Sign-up

VARIoT news about IoT security

CISA Warns of Five Vulnerabilities Actively Exploited in the Wild

Trust: 3.0

Fetched: Oct. 11, 2024, 10:37 a.m., Published: Sept. 19, 2024, 9:42 a.m.
 Vulnerabilities: privilege escalation, code execution, access control vulnerability...
Affected productsExternal IDs
db: NVD ids: CVE-2019-1069, CVE-2024-27348, CVE-2020-0618, CVE-2022-21445, CVE-2020-14644

Siemens SIMATIC S7-200 SMART Devices - Cyber & Coffee

Related entries in the VARIoT vulnerabilities database: VAR-202409-0292

Trust: 4.75

Fetched: Oct. 11, 2024, 10:29 a.m., Published: Sept. 17, 2024, 3:19 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: siemens model: simatic s7-200 smart cpu cr60
vendor: siemens model: simatic s7-200 smart cpu
vendor: siemens model: simatic s7-200 smart cpu st40
vendor: siemens model: simatic s7-200 smart cpu st30
vendor: siemens model: simatic s7-200 smart cpu st20
vendor: siemens model: simatic s7-200 smart cpu cr40
vendor: siemens model: simatic s7-200 smart cpu st60
vendor: siemens model: simatic s7-200 smart cpu sr30
vendor: siemens model: simatic s7-200
vendor: siemens model: simatic s7-200 smart cpu sr20
vendor: siemens model: simatic s7-200 smart
vendor: siemens model: simatic s7-200 smart cpu sr60
vendor: siemens model: s7-200 smart
vendor: siemens model: simatic s7-200 smart cpu sr40
vendor: siemens model: simatic
db: NVD ids: CVE-2024-43647

Siemens SENTRON PAC3200 Devices | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202410-0128

Trust: 3.5

Fetched: Oct. 11, 2024, 10:17 a.m., Published: Oct. 11, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: sentron pac3200
vendor: siemens model: modbus tcp
db: NVD ids: CVE-2024-41798

VU#138043 - A stack-based overflow vulnerability exists in the Microchip Advanced Software Framework (ASF) implementation of the tinydhcp server

Trust: 5.0

Fetched: Oct. 11, 2024, 10:15 a.m., Published: Sept. 19, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-7490

Qualcomm Patches Critical Zero-Day Vulnerability Exploited in Targeted Attacks - Gadget Review

Trust: 3.75

Fetched: Oct. 11, 2024, 10:02 a.m., Published: Oct. 10, 2024, 8:06 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: oneplus model: oneplus
vendor: motorola model: android
vendor: motorola model: motorola
vendor: samsung model: mobile devices
vendor: samsung model: mobile
vendor: samsung model: samsung
db: NVD ids: CVE-2024-43047

CVE-2024-9464 - Exploits & Severity - Feedly

Trust: 5.5

Fetched: Oct. 11, 2024, 10:01 a.m., Published: Oct. 9, 2024, midnight
 Vulnerabilities: os command injection, command injection
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os
vendor: palo model: networks
vendor: palo model: pan-os
db: NVD ids: CVE-2024-9464

New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution

Trust: 4.0

Fetched: Oct. 11, 2024, 10 a.m., Published: Oct. 11, 2024, 6:29 a.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2024-9164, CVE-2024-6678, CVE-2024-6530, CVE-2024-6385, CVE-2024-5655, CVE-2024-8970, CVE-2024-8977, CVE-2023-5009, CVE-2024-9631

Android Security Bulletin October 2024 | Android Open Source Project

Related entries in the VARIoT vulnerabilities database: VAR-202410-2726

Trust: 4.25

Fetched: Oct. 11, 2024, 9:57 a.m., Published: Oct. 11, 2024, midnight
 Vulnerabilities: information disclosure, denial of service, code execution
Affected productsExternal IDs
vendor: huawei model: huawei
vendor: motorola model: android
vendor: motorola model: motorola
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: samsung model: notes
vendor: google model: android
vendor: google model: wifi
vendor: google model: pixel
db: NVD ids: CVE-2024-0044, CVE-2024-20100, CVE-2024-40673, CVE-2024-40651, CVE-2024-40674, CVE-2024-40676, CVE-2024-34748, CVE-2024-20091, CVE-2024-34733, CVE-2024-40649, CVE-2024-20090, CVE-2024-20093, CVE-2024-40675, CVE-2024-20092, CVE-2024-34732, CVE-2024-40670, CVE-2024-40672, CVE-2024-20094, CVE-2024-40677, CVE-2024-20101, CVE-2024-20103, CVE-2024-23369, CVE-2024-40669

PAN-SA-2024-0010 Expedition: Multiple Vulnerabilities in Expedition Lead to Exposure of Firewall Credentials

Trust: 5.25

Fetched: Oct. 11, 2024, 9:54 a.m., Published: Oct. 9, 2024, 4 p.m.
 Vulnerabilities: sql injection, os command injection, command injection...
Affected productsExternal IDs
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os
vendor: palo model: firewall
vendor: palo model: networks
vendor: palo model: pan-os
db: NVD ids: CVE-2024-9465, CVE-2024-9463, CVE-2024-9466, CVE-2024-94659, CVE-2024-94668, CVE-2024-94677, CVE-2024-94649, CVE-2024-9467, CVE-2024-9464, CVE-2024-94639

Operating System Vulnerabilities: Understanding and Mitigating the Risk | Sternum IoT

Trust: 5.5

Fetched: Oct. 11, 2024, 9:53 a.m., Published: Sept. 18, 2024, 1:09 p.m.
 Vulnerabilities: improper memory management, integer overflow, privilege escalation...
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2021-4034, CVE-2019-14287, CVE-2024-21412, CVE-2023-35636, CVE-2023-32629

Critical Vulnerabilities in Palo Alto Networks Expedition Could Expose Firewall Credentials, Patch Available - SOCRadar® Cyber Intelligence Inc.

