Sign-up

VARIoT news about IoT security

What Is A Virtual Machine Escape? How It Works & Examples | Twingate

Related entries in the VARIoT vulnerabilities database: VAR-201505-0417

Trust: 3.5

Fetched: Oct. 8, 2024, 9:23 a.m., Published: Aug. 7, 2024, midnight
 Vulnerabilities: buffer overflow, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2015-3456, CVE-2018-2698, CVE-2017-4903, CVE-2009-1244, CVE-2019-5183, CVE-2008-0923

New DDoS Attack Vector Discovered In CUPS, Exposing 58,000+ Vulnerable Devices Online

Trust: 4.75

Fetched: Oct. 8, 2024, 9:22 a.m., Published: Oct. 7, 2024, 6:53 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cups model: cups
db: NVD ids: CVE-2024-47176, CVE-2024-47076, CVE-2024-47177, CVE-2024-47175

XSS Attacks Possible With LiteSpeed Cache Plugin Vulnerability | ChannelE2E

Trust: 4.0

Fetched: Oct. 8, 2024, 9:22 a.m., Published: Oct. 7, 2024, midnight
 Vulnerabilities: cross-site scripting, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-47374, CVE-2024-7772, CVE-2024-44000

Version 6.22.2.10: Security Vulnerability Maintenance Release | Nexthink V6 Documentation

Trust: 5.0

Fetched: Oct. 8, 2024, 9:21 a.m., Published: June 22, 2002, 10 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2019-1552

【Vulnerability Alert】 Multiple High-Risk Vulnerabilities Found in Planet Technology Switch Devices

Trust: 4.75

Fetched: Oct. 8, 2024, 9:20 a.m., Published: Oct. 8, 2024, midnight
 Vulnerabilities: privilege escalation, cross-site request forgery, request forgery
Affected productsExternal IDs
db: NVD ids: CVE-2024-8458, CVE-2024-8456, CVE-2024-8448

SonicWall firewall CVE exploits linked to ransomware attacks | Cybersecurity Dive

Trust: 4.5

Fetched: Oct. 8, 2024, 9:19 a.m., Published: Sept. 10, 2024, midnight
 Vulnerabilities: improper access control, access control vulnerability
Affected productsExternal IDs
vendor: palo model: firewall
vendor: palo model: networks
vendor: palo model: ssl vpn
vendor: barracuda model: barracuda
vendor: barracuda model: running
vendor: sonicwall model: sonicos
vendor: sonicwall model: ssl vpn
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: palo alto networks model: ssl vpn
db: NVD ids: CVE-2024-40766

The What, Why and How of Medical Device Cybersecurity

Trust: 3.5

Fetched: Oct. 8, 2024, 9:17 a.m., Published: Oct. 3, 2024, midnight
 Vulnerabilities: information disclosure, denial of service
Affected productsExternal IDs
vendor: essential model: phone

Vulnerabilities in Espressif ESP-NOW Allow Attackers to Replay Communications

Trust: 3.75

Fetched: Oct. 6, 2024, 9:50 a.m., Published: Oct. 15, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: nozomi model: guardian
db: NVD ids: CVE-2024-42483, CVE-2024-42484

Akamai warns enterprises that VPN attacks will only increase | TechTarget

Trust: 3.75

Fetched: Oct. 6, 2024, 9:48 a.m., Published: Aug. 7, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2023-27996

Google patches 46 Android bugs, including exploited kernel flaw | SC Media

Trust: 4.75

Fetched: Oct. 6, 2024, 9:45 a.m., Published: June 11, 2024, 5 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2024-23350, CVE-2024-36971

Top Linux Security Vulnerabilities and How to Prevent Them | Sternum IoT

Related entries in the VARIoT vulnerabilities database: VAR-202101-1926, VAR-202203-0043

Trust: 3.5

Fetched: Oct. 6, 2024, 9:43 a.m., Published: Aug. 26, 2024, 12:10 p.m.
 Vulnerabilities: sql injection, denial of service, buffer overflow...
Affected productsExternal IDs
db: NVD ids: CVE-2021-3156, CVE-2023-1252, CVE-2024-4011, CVE-2024-3094, CVE-2023-2235, CVE-2022-0847, CVE-2023-40547

Hundreds of Acer, Dell, GIGABYTE, Intel, and Supermicro devices have had their UEFI Secure Boot platform keys leaked, putting them at risk of system compromise - GIGAZINE

