Sign-up

VARIoT news about IoT security

Top 5 CVEs and Vulnerabilities of May 2024 - Strobes

Trust: 4.25

Fetched: June 4, 2024, 9:46 a.m., Published: June 3, 2024, 10:46 a.m.
 Vulnerabilities: cross-site scripting, code execution, authentication bypass...
Affected productsExternal IDs
vendor: check point model: check point
vendor: check point model: security gateway
vendor: checkpoint model: check point
vendor: checkpoint model: security gateway
db: NVD ids: CVE-2024-24919, CVE-2024-4985, CVE-2024-27348, CVE-2024-4835, CVE-2024-27130

ACSC Alert for Check Points’ Quantum Security Gateway Device Vulnerability - Australian Cyber Security Magazine

Trust: 3.75

Fetched: June 4, 2024, 9:46 a.m., Published: June 3, 2024, 2:09 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: check point model: security gateway
vendor: check point model: check point
vendor: check point model: quantum security gateway
db: NVD ids: CVE-2024-24919

ERROR: The request could not be satisfied

Trust: 3.25

Fetched: June 4, 2024, 9:45 a.m., Published: May 31, 2024, midnight
 Vulnerabilities: configuration error
Affected productsExternal IDs

CPCI85 Central Processing/Communication Vulnerability: Command Injection Risk (CVE-2024-31485) | SecurityVulnerability.io - SecuirtyVulnerability.io

Related entries in the VARIoT vulnerabilities database: VAR-202405-0176

Trust: 3.25

Fetched: June 4, 2024, 9:39 a.m., Published: June 4, 2024, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-31485

Check Point releases emergency fix after hackers target VPNs - The Hindu

Trust: 3.0

Fetched: June 4, 2024, 9:38 a.m., Published: May 31, 2024, 11:03 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: check point model: check point

11 BEST Network Scanning Tools (2024)

Trust: 4.25

Fetched: June 4, 2024, 9:35 a.m., Published: June 1, 2024, 7:16 a.m.
 Vulnerabilities: injection attack, sql injection
Affected productsExternal IDs
vendor: citrix model: licensing
vendor: google model: android
vendor: google model: home
vendor: blackberry model: link
vendor: blackberry model: blackberry
vendor: cisco model: router
vendor: cisco model: routers

Threats, Vulnerabilities, Exploits and Their Relationship to Risk | F5 Labs

Related entries in the VARIoT vulnerabilities database: VAR-202102-0898

Trust: 3.75

Fetched: June 4, 2024, 9:34 a.m., Published: Feb. 23, 2021, 7:55 a.m.
 Vulnerabilities: sql injection
Affected productsExternal IDs
db: NVD ids: CVE-2021-20016

Smart home vulnerabilities and how to protect against them | Kaspersky official blog

Trust: 3.25

Fetched: June 4, 2024, 9:33 a.m., Published: Jan. 4, 2050, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: home
vendor: fibaro model: button

91,000 Smart LG TV Devices Vulnerable to Remote Takeover - The Cloud Consultancy

Trust: 5.0

Fetched: June 4, 2024, 9:31 a.m., Published: April 9, 2024, 7:40 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2023-6317, CVE-2023-6320, CVE-2023-6319, CVE-2023-6318

D-Link tells customers to sunset actively exploited storage devices | Cybersecurity Dive

Related entries in the VARIoT vulnerabilities database: VAR-202404-0070

Trust: 5.5

Fetched: June 4, 2024, 9:31 a.m., Published: April 8, 2024, midnight
 Vulnerabilities: arbitrary command execution, command injection, command execution...
Affected productsExternal IDs
vendor: d-link model: dns-325
vendor: d-link model: dns-340l
vendor: d-link model: dns-327l
vendor: d-link model: dns-320l
vendor: barracuda model: barracuda
db: NVD ids: CVE-2024-3273

Detect Security Vulnerability | NetApp Documentation

Trust: 3.0

Fetched: June 4, 2024, 9:31 a.m., Published: March 14, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: netapp model: santricity os controller
vendor: netapp model: storagegrid
vendor: netapp model: solidfire
vendor: netapp model: element software
vendor: netapp model: active iq unified manager

Five new vulnerabilities found in Zyxel NAS devices (including code execution and privilege escalation)