Trust: 4.25

Fetched: Oct. 11, 2024, 9:51 a.m., Published: Oct. 10, 2024, 10:48 a.m.
 Vulnerabilities: code execution, cross-site scripting, command execution...
Affected productsExternal IDs
vendor: palo model: firewall
vendor: palo model: networks
vendor: palo model: pan-os
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os
db: NVD ids: CVE-2024-9465, CVE-2024-9463, CVE-2024-9466, CVE-2024-9467, CVE-2024-9464, CVE-2024-5910

Qualcomm Discloses Security Vulnerability for Android Devices - Teknolojimiz

Trust: 3.75

Fetched: Oct. 11, 2024, 9:50 a.m., Published: Oct. 10, 2024, 9:25 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: oneplus model: oneplus
vendor: motorola model: android
vendor: motorola model: motorola
vendor: samsung model: mobile
vendor: samsung model: samsung
vendor: google model: android
db: NVD ids: CVE-2024-43047

Cybersecurity 101: Fundamentals of Cybersecurity Topics | CrowdStrike

Trust: 4.0

Fetched: Oct. 11, 2024, 9:47 a.m., Published: Oct. 4, 2024, 5:36 p.m.
 Vulnerabilities: privilege escalation, sql injection, injection attack...
Affected productsExternal IDs
vendor: check point model: endpoint security
vendor: check point model: check point
vendor: essential model: phone
vendor: snort model: snort

Hackers targeted Android users by exploiting zero-day bug in Qualcomm chips | TechCrunch

Trust: 3.75

Fetched: Oct. 11, 2024, 9:46 a.m., Published: Oct. 9, 2024, 3:50 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: oneplus model: oneplus
vendor: motorola model: android
vendor: motorola model: motorola
vendor: samsung model: mobile
vendor: samsung model: samsung
vendor: google model: android
db: NVD ids: CVE-2024-43047

Hackers targeted Android users by exploiting a major vulnerability in Qualcomm chips

Trust: 3.5

Fetched: Oct. 11, 2024, 9:46 a.m., Published: Oct. 10, 2024, 5:18 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: oneplus model: oneplus
vendor: google model: android
vendor: google model: chrome
db: NVD ids: CVE-2024-43047

A Vulnerability in Mozilla Firefox Could Allow for Arbitrary Code Execution

Trust: 3.25

Fetched: Oct. 11, 2024, 9:45 a.m., Published: Oct. 10, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

Critical security vulnerabilities in Draytek devices allow system takeover | heise online

Related entries in the VARIoT vulnerabilities database: VAR-202410-0861, VAR-202410-3509, VAR-202410-3388, VAR-202410-0075, VAR-202410-0281, VAR-202410-0186, VAR-202410-0179, VAR-202410-3635

Trust: 5.5

Fetched: Oct. 11, 2024, 9:43 a.m., Published: Oct. 8, 2024, 9:27 p.m.
 Vulnerabilities: cross-site scripting, buffer overflow
Affected productsExternal IDs
vendor: draytek model: vigor
vendor: draytek model: vigor series
vendor: draytek model: draytek routers
vendor: draytek model: routers
db: NVD ids: CVE-2024-41590, CVE-2024-41588, CVE-2024-41586, CVE-2024-41589, CVE-2024-41596, CVE-2024-41587, CVE-2024-41595, CVE-2024-41593, CVE-2024-41591, CVE-2024-41594, CVE-2024-41585, CVE-2024-41592, CVE-2024-41584, CVE-2024-41583

Palo Alto Networks Warns Of Exploitable Firewall Hijack Vulnerabilities

Trust: 5.5

Fetched: Oct. 11, 2024, 9:42 a.m., Published: Oct. 10, 2024, 5:35 a.m.
 Vulnerabilities: sql injection, os command injection, command injection...
Affected productsExternal IDs
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os
vendor: palo model: firewall
vendor: palo model: networks
vendor: palo model: pan-os
db: NVD ids: CVE-2024-9465, CVE-2024-9463, CVE-2024-9466, CVE-2024-9467, CVE-2024-9464, CVE-2024-3400

Palo Alto Networks urges urgent patch for firewall hijack vulnerabilities

Trust: 4.5

Fetched: Oct. 11, 2024, 9:37 a.m., Published: Oct. 10, 2024, 12:22 p.m.
 Vulnerabilities: cross-site scripting, command execution, sql injection...
Affected productsExternal IDs
vendor: palo model: firewall
vendor: palo model: networks
vendor: palo model: pan-os
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os
db: NVD ids: CVE-2024-9465, CVE-2024-9463, CVE-2024-9466, CVE-2024-9467, CVE-2024-9464, CVE-2024-5910

Android Devices With Qualcomm Chipsets Have Been Exploited Due To Zero-Day Vulnerability, Affecting 64 Chips In Total

Trust: 3.75

Fetched: Oct. 11, 2024, 9:33 a.m., Published: Oct. 10, 2024, 6:01 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: oneplus model: oneplus
vendor: oneplus model: one
vendor: motorola model: android
vendor: motorola model: motorola
vendor: samsung model: samsung
vendor: google model: android
db: NVD ids: CVE-2024-43047