Sign-up

VARIoT news about IoT security

Discover how the TCC iOS vulnerability exposes iCloud data to hackers. Learn what it means, how to protect yourself, and why updating your device is crucial!

Trust: 3.5

Fetched: Dec. 15, 2024, 9:48 a.m., Published: Dec. 15, 2035, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: icloud
db: NVD ids: CVE-2024-44131

A Potential Exploit With The Ext Filesystem | Hackaday

Trust: 3.0

Fetched: Dec. 15, 2024, 9:46 a.m., Published: Dec. 10, 2024, 10:21 p.m.
 Vulnerabilities: kernel panic
Affected productsExternal IDs

Cleo urges customers to patch actively exploited vulnerability. Iran-linked threat actor deploys new ICS malware.

Trust: 4.25

Fetched: Dec. 15, 2024, 9:43 a.m., Published: Dec. 1, 2024, midnight
 Vulnerabilities: information disclosure, sql injection, code execution...
Affected productsExternal IDs
vendor: hikvision model: hikvision
vendor: hikvision model: ip cameras
vendor: sophos model: firewall
vendor: d-link model: router
db: NVD ids: CVE-2024-47133, CVE-2024-45841, CVE-2024-49138, CVE-2024-50623

Android Security Bulletin December 2024 | Android Open Source Project

Trust: 4.25

Fetched: Dec. 15, 2024, 9:37 a.m., Published: Dec. 15, 2024, midnight
 Vulnerabilities: information disclosure, code execution, denial of service
Affected productsExternal IDs
vendor: huawei model: huawei
vendor: google model: android
vendor: google model: pixel
vendor: samsung model: notes
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: motorola model: motorola
vendor: motorola model: android
db: NVD ids: CVE-2024-43769, CVE-2024-43052, CVE-2024-43764, CVE-2024-33056, CVE-2024-43048, CVE-2024-20125, CVE-2024-43767, CVE-2024-43097, CVE-2024-43768, CVE-2024-43077, CVE-2024-43701, CVE-2024-33063, CVE-2024-33044, CVE-2024-43762

Critical Security Alert: Nearly 1 Million Devices at Risk

Trust: 4.25

Fetched: Dec. 15, 2024, 9:34 a.m., Published: Dec. 1, 2024, midnight
 Vulnerabilities: improper access control, access control vulnerability, code execution...
Affected productsExternal IDs
vendor: sonicwall model: sonicos
vendor: fortigate model: fortios
db: NVD ids: CVE-2024-23113, CVE-2024-40766, CVE-2024-47575

ZeroLogon Vulnerability Identified Quickly by Darktrace | Darktrace Blog

Trust: 5.25

Fetched: Dec. 15, 2024, 9:32 a.m., Published: Dec. 16, 2020, midnight
 Vulnerabilities: privilege escalation, authentication bypass, command execution
Affected productsExternal IDs
vendor: trend model: security
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: firewall
vendor: paloaltonetworks model: networks
vendor: paloaltonetworks model: pan-os
vendor: paloaltonetworks model: firewall
vendor: palo model: networks
vendor: palo model: pan-os
vendor: palo model: firewall
db: NVD ids: CVE-2024-9474, CVE-2024-0012

What Is Hardware Security? Definition, Threats, and Best Practices - Spiceworks

Trust: 4.5

Fetched: Dec. 15, 2024, 9:30 a.m., Published: Jan. 4, 2022, 2:07 p.m.
 Vulnerabilities: default password
Affected productsExternal IDs
vendor: dram model: dram

Protecting SmartPLC Devices from Critical Hardcoded Credential Vulnerability CVE-2024-28747

Trust: 4.75

Fetched: Dec. 15, 2024, 9:28 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sonicwall model: remote access
db: NVD ids: CVE-2024-28747

iTWire - The Insecure IoT Cloud Strikes Again RCE on Ruijie Cloud-Connected Devices

Trust: 6.5

Fetched: Dec. 15, 2024, 9:27 a.m., Published: Dec. 13, 2024, 10:03 a.m.
 Vulnerabilities: code execution, denial of service
Affected productsExternal IDs
vendor: wireshark model: wireshark
db: NVD ids: CVE-2024-45722, CVE-2024-47146, CVE-2024-52324

