Sign-up

VARIoT news about IoT security

Impact of Unpatched Vulnerabilities in 2025 - Kratikal Blogs

Trust: 3.0

Fetched: Dec. 31, 2024, 9:21 a.m., Published: Dec. 24, 2024, 6:29 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-5806

Ruijie Cloud Flaws Put 50,000 Devices at Risk

Trust: 4.75

Fetched: Dec. 31, 2024, 9:21 a.m., Published: Dec. 26, 2024, midnight
 Vulnerabilities: request forgery, code execution, weak password
Affected productsExternal IDs
db: NVD ids: CVE-2024-48874, CVE-2024-47547, CVE-2024-52324

CVE-2024-53181: Addressing the Linux Vector Device Removal Vulnerability

Trust: 3.0

Fetched: Dec. 31, 2024, 9:20 a.m., Published: Dec. 27, 2024, midnight
 Vulnerabilities: kernel panic
Affected productsExternal IDs
db: NVD ids: CVE-2024-53181

CVE-2024-53197 ALSA: usb-audio: Fix potential out-of-bound a... - vulnerability database | Vulners.com

Trust: 4.0

Fetched: Dec. 31, 2024, 9:19 a.m., Published: Dec. 27, 2024, 1:49 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: alsa model: alsa
db: NVD ids: CVE-2024-53197

IBM AIX Vulnerability Let Attackers Trigger DoS Condition

Trust: 4.0

Fetched: Dec. 31, 2024, 9:18 a.m., Published: Dec. 26, 2024, 7:11 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2024-52906, CVE-2024-47102

Does a VPN Protect You From Hackers in 2025?

Trust: 4.5

Fetched: Dec. 31, 2024, 9:17 a.m., Published: Dec. 18, 2024, 9:23 a.m.
 Vulnerabilities: session hijacking, cross-site scripting, denial of service
Affected productsExternal IDs
vendor: google model: home

CVEs and Security Vulnerabilities - OpenCVE

Trust: 4.5

Fetched: Dec. 31, 2024, 9:15 a.m., Published: April 6, 2024, midnight
 Vulnerabilities: sql injection, default credentials, resource exhaustion...
Affected productsExternal IDs
vendor: palo model: pan-os
vendor: palo model: firewall
vendor: palo model: networks
vendor: four-faith model: four-faith
vendor: four-faith model: f3x24
vendor: four-faith model: four-faith router
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks

D-Link Web Management Interface Vulnerability Let Attackers Gain Device Access

Related entries in the VARIoT vulnerabilities database: VAR-202412-2435

Trust: 5.75

Fetched: Dec. 31, 2024, 9:15 a.m., Published: Dec. 30, 2024, 7:44 a.m.
 Vulnerabilities: improper access control
Affected productsExternal IDs
vendor: d-link model: router
vendor: d-link model: dir-823g
db: NVD ids: CVE-2024-13030

CERT-In Alert: Android Flaws Risk Millions Of Devices

Trust: 6.75

Fetched: Dec. 31, 2024, 9:10 a.m., Published: Nov. 26, 2024, 2:44 p.m.
 Vulnerabilities: code execution, denial of service, privilege escalation
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2024-38402, CVE-2024-20484, CVE-2024-20104, CVE-2024-21455, CVE-2024-20536, CVE-2023-35659, CVE-2024-43093

Cisco IOS XE Software Protocol Independent Multicast Denial of Service Vulnerability

Trust: 4.0

Fetched: Dec. 31, 2024, 9:10 a.m., Published: Sept. 25, 2024, 3:47 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: cisco ios xe
vendor: cisco model: ios xe
vendor: cisco model: cisco ios
vendor: cisco model: ios xe software

CVE-2024-11944: TrueNAS CORE Vulnerability Allows Unauthenticated Attacks

Trust: 4.25

Fetched: Dec. 31, 2024, 9:09 a.m., Published: Dec. 31, 2024, 2:15 a.m.
 Vulnerabilities: service disruption
Affected productsExternal IDs
db: NVD ids: CVE-2024-11944

