Sign-up

VARIoT news about IoT security

Secure by Design Alert: Eliminating OS Command Injection Vulnerabilities | CISA

Trust: 3.75

Fetched: Oct. 2, 2024, 9:44 a.m., Published: Oct. 2, 2023, midnight
 Vulnerabilities: os command injection, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-20399, CVE-2024-3400, CVE-2024-21887

CERT-EU - Critical Vulnerabilities in Cisco Products

Trust: 5.0

Fetched: Oct. 2, 2024, 9:44 a.m., Published: -
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: asyncos
vendor: cisco model: advanced malware protection
vendor: cisco model: cisco asyncos
db: NVD ids: CVE-2024-20419, CVE-2024-20401

Unquoted Executable Path Vulnerability Affects Hitachi Device Manager on Windows (CVE-2024-5963) | SecurityVulnerability.io - SecuirtyVulnerability.io

Trust: 4.0

Fetched: Oct. 2, 2024, 9:44 a.m., Published: Aug. 6, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: hitachi model: hitachi device manager
vendor: hitachi model: device manager
db: NVD ids: CVE-2024-5963

Android vulnerability used in targeted attacks patched by Google | Malwarebytes

Trust: 5.5

Fetched: Oct. 2, 2024, 9:43 a.m., Published: Aug. 6, 2024, 1:47 p.m.
 Vulnerabilities: use after free, code execution
Affected productsExternal IDs
vendor: samsung model: mobile devices
vendor: samsung model: android phone
vendor: samsung model: mobile
vendor: samsung model: samsung
vendor: google model: android
db: NVD ids: CVE-2024-36971

Security Profile: Vulnerability Protection

Trust: 3.25

Fetched: Oct. 2, 2024, 9:41 a.m., Published: Sept. 10, 2024, midnight
 Vulnerabilities: sql injection, command injection
Affected productsExternal IDs
vendor: palo model: firewall
vendor: palo model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks

DIVD-2024-00011 - Six vulnerabilities in Enphase IQ Gateway devices | DIVD CSIRT

Trust: 4.75

Fetched: Oct. 2, 2024, 9:40 a.m., Published: Oct. 2, 2024, midnight
 Vulnerabilities: command execution
Affected productsExternal IDs
vendor: enphase model: envoy
db: NVD ids: CVE-2024-21878, CVE-2020-25754

Vulnerability in Security: A Complete Overview | Simplilearn

Trust: 3.75

Fetched: Oct. 2, 2024, 9:40 a.m., Published: Feb. 9, 2022, 5:54 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs

How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions

Trust: 3.5

Fetched: Oct. 2, 2024, 9:36 a.m., Published: Aug. 19, 2024, 10 a.m.
 Vulnerabilities: code injection
Affected productsExternal IDs
vendor: apple model: macos
vendor: cisco model: webex meetings
vendor: cisco model: cisco webex
vendor: cisco model: webex
vendor: cisco model: guard
vendor: cisco model: jabber
vendor: cisco model: series
vendor: cisco model: spark
vendor: cisco model: webex productivity tools
vendor: cisco model: cisco webex meetings

Vulnerability Details Page

Trust: 3.5

Fetched: Oct. 2, 2024, 9:35 a.m., Published: Sept. 27, 2024, 8:52 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo model: pan-os
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os

Medical Device Vulnerability Management: Best Practices for Ensuring Patient Safety

Trust: 3.75

Fetched: Oct. 2, 2024, 9:35 a.m., Published: Sept. 1, 2024, 9:17 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security

Vulnerabilities Page

Trust: 4.5

Fetched: Oct. 2, 2024, 9:33 a.m., Published: Sept. 27, 2024, 8:52 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo alto networks model: networks

Vulnerabilities in Longse Technology devices | CERT Polska

Trust: 3.75

Fetched: Oct. 2, 2024, 9:29 a.m., Published: July 9, 2024, midnight
 Vulnerabilities: default credentials, default password
Affected productsExternal IDs
db: NVD ids: CVE-2024-5631, CVE-2024-5632, CVE-2024-5634, CVE-2024-5633

