Sign-up

VARIoT news about IoT security

Mobile Security Threats in 2025: How to Protect Your Devices

Trust: 4.0

Fetched: Oct. 2, 2024, 11:44 a.m., Published: Oct. 2, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: essential model: phone

Unlock Advanced IoT Visibility for Cyber-Physical Systems

Trust: 3.5

Fetched: Oct. 2, 2024, 11:44 a.m., Published: Oct. 1, 2024, 1 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: mesh model: mesh

Zyxel warns of vulnerabilities in a wide range of its products | Ars Technica

Trust: 4.5

Fetched: Oct. 2, 2024, 11:44 a.m., Published: Sept. 4, 2024, 6:57 p.m.
 Vulnerabilities: cross-site scripting, pointer dereference vulnerability, command injection...
Affected productsExternal IDs
db: NVD ids: CVE-2024-42059, CVE-2024-6343, CVE-2024-42060, CVE-2024-42061, CVE-2024-5412, CVE-2024-7203, CVE-2024-42057, CVE-2024-7261, CVE-2024-42058

Guidance for handling CUPS remote code execution vulnerability using Microsoft Security capabilities - Microsoft Community Hub

Trust: 5.5

Fetched: Oct. 2, 2024, 11:43 a.m., Published: Oct. 2, 2024, 6:22 a.m.
 Vulnerabilities: code execution, command execution, arbitrary command execution...
Affected productsExternal IDs
vendor: cups model: cups
db: NVD ids: CVE-2024-47177, CVE-2024-47076, CVE-2024-47176, CVE-2024-47175

Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning

Trust: 3.25

Fetched: Oct. 2, 2024, 11:41 a.m., Published: Oct. 1, 2024, 6 p.m.
 Vulnerabilities: injection attack, sql injection
Affected productsExternal IDs
vendor: palo model: firewall
vendor: palo model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks

Guidance for handling CUPS remote code execution vulnerability using Microsoft Security capabilities - TheWindowsUpdate.com

Trust: 5.5

Fetched: Oct. 2, 2024, 11:38 a.m., Published: Oct. 2, 2024, midnight
 Vulnerabilities: code execution, command execution, arbitrary command execution...
Affected productsExternal IDs
vendor: cups model: cups
db: NVD ids: CVE-2024-47177, CVE-2024-47076, CVE-2024-47176, CVE-2024-47175

LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name · CVE-2024-47524 · GitHub Advisory Database · GitHub

Trust: 5.25

Fetched: Oct. 2, 2024, 11:36 a.m., Published: Oct. 1, 2024, midnight
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2024-47524

What is Privilege Escalation and how to protect Apple Devices

Trust: 5.75

Fetched: Oct. 2, 2024, 11:36 a.m., Published: Oct. 12, 2024, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: ipad
db: NVD ids: CVE-2023-42861, CVE-2024-27796, CVE-2024-27842, CVE-2024-23288

Compromised device remains vulnerable after firmware update (CVE-2022-29850) | Lexmark MX331

Trust: 4.5

Fetched: Oct. 2, 2024, 11:35 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: lexmark model: lexmark
db: NVD ids: CVE-2022-29850

ImageMagick Code Execution Vulnerability | Armis

Trust: 4.5

Fetched: Oct. 2, 2024, 11:34 a.m., Published: Sept. 17, 2024, 11:08 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: imagemagick model: imagemagick
vendor: delegate model: delegate
db: NVD ids: CVE-2016-3714

Cisco IOS XE Software HTTP Server Telephony Services DoS (cisc... | Tenable®

Trust: 3.0

Fetched: Oct. 2, 2024, 11:34 a.m., Published: Sept. 27, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: ios xe software
vendor: cisco model: cisco ios xe
vendor: cisco model: cisco ios
vendor: cisco model: ios xe

SAP, D-Link flaws among 4 added to Known Exploited Vulnerabilities catalog | SC Media

Related entries in the VARIoT vulnerabilities database: VAR-202303-1392, VAR-202006-1056

Trust: 5.5

Fetched: Oct. 2, 2024, 11:33 a.m., Published: Feb. 13, 2024, 7 p.m.
 Vulnerabilities: pointer dereference flaw, privilege escalation, command execution
Affected productsExternal IDs
vendor: palo model: networks
vendor: draytek model: vigor3900
vendor: draytek model: vigor2960
vendor: draytek model: vigor300b
vendor: draytek model: routers
vendor: palo alto networks model: networks
vendor: d-link model: dir-820l
vendor: d-link model: router
db: NVD ids: CVE-2021-4043, CVE-2023-25280, CVE-2019-0344, CVE-2020-15415

CUPS Vulnerabilities: What You Need to Know - SOCRadar® Cyber Intelligence Inc.

