Sign-up

VARIoT news about IoT security

How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions

Trust: 3.5

Fetched: Oct. 2, 2024, 9:36 a.m., Published: Aug. 19, 2024, 10 a.m.
 Vulnerabilities: code injection
Affected productsExternal IDs
vendor: apple model: macos
vendor: cisco model: webex meetings
vendor: cisco model: cisco webex
vendor: cisco model: webex
vendor: cisco model: guard
vendor: cisco model: jabber
vendor: cisco model: series
vendor: cisco model: spark
vendor: cisco model: webex productivity tools
vendor: cisco model: cisco webex meetings

Vulnerability Details Page

Trust: 3.5

Fetched: Oct. 2, 2024, 9:35 a.m., Published: Sept. 27, 2024, 8:52 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo model: pan-os
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os

Medical Device Vulnerability Management: Best Practices for Ensuring Patient Safety

Trust: 3.75

Fetched: Oct. 2, 2024, 9:35 a.m., Published: Sept. 1, 2024, 9:17 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security

Vulnerabilities Page

Trust: 4.5

Fetched: Oct. 2, 2024, 9:33 a.m., Published: Sept. 27, 2024, 8:52 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo alto networks model: networks

Vulnerabilities in Longse Technology devices | CERT Polska

Trust: 3.75

Fetched: Oct. 2, 2024, 9:29 a.m., Published: July 9, 2024, midnight
 Vulnerabilities: default credentials, default password
Affected productsExternal IDs
db: NVD ids: CVE-2024-5631, CVE-2024-5632, CVE-2024-5634, CVE-2024-5633

RADIUS Protocol Vulnerability Impacted Multiple Cisco Products

Trust: 3.75

Fetched: Oct. 2, 2024, 9:29 a.m., Published: July 29, 2024, 6:01 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: access points
vendor: cisco model: series switches
vendor: cisco model: ios xe software
vendor: cisco model: application policy infrastructure controller
vendor: cisco model: identity services engine
vendor: cisco model: ucs manager
vendor: cisco model: ucs b-series blade servers
vendor: cisco model: ios xe
vendor: cisco model: adaptive security appliance
vendor: cisco model: sd-wan
vendor: cisco model: series
vendor: cisco model: catalyst
vendor: cisco model: ucs central software
vendor: cisco model: firepower
vendor: cisco model: routers
vendor: cisco model: nexus 3000
vendor: cisco model: series routers
vendor: cisco model: asr 5000
vendor: cisco model: nexus
vendor: cisco model: ios xr
vendor: cisco model: device manager
db: NVD ids: CVE-2024-3596

What Are Vulnerabilities: Types, Examples, Causes, And More!

Trust: 3.5

Fetched: Oct. 2, 2024, 9:28 a.m., Published: Sept. 5, 2024, 12:29 p.m.
 Vulnerabilities: weak password, sql injection
Affected productsExternal IDs
vendor: essential model: phone

CERT-EU - Critical Vulnerabilities in CUPS

Trust: 5.0

Fetched: Oct. 2, 2024, 9:27 a.m., Published: -
 Vulnerabilities: command execution, arbitrary command execution, code execution
Affected productsExternal IDs
vendor: cups model: cups
db: NVD ids: CVE-2024-47177, CVE-2024-47076, CVE-2024-47176, CVE-2024-47175

Millions of Devices Vulnerable to 'PKFail' Secure Boot Bypass Issue

Related entries in the VARIoT vulnerabilities database: VAR-201609-0149

Trust: 3.5

Fetched: Oct. 2, 2024, 9:27 a.m., Published: Oct. 5, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: asus model: asus
vendor: lenovo model: updates
db: NVD ids: CVE-2016-5247

iVerify Discovers Android Vulnerability Impacting Millions of Pixel Devices Around the World

Trust: 4.25

Fetched: Oct. 2, 2024, 9:21 a.m., Published: Aug. 15, 2024, midnight
 Vulnerabilities: code injection, code execution
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android

Microsoft discloses vulnerabilities in Rockwell’s PanelView Plus devices that could allow remote code execution - Industrial Cyber