A critical vulnerability discovered in the Ruijie Networks cloud platform could potentially expose 50,000 devices to remote attacks. - Thailand Computer Emergency Response Team (ThaiCERT)

Trust: 4.75

Fetched: Dec. 29, 2024, 9:45 a.m., Published: Dec. 27, 2024, 6:59 a.m.
 Vulnerabilities: weak password
Affected productsExternal IDs
db: NVD ids: CVE-2024-52324, CVE-2024-47547, CVE-2024-48874

Critical Windows Zero-Day Vulnerability Exploited in the Wild

Trust: 4.0

Fetched: Dec. 29, 2024, 9:44 a.m., Published: Dec. 9, 2024, 9:02 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2024-38193

Urgent: Critical Vulnerabilities Exploited in Multiple Devices and Routers - UNDERCODE NEWS

Trust: 5.0

Fetched: Dec. 29, 2024, 9:43 a.m., Published: Dec. 5, 2024, 5:23 a.m.
 Vulnerabilities: firewall bypass, path traversal, command injection...
Affected productsExternal IDs
db: NVD ids: CVE-2024-11680, CVE-2024-52564, CVE-2024-11667, CVE-2024-47133, CVE-2023-45727, CVE-2024-45841, CVE-2024-51378

CVE-2024-56699 - s390/pci: Fix potential double remove of hotplug slot - SecAlerts

Trust: 3.25

Fetched: Dec. 29, 2024, 9:43 a.m., Published: Dec. 28, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-56699

BADBOX malware hits 30,000 Android devices - make sure you update now | TechRadar

Trust: 3.0

Fetched: Dec. 29, 2024, 9:42 a.m., Published: Dec. 16, 2024, 7:48 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

Multiple QNAP Vulnerabilities Let Remote Attackers To Compromise System

Trust: 4.75

Fetched: Dec. 29, 2024, 9:39 a.m., Published: Dec. 9, 2024, 8:21 a.m.
 Vulnerabilities: buffer overflow, authentication flaw, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-48868, CVE-2024-50402, CVE-2024-21899, CVE-2024-48859, CVE-2024-48866, CVE-2024-48865, CVE-2024-50403, CVE-2024-50393, CVE-2024-48867

IoT Devices Under Fire by FICORA and CAPSAICIN

Related entries in the VARIoT vulnerabilities database: VAR-201909-1437, VAR-201502-0201, VAR-202405-0699

Trust: 3.5

Fetched: Dec. 29, 2024, 9:37 a.m., Published: Dec. 28, 2024, 12:16 a.m.
 Vulnerabilities: command execution, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2019-10891, CVE-2015-2051, CVE-2024-33112, CVE-2022-37056

CISA Alerts New ICS Vulnerabilities Across Products

Related entries in the VARIoT vulnerabilities database: VAR-202106-0541, VAR-202106-0542

Trust: 4.25

Fetched: Dec. 29, 2024, 9:36 a.m., Published: Dec. 4, 2024, 2:25 p.m.
 Vulnerabilities: authentication bypass, weak password, path traversal
Affected productsExternal IDs
vendor: schneider electric model: m340
vendor: schneider electric model: modicon m580
vendor: schneider electric model: m580
vendor: schneider electric model: m340 cpus
vendor: schneider electric model: modicon m340
vendor: schneider model: m340
vendor: schneider model: modicon m580
vendor: schneider model: m580
vendor: schneider model: m340 cpus
vendor: schneider model: modicon m340
db: NVD ids: CVE-2024-3982, CVE-2023-6408, CVE-2024-7940, CVE-2023-6409, CVE-2021-22763, CVE-2024-3980, CVE-2021-22764

Understanding the CVE-2024-53688: Mitigating OS Command Injection in FXC Inc. Products

Trust: 3.0

Fetched: Dec. 29, 2024, 9:35 a.m., Published: -
 Vulnerabilities: os command injection, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-53688