NewsBites Vol. 26 Num. 84 : Change Healthcare Breach Prompts Proposed US Healthcare Cybersecurity Legislation; Protect AI Bug Bounty Program Reveals 24 Vulnerabilities; Sophos X-Ops’ Five-Year Investigation into State-Sponsored Attacks on Perimeter Devices - SANS Institute

Trust: 4.25

Fetched: Nov. 19, 2024, 9:50 a.m., Published: Nov. 26, 2024, midnight
 Vulnerabilities: default credentials, path traversal
Affected productsExternal IDs
vendor: sophos model: firewall
vendor: palo model: firewall
vendor: palo model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
db: NVD ids: CVE-2024-38821, CVE-2024-50388, CVE-2024-50387, CVE-2024-7475, CVE-2024-38030, CVE-2024-7474, CVE-2024-5982

CVE-2022-20793 Cisco Touch 10 Device Insufficient Identity V... - vulnerability database | Vulners.com

Trust: 3.75

Fetched: Nov. 19, 2024, 9:50 a.m., Published: Nov. 15, 2024, 3:34 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco telepresence
vendor: cisco model: telepresence endpoint
vendor: cisco model: cisco roomos
vendor: cisco model: roomos
vendor: cisco model: telepresence
db: NVD ids: CVE-2022-20793

PfSense Stored XSS Vulnerability Leads To RCE Attacks, PoC Published

Trust: 5.5

Fetched: Nov. 19, 2024, 9:49 a.m., Published: Nov. 4, 2024, 11:50 a.m.
 Vulnerabilities: cross-site scripting, code execution
Affected productsExternal IDs
vendor: pfsense model: pfsense
vendor: netgate model: pfsense
db: NVD ids: CVE-2024-46538

Risks of IoT devices - Blue Goat Cyber

Related entries in the VARIoT vulnerabilities database: VAR-202108-0736

Trust: 3.75

Fetched: Nov. 19, 2024, 9:49 a.m., Published: Sept. 26, 2023, 7:47 p.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs
db: NVD ids: CVE-2021-27954

VMware vCenter Server Vulnerabilites Let Attackers Execute Remote Code

Trust: 5.25

Fetched: Nov. 19, 2024, 9:48 a.m., Published: Oct. 22, 2024, 6:19 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2024-38812, CVE-2024-38813

Forescout Research reveals 162 vulnerabilities in connected medical devices, elevating risks to patient data and safety - IndustrialCyber - Medical Device Market

Trust: 3.25

Fetched: Nov. 19, 2024, 9:46 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs

Hackers Exploiting SharePoint RCE Vulnerability to Compromise Entire Domain

Trust: 5.0

Fetched: Nov. 19, 2024, 9:45 a.m., Published: Nov. 1, 2024, 9:06 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-38094

Deserialization Vulnerability Affects Delta Electronics' InfraSuite Device Master (CVE-2024-10456) | SecurityVulnerability.io - SecuirtyVulnerability.io

Trust: 3.0

Fetched: Nov. 19, 2024, 9:39 a.m., Published: Oct. 30, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-10456