Sign-up

VARIoT news about IoT security

Critical vulnerabilities in BIG-IP appliances leave big networks open to intrusion | Ars Technica

Trust: 3.75

Fetched: May 12, 2024, 9:08 a.m., Published: May 8, 2024, 9:35 p.m.
 Vulnerabilities: sql injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-26026, CVE-2024-21793

CyberPower PowerPanel Enterprise Power Device Network Utility Multiple Vulnerabilities | allinfosecnews.com

Trust: 3.0

Fetched: May 10, 2024, 9:47 a.m., Published: May 9, 2024, 2:39 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-32735

Top 100 web vulnerabilities. Injection Vulnerabilities: 1. SQL… | by Cysigma | Apr, 2024 | Medium

Trust: 3.0

Fetched: May 10, 2024, 9:45 a.m., Published: -
 Vulnerabilities: code execution, file inclusion, cross-site scripting...
Affected productsExternal IDs

Identification of Big-IP icontrol Rest Vulnerability CVE-2022-1388 by Moon Treader - Vehere

Related entries in the VARIoT vulnerabilities database: VAR-202205-0394

Trust: 5.0

Fetched: May 10, 2024, 9:44 a.m., Published: May 9, 2024, 8:50 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2022-1388

Decoding D-Link NAS Vulnerabilities: Risks And Mitigation

Related entries in the VARIoT vulnerabilities database: VAR-202404-0070, VAR-202404-0069

Trust: 4.75

Fetched: May 10, 2024, 9:43 a.m., Published: April 12, 2024, 4:11 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: d-link model: dns-325
vendor: d-link model: dns-320l
vendor: d-link model: dns-340l
vendor: d-link model: dns-327l
db: NVD ids: CVE-2024-3273, CVE-2024-3272

Frontiers | Anomalous process detection for Internet of Things based on K-Core

Trust: 3.75

Fetched: May 10, 2024, 9:38 a.m., Published: April 4, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: google model: home

Vulnerability support in Microsoft Defender Vulnerability Management - Microsoft Defender Vulnerability Management | Microsoft Learn

Related entries in the VARIoT vulnerabilities database: VAR-201912-0871, VAR-202211-0556, VAR-201708-0792, VAR-202203-0005, VAR-202005-1052, VAR-202211-0557, VAR-202111-1183, VAR-202211-0554, VAR-202211-0558, VAR-202309-0672

Trust: 3.75

Fetched: May 10, 2024, 9:33 a.m., Published: June 27, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: wincc
vendor: siemens model: sinec nms
vendor: siemens model: simatic
vendor: siemens model: simatic wincc
vendor: siemens model: simatic wincc runtime
vendor: palo model: networks
vendor: samsung model: note
vendor: lenovo model: desktop
vendor: lenovo model: thinkcentre m700 firmware
vendor: lenovo model: thinkpad t480
vendor: lenovo model: yoga
vendor: lenovo model: thinkpad
vendor: lenovo model: thinkcentre m700
vendor: lenovo model: updates
vendor: cisco model: netscaler gateway
vendor: palo alto networks model: networks
vendor: zoom model: client
vendor: node.js model: node.js
vendor: ignite realtime model: openfire
vendor: osisoft model: pi server
vendor: ignite model: realtime openfire
db: NVD ids: CVE-2023-28388, CVE-2023-26258, CVE-2019-14568, CVE-2021-36234, CVE-2023-38802, CVE-2023-4373, CVE-2020-10519, CVE-2022-31799, CVE-2022-29893, CVE-2023-24881, CVE-2021-31693, CVE-2017-17408, CVE-2021-22514, CVE-2023-35637, CVE-2020-26941, CVE-2021-22570, CVE-2020-11541, CVE-2017-13774, CVE-2023-36397, CVE-2022-48435, CVE-2020-36160, CVE-2023-46587, CVE-2023-22524, CVE-2017-17409, CVE-2024-1709, CVE-2022-3167, CVE-2022-0778, CVE-2024-0819, CVE-2023-47246, CVE-2022-35909, CVE-2023-3817, CVE-2023-29338, CVE-2023-48995, CVE-2022-40011, CVE-2023-48670, CVE-2020-9484, CVE-2023-32558, CVE-2022-27497, CVE-2021-36324, CVE-2023-24329, CVE-2021-22499, CVE-2023-31102, CVE-2023-47248, CVE-2021-33159, CVE-2022-43946, CVE-2023-48795, CVE-2022-26845, CVE-2021-3606, CVE-2023-38545, CVE-2021-3519, CVE-2014-5455, CVE-2023-28759, CVE-2023-4966, CVE-2021-22500, CVE-2023-6129, CVE-2023-36884, CVE-2023-3935, CVE-2017-17410, CVE-2024-1708, CVE-2023-3446, CVE-2023-38831, CVE-2023-40477, CVE-2023-40481, CVE-2021-36283, CVE-2021-22863

Vulnerability Recap 4/15/24: Palo Alto, Microsoft, Ivanti Exploits

Related entries in the VARIoT vulnerabilities database: VAR-202404-3263, VAR-202404-3527, VAR-202404-3533