Trust: 5.5

Fetched: Oct. 2, 2024, 11:26 a.m., Published: Sept. 27, 2024, 12:46 p.m.
 Vulnerabilities: improper validation, command execution, arbitrary command execution...
Affected productsExternal IDs
vendor: cups model: cups
db: NVD ids: CVE-2024-47177, CVE-2024-47076, CVE-2024-47176, CVE-2024-47175

Cybersecurity Vulnerabilities in Implantable Medical Devices

Trust: 4.5

Fetched: Oct. 2, 2024, 11:25 a.m., Published: July 12, 2024, 9 a.m.
 Vulnerabilities: session hijacking, default credentials
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2023-31222

Severe Vulnerability in Rockwell Automation ControlLogix Devices: CVE-2024-6242

Trust: 4.75

Fetched: Oct. 2, 2024, 11:25 a.m., Published: Aug. 5, 2024, 6:39 a.m.
 Vulnerabilities: security bypass
Affected productsExternal IDs
vendor: rockwell automation model: 1756-en2f series
vendor: rockwell automation model: 1756-en3tr series b
vendor: rockwell automation model: controllogix 5580
vendor: rockwell automation model: 1756-en3tr series
vendor: rockwell automation model: guardlogix
vendor: rockwell automation model: 1756-en2tr series
vendor: rockwell automation model: 1756-en2t series
vendor: rockwell automation model: 1756-en2f series c
vendor: rockwell automation model: controllogix
vendor: rockwell automation model: automation controllogix
vendor: rockwell automation model: 1756-en2tr series c
vendor: rockwell automation model: controllogix controllers
vendor: rockwell model: 1756-en2f series
vendor: rockwell model: 1756-en3tr series b
vendor: rockwell model: controllogix 5580
vendor: rockwell model: 1756-en3tr series
vendor: rockwell model: guardlogix
vendor: rockwell model: 1756-en2tr series
vendor: rockwell model: 1756-en2t series
vendor: rockwell model: 1756-en2f series c
vendor: rockwell model: controllogix
vendor: rockwell model: automation controllogix
vendor: rockwell model: 1756-en2tr series c
vendor: rockwell model: controllogix controllers
db: NVD ids: CVE-2024-6242

CVE-2024-21416: Critical Windows TCP/IP Remote Code Execution Vulnerability Explained | Windows Forum

Trust: 5.0

Fetched: Oct. 2, 2024, 11:24 a.m., Published: May 2, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-21416

IoT Security Portal

Trust: 3.5

Fetched: Oct. 2, 2024, 11:23 a.m., Published: Sept. 27, 2024, 8:52 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: safari
vendor: palo model: firewall
vendor: palo model: networks
vendor: google model: google chrome
vendor: google model: chrome
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks

Dell Precision 3581 System BIOS | Szczegóły sterownika | Dell Polska

Trust: 3.25

Fetched: Oct. 2, 2024, 11:22 a.m., Published: Oct. 2, 3581, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: bios

CUPS open source printing system can be hacked to hijack your devices, experts warn | TechRadar

Trust: 3.75

Fetched: Oct. 2, 2024, 11:22 a.m., Published: Sept. 27, 2024, 3:19 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cups model: cups
vendor: apple model: macos
vendor: apple model: cups
db: NVD ids: CVE-2024-47177, CVE-2024-47176, CVE-2024-47175

Google Patches New Android Kernel Vulnerability Exploited in the Wild

Trust: 5.5

Fetched: Oct. 2, 2024, 11:21 a.m., Published: Aug. 6, 2024, 6:12 a.m.
 Vulnerabilities: privilege escalation, information disclosure, code execution
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
db: NVD ids: CVE-2024-29748, CVE-2024-32896, CVE-2018-0824, CVE-2024-36971, CVE-2024-29745