Sign-up

VARIoT news about IoT security

Ruijie Networks' Cloud Platform Flaws Could Expose 50,000 Devices to Remote Attacks

Trust: 5.0

Fetched: Dec. 27, 2024, 9:24 a.m., Published: Dec. 25, 2024, 4 p.m.
 Vulnerabilities: request forgery, weak password
Affected productsExternal IDs
db: NVD ids: CVE-2024-45722, CVE-2024-48874, CVE-2024-52324, CVE-2024-47547, CVE-2024-47146

Update Canonical Ubuntu Server: USN-7120-2: Linux kernel vulnerabilities

Trust: 4.0

Fetched: Dec. 27, 2024, 9:24 a.m., Published: Feb. 27, 7120, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2024-43882, CVE-2024-46800

4 Ways to Bypass Xiaomi/Mi/Redmi/POCO/Pad FRP Lock 2025

Trust: 3.5

Fetched: Dec. 27, 2024, 9:23 a.m., Published: Dec. 4, 2024, midnight
 Vulnerabilities: command execution
Affected productsExternal IDs
vendor: google model: android
vendor: google model: wifi
vendor: xiaomi model: redmi
vendor: samsung model: android phone
vendor: samsung model: note
vendor: samsung model: samsung
vendor: essential model: phone

Critical Cloud Platform Vulnerabilities Put 50,000 Ruijie Network Devices at Risk

Trust: 3.0

Fetched: Dec. 27, 2024, 9:22 a.m., Published: Dec. 25, 2024, midnight
 Vulnerabilities: arbitrary command execution, command execution, request forgery...
Affected productsExternal IDs

NUUO NVRmini Devices OS Command Injection Vulnerability - vulnerability database | Vulners.com

Trust: 4.0

Fetched: Dec. 27, 2024, 9:21 a.m., Published: Dec. 18, 2024, midnight
 Vulnerabilities: os command injection, command injection
Affected productsExternal IDs
vendor: nuuo model: nvrmini

Evolution of 3G+ Networks: Key Features, Benefits, and Future Outlook

Trust: 3.75

Fetched: Dec. 27, 2024, 9:20 a.m., Published: Dec. 3, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: essential model: phone

D-Link Routers Under Attack - New Botnet Exploiting to Gain Remote Control

Related entries in the VARIoT vulnerabilities database: VAR-201909-1437, VAR-201502-0201, VAR-202405-0699

Trust: 3.0

Fetched: Dec. 27, 2024, 9:20 a.m., Published: Dec. 27, 2024, 2:12 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2019-10891, CVE-2015-2051, CVE-2024-33112, CVE-2022-37056

Windows Kernal Vulnerability Actively Exploits in Attacks to Gain System Access

Trust: 4.5

Fetched: Dec. 27, 2024, 9:19 a.m., Published: Dec. 16, 2024, 9:08 p.m.
 Vulnerabilities: improper access control
Affected productsExternal IDs
vendor: trend micro model: security
vendor: trend model: security
db: NVD ids: CVE-2024-35250, CVE-2024-20767

12 Mobile App Scanner to Find Security Vulnerabilities

Trust: 4.5

Fetched: Dec. 27, 2024, 9:18 a.m., Published: Dec. 26, 2016, 12:07 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: android
vendor: apple model: macos
vendor: apple model: iphone
vendor: apple model: java

Thousands of SonicWall VPN devices are facing worrying security threats | TechRadar

Trust: 4.0

Fetched: Dec. 27, 2024, 9:18 a.m., Published: Dec. 18, 2024, 8:16 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: sonicwall model: ssl vpn

Microsoft patches worrying zero-day along with 71 other flaws | TechRadar

Trust: 4.0

Fetched: Dec. 27, 2024, 9:18 a.m., Published: Dec. 12, 2024, 7:01 p.m.
 Vulnerabilities: buffer overflow, information disclosure, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2024-49138

Palo Alto Networks Firewall Vulnerability "CVE-2024-3393" Exploited in the Wild

Trust: 5.75

Fetched: Dec. 27, 2024, 9:17 a.m., Published: Dec. 27, 2024, 3:37 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: palo model: pan-os
vendor: palo model: firewall
vendor: palo model: networks
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
db: NVD ids: CVE-2024-3393

CVE-2024-10914: A Critical Vulnerability in D-Link NAS Devices - CYFIRMA

Related entries in the VARIoT vulnerabilities database: VAR-202411-0293

Trust: 4.25

Fetched: Dec. 27, 2024, 9:15 a.m., Published: Dec. 27, 2024, 6:24 a.m.
 Vulnerabilities: os command injection, command injection
Affected productsExternal IDs
vendor: d-link model: dns-340l
vendor: d-link model: dns-325
vendor: d-link model: dns-320
vendor: d-link model: dns-320lw
vendor: d-link model: router
db: NVD ids: CVE-2024-10914

SD1682 | Security Advisory | Rockwell Automation

Trust: 3.75

Fetched: Dec. 27, 2024, 9:15 a.m., Published: May 16, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: rockwell automation model: guardlogix
vendor: rockwell automation model: controllogix
vendor: rockwell model: guardlogix
vendor: rockwell model: controllogix
db: NVD ids: CVE-2024-6242

Active Directory Certificate Services Vulnerability Let Attackers Escalate Privileges

Trust: 3.0

Fetched: Dec. 25, 2024, 9:26 a.m., Published: Nov. 29, 2024, 4:43 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-49019

Apache Foundation fixed a severe Tomcat vulnerability

Trust: 4.25

Fetched: Dec. 25, 2024, 9:25 a.m., Published: Dec. 24, 2024, 8:31 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-56337, CVE-2024-50379

Synology patches critical vulnerabilities, urges users…

Trust: 3.75

Fetched: Dec. 24, 2024, 9:24 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security

Critical Flaws detected in Sophos Firewall

Trust: 5.5

Fetched: Dec. 24, 2024, 9:22 a.m., Published: Dec. 24, 2024, 6:14 a.m.
 Vulnerabilities: code injection, code execution, sql injection
Affected productsExternal IDs
vendor: sophos model: firewall
db: NVD ids: CVE-2024-12729, CVE-2024-12727, CVE-2024-12728

Update Canonical Ubuntu Desktop: USN-7174-1: GStreamer vulnerability

Trust: 4.25

Fetched: Dec. 24, 2024, 9:22 a.m., Published: Jan. 24, 7174, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu

Sophos Firewall Fixes Critical Remote Code Execution Vulnerability - VULNERA

Trust: 4.5

Fetched: Dec. 24, 2024, 9:22 a.m., Published: Dec. 20, 2024, 3:31 p.m.
 Vulnerabilities: code execution, sql injection
Affected productsExternal IDs
vendor: sophos model: firewall
db: NVD ids: CVE-2024-12729, CVE-2024-12727, CVE-2024-12728