Sign-up

VARIoT news about IoT security

Pixel Watch Security Bulletin-December 2024 | Android Open Source Project

Trust: 4.5

Fetched: Dec. 6, 2024, 9:59 a.m., Published: Dec. 6, 2024, midnight
 Vulnerabilities: code execution, denial of service, information disclosure
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
db: NVD ids: CVE-2024-33039

Why Zero-Day Attacks Bypass Traditional Firewall Security: Defending Against Zero-Day’s like Palo Alto Networks CVE-2024-0012 - Security Boulevard

Trust: 3.75

Fetched: Dec. 6, 2024, 9:59 a.m., Published: Dec. 5, 2024, 3:30 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: palo model: firewall
vendor: palo model: networks
db: NVD ids: CVE-2024-0012

CVE-2023-43131 - General Device Manager Buffer Overflow Vulnerability

Trust: 5.0

Fetched: Dec. 6, 2024, 9:58 a.m., Published: Sept. 25, 2023, 3:15 p.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2023-43131

Ruijie Networks | Network Devices and Solutions Provider

Trust: 3.5

Fetched: Dec. 6, 2024, 9:58 a.m., Published: Dec. 2, 2024, midnight
 Vulnerabilities: remote command injection, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-42494, CVE-2024-45722, CVE-2024-48874, CVE-2024-51727, CVE-2024-47146, CVE-2024-47791, CVE-2024-47043, CVE-2024-52324, CVE-2024-46874, CVE-2024-47547

I-O DATA Routers Command Injection Vulnerabilities Actively Exploited in Attacks

Trust: 4.0

Fetched: Dec. 6, 2024, 9:58 a.m., Published: Dec. 5, 2024, 7:01 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-52564, CVE-2024-45841, CVE-2024-47133

Android Security Bulletin December 2024 | Android Open Source Project

Trust: 4.25

Fetched: Dec. 6, 2024, 9:57 a.m., Published: Dec. 6, 2024, midnight
 Vulnerabilities: code execution, denial of service, information disclosure
Affected productsExternal IDs
vendor: huawei model: huawei
vendor: motorola model: android
vendor: motorola model: motorola
vendor: samsung model: mobile
vendor: samsung model: samsung
vendor: samsung model: notes
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2024-43097, CVE-2024-43764, CVE-2024-33056, CVE-2024-33063, CVE-2024-43048, CVE-2024-43767, CVE-2024-43769, CVE-2024-43701, CVE-2024-43762, CVE-2024-20125, CVE-2024-43052, CVE-2024-33044, CVE-2024-43077, CVE-2024-43768

Most Exploited Vulnerabilities of 2023 (Insights to Define Cybersecurity in 2025) - SOCRadar® Cyber Intelligence Inc.

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566, VAR-202008-0248

Trust: 5.25

Fetched: Dec. 6, 2024, 9:56 a.m., Published: Dec. 3, 2024, 11:36 a.m.
 Vulnerabilities: access control vulnerability, sql injection, privilege escalation...
Affected productsExternal IDs
vendor: cisco model: cisco ios
vendor: cisco model: ios xe
vendor: cisco model: cisco ios xe
vendor: comcast model: xfinity
vendor: comcast model: comcast xfinity
vendor: barracuda model: barracuda
vendor: xfinity model: gateway
vendor: barracuda networks model: barracuda
vendor: zoho model: manageengine servicedesk plus
vendor: citrix model: netscaler adc
vendor: citrix model: netscaler
vendor: citrix model: gateway
db: NVD ids: CVE-2023-4966, CVE-2023-27997, CVE-2023-23397, CVE-2023-2868, CVE-2023-20273, CVE-2021-44228, CVE-2023-3466, CVE-2023-3519, CVE-2023-49103, CVE-2023-20198, CVE-2023-34362, CVE-2023-3467, CVE-2023-22515, CVE-2023-27350, CVE-2022-47966, CVE-2020-1472, CVE-2023-42793

Security Bulletins for HUAWEI Vision, December 2024

Trust: 3.75

Fetched: Dec. 6, 2024, 9:55 a.m., Published: Dec. 3, 2024, 11:35 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: huawei model: emui
vendor: huawei model: huawei
db: NVD ids: CVE-2024-43090, CVE-2024-40675, CVE-2024-43086, CVE-2024-43085, CVE-2024-43091, CVE-2023-40119, CVE-2024-43089, CVE-2024-40676, CVE-2024-43081

Security Bulletins for HUAWEI Phones/Tablets, December 2024

Related entries in the VARIoT vulnerabilities database: VAR-202411-0380, VAR-202411-0381

Trust: 3.75

Fetched: Dec. 6, 2024, 9:54 a.m., Published: Dec. 2, 2024, 4:43 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: huawei model: emui
vendor: huawei model: huawei
db: NVD ids: CVE-2024-46783, CVE-2024-43093, CVE-2024-43091, CVE-2024-43089, CVE-2024-43081, CVE-2024-43086, CVE-2024-38422, CVE-2024-40676, CVE-2024-43080, CVE-2023-52160, CVE-2023-40119, CVE-2024-38423, CVE-2024-43084, CVE-2024-46740, CVE-2024-43090, CVE-2024-43047, CVE-2024-43082, CVE-2024-43088, CVE-2024-43085, CVE-2024-46679, CVE-2024-40675

www.bankinfosecurity.com

Trust: 3.25

Fetched: Dec. 6, 2024, 9:54 a.m., Published: May 6, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: mitel model: micollab

Old Cisco ASA Vulnerability (CVE-2014-2120) Fuels Androxgh0st Botnet Activity - SOCRadar® Cyber Intelligence Inc.

