Sign-up

VARIoT news about IoT security

Access Denied

Trust: 3.25

Fetched: Dec. 10, 2024, 9:25 a.m., Published: May 19, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung

Attackers Could Use Vulnerability in Smart Gas Meters to Reset Them or Run Code, Researchers Find

Trust: 4.0

Fetched: Dec. 10, 2024, 9:24 a.m., Published: Dec. 1, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

Vulnerability In Tinxy Mobile Application Exposes User Data

Trust: 5.0

Fetched: Dec. 10, 2024, 9:18 a.m., Published: Dec. 9, 2024, 7:34 a.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2024-12094

CyberOps Associate (version 1.0) - Course Final Exam Answers

Trust: 3.25

Fetched: Dec. 8, 2024, 11:02 a.m., Published: Nov. 19, 2024, 1:58 a.m.
 Vulnerabilities: sql injection, buffer overflow, cross-site scripting...
Affected productsExternal IDs
vendor: essential model: phone
vendor: wireshark model: wireshark
vendor: extreme model: wireless ap
vendor: snort.org model: snort
vendor: clamav model: clamav
vendor: snort model: snort
vendor: cisco model: security agent
vendor: cisco model: series
vendor: cisco model: clamav
vendor: cisco model: intrusion prevention system
vendor: cisco model: routers
vendor: cisco model: cisco security agent
vendor: cisco model: wireless access point
vendor: cisco model: firepower
vendor: cisco model: router
vendor: cisco model: catalyst

How the BEAST Attack Works: Reading Encrypted Data Without Decryption

Related entries in the VARIoT vulnerabilities database: VAR-201109-0130

Trust: 3.5

Fetched: Dec. 8, 2024, 11:01 a.m., Published: Nov. 14, 2024, 4:54 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: google chrome
db: NVD ids: CVE-2011-3389

Hackers Unleash Mayhem on Unpatched D-Link NAS Devices: CVE-2024-10914 Exploited! - The Nimble Nerd

Related entries in the VARIoT vulnerabilities database: VAR-202411-0293

Trust: 3.0

Fetched: Dec. 8, 2024, 11 a.m., Published: Nov. 15, 2024, 12:39 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-10914

Update Canonical Ubuntu Desktop: USN-7102-1: MySQL vulnerabilities

Trust: 3.25

Fetched: Dec. 8, 2024, 10:59 a.m., Published: Jan. 8, 7102, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

November Apple Security Update Fixes Critical Flaws

Trust: 5.25

Fetched: Dec. 8, 2024, 10:58 a.m., Published: Nov. 20, 2024, 1:27 p.m.
 Vulnerabilities: cross-site scripting, code execution
Affected productsExternal IDs
vendor: apple model: ipad air
vendor: apple model: iphone
vendor: apple model: ipad
vendor: apple model: safari
vendor: apple model: webkit
vendor: apple model: macos
db: NVD ids: CVE-2024-44309, CVE-2024-44308

Duo Administration - Policy & Control | Duo Security

Trust: 3.5

Fetched: Dec. 8, 2024, 10:55 a.m., Published: Dec. 12, 2024, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: essential model: phone
vendor: google model: chrome os
vendor: google model: home
vendor: google model: android
vendor: google model: chrome
vendor: apple model: safari
vendor: apple model: java
vendor: apple model: software update
vendor: apple model: macos
vendor: symantec model: symantec endpoint protection
vendor: symantec model: antivirus
vendor: symantec model: endpoint protection
vendor: trend model: antivirus
vendor: trend model: security
vendor: blackberry model: blackberry
vendor: blackberry model: smartphone
vendor: blackberry model: link
vendor: trend micro model: antivirus
vendor: trend micro model: security
vendor: cisco model: security agent
vendor: cisco model: service portal
vendor: sophos model: mobile
vendor: sophos model: endpoint protection
vendor: sophos model: firewall
vendor: palo model: networks
vendor: palo model: firewall

CVE-2024-9474 PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface

Trust: 4.5

Fetched: Dec. 8, 2024, 10:52 a.m., Published: Nov. 18, 2024, 2:20 p.m.
 Vulnerabilities: privilege escalation, command injection, os command injection
Affected productsExternal IDs
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os
vendor: paloaltonetworks model: firewall
vendor: paloaltonetworks model: networks
vendor: paloaltonetworks model: pan-os
vendor: palo model: firewall
vendor: palo model: networks
vendor: palo model: pan-os
db: NVD ids: CVE-2024-9474

