Sign-up

VARIoT news about IoT security

CISA warns of path traversal vulnerability in RAD Data's SecFlow-2 hardware - Industrial Cyber

Trust: 5.0

Fetched: July 28, 2024, 9:59 a.m., Published: June 20, 2024, 9:07 a.m.
 Vulnerabilities: path traversal
Affected productsExternal IDs
db: NVD ids: CVE-2019-6268

D-Link Technical Support

Trust: 3.0

Fetched: July 28, 2024, 9:59 a.m., Published: July 1, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-6387

WARNING: MULTIPLE CRITICAL, HIGH AND MEDIUM VULNERABILITIES IN ZYXEL NAS DEVICES CAN BE EXPLOITED TO EXECUTE CODE AND STEAL INFORMATION. DECOMMISION OR PATCH IMMEDIATELY! | Cert

Trust: 5.5

Fetched: July 28, 2024, 9:58 a.m., Published: June 24, 2024, 2:33 p.m.
 Vulnerabilities: privilege management vulnerability, code execution, command injection
Affected productsExternal IDs
vendor: zyxel model: nas542
vendor: zyxel model: nas326
db: NVD ids: CVE-2024-29976, CVE-2024-27793, CVE-2024-29974, CVE-2024-19976, CVE-2024-29975, CVE-2024-29973, CVE-2024-27794, CVE-2024-29972

High Severity Vulnerability in SolarWinds Serv-U (CVE-2024-28995)

Trust: 4.0

Fetched: July 28, 2024, 9:57 a.m., Published: June 5, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: solarwinds model: serv-u
db: NVD ids: CVE-2024-28995

Comprehensive CVEs, Vulnerabilities, and Exploits for Apple OS and iPhone Bluetooth Devices | by Aardvark Infinity | Aardvark Infinity | Jul, 2024 | Medium

Trust: 3.25

Fetched: July 28, 2024, 9:53 a.m., Published: July 28, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone

Nest Security Bulletin-June 2024 - Help

Trust: 3.0

Fetched: July 28, 2024, 9:53 a.m., Published: June 28, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2016-3189, CVE-2024-32928

Critical Vulnerability in Ivanti Endpoint Manager Mobile (EPMM) Exploited in the Wild, Prompting Urgent Patching |

Trust: 3.75

Fetched: July 28, 2024, 9:52 a.m., Published: July 1, 2024, 2:48 a.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2023-35078

Baxter Welch Allyn Connex Spot Monitor | CISA

Trust: 3.0

Fetched: July 28, 2024, 9:52 a.m., Published: July 28, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-1275

Zyxel Patches Multiple Vulnerabilities in NAS Products - Qualys ThreatPROTECT

Trust: 5.25

Fetched: July 28, 2024, 9:52 a.m., Published: -
 Vulnerabilities: privilege management vulnerability, code execution, command injection
Affected productsExternal IDs
vendor: zyxel model: nas542
vendor: zyxel model: nas326
db: NVD ids: CVE-2024-29976, CVE-2024-29974, CVE-2024-29975, CVE-2024-29973, CVE-2024-29972

Vulnerability Disclose Policy - Vestel Visual Solutions

Trust: 3.0

Fetched: July 28, 2024, 9:50 a.m., Published: May 27, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs

Check Point SSL VPN: CVE-2024-24919 from an Incident Response Perspective - Truesec

Trust: 4.25

Fetched: July 28, 2024, 9:49 a.m., Published: June 5, 2024, 5:29 p.m.
 Vulnerabilities: path traversal, privilege escalation
Affected productsExternal IDs
vendor: check point model: gaia
vendor: check point model: gaia os
vendor: check point model: security gateway
vendor: check point model: check point
vendor: orange model: web server
db: NVD ids: CVE-2024-24919

CVE-2021-27561: Uncovering the SSRF Vulnerability in Yealink Device Management - Datacipher

Trust: 4.75

Fetched: July 28, 2024, 9:48 a.m., Published: July 18, 2024, 6:21 p.m.
 Vulnerabilities: request forgery, improper validation, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-27561

Novel Android vulnerability exposes DNS queries | SC Media

Trust: 3.0

Fetched: July 28, 2024, 9:47 a.m., Published: Dec. 5, 2023, 7 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: google model: chrome

Phoenix Technologies Buffer Overflow Vulnerability on GeminiLake - Phoenix Technologies - Leading PC Innovation since 1979

Trust: 3.0

Fetched: July 28, 2024, 9:47 a.m., Published: May 14, 2024, 2:22 p.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs

Westermo Switch vulnerabilities: Find potentially impacted devices

Trust: 3.25

Fetched: July 28, 2024, 9:46 a.m., Published: June 21, 2024, 2:26 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-36080, CVE-2024-32943, CVE-2024-35246, CVE-2024-36081, CVE-2024-37183

Uncovering IoT Vulnerabilities: Highlights from the Bitdefender - Netgear 2024 Threat Report - Global Security Mag Online

Trust: 3.0

Fetched: July 28, 2024, 9:45 a.m., Published: June 26, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs

Over 60% of Network Security Appliance Flaws Exploited as Zero Days - Infosecurity Magazine

Trust: 3.25

Fetched: July 28, 2024, 9:39 a.m., Published: May 21, 2024, 12:30 p.m.
 Vulnerabilities: memory corruption, command injection
Affected productsExternal IDs
vendor: barracuda model: barracuda
vendor: barracuda networks model: barracuda
vendor: trend model: security

PKfail Vulnerability Allows Attackers To Bypass Secure Boot

Trust: 3.0

Fetched: July 28, 2024, 9:39 a.m., Published: July 26, 2024, 10:43 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: pixel

OWASP IoT Top 10 Vulnerabilities (2024 Updated) | Wattlecorp Cybersecurity Labs

Trust: 3.0

Fetched: July 28, 2024, 9:38 a.m., Published: July 4, 2024, 7 p.m.
 Vulnerabilities: -
Affected productsExternal IDs

2024-07 Security Bulletin: Junos OS: SRX Series, EX Series: J-Web: An unauthenticated, network-based attacker can perform XPATH injection attack against a device (CVE-2024-39565)

Trust: 4.25

Fetched: July 28, 2024, 9:34 a.m., Published: -
 Vulnerabilities: injection attack
Affected productsExternal IDs
db: NVD ids: CVE-2024-39565