Sign-up

VARIoT news about IoT security

GreyNoise Intelligence Discovers Zero-Day Vulnerabilities in Live Streaming Cameras with the Help of AI | GreyNoise Blog

Trust: 3.5

Fetched: Nov. 19, 2024, 9:37 a.m., Published: Oct. 31, 2024, midnight
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-8956, CVE-2024-8957

Cisco fixed tens of vulnerabilities, including an actively exploited one

Trust: 5.5

Fetched: Nov. 19, 2024, 9:35 a.m., Published: Oct. 24, 2024, 3:58 p.m.
 Vulnerabilities: denial of service, remote command injection, command injection...
Affected productsExternal IDs
vendor: cisco model: series
vendor: cisco model: adaptive security appliance software
vendor: cisco model: adaptive security appliance
vendor: cisco model: cisco firepower threat defense software
vendor: cisco model: firepower threat defense software
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: cisco adaptive security appliance software
vendor: cisco model: firepower threat defense
vendor: cisco model: firepower
db: NVD ids: CVE-2024-20481, CVE-2024-20412, CVE-2024-20424, CVE-2024-20329

Top 10 Medical Device Operating Systems - Blue Goat Cyber

Trust: 3.75

Fetched: Nov. 19, 2024, 9:31 a.m., Published: March 30, 2024, 1:40 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: contiki model: contiki

Top 50 Medical Device Cybersecurity Issues - Blue Goat Cyber

Trust: 3.5

Fetched: Nov. 19, 2024, 9:30 a.m., Published: Jan. 10, 2024, 10:05 p.m.
 Vulnerabilities: weak password, cross-site scripting, sql injection...
Affected productsExternal IDs

Researchers Warn of Active GeoVision Botnet Used in DDoS and Cryptocurrency Attacks

Trust: 3.5

Fetched: Nov. 19, 2024, 9:27 a.m., Published: Nov. 1, 2024, midnight
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-11120

CVE-2024-0012, CVE-2024-9474: Zero-Day Vulnerabilities in Palo Alto PAN-OS Exploited In The Wild - Blog | Tenable®

Trust: 4.5

Fetched: Nov. 19, 2024, 9:26 a.m., Published: Nov. 18, 2024, 7:22 p.m.
 Vulnerabilities: authentication bypass, privilege escalation
Affected productsExternal IDs
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os
vendor: palo model: firewall
vendor: palo model: networks
vendor: palo model: pan-os
db: NVD ids: CVE-2024-9474, CVE-2024-0012

PSA: Samsung Just Pushed an “Urgent” Update to Galaxy Devices - SammyGuru

Trust: 3.75

Fetched: Nov. 19, 2024, 9:23 a.m., Published: Nov. 18, 2024, 11:06 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: samsung model: galaxy

OvrC Cloud Platform Flaws Open IoT Devices to Remote Attacks and Code Execution - VULNERA

Trust: 5.75

Fetched: Nov. 19, 2024, 9:22 a.m., Published: Nov. 13, 2024, 9:28 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: embedthis model: goahead
db: NVD ids: CVE-2024-3184, CVE-2024-3187, CVE-2024-3186

Multiple Vulnerabilities in Palo Alto PAN-OS Could Allow for Authentication Bypass

Trust: 5.25

Fetched: Nov. 19, 2024, 9:21 a.m., Published: Nov. 18, 2024, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: palo model: pan-os

How To Secure IoT Devices | NinjaOne

Trust: 5.75

Fetched: Nov. 19, 2024, 9:21 a.m., Published: Nov. 11, 2024, 10:38 p.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: delegate model: delegate

SQL Injection Vulnerability (CVE-2024-49574) fixed in build 8123 | ManageEngine ADAudit Plus

Trust: 5.25

Fetched: Nov. 19, 2024, 9:20 a.m., Published: Nov. 19, 8123, midnight
 Vulnerabilities: sql injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-49574

Tenable discloses vulnerability in Open Policy Agent OPA

Trust: 4.0

Fetched: Nov. 19, 2024, 9:19 a.m., Published: Nov. 19, 2024, 1:33 a.m.
 Vulnerabilities: authentication vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2024-8260

Mirai Malware Spreads Via GeoVision Zero-Day Exploit - Security Spotlight

Trust: 3.5

Fetched: Nov. 19, 2024, 9:18 a.m., Published: Nov. 16, 2024, 5:47 p.m.
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-11120

CERT-EU - Multiple Critical CISCO Vulnerabilities

Trust: 4.5

Fetched: Nov. 19, 2024, 9:17 a.m., Published: -
 Vulnerabilities: command injection, remote command injection, injection attack...
Affected productsExternal IDs
vendor: cisco model: nexus
vendor: cisco model: series
vendor: cisco model: asa software
vendor: cisco model: fxos
vendor: cisco model: adaptive security appliance
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: firepower threat defense
vendor: cisco model: firepower

November 18 Advisory: Active Exploitation of Critical RCE in Palo Alto Networks PAN-OS [CVE-2024-0012 and CVE-2024-9474] | Censys

Trust: 4.25

Fetched: Nov. 19, 2024, 9:16 a.m., Published: Nov. 18, 2024, 5:49 p.m.
 Vulnerabilities: code execution, privilege escalation, authentication bypass
Affected productsExternal IDs
vendor: palo alto networks model: firewall
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: networks
vendor: palo model: firewall
vendor: palo model: pan-os
vendor: palo model: networks
db: NVD ids: CVE-2024-9474, CVE-2024-0012

SSA-654798

Related entries in the VARIoT vulnerabilities database: VAR-202411-0550

Trust: 3.25

Fetched: Nov. 17, 2024, 11:16 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-50310

KB5046613 Windows 10 November 2024 Patch And 4 Zero Day Vulnerabilities 91 Flaws HTMD Blog

Trust: 3.0

Fetched: Nov. 17, 2024, 11:15 a.m., Published: Nov. 12, 2024, 6:56 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-49040, CVE-2024-43451, CVE-2024-49019, CVE-2024-49039

8 Common Types of Cyber Attack Vectors and How to Avoid Them | Balbix

Trust: 4.5

Fetched: Nov. 17, 2024, 11:12 a.m., Published: Nov. 27, 2019, 4:22 p.m.
 Vulnerabilities: brute force attack, denial of service
Affected productsExternal IDs

Threat Actors Are Exploiting Vulnerabilities Faster Than Ever

Trust: 4.5

Fetched: Nov. 17, 2024, 11:12 a.m., Published: Oct. 23, 2024, 4:15 p.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: samsung model: mobile
vendor: samsung model: samsung
vendor: google model: android
db: NVD ids: CVE-2023-28121, CVE-2023-27997

CVE-2024-10443: Critical Zero-Click RCE Vulnerability Discovered in Synology NAS Devices - Arctic Wolf

Trust: 3.25

Fetched: Nov. 17, 2024, 11:11 a.m., Published: Nov. 4, 2024, 10:09 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-10443