Sign-up

VARIoT news about IoT security

What is a JSON Injection and How to Prevent it

Trust: 3.5

Fetched: Nov. 24, 2024, 10:53 a.m., Published: Aug. 29, 2021, 10:07 a.m.
 Vulnerabilities: injection attack, sql injection, cross-site scripting...
Affected productsExternal IDs

CISA Warns of Critical Software Vulnerabilities in Industrial Devices - OSINT without borders

Related entries in the VARIoT vulnerabilities database: VAR-202410-3402, VAR-202410-2617

Trust: 4.5

Fetched: Nov. 24, 2024, 10:52 a.m., Published: Nov. 1, 2024, 12:30 p.m.
 Vulnerabilities: authentication bypass, weak password
Affected productsExternal IDs
vendor: mitsubishi electric model: melsec iq-r
vendor: mitsubishi electric model: melsec iq-r series
vendor: rockwell model: automation factorytalk
vendor: rockwell model: factorytalk
vendor: mitsubishi model: melsec iq-r
vendor: mitsubishi model: melsec iq-r series
vendor: rockwell automation model: automation factorytalk
vendor: rockwell automation model: factorytalk
db: NVD ids: CVE-2023-6943, CVE-2024-10386, CVE-2023-2060, CVE-2024-10387

How to Identify Vulnerable Third-Party Software (Quickly) | UpGuard

Trust: 3.75

Fetched: Nov. 24, 2024, 10:51 a.m., Published: -
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: node.js model: node.js

Traditional Cybersecurity vs Medical Device Cybersecurity - Blue Goat Cyber

Trust: 3.75

Fetched: Nov. 24, 2024, 10:50 a.m., Published: Nov. 17, 2024, 4:15 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs

What is an Open Port? Definition & Free Checking Tools | UpGuard

Trust: 3.75

Fetched: Nov. 24, 2024, 10:49 a.m., Published: -
 Vulnerabilities: denial of service
Affected productsExternal IDs

CISA adds D-Link multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog

Related entries in the VARIoT vulnerabilities database: VAR-202404-0069, VAR-202404-0070

Trust: 5.75

Fetched: Nov. 24, 2024, 10:47 a.m., Published: April 11, 2024, 9:48 p.m.
 Vulnerabilities: code execution, command injection
Affected productsExternal IDs
vendor: d-link model: dns-340l
vendor: d-link model: dns-327l
vendor: d-link model: dns-325
vendor: d-link model: dns-320l
db: NVD ids: CVE-2024-3272, CVE-2024-3273

Best Vulnerability Management Tools

Trust: 3.25

Fetched: Nov. 24, 2024, 10:44 a.m., Published: Nov. 5, 2024, 6:49 a.m.
 Vulnerabilities: default credentials, directory traversal, cross-site scripting
Affected productsExternal IDs
vendor: trend model: security
vendor: apple model: macos

Security Vulnerability in KYOCERA Device Manager

Trust: 3.25

Fetched: Nov. 24, 2024, 10:38 a.m., Published: Nov. 1, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-50916

Update now! Apple releases software to patch critical security flaws

Trust: 4.5

Fetched: Nov. 24, 2024, 10:37 a.m., Published: Nov. 20, 2024, 5:24 p.m.
 Vulnerabilities: cross-site scripting, code execution
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: webkit
db: NVD ids: CVE-2024-44308, CVE-2024-44309

Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474

Trust: 5.25

Fetched: Nov. 24, 2024, 10:34 a.m., Published: Nov. 19, 2024, 9:31 a.m.
 Vulnerabilities: code execution, privilege escalation, authentication bypass...
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo model: pan-os
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: pan-os
db: NVD ids: CVE-2024-3400, CVE-2024-0012, CVE-2024-9474

CISA: Over Half of Top Routinely Exploited Vulnerabilities in 2023 Affected Network Devices and Infrastructure - Eclypsium | Supply Chain Security for the Modern Enterprise

Related entries in the VARIoT vulnerabilities database: VAR-202209-1931

Trust: 3.5

Fetched: Nov. 24, 2024, 10:34 a.m., Published: Nov. 22, 2024, 5 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
vendor: cisco model: series
db: NVD ids: CVE-2022-3236

The Best Streaming Sticks and Devices for Your Smart TV - The Ambient

Trust: 3.25

Fetched: Nov. 24, 2024, 10:31 a.m., Published: Oct. 17, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: watch
vendor: apple model: apple tv
vendor: apple model: ipad
vendor: google model: home
vendor: google model: chromecast
vendor: google model: android
vendor: mesh model: mesh
vendor: roku model: roku
vendor: roku model: ultra
vendor: roku model: roku ultra
vendor: roku model: roku express
vendor: roku model: express
vendor: roku model: streaming stick
vendor: essential model: phone
vendor: amazon model: fire tv
vendor: amazon model: echo show

CVE-2024-10456 - Securin

Trust: 4.75

Fetched: Nov. 24, 2024, 10:26 a.m., Published: Nov. 3, 2024, 8:19 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-10456

Apple, Oracle, and Apache Issue Critical Updates for Actively Exploited and High-Risk Vulnerabilities - SOCRadar® Cyber Intelligence Inc.

Trust: 5.25

Fetched: Nov. 24, 2024, 10:22 a.m., Published: Nov. 20, 2024, 11:41 a.m.
 Vulnerabilities: cross-site scripting, code execution, request forgery...
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: macos
db: NVD ids: CVE-2024-48962, CVE-2024-44308, CVE-2024-47208, CVE-2024-44309, CVE-2024-21287

Samsung Electronics Scales Up Mobile Security Rewards Program To Boost Industry Collaboration and Safety

Trust: 3.5

Fetched: Nov. 24, 2024, 10:10 a.m., Published: Nov. 21, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: samsung model: mobile
vendor: samsung model: mobile devices
vendor: samsung model: samsung
vendor: samsung model: galaxy
vendor: samsung model: samsung galaxy
vendor: samsung model: samsung mobile

Apple issues urgent updates to address actively exploited zero-day vulnerabilities - Technology News | The Financial Express

Trust: 4.75

Fetched: Nov. 24, 2024, 9:58 a.m., Published: Nov. 20, 2024, 10:12 a.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: apple model: ipad air
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: safari
vendor: apple model: macos
vendor: apple model: ipad
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2024-44308, CVE-2024-44309

Bevy of smart doorbell bugs earn Ekon an FCC penalty for negligence | SC Media

Trust: 3.0

Fetched: Nov. 24, 2024, 9:57 a.m., Published: Nov. 22, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs

Apple’s Latest Updates Address Critical Security Vulnerabilities - AppleMagazine

Trust: 3.5

Fetched: Nov. 24, 2024, 9:57 a.m., Published: Nov. 20, 2024, 7:07 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: safari
vendor: apple model: watch
vendor: apple model: software update

Apple addresses two iPhone, Mac zero-days | Computer Weekly

Trust: 5.5

Fetched: Nov. 24, 2024, 9:56 a.m., Published: Nov. 20, 2024, midnight
 Vulnerabilities: cross-site scripting, code execution
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: safari
vendor: apple model: software update
db: NVD ids: CVE-2024-44308, CVE-2024-23222, CVE-2024-44309

Zero-day vulnerability in GeoVision devices exploited by a botnet

Trust: 5.0

Fetched: Nov. 24, 2024, 9:55 a.m., Published: Nov. 18, 2024, midnight
 Vulnerabilities: denial of service, os command injection, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-11120