Trust: 4.75

Fetched: Oct. 6, 2024, 9:36 a.m., Published: July 26, 2024, 2 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: dell model: bios

Critical Vulnerabilities in Qualcomm's Adreno GPU Affecting Billions of Android Devices

Related entries in the VARIoT vulnerabilities database: VAR-202408-2138

Trust: 5.5

Fetched: Oct. 6, 2024, 9:30 a.m., Published: Aug. 12, 2024, 8:10 a.m.
 Vulnerabilities: memory corruption, denial of service
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: oneplus model: oneplus
vendor: google model: android
db: NVD ids: CVE-2024-23350, CVE-2024-23353, CVE-2024-23352, CVE-2024-21479, CVE-2024-21481

Vulnerabilities in Beckhoff Automation TwinCAT/BSD OS put PLCs at risk of logic tampering, DoS attacks - Industrial Cyber

Trust: 3.5

Fetched: Oct. 6, 2024, 9:29 a.m., Published: Aug. 29, 2024, 3:05 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: beckhoff automation model: twincat
vendor: beckhoff model: twincat
db: NVD ids: CVE-2024-41173, CVE-2024-41174, CVE-2024-41176, CVE-2024-41175

Corona Mirai Botnet Exploiting RCE Zero-Day To Hire New Bots

Related entries in the VARIoT vulnerabilities database: VAR-201803-1048, VAR-201505-0274

Trust: 6.5

Fetched: Oct. 6, 2024, 9:27 a.m., Published: Aug. 29, 2024, 9:30 a.m.
 Vulnerabilities: command injection, code injection, code execution
Affected productsExternal IDs
vendor: trend model: security
vendor: avtech model: ip camera
vendor: huawei model: huawei
db: NVD ids: CVE-2017-17215, CVE-2014-8361, CVE-2024-7029

Top IoT Security Vulnerabilities to Watch Out For - Trustable Tech

Trust: 3.75

Fetched: Oct. 6, 2024, 9:26 a.m., Published: Aug. 22, 2024, 11:14 p.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs

Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Privilege Escalation and Remote Command Execution Vulnerabilities - Cisco

Related entries in the VARIoT vulnerabilities database: VAR-202410-0280, VAR-202410-0204

Trust: 5.5

Fetched: Oct. 6, 2024, 9:26 a.m., Published: Oct. 2, 2024, 11:15 a.m.
 Vulnerabilities: command execution, code execution, privilege escalation
Affected productsExternal IDs
vendor: cisco model: rv345p dual wan gigabit vpn routers
vendor: cisco model: rv340
vendor: cisco model: rv345p
vendor: cisco model: small business
vendor: cisco model: small business rv340
vendor: cisco model: rv340w
vendor: cisco model: rv345
vendor: cisco model: cisco small business
vendor: cisco model: routers
db: NVD ids: CVE-2024-20470, CVE-2024-20393

Cisco Small Business Routers Vulnerabilities Allow Attacker Exploits It Remotely

Related entries in the VARIoT vulnerabilities database: VAR-202410-0280, VAR-202410-0204

Trust: 5.75

Fetched: Oct. 6, 2024, 9:24 a.m., Published: Oct. 3, 2024, 5:49 a.m.
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs
vendor: cisco model: nexus
vendor: cisco model: routers
vendor: cisco model: rv340w
vendor: cisco model: rv345p
vendor: cisco model: rv345p dual wan gigabit vpn routers
vendor: cisco model: series
vendor: cisco model: small business
vendor: cisco model: rv345
vendor: cisco model: cisco small business
vendor: cisco model: rv340
vendor: cisco model: small business rv340
db: NVD ids: CVE-2024-20470, CVE-2024-20393

APT Quarterly Highlights : Q2 2024 - CYFIRMA

Trust: 5.25

Fetched: Oct. 6, 2024, 9:22 a.m., Published: July 31, 2024, 1:22 p.m.
 Vulnerabilities: sql injection, command execution, file execution...
Affected productsExternal IDs
vendor: trend model: security
vendor: google model: google chrome
vendor: google model: chrome
vendor: putty model: putty
db: NVD ids: CVE-2017-11882, CVE-2019-0604, CVE-2024-21338, CVE-2022-38028

Cisco Nexus Dashboard Fabric Controller REST API Command Injection Vulnerability - Cisco

Trust: 5.25

Fetched: Oct. 6, 2024, 9:21 a.m., Published: Oct. 2, 2024, 11:15 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: cisco model: nexus