Sign-up

VARIoT news about IoT security

Cybersecurity Threat Research Feed - Latest Intelligence Updates

Related entries in the VARIoT vulnerabilities database: VAR-202008-0248

Trust: 4.25

Fetched: Dec. 3, 2024, 10:06 a.m., Published: Oct. 31, 2024, 9:58 p.m.
 Vulnerabilities: code insertion, sql injection, privilege escalation...
Affected productsExternal IDs
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: trend micro model: security
vendor: trend micro model: antivirus
vendor: avast model: antivirus
vendor: palo model: pan-os
vendor: palo model: networks
vendor: palo model: firewall
vendor: check point model: check point
vendor: paloaltonetworks model: pan-os
vendor: paloaltonetworks model: networks
vendor: paloaltonetworks model: firewall
vendor: trend model: security
vendor: trend model: antivirus
vendor: cpanel model: cpanel
vendor: blackberry model: blackberry
vendor: blackberry model: link
vendor: tp-link model: routers
vendor: checkpoint model: check point
vendor: google model: home
vendor: google model: google chrome
vendor: google model: android
vendor: google model: chrome
vendor: google model: wifi
vendor: essential model: phone
vendor: trendmicro model: security
vendor: trendmicro model: antivirus
vendor: ahnlab model: engine
vendor: cisco model: guard
vendor: cisco model: catalyst
vendor: cisco model: umbrella
vendor: cisco model: series
vendor: cisco model: routers
vendor: cisco model: 4351
db: NVD ids: CVE-2020-1472, CVE-2024-0012, CVE-2024-9680, CVE-2023-27532, CVE-2024-49039, CVE-2024-11667, CVE-2024-4351, CVE-2024-9474, CVE-2024-43451

TP-Link HomeShield Function Vulnerability Let Attackers Inject Malicious Commands

Trust: 4.5

Fetched: Dec. 3, 2024, 10:04 a.m., Published: Dec. 3, 2024, 8:48 a.m.
 Vulnerabilities: code execution, command injection
Affected productsExternal IDs
vendor: tp-link model: routers
vendor: qemu model: qemu
db: NVD ids: CVE-2024-53375

Android Zero-Day Vulnerabilities Actively Exploited In Attacks, Patch Now!

Trust: 4.75

Fetched: Dec. 3, 2024, 10:03 a.m., Published: Nov. 5, 2024, 7:58 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: motorola model: motorola
vendor: motorola model: android
vendor: oneplus model: oneplus
vendor: google model: android
vendor: samsung model: mobile devices
vendor: samsung model: samsung
vendor: samsung model: mobile
db: NVD ids: CVE-2024-43047, CVE-2024-43093

October security patch fixes serious vulnerability in Samsung phones - SamMobile

Trust: 3.75

Fetched: Dec. 3, 2024, 10:03 a.m., Published: Oct. 4, 2019, 12:20 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: samsung model: mobile devices
vendor: samsung model: galaxy s8
vendor: samsung model: galaxy s9
vendor: samsung model: galaxy
vendor: samsung model: galaxy s10
vendor: samsung model: galaxy s7
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: google model: android
vendor: google model: chrome
vendor: google model: pixel

CERT-In updates: Keep your Android and Apple devices safe | TechGig

Trust: 4.5

Fetched: Dec. 3, 2024, 10:03 a.m., Published: Nov. 28, 2024, 12:33 p.m.
 Vulnerabilities: code execution, memory corruption, information exposure...
Affected productsExternal IDs
vendor: google model: android
vendor: apple model: iphone
vendor: apple model: icloud
vendor: apple model: macos

CISA, NSA, and Partners Issue Annual Report on Top Exploited Vulnerabilities > National Security Agency/Central Security Service > Press Release View

Trust: 3.25

Fetched: Dec. 3, 2024, 10:02 a.m., Published: Nov. 12, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security

WordPress L Squared Hub WP plugin <= 1.0 - SQL Injection vulnerability - Patchstack

Trust: 3.25

Fetched: Dec. 3, 2024, 10:02 a.m., Published: Dec. 1, 2024, midnight
 Vulnerabilities: sql injection
Affected productsExternal IDs

Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution

Trust: 5.25

Fetched: Dec. 3, 2024, 10:02 a.m., Published: Dec. 2, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android

Samsung monthly updates: November 2024 security patch detailed - SamMobile

Trust: 4.0

Fetched: Dec. 3, 2024, 10:02 a.m., Published: Nov. 5, 2024, 1:44 a.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: samsung model: exynos
vendor: samsung model: samsung
vendor: samsung model: galaxy

CVE-2024-8938: Echelon Network Device Vulnerability - DEC Solutions Group

Trust: 3.0

Fetched: Dec. 3, 2024, 10:01 a.m., Published: Nov. 13, 2024, 5:31 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-8938

