Sign-up

VARIoT news about IoT security

CVE-2024-9464 - Exploits & Severity - Feedly

Trust: 5.5

Fetched: Oct. 11, 2024, 10:01 a.m., Published: Oct. 9, 2024, midnight
 Vulnerabilities: os command injection, command injection
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os
vendor: palo model: networks
vendor: palo model: pan-os
db: NVD ids: CVE-2024-9464

New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution

Trust: 4.0

Fetched: Oct. 11, 2024, 10 a.m., Published: Oct. 11, 2024, 6:29 a.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2024-9164, CVE-2024-6678, CVE-2024-6530, CVE-2024-6385, CVE-2024-5655, CVE-2024-8970, CVE-2024-8977, CVE-2023-5009, CVE-2024-9631

Android Security Bulletin October 2024 | Android Open Source Project

Related entries in the VARIoT vulnerabilities database: VAR-202410-2726

Trust: 4.25

Fetched: Oct. 11, 2024, 9:57 a.m., Published: Oct. 11, 2024, midnight
 Vulnerabilities: information disclosure, denial of service, code execution
Affected productsExternal IDs
vendor: huawei model: huawei
vendor: motorola model: android
vendor: motorola model: motorola
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: samsung model: notes
vendor: google model: android
vendor: google model: wifi
vendor: google model: pixel
db: NVD ids: CVE-2024-0044, CVE-2024-20100, CVE-2024-40673, CVE-2024-40651, CVE-2024-40674, CVE-2024-40676, CVE-2024-34748, CVE-2024-20091, CVE-2024-34733, CVE-2024-40649, CVE-2024-20090, CVE-2024-20093, CVE-2024-40675, CVE-2024-20092, CVE-2024-34732, CVE-2024-40670, CVE-2024-40672, CVE-2024-20094, CVE-2024-40677, CVE-2024-20101, CVE-2024-20103, CVE-2024-23369, CVE-2024-40669

PAN-SA-2024-0010 Expedition: Multiple Vulnerabilities in Expedition Lead to Exposure of Firewall Credentials

Trust: 5.25

Fetched: Oct. 11, 2024, 9:54 a.m., Published: Oct. 9, 2024, 4 p.m.
 Vulnerabilities: sql injection, os command injection, command injection...
Affected productsExternal IDs
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os
vendor: palo model: firewall
vendor: palo model: networks
vendor: palo model: pan-os
db: NVD ids: CVE-2024-9465, CVE-2024-9463, CVE-2024-9466, CVE-2024-94659, CVE-2024-94668, CVE-2024-94677, CVE-2024-94649, CVE-2024-9467, CVE-2024-9464, CVE-2024-94639

Operating System Vulnerabilities: Understanding and Mitigating the Risk | Sternum IoT

Trust: 5.5

Fetched: Oct. 11, 2024, 9:53 a.m., Published: Sept. 18, 2024, 1:09 p.m.
 Vulnerabilities: improper memory management, integer overflow, privilege escalation...
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2021-4034, CVE-2019-14287, CVE-2024-21412, CVE-2023-35636, CVE-2023-32629

Critical Vulnerabilities in Palo Alto Networks Expedition Could Expose Firewall Credentials, Patch Available - SOCRadar® Cyber Intelligence Inc.

Trust: 4.25

Fetched: Oct. 11, 2024, 9:51 a.m., Published: Oct. 10, 2024, 10:48 a.m.
 Vulnerabilities: code execution, cross-site scripting, command execution...
Affected productsExternal IDs
vendor: palo model: firewall
vendor: palo model: networks
vendor: palo model: pan-os
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os
db: NVD ids: CVE-2024-9465, CVE-2024-9463, CVE-2024-9466, CVE-2024-9467, CVE-2024-9464, CVE-2024-5910

Qualcomm Discloses Security Vulnerability for Android Devices - Teknolojimiz

Trust: 3.75

Fetched: Oct. 11, 2024, 9:50 a.m., Published: Oct. 10, 2024, 9:25 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: oneplus model: oneplus
vendor: motorola model: android
vendor: motorola model: motorola
vendor: samsung model: mobile
vendor: samsung model: samsung
vendor: google model: android
db: NVD ids: CVE-2024-43047

Cybersecurity 101: Fundamentals of Cybersecurity Topics | CrowdStrike

Trust: 4.0

Fetched: Oct. 11, 2024, 9:47 a.m., Published: Oct. 4, 2024, 5:36 p.m.
 Vulnerabilities: privilege escalation, sql injection, injection attack...
Affected productsExternal IDs
vendor: check point model: endpoint security
vendor: check point model: check point
vendor: essential model: phone
vendor: snort model: snort

Hackers targeted Android users by exploiting zero-day bug in Qualcomm chips | TechCrunch

Trust: 3.75

Fetched: Oct. 11, 2024, 9:46 a.m., Published: Oct. 9, 2024, 3:50 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: oneplus model: oneplus
vendor: motorola model: android
vendor: motorola model: motorola
vendor: samsung model: mobile
vendor: samsung model: samsung
vendor: google model: android
db: NVD ids: CVE-2024-43047

Hackers targeted Android users by exploiting a major vulnerability in Qualcomm chips

