Sign-up

VARIoT news about IoT security

Qualcomm Vulnerability (CVE-2024-43047) Explained

Trust: 5.75

Fetched: Oct. 9, 2024, 9:34 a.m., Published: Oct. 8, 2024, 6:29 a.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2024-43047

Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability

Trust: 5.0

Fetched: Oct. 9, 2024, 9:28 a.m., Published: Sept. 14, 2024, 4:12 a.m.
 Vulnerabilities: os command injection, code execution, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-8190, CVE-2024-29847

Navigating the Threat Landscape of IoT: An Analysis of Attacks | SpringerLink

Trust: 4.0

Fetched: Oct. 9, 2024, 9:26 a.m., Published: Oct. 9, 2024, midnight
 Vulnerabilities: cross-site scripting, data injection, sql injection...

Cisco Nexus Dashboard Fabric Controller Arbitrary Command Execution Vulnerability - Cisco

Trust: 3.75

Fetched: Oct. 9, 2024, 9:26 a.m., Published: Oct. 2, 2024, 11:15 a.m.
 Vulnerabilities: command execution, arbitrary command execution
Affected productsExternal IDs
vendor: cisco model: nexus

Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability

Trust: 4.0

Fetched: Oct. 9, 2024, 9:24 a.m., Published: Oct. 5, 2024, 4:50 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: iphone
vendor: apple model: safari
vendor: apple model: macos
vendor: apple model: ipad air
db: NVD ids: CVE-2024-44204, CVE-2024-44207

The Rise Of IoT Vulnerabilities: Keeping Your Smart Home Secure - ITU Online

Trust: 3.25

Fetched: Oct. 9, 2024, 9:23 a.m., Published: Oct. 1, 2024, 6:42 p.m.
 Vulnerabilities: -
Affected productsExternal IDs

IoT Vulnerabilities for Cybersecurity

Trust: 3.25

Fetched: Oct. 9, 2024, 9:22 a.m., Published: Oct. 2, 2024, midnight
 Vulnerabilities: denial of service, default password
Affected productsExternal IDs
vendor: google model: wifi
vendor: google model: home

New Scanner Released to Detect CUPS RCE Vulnerability CVE-2024-47176 | Black Hat Ethical Hacking

Trust: 5.0

Fetched: Oct. 9, 2024, 9:22 a.m., Published: Oct. 9, 2024, 8:18 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cups model: cups
db: NVD ids: CVE-2024-47176

Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited

Trust: 4.75

Fetched: Oct. 9, 2024, 9:20 a.m., Published: Oct. 8, 2024, 4:38 p.m.
 Vulnerabilities: code execution, sql injection, os command injection...
Affected productsExternal IDs
db: NVD ids: CVE-2024-9379, CVE-2024-8963, CVE-2024-8190, CVE-2024-9380, CVE-2024-9381, CVE-2024-29824

Following the Trail of Flax Typhoon to Uncover Newly Discovered Vulnerabilities in Linear Emerge Access Control Devices

Related entries in the VARIoT vulnerabilities database: VAR-201907-0157

Trust: 3.75

Fetched: Oct. 9, 2024, 9:19 a.m., Published: Oct. 8, 2024, midnight
 Vulnerabilities: os command injection, code execution, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2019-7256, CVE-2024-9441

Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202205-0394

Trust: 4.5

Fetched: Oct. 9, 2024, 9:17 a.m., Published: Oct. 9, 2023, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: citrix model: netscaler
vendor: check point model: check point
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: pan-os
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo model: pan-os
vendor: sophos model: firewall
db: NVD ids: CVE-2024-24919, CVE-2024-3400, CVE-2022-1388, CVE-2023-3519, CVE-2024-21887, CVE-2019-19781

High-severity Qualcomm zero-day vulnerability under attack | TechTarget

Trust: 5.0

Fetched: Oct. 9, 2024, 9:16 a.m., Published: Oct. 8, 2024, midnight
 Vulnerabilities: privilege escalation, code execution, memory corruption
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2024-43047

14 DrayTek vulnerabilities patched, including max-severity RCE flaw | SC Media

Related entries in the VARIoT vulnerabilities database: VAR-202407-1768

Trust: 5.25

Fetched: Oct. 8, 2024, 9:26 a.m., Published: Feb. 13, 2024, 7 p.m.
 Vulnerabilities: cross-site scripting, code execution, buffer overflow...
Affected productsExternal IDs
vendor: draytek model: draytek routers
vendor: draytek model: routers
vendor: draytek model: vigor
db: NVD ids: CVE-2024-41502, CVE-2024-41589, CVE-2024-41492, CVE-2024-41585

【Vulnerability Alert】 Multiple High-Risk Vulnerabilities Found in Planet Technology Switch Devices

Trust: 4.75

Fetched: Oct. 8, 2024, 9:26 a.m., Published: Oct. 8, 2024, midnight
 Vulnerabilities: privilege escalation, cross-site request forgery, request forgery
Affected productsExternal IDs
db: NVD ids: CVE-2024-8458, CVE-2024-8456, CVE-2024-8448

What Is A Virtual Machine Escape? How It Works & Examples | Twingate

Related entries in the VARIoT vulnerabilities database: VAR-201505-0417

Trust: 3.5

Fetched: Oct. 8, 2024, 9:23 a.m., Published: Aug. 7, 2024, midnight
 Vulnerabilities: buffer overflow, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2015-3456, CVE-2018-2698, CVE-2017-4903, CVE-2009-1244, CVE-2019-5183, CVE-2008-0923

New DDoS Attack Vector Discovered In CUPS, Exposing 58,000+ Vulnerable Devices Online

Trust: 4.75

Fetched: Oct. 8, 2024, 9:22 a.m., Published: Oct. 7, 2024, 6:53 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cups model: cups
db: NVD ids: CVE-2024-47176, CVE-2024-47076, CVE-2024-47177, CVE-2024-47175

XSS Attacks Possible With LiteSpeed Cache Plugin Vulnerability | ChannelE2E

Trust: 4.0

Fetched: Oct. 8, 2024, 9:22 a.m., Published: Oct. 7, 2024, midnight
 Vulnerabilities: cross-site scripting, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-47374, CVE-2024-7772, CVE-2024-44000

Version 6.22.2.10: Security Vulnerability Maintenance Release | Nexthink V6 Documentation

Trust: 5.0

Fetched: Oct. 8, 2024, 9:21 a.m., Published: June 22, 2002, 10 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2019-1552

【Vulnerability Alert】 Multiple High-Risk Vulnerabilities Found in Planet Technology Switch Devices

Trust: 4.75

Fetched: Oct. 8, 2024, 9:20 a.m., Published: Oct. 8, 2024, midnight
 Vulnerabilities: privilege escalation, cross-site request forgery, request forgery
Affected productsExternal IDs
db: NVD ids: CVE-2024-8458, CVE-2024-8456, CVE-2024-8448

SonicWall firewall CVE exploits linked to ransomware attacks | Cybersecurity Dive

Trust: 4.5

Fetched: Oct. 8, 2024, 9:19 a.m., Published: Sept. 10, 2024, midnight
 Vulnerabilities: improper access control, access control vulnerability
Affected productsExternal IDs
vendor: palo model: firewall
vendor: palo model: networks
vendor: palo model: ssl vpn
vendor: barracuda model: barracuda
vendor: barracuda model: running
vendor: sonicwall model: sonicos
vendor: sonicwall model: ssl vpn
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: palo alto networks model: ssl vpn
db: NVD ids: CVE-2024-40766