Sign-up

VARIoT news about IoT security

CVE-2024-35848 - In the Linux kernel, the following vulnerability h

Trust: 4.0

Fetched: May 21, 2024, 9:20 a.m., Published: May 17, 2024, 3:15 p.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
db: NVD ids: CVE-2024-35848

Cisco Crosswork Network Services Orchestrator Vulnerabilities

Trust: 3.0

Fetched: May 21, 2024, 9:19 a.m., Published: May 15, 2024, 7:10 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-20326, CVE-2024-20389

CVE-2023-37929 - The buffer overflow vulnerability in the CGI progr

Trust: 4.75

Fetched: May 21, 2024, 9:19 a.m., Published: May 21, 2024, 2:15 a.m.
 Vulnerabilities: denial of service, buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2023-37929

CVE-2024-36009 - In the Linux kernel, the following vulnerability h

Trust: 3.0

Fetched: May 21, 2024, 9:18 a.m., Published: May 20, 2024, 10:15 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-36009

Cyber Defense Magazine names Forward Networks a Market Leader in Vulnerability Assessment, Remediation, and Management at Global Infosec Awards

Trust: 3.0

Fetched: May 21, 2024, 9:16 a.m., Published: May 3, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs

Public RCE Exploit Revealed for Unpatched QNAP QTS Zero-Day - VULNERA

Trust: 5.75

Fetched: May 21, 2024, 9:16 a.m., Published: May 20, 2024, 2:57 p.m.
 Vulnerabilities: memory corruption, authentication bypass, buffer overflow...
Affected productsExternal IDs
vendor: qnap model: qnap qts
db: NVD ids: CVE-2023-50361, CVE-2023-50364, CVE-2024-27130

CVE-2024-0816 - The buffer overflow vulnerability in the DX3300-T1

Trust: 4.75

Fetched: May 21, 2024, 9:15 a.m., Published: May 21, 2024, 2:15 a.m.
 Vulnerabilities: denial of service, buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2024-0816

Centre warns against vulnerability in Android devices, suggests ways to protect personal data - CNBC TV18

Trust: 3.0

Fetched: May 21, 2024, 9:14 a.m., Published: May 14, 2024, 6 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

IoT Device Security Issues and Why They Exist

Trust: 4.25

Fetched: May 21, 2024, 9:11 a.m., Published: Sept. 28, 2020, noon
 Vulnerabilities: command execution, arbitrary command execution
Affected productsExternal IDs
vendor: nest model: learning thermostat

Behind the Scenes: How We Picked 2021’s Top Vulnerabilities - and What We Left Out - Blog | Tenable®

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566, VAR-202109-1909, VAR-202008-0248, VAR-202102-0898, VAR-202108-1914

Trust: 4.25

Fetched: May 21, 2024, 9:10 a.m., Published: March 11, 2022, 7:39 p.m.
 Vulnerabilities: request forgery, authorization vulnerability, command injection...
Affected productsExternal IDs
vendor: sonicwall model: secure mobile access
vendor: sonicwall model: ssl vpn
vendor: accellion model: accellion file transfer appliance
vendor: accellion model: file transfer appliance
db: NVD ids: CVE-2021-26855, CVE-2021-44228, CVE-2021-30120, CVE-2021-27101, CVE-2021-27104, CVE-2021-27102, CVE-2021-40444, CVE-2021-27103, CVE-2020-1472, CVE-2021-20016, CVE-2021-30116, CVE-2021-30119, CVE-2021-36942, CVE-2021-40386, CVE-2021-22893

12 hardware and software vulnerabilities you should address now - Computerworld

Trust: 3.0

Fetched: May 21, 2024, 9:09 a.m., Published: Oct. 12, 2016, midnight
 Vulnerabilities: cross-site scripting, buffer overflow, code execution
Affected productsExternal IDs

Insecure by design? Tips to minimize OT device vulnerabilities | Smart Industry

Trust: 3.5

Fetched: May 21, 2024, 9:07 a.m., Published: July 29, 2022, midnight
 Vulnerabilities: default credentials, code execution
Affected productsExternal IDs
vendor: motorola model: motorola

GE Ultrasound Devices Vulnerable to Ransomware and Data Theft - VULNERA

Trust: 4.75

Fetched: May 19, 2024, 9:20 a.m., Published: May 16, 2024, 6:56 p.m.
 Vulnerabilities: command injection, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2020-6977, CVE-2024-27107, CVE-2024-1628

Certificate inventory - Microsoft Defender Vulnerability Management | Microsoft Learn

Trust: 3.0

Fetched: May 19, 2024, 9:09 a.m., Published: April 11, 2022, midnight
 Vulnerabilities: service disruption
Affected productsExternal IDs

Critical vulnerabilities in Telit Cinterion modems | Kaspersky official blog

Trust: 3.75

Fetched: May 17, 2024, 10:14 a.m., Published: Jan. 17, 2050, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-47616, CVE-2023-47610, CVE-2023-47611

Critical vulnerabilities in Telit Cinterion modems | Kaspersky official blog

Trust: 3.75

Fetched: May 17, 2024, 10:13 a.m., Published: May 17, 2050, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-47616, CVE-2023-47610, CVE-2023-47611

Critical vulnerabilities in Cinterion cellular modems pose significant threat to industrial devices - Industrial Cyber

Trust: 4.75

Fetched: May 17, 2024, 10:12 a.m., Published: May 13, 2024, 2:59 p.m.
 Vulnerabilities: privilege escalation, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-47616, CVE-2023-47610, CVE-2023-47611

Complete Device Takeover Possible Due to Critical F5 Central Manager Vulnerabilities - Rewterz

Trust: 4.75

Fetched: May 17, 2024, 10:12 a.m., Published: May 10, 2024, 9:09 a.m.
 Vulnerabilities: sql injection, request forgery
Affected productsExternal IDs
db: NVD ids: CVE-2024-21793, CVE-2024-26026

Critical Vulnerabilities Identified In D-Link Network Attached Storage Devices

Related entries in the VARIoT vulnerabilities database: VAR-202404-0070

Trust: 5.5

Fetched: May 17, 2024, 10:05 a.m., Published: May 17, 2024, midnight
 Vulnerabilities: command execution, denial of service, command injection...
Affected productsExternal IDs
vendor: dlink model: dns-325
vendor: dlink model: dns-327l
vendor: dlink model: dns-340l
vendor: dlink model: dns-320l
vendor: d-link model: dns-325
vendor: d-link model: dns-327l
vendor: d-link model: dns-340l
vendor: d-link model: dns-320l
db: NVD ids: CVE-2024-3273

F5's Next Central Manager Vulnerabilities Let Hackers Take Full Device Control Remotely

Trust: 3.75

Fetched: May 17, 2024, 10:05 a.m., Published: May 9, 2024, 7:47 a.m.
 Vulnerabilities: sql injection, request forgery
Affected productsExternal IDs
db: NVD ids: CVE-2024-21793, CVE-2024-26026