Trust: 5.25

Fetched: May 10, 2024, 9:31 a.m., Published: April 15, 2024, 9:17 p.m.
 Vulnerabilities: privilege escalation, code execution, command injection...
Affected productsExternal IDs
vendor: palo model: pan-os
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
db: NVD ids: CVE-2023-45590, CVE-2024-31492, CVE-2024-3383, CVE-2023-6320, CVE-2024-21755, CVE-2024-29990, CVE-2024-3384, CVE-2024-3382, CVE-2023-45588, CVE-2024-21894, CVE-2023-41677, CVE-2024-23671, CVE-2024-24576, CVE-2023-6317, CVE-2023-6318, CVE-2024-21756, CVE-2023-6319, CVE-2024-3385, CVE-2024-3400

2 (or 5) Bugs in F5 Asset Manager Allow Full Takeover, Hidden Accounts

Trust: 4.5

Fetched: May 10, 2024, 9:29 a.m., Published: May 5, 2024, midnight
 Vulnerabilities: code execution, sql injection, request forgery
Affected productsExternal IDs
vendor: palo model: networks
db: NVD ids: CVE-2024-26026, CVE-2024-21793

Palo Alto Networks discloses RCE zero-day vulnerability | TechTarget

Trust: 4.5

Fetched: May 10, 2024, 9:29 a.m., Published: April 12, 2024, midnight
 Vulnerabilities: command injection, code injection
Affected productsExternal IDs
vendor: palo model: firewall
vendor: palo model: palo alto networks globalprotect
vendor: palo model: networks globalprotect
vendor: palo model: pan-os
vendor: palo model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: palo alto networks globalprotect
vendor: palo alto networks model: networks globalprotect
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: networks
db: NVD ids: CVE-2024-3400

Samsung Updates Devices with 25 Patches - CyberMaterial

Trust: 5.5

Fetched: May 10, 2024, 9:29 a.m., Published: May 8, 2024, 1:52 p.m.
 Vulnerabilities: privilege escalation, code execution, authentication bypass...
Affected productsExternal IDs
vendor: google model: android
vendor: samsung model: mobile devices
vendor: samsung model: mobile
db: NVD ids: CVE-2024-20856, CVE-2024-20855, CVE-2024-20866

These LG TVs Have Major Security Vulnerabilities | Lifehacker

Trust: 3.25

Fetched: May 10, 2024, 9:28 a.m., Published: April 12, 2024, 3:30 p.m.
 Vulnerabilities: -
Affected productsExternal IDs

Rockwell Automation FactoryTalk Historian SE | CISA

Trust: 3.5

Fetched: May 10, 2024, 9:26 a.m., Published: May 10, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: rockwell automation model: factorytalk
vendor: rockwell automation model: automation factorytalk
vendor: rockwell model: factorytalk
vendor: rockwell model: automation factorytalk
vendor: aveva model: edge
db: NVD ids: CVE-2023-31274, CVE-2023-34348

Issue 245: Delinea patches API vulnerability, API vulnerability in Palo Alto devices - API Security News

Trust: 4.5

Fetched: May 10, 2024, 9:25 a.m., Published: May 3, 2024, 9:56 a.m.
 Vulnerabilities: code execution, buffer overflow, sql injection...
Affected productsExternal IDs
vendor: palo model: pan-os
db: NVD ids: CVE-2024-3400

WordPress plugin vulnerability poses severe security risk, allows for site takeovers | TechSpot

Trust: 4.0

Fetched: May 10, 2024, 9:24 a.m., Published: May 10, 4070, midnight
 Vulnerabilities: sql injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-27956

CyberPower PowerPanel Enterprise Power Device Network Utility Multiple Vulnerabilities - Research Advisory | Tenable®

Trust: 3.0

Fetched: May 10, 2024, 9:24 a.m., Published: May 9, 2024, 2:39 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-32738, CVE-2024-32735, CVE-2024-32736, CVE-2024-32739, CVE-2024-32737

GreyNoise Intelligence | Cybersecurity Blog

Related entries in the VARIoT vulnerabilities database: VAR-201905-0597, VAR-201909-0160, VAR-202103-0773

Trust: 5.5

Fetched: May 10, 2024, 9:23 a.m., Published: May 10, 2024, midnight
 Vulnerabilities: privilege escalation, command injection
Affected productsExternal IDs
vendor: cisco model: router
vendor: cisco model: cisco ios
vendor: cisco model: ios xe
vendor: cisco model: cisco ios xe
vendor: snort model: snort
db: NVD ids: CVE-2019-1862, CVE-2019-12650, CVE-2021-1435, CVE-2023-20198, CVE-2023-20273

How to do a full website vulnerability assessment with Pentest-Tools.com | Pentest-Tools.com Blog

Trust: 3.25

Fetched: May 10, 2024, 9:17 a.m., Published: May 2, 2024, midnight
 Vulnerabilities: default credentials, brute force attack, os command injection...
Affected productsExternal IDs
vendor: cisco model: cisco routers
vendor: cisco model: routers

Cybersecurity Threat Advisory: RCE vulnerabilities in HPE Aruba Networking devices

Trust: 5.5

Fetched: May 10, 2024, 9:16 a.m., Published: May 8, 2024, 6:54 p.m.
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
vendor: aruba model: arubaos
vendor: barracuda model: barracuda
db: NVD ids: CVE-2024-33511, CVE-2024-33512, CVE-2024-26304, CVE-2024-26305

20+ Xiaomi Vulnerabilities Put Users’ Data and Devices at Risk

Trust: 4.75

Fetched: May 10, 2024, 9:15 a.m., Published: May 8, 2024, 12:38 p.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: xiaomi model: miui
vendor: xiaomi model: browser