Trust: 6.25

Fetched: June 4, 2024, 9:29 a.m., Published: June 3, 2024, 1:36 p.m.
 Vulnerabilities: privilege escalation, authentication bypass, code injection...
Affected productsExternal IDs
vendor: zyxel model: nsa310
vendor: zyxel model: nas326
db: NVD ids: CVE-2024-29972, CVE-2024-29974, CVE-2024-29976, CVE-2024-29975, CVE-2024-29973, CVE-2023-27992, CVE-2011-5325

Zero Day Remote Code Execution Vulnerability Exploited to Attack PAN-OS

Trust: 4.5

Fetched: June 4, 2024, 9:28 a.m., Published: April 23, 2024, midnight
 Vulnerabilities: code execution, path traversal, command injection
Affected productsExternal IDs
vendor: palo model: pan-os
db: NVD ids: CVE-2024-3400

Protect Your System: Understanding CVE-2024-3400 Zero-Day Vulnerability

Trust: 4.5

Fetched: June 4, 2024, 9:28 a.m., Published: April 12, 2024, 10:10 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: palo model: pan-os
vendor: palo model: firewall
vendor: palo model: networks
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
db: NVD ids: CVE-2024-3400

Flaws in legacy D-Link NAS devices under attack | TechTarget

Related entries in the VARIoT vulnerabilities database: VAR-202404-0070

Trust: 6.0

Fetched: June 4, 2024, 9:28 a.m., Published: April 8, 2024, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: d-link model: dns-325
vendor: d-link model: router
vendor: d-link model: dns-340l
vendor: d-link model: dns-327l
vendor: d-link model: dns-320l
db: NVD ids: CVE-2024-3273

Cisco IOS Software for Catalyst 6000 Series Switches Denial of Service Vulnerability

Trust: 5.0

Fetched: June 4, 2024, 9:27 a.m., Published: April 4, 2024, 3:31 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: series
vendor: cisco model: ios xe
vendor: cisco model: catalyst 4000
vendor: cisco model: catalyst
vendor: cisco model: catalyst 6500
vendor: cisco model: series switches
vendor: cisco model: router
vendor: cisco model: ios software
vendor: cisco model: nx-os software
vendor: cisco model: ios xr
vendor: cisco model: cisco ios
vendor: cisco model: catalyst 6000 series
vendor: cisco model: ios xr software
vendor: cisco model: catalyst 3000
vendor: cisco model: catalyst 4000 series
vendor: cisco model: supervisor engine
vendor: cisco model: catalyst 6000
vendor: cisco model: nx-os
vendor: cisco model: ios xe software
vendor: cisco model: catalyst 6500 series

Securing Git: Addressing 5 new vulnerabilities - The GitHub Blog

Trust: 5.75

Fetched: June 4, 2024, 9:25 a.m., Published: May 14, 2024, 5:07 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2024-32020, CVE-2024-32465, CVE-2024-32002, CVE-2024-32004, CVE-2024-32021

Check Point CVE-2024-24919: Find potentially impacted devices

Trust: 4.0

Fetched: June 2, 2024, 9:42 a.m., Published: May 31, 2024, 4:36 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: check point model: security gateway
vendor: check point model: check point
db: NVD ids: CVE-2024-24919

Microsoft’s May 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-30051, CVE-2024-30040) - Blog | Tenable®

Trust: 4.75

Fetched: June 2, 2024, 9:42 a.m., Published: May 14, 2024, 5:37 p.m.
 Vulnerabilities: information disclosure, denial of service, code execution...
Affected productsExternal IDs
db: NVD ids: CVE-2024-30008, CVE-2024-30040, CVE-2023-36033, CVE-2023-36436, CVE-2023-21805, CVE-2024-32004, CVE-2023-32046, CVE-2023-35308, CVE-2023-29324, CVE-2024-30035, CVE-2024-30051, CVE-2023-35336, CVE-2024-30044, CVE-2023-35628, CVE-2024-30046, CVE-2024-32002, CVE-2023-36805, CVE-2024-32046, CVE-2024-30032

Apple TV < 17.5 Multiple Vulnerabilities (HT214102) | Tenable®

Trust: 3.25

Fetched: June 2, 2024, 9:41 a.m., Published: June 17, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: apple tv