RADIUS Protocol Vulnerability Impacted Multiple Cisco Products

Trust: 3.75

Fetched: Oct. 2, 2024, 9:29 a.m., Published: July 29, 2024, 6:01 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: access points
vendor: cisco model: series switches
vendor: cisco model: ios xe software
vendor: cisco model: application policy infrastructure controller
vendor: cisco model: identity services engine
vendor: cisco model: ucs manager
vendor: cisco model: ucs b-series blade servers
vendor: cisco model: ios xe
vendor: cisco model: adaptive security appliance
vendor: cisco model: sd-wan
vendor: cisco model: series
vendor: cisco model: catalyst
vendor: cisco model: ucs central software
vendor: cisco model: firepower
vendor: cisco model: routers
vendor: cisco model: nexus 3000
vendor: cisco model: series routers
vendor: cisco model: asr 5000
vendor: cisco model: nexus
vendor: cisco model: ios xr
vendor: cisco model: device manager
db: NVD ids: CVE-2024-3596

What Are Vulnerabilities: Types, Examples, Causes, And More!

Trust: 3.5

Fetched: Oct. 2, 2024, 9:28 a.m., Published: Sept. 5, 2024, 12:29 p.m.
 Vulnerabilities: weak password, sql injection
Affected productsExternal IDs
vendor: essential model: phone

CERT-EU - Critical Vulnerabilities in CUPS

Trust: 5.0

Fetched: Oct. 2, 2024, 9:27 a.m., Published: -
 Vulnerabilities: command execution, arbitrary command execution, code execution
Affected productsExternal IDs
vendor: cups model: cups
db: NVD ids: CVE-2024-47177, CVE-2024-47076, CVE-2024-47176, CVE-2024-47175

Millions of Devices Vulnerable to 'PKFail' Secure Boot Bypass Issue

Related entries in the VARIoT vulnerabilities database: VAR-201609-0149

Trust: 3.5

Fetched: Oct. 2, 2024, 9:27 a.m., Published: Oct. 5, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: asus model: asus
vendor: lenovo model: updates
db: NVD ids: CVE-2016-5247

iVerify Discovers Android Vulnerability Impacting Millions of Pixel Devices Around the World

Trust: 4.25

Fetched: Oct. 2, 2024, 9:21 a.m., Published: Aug. 15, 2024, midnight
 Vulnerabilities: code injection, code execution
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android

Microsoft discloses vulnerabilities in Rockwell’s PanelView Plus devices that could allow remote code execution - Industrial Cyber

Trust: 3.25

Fetched: Oct. 2, 2024, 9:21 a.m., Published: July 5, 2024, 2:47 p.m.
 Vulnerabilities: information disclosure, code execution
Affected productsExternal IDs
vendor: rockwell automation model: factorytalk view
vendor: rockwell automation model: factorytalk linx
vendor: rockwell automation model: factorytalk
vendor: rockwell automation model: automation panelview plus
vendor: rockwell automation model: automation panelview
vendor: rockwell model: factorytalk view
vendor: rockwell model: factorytalk linx
vendor: rockwell model: factorytalk
vendor: rockwell model: automation panelview plus
vendor: rockwell model: automation panelview

Secure by Design Alert: Eliminating OS Command Injection Vulnerabilities | CISA

Trust: 3.75

Fetched: Oct. 2, 2024, 9:20 a.m., Published: Oct. 2, 2023, midnight
 Vulnerabilities: os command injection, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-20399, CVE-2024-3400, CVE-2024-21887

Zyxel warns of vulnerabilities in a wide range of its products | Ars Technica

Trust: 4.5

Fetched: Oct. 2, 2024, 9:19 a.m., Published: Sept. 4, 2024, 6:57 p.m.
 Vulnerabilities: cross-site scripting, pointer dereference vulnerability, command injection...
Affected productsExternal IDs
db: NVD ids: CVE-2024-42059, CVE-2024-6343, CVE-2024-42060, CVE-2024-42061, CVE-2024-5412, CVE-2024-7203, CVE-2024-42057, CVE-2024-7261, CVE-2024-42058