Trust: 3.25

Fetched: Oct. 2, 2024, 9:21 a.m., Published: July 5, 2024, 2:47 p.m.
 Vulnerabilities: information disclosure, code execution
Affected productsExternal IDs
vendor: rockwell automation model: factorytalk view
vendor: rockwell automation model: factorytalk linx
vendor: rockwell automation model: factorytalk
vendor: rockwell automation model: automation panelview plus
vendor: rockwell automation model: automation panelview
vendor: rockwell model: factorytalk view
vendor: rockwell model: factorytalk linx
vendor: rockwell model: factorytalk
vendor: rockwell model: automation panelview plus
vendor: rockwell model: automation panelview

Secure by Design Alert: Eliminating OS Command Injection Vulnerabilities | CISA

Trust: 3.75

Fetched: Oct. 2, 2024, 9:20 a.m., Published: Oct. 2, 2023, midnight
 Vulnerabilities: os command injection, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-20399, CVE-2024-3400, CVE-2024-21887

Zyxel warns of vulnerabilities in a wide range of its products | Ars Technica

Trust: 4.5

Fetched: Oct. 2, 2024, 9:19 a.m., Published: Sept. 4, 2024, 6:57 p.m.
 Vulnerabilities: cross-site scripting, pointer dereference vulnerability, command injection...
Affected productsExternal IDs
db: NVD ids: CVE-2024-42059, CVE-2024-6343, CVE-2024-42060, CVE-2024-42061, CVE-2024-5412, CVE-2024-7203, CVE-2024-42057, CVE-2024-7261, CVE-2024-42058

Vulnerabilities Page

Trust: 4.5

Fetched: Oct. 2, 2024, 9:18 a.m., Published: Sept. 27, 2024, 8:52 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo alto networks model: networks

Breaking Boundaries: Investigating Vulnerable Drivers and Mitigating Risks - Check Point Research

Trust: 4.5

Fetched: Oct. 2, 2024, 9:15 a.m., Published: Sept. 30, 2024, 12:46 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: google model: home
vendor: check point model: check point
vendor: avast model: antivirus
db: NVD ids: CVE-2024-21338

39 hardware vulnerabilities: A guide to the threats | CSO Online

Related entries in the VARIoT vulnerabilities database: VAR-201611-0121

Trust: 4.25

Fetched: Oct. 2, 2024, 9:15 a.m., Published: July 15, 2024, midnight
 Vulnerabilities: privilege escalation, side channel attack, information disclosure...
Affected productsExternal IDs
vendor: samsung model: mobile devices
vendor: samsung model: mobile
vendor: samsung model: samsung
vendor: samsung model: note
vendor: dram model: dram
vendor: google model: android
db: NVD ids: CVE-2023-20593, CVE-2023-23583, CVE-2023-20569, CVE-2021-46778, CVE-2022-40982, CVE-2024-2193, CVE-2016-6728

Inside Pwn2Own Ireland 2024: The Future of Hacking Enterprise Systems, Servers, and IoT | Trend Micro (UK)

Trust: 3.5

Fetched: Oct. 1, 2024, 10:05 a.m., Published: Sept. 30, 2024, midnight
 Vulnerabilities: service disruption, privilege escalation, code execution...
Affected productsExternal IDs
vendor: trendmicro model: security
vendor: trend micro model: security
vendor: trend model: security
vendor: cisco model: cisco webex
vendor: cisco model: webex

Privilege Escalation Attack Explained (How to Prevent It) | StrongDM

Trust: 3.5

Fetched: Oct. 1, 2024, 9:49 a.m., Published: Oct. 4, 2024, midnight
 Vulnerabilities: service disruption, session hijacking, privilege escalation
Affected productsExternal IDs

Western Digital My Cloud Flaw Let Attackers Execute Arbitrary Code

Trust: 4.5

Fetched: Oct. 1, 2024, 9:49 a.m., Published: Oct. 1, 2024, 4:14 a.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2024-22170

CVE-2024-23967 | Tenable®

Trust: 3.75

Fetched: Oct. 1, 2024, 9:46 a.m., Published: Dec. 1, 2064, midnight
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-23967