Related entries in the VARIoT vulnerabilities database: VAR-201403-0466

Trust: 4.25

Fetched: Dec. 6, 2024, 9:54 a.m., Published: Dec. 4, 2024, 11:46 a.m.
 Vulnerabilities: code execution, file inclusion, local file inclusion...
Affected productsExternal IDs
vendor: cisco model: adaptive security appliance
vendor: cisco model: guard
vendor: sophos model: firewall
db: NVD ids: CVE-2021-41277, CVE-2014-2120, CVE-2021-26086, CVE-2024-42448

Critical Vulnerabilities Found In Veeam Service Provider Console

Trust: 3.75

Fetched: Dec. 6, 2024, 9:47 a.m., Published: Dec. 5, 2024, 5:13 a.m.
 Vulnerabilities: service disruption, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-42449, CVE-2024-42448

ERROR: The request could not be satisfied

Trust: 3.25

Fetched: Dec. 6, 2024, 9:46 a.m., Published: -
 Vulnerabilities: configuration error
Affected productsExternal IDs

Third-Party Vulnerability Bulletin: SonicWall | BD

Trust: 3.25

Fetched: Dec. 6, 2024, 9:46 a.m., Published: Dec. 19, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sonicwall model: sonicos

www.govinfosecurity.com

Trust: 3.25

Fetched: Dec. 6, 2024, 9:45 a.m., Published: May 6, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: mitel model: micollab

Understanding IoT Attacks: Safeguarding Devices and Networks

Trust: 3.5

Fetched: Dec. 6, 2024, 9:44 a.m., Published: May 6, 2024, midnight
 Vulnerabilities: device impersonation, denial of service
Affected productsExternal IDs

Access Denied

Trust: 3.25

Fetched: Dec. 6, 2024, 9:43 a.m., Published: May 19, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung

Security flaws in OvrC cloud platform expose IoT devices to remote code execution, prompt updates - Industrial Cyber

Trust: 4.25

Fetched: Dec. 6, 2024, 9:39 a.m., Published: Nov. 14, 2024, 8:38 a.m.
 Vulnerabilities: improper access control, authentication bypass, code execution
Affected productsExternal IDs

SweynTooth Vulnerabilities | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202002-0391, VAR-202002-0294, VAR-202002-0393, VAR-202002-0295, VAR-202002-0491, VAR-202002-0392, VAR-202002-0487, VAR-202002-0418, VAR-202002-0394

Trust: 3.5

Fetched: Dec. 6, 2024, 9:36 a.m., Published: Dec. 6, 2023, midnight
 Vulnerabilities: security bypass, buffer overflow, memory corruption
Affected productsExternal IDs
db: NVD ids: CVE-2019-17520, CVE-2019-19194, CVE-2019-17060, CVE-2019-17518, CVE-2019-17061, CVE-2019-19193, CVE-2019-19196, CVE-2019-17517, CVE-2019-19192, CVE-2019-16336, CVE-2019-19195, CVE-2019-17519

How Safe Are Storage Devices From a Ransomware Attack? - Securin

Related entries in the VARIoT vulnerabilities database: VAR-202003-1707, VAR-202203-0043, VAR-201909-0594, VAR-201905-0745, VAR-202010-1066

Trust: 3.5

Fetched: Dec. 6, 2024, 9:34 a.m., Published: Sept. 9, 2022, 7:20 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: qnap model: photo station
vendor: qnap model: helpdesk
vendor: qnap systems model: photo station
vendor: qnap systems model: helpdesk
vendor: synology model: photo station
vendor: netatalk model: netatalk
vendor: d-link model: dns-320
vendor: trend model: security
db: NVD ids: CVE-2019-7194, CVE-2022-23125, CVE-2020-2509, CVE-2022-27593, CVE-2021-28799, CVE-2022-0194, CVE-2022-24990, CVE-2021-27876, CVE-2021-27878, CVE-2022-23121, CVE-2020-9054, CVE-2018-19943, CVE-2017-7494, CVE-2020-2506, CVE-2022-0847, CVE-2019-16057, CVE-2018-14839, CVE-2019-7195, CVE-2019-7192, CVE-2022-23122, CVE-2019-7193, CVE-2018-19953, CVE-2021-27877, CVE-2023-27532, CVE-2018-19949