Exposure Risks with File Transfer Protocol (FTP) | UpGuard

Trust: 3.5

Fetched: Dec. 8, 2024, 10:51 a.m., Published: Dec. 8, 2025, midnight
 Vulnerabilities: traffic interception
Affected productsExternal IDs
vendor: winscp model: winscp
vendor: putty model: putty
vendor: filezilla model: server

8 Best OT Security Vendors for 2024 - with Links to Demos

Trust: 3.5

Fetched: Dec. 8, 2024, 10:42 a.m., Published: Feb. 11, 2021, 3:41 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: nozomi model: guardian
vendor: nozomi model: networks guardian
vendor: schneider model: monitor

Mitel MiCollab PoC Exploit Links CVE-2024-41713 and Zero-Day, Exposing Sensitive Files - SOCRadar® Cyber Intelligence Inc.

Trust: 5.75

Fetched: Dec. 8, 2024, 10:18 a.m., Published: Dec. 6, 2024, 2:39 p.m.
 Vulnerabilities: sql injection, authentication bypass, path traversal
Affected productsExternal IDs
vendor: mitel model: micollab
db: NVD ids: CVE-2024-41713, CVE-2024-35286

Vulnerability in License Center - Security Advisory | QNAP

Trust: 4.25

Fetched: Dec. 8, 2024, 10:15 a.m., Published: Dec. 2, 2024, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs

Windows, macOS, Linux, iOS and Android: Top Cyberattacks Targeting Operating Systems

Trust: 3.25

Fetched: Dec. 8, 2024, 10:15 a.m., Published: Dec. 8, 2024, midnight
 Vulnerabilities: command injection, authentication bypass
Affected productsExternal IDs
vendor: google model: android
vendor: google model: home
vendor: blackberry model: blackberry
vendor: apple model: iphone
vendor: apple model: macos

Where There’s Smoke, There’s Fire - Mitel MiCollab CVE-2024-35286, CVE-2024-41713 And An 0day

Trust: 5.25

Fetched: Dec. 8, 2024, 10:13 a.m., Published: Dec. 5, 2024, 11 a.m.
 Vulnerabilities: injection attack, sql injection, authentication bypass...
Affected productsExternal IDs
vendor: mitel model: micollab
vendor: axis model: axis
vendor: axis model: communications
vendor: google model: home
db: NVD ids: CVE-2024-35286, CVE-2024-41713

Multiple Vulnerabilities in QTS and QuTS hero (PWN2OWN 2024) - Security Advisory | QNAP

Trust: 5.0

Fetched: Dec. 8, 2024, 10:06 a.m., Published: Dec. 2, 2024, midnight
 Vulnerabilities: certificate validation vulnerability, authentication vulnerability, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-48868, CVE-2024-48859, CVE-2024-50403, CVE-2024-48867, CVE-2024-50402, CVE-2024-50393, CVE-2024-48866, CVE-2024-48865

Hacking Your Own IoT: A White Hat’s Guide to Securing Smart Devices

Trust: 4.25

Fetched: Dec. 8, 2024, 10:05 a.m., Published: Dec. 8, 2024, 2 p.m.
 Vulnerabilities: cross-site scripting, sql injection, default credentials
Affected productsExternal IDs
vendor: wireshark model: wireshark

Access Denied

Trust: 3.25

Fetched: Dec. 8, 2024, 10:05 a.m., Published: May 19, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung

Nozomi detects security vulnerabilities in Wago PLC; firmware updated to prevent privilege escalation - Industrial Cyber

Trust: 5.25

Fetched: Dec. 8, 2024, 10:04 a.m., Published: Dec. 6, 2024, 11:58 a.m.
 Vulnerabilities: access control vulnerability, privilege escalation, code execution...
Affected productsExternal IDs
vendor: wago model: wago
vendor: wago model: 750-8216
vendor: codesys model: codesys
vendor: codesys model: control
db: NVD ids: CVE-2024-41971, CVE-2024-41967, CVE-2024-41968, CVE-2024-41973, CVE-2024-41972, CVE-2024-41969