Trust: 3.5

Fetched: Oct. 11, 2024, 9:46 a.m., Published: Oct. 10, 2024, 5:18 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: oneplus model: oneplus
vendor: google model: android
vendor: google model: chrome
db: NVD ids: CVE-2024-43047

A Vulnerability in Mozilla Firefox Could Allow for Arbitrary Code Execution

Trust: 3.25

Fetched: Oct. 11, 2024, 9:45 a.m., Published: Oct. 10, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

Critical security vulnerabilities in Draytek devices allow system takeover | heise online

Related entries in the VARIoT vulnerabilities database: VAR-202410-0861, VAR-202410-3509, VAR-202410-3388, VAR-202410-0075, VAR-202410-0281, VAR-202410-0186, VAR-202410-0179, VAR-202410-3635

Trust: 5.5

Fetched: Oct. 11, 2024, 9:43 a.m., Published: Oct. 8, 2024, 9:27 p.m.
 Vulnerabilities: cross-site scripting, buffer overflow
Affected productsExternal IDs
vendor: draytek model: vigor
vendor: draytek model: vigor series
vendor: draytek model: draytek routers
vendor: draytek model: routers
db: NVD ids: CVE-2024-41590, CVE-2024-41588, CVE-2024-41586, CVE-2024-41589, CVE-2024-41596, CVE-2024-41587, CVE-2024-41595, CVE-2024-41593, CVE-2024-41591, CVE-2024-41594, CVE-2024-41585, CVE-2024-41592, CVE-2024-41584, CVE-2024-41583

Palo Alto Networks Warns Of Exploitable Firewall Hijack Vulnerabilities

Trust: 5.5

Fetched: Oct. 11, 2024, 9:42 a.m., Published: Oct. 10, 2024, 5:35 a.m.
 Vulnerabilities: sql injection, os command injection, command injection...
Affected productsExternal IDs
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os
vendor: palo model: firewall
vendor: palo model: networks
vendor: palo model: pan-os
db: NVD ids: CVE-2024-9465, CVE-2024-9463, CVE-2024-9466, CVE-2024-9467, CVE-2024-9464, CVE-2024-3400

Palo Alto Networks urges urgent patch for firewall hijack vulnerabilities

Trust: 4.5

Fetched: Oct. 11, 2024, 9:37 a.m., Published: Oct. 10, 2024, 12:22 p.m.
 Vulnerabilities: cross-site scripting, command execution, sql injection...
Affected productsExternal IDs
vendor: palo model: firewall
vendor: palo model: networks
vendor: palo model: pan-os
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os
db: NVD ids: CVE-2024-9465, CVE-2024-9463, CVE-2024-9466, CVE-2024-9467, CVE-2024-9464, CVE-2024-5910

Android Devices With Qualcomm Chipsets Have Been Exploited Due To Zero-Day Vulnerability, Affecting 64 Chips In Total

Trust: 3.75

Fetched: Oct. 11, 2024, 9:33 a.m., Published: Oct. 10, 2024, 6:01 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: oneplus model: oneplus
vendor: oneplus model: one
vendor: motorola model: android
vendor: motorola model: motorola
vendor: samsung model: samsung
vendor: google model: android
db: NVD ids: CVE-2024-43047

Vulnerability Recap 9/16/24: Critical Endpoint Flaws Emerged

Trust: 5.25

Fetched: Oct. 11, 2024, 9:32 a.m., Published: Sept. 16, 2024, 2:58 p.m.
 Vulnerabilities: code execution, input validation flaw, feature bypass...
Affected productsExternal IDs
vendor: apple model: installer
vendor: apple model: watch
db: NVD ids: CVE-2024-43461, CVE-2024-7591, CVE-2024-32840, CVE-2024-6671, CVE-2024-38226, CVE-2024-6678, CVE-2024-6670, CVE-2024-38217, CVE-2024-29847, CVE-2024-40865, CVE-2024-38112, CVE-2024-6342, CVE-2024-34779, CVE-2024-38014

Siemens device PIN susceptible to remote brute-force in older model | SC Media

Related entries in the VARIoT vulnerabilities database: VAR-202410-0128

Trust: 4.0

Fetched: Oct. 11, 2024, 9:30 a.m., Published: June 11, 2024, 5 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: modbus tcp
db: NVD ids: CVE-2024-41798

2024-10 Security Bulletin: Junos Space: Remote Command Execution (RCE) vulnerability in web application (CVE-2024-39563)

Trust: 4.25

Fetched: Oct. 11, 2024, 9:27 a.m., Published: -
 Vulnerabilities: command execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-39563

Hackers exploit CVE in older versions of Ivanti Cloud Service Appliance | Cybersecurity Dive

Trust: 4.0

Fetched: Oct. 11, 2024, 9:27 a.m., Published: Sept. 16, 2024, midnight
 Vulnerabilities: code execution, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-8190

MLOps Platforms: The New High-Value Target & From MLOps to MLOops: Exposing the Attack Surface of Machine Learning Platforms

Trust: 4.5

Fetched: Oct. 11, 2024, 9:25 a.m., Published: Aug. 20, 2024, 1 p.m.
 Vulnerabilities: privilege escalation, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2022-0185, CVE-2024-27132, CVE-2024-27133