Cisco Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul Access Point Command Injection Vulnerability - Cisco

Trust: 3.0

Fetched: Dec. 3, 2024, 10:01 a.m., Published: Nov. 6, 2024, 10:18 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs

CVE-2023-20092 - vulnerability database | Vulners.com

Trust: 4.0

Fetched: Dec. 3, 2024, 9:56 a.m., Published: Nov. 15, 2024, 4:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco telepresence
vendor: cisco model: dx70
vendor: cisco model: telepresence mx series
vendor: cisco model: telepresence sx series
vendor: cisco model: telepresence
vendor: cisco model: series
vendor: cisco model: telepresence ce
vendor: cisco model: dx80
vendor: cisco model: roomos
db: NVD ids: CVE-2023-20092

Conducting a Comprehensive Medical Device Inventory for Enhanced Cybersecurity - Blue Goat Cyber

Trust: 3.75

Fetched: Dec. 3, 2024, 9:54 a.m., Published: Feb. 2, 2024, 8:16 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: serve model: serve

Annual Security Report: Emerging Cybersecurity Threats to Watch in 2025 | Thought Leadership | ShareVault

Trust: 3.75

Fetched: Dec. 3, 2024, 9:49 a.m., Published: Dec. 3, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: serve model: serve

Linux Kernel Vulnerability Fix: Null-Ptr Deref in Target_Alloc_Device() (CVE-2024-50153) | SecurityVulnerability.io - SecuirtyVulnerability.io

Trust: 5.25

Fetched: Dec. 3, 2024, 9:48 a.m., Published: Nov. 7, 2024, midnight
 Vulnerabilities: pointer reference problem
Affected productsExternal IDs
db: NVD ids: CVE-2024-50153

Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities

Trust: 4.25

Fetched: Dec. 3, 2024, 9:48 a.m., Published: Nov. 21, 2024, 9:28 a.m.
 Vulnerabilities: code execution, cross-site scripting
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: webkit
vendor: apple model: ipad
vendor: apple model: software update
vendor: apple model: safari
vendor: apple model: macos
vendor: apple model: ipad air
db: NVD ids: CVE-2024-44309, CVE-2024-44308

MediaTek Processor Vulnerabilities Let Attackers escalate privileges

Related entries in the VARIoT vulnerabilities database: VAR-202412-0091, VAR-202412-0245, VAR-202412-0282

Trust: 3.75

Fetched: Dec. 3, 2024, 9:47 a.m., Published: Dec. 2, 2024, 6:32 a.m.
 Vulnerabilities: privilege escalation, information disclosure, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2024-20135, CVE-2024-20137, CVE-2024-20134, CVE-2024-20129, CVE-2024-20139, CVE-2024-20127, CVE-2024-20125, CVE-2024-20132, CVE-2024-20136, CVE-2024-20116, CVE-2024-20138, CVE-2024-20131, CVE-2024-20133, CVE-2024-20128, CVE-2024-20130

CVE-2022-20931 Cisco Touch 10 Device Downgrade Attack Vulner... - vulnerability database | Vulners.com

Trust: 3.75

Fetched: Dec. 3, 2024, 9:47 a.m., Published: Nov. 15, 2024, 3:30 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco telepresence
vendor: cisco model: telepresence
vendor: cisco model: telepresence endpoint
db: NVD ids: CVE-2022-20931

Understanding and Exploiting CVE-2024-10914: A Critical Vulnerability in D-Link NAS Devices - Jaspreet Singh

Related entries in the VARIoT vulnerabilities database: VAR-202411-0293

Trust: 5.5

Fetched: Dec. 3, 2024, 9:47 a.m., Published: Dec. 1, 2024, 9:29 a.m.
 Vulnerabilities: injection attack, command injection
Affected productsExternal IDs
vendor: dlink model: dns-320lw
vendor: dlink model: dns-325
vendor: dlink model: dns-340l
vendor: dlink model: dns-320
vendor: d-link model: dns-320lw
vendor: d-link model: dns-325
vendor: d-link model: dns-340l
vendor: d-link model: dns-320
db: NVD ids: CVE-2024-10914

Billion Electric 4G/LTE routers patched to plug catastrophic CVSS level 10 severity flaw | Tom's Hardware

Trust: 5.75

Fetched: Dec. 3, 2024, 9:46 a.m., Published: Dec. 2, 2024, 4:24 p.m.
 Vulnerabilities: authentication bypass, os command injection, command injection
Affected productsExternal IDs
vendor: d-link model: router
db: NVD ids: CVE-2024-11983, CVE-2024-11980, CVE-2024-11981, CVE-2024-11982