Over-The-Air Attack, Reyee OS IoT Devices Hacked Without Wi-Fi Logins

Trust: 3.0

Fetched: Dec. 15, 2024, 9:27 a.m., Published: Dec. 14, 2024, 1:20 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-45722

Unique Security Challenges of IoT Devices and Best Practices for Securing Them - PECB Insights

Trust: 3.5

Fetched: Dec. 15, 2024, 9:26 a.m., Published: Nov. 15, 2024, 2:15 p.m.
 Vulnerabilities: default password
Affected productsExternal IDs
vendor: axis model: axis
vendor: canary model: canary

CVE-2024-50080 - Linux Kernel Patch Fixes UBLK Vulnerability Disallowing User Copy for Unprivileged Devices

Trust: 3.75

Fetched: Dec. 15, 2024, 9:25 a.m., Published: Oct. 29, 2024, 1:15 a.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2024-50080

Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device-dependencies.inc.php · Advisory · librenms/librenms · GitHub

Trust: 4.0

Fetched: Dec. 15, 2024, 9:24 a.m., Published: Dec. 2, 2024, midnight
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs

Crane Vulnerability Alert: CVE-2024-34679 Exposes Android Devices - UNDERCODE NEWS

Trust: 4.0

Fetched: Dec. 15, 2024, 9:24 a.m., Published: Nov. 12, 2024, 5:26 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: essential model: phone
db: NVD ids: CVE-2024-34679

Synology NAS Zero-Day Vulnerability - Westoahu Cybersecurity

Trust: 4.75

Fetched: Dec. 15, 2024, 9:23 a.m., Published: Dec. 1, 2024, midnight
 Vulnerabilities: command execution
Affected productsExternal IDs
vendor: synology model: diskstation
db: NVD ids: CVE-2024-10443

CVE-2024-41967 - Microsoft Edgecrafted Device Boot Mode Configuration Vulnerability

Trust: 5.25

Fetched: Dec. 15, 2024, 9:23 a.m., Published: Nov. 18, 2024, 9:15 a.m.
 Vulnerabilities: configuration vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2024-41967

Cleo Zero-Day RCE Vulnerability Actively Exploited in the Wild

Trust: 5.0

Fetched: Dec. 15, 2024, 9:22 a.m., Published: Dec. 10, 2024, 5:04 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-50623

SonicWall Advisory Reveals Two Unauthenticated Remote Code Execution Vulnerabilities

Trust: 5.25

Fetched: Dec. 15, 2024, 9:21 a.m., Published: Dec. 2, 2024, midnight
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: sonicwall model: sma 100
vendor: sonicwall model: ssl vpn
vendor: sonicwall model: sma1000
vendor: sonicwall model: sma100
db: NVD ids: CVE-2024-53702, CVE-2024-53703, CVE-2024-38475, CVE-2024-45318, CVE-2024-45319, CVE-2024-40763

Microsoft Zero Day Vulnerabilities Under Attack

Related entries in the VARIoT vulnerabilities database: VAR-202411-0293, VAR-202411-1034

Trust: 5.5

Fetched: Dec. 15, 2024, 9:20 a.m., Published: Nov. 15, 2024, 7:06 a.m.
 Vulnerabilities: privilege escalation, code execution, command injection
Affected productsExternal IDs
vendor: cisco model: access points
vendor: epson model: connect
db: NVD ids: CVE-2024-49039, CVE-2024-43451, CVE-2024-10914, CVE-2024-39205, CVE-2024-11068, CVE-2024-8069, CVE-2024-50340, CVE-2024-47295, CVE-2024-49040, CVE-2024-42509, CVE-2024-8068, CVE-2023-38408, CVE-2024-40711, CVE-2024-20418, CVE-2024-47460

SSA-384652

Related entries in the VARIoT vulnerabilities database: VAR-202412-0442

Trust: 5.0

Fetched: Dec. 15, 2024, 9:18 a.m., Published: Dec. 1, 2024, midnight
 Vulnerabilities: cross-site request forgery, request forgery
Affected productsExternal IDs
db: NVD ids: CVE-2020-28398