Sign-up

VARIoT news about IoT security

Latest news

The news are found with our scripts for filtering search results.
Additional information about vulnerabilities, affected products and external identifiers are obtained with NLP and custom filters from found news.

The Critical Role of Vulnerability Testing in Modern Cybersecurity - History Tools

Trust: 3.25

Fetched: Nov. 20, 2024, 10:07 a.m., Published: Nov. 10, 2024, midnight
 Vulnerabilities: denial of service, code execution, authentication bypass...
Affected productsExternal IDs
vendor: essential model: phone
vendor: rising model: antivirus

Nvidia GPU driver addresses eight major high-severity vulnerabilities - Nvidia GPU owners should update ASAP | Tom's Hardware

Trust: 4.0

Fetched: Nov. 20, 2024, 10:06 a.m., Published: Oct. 28, 2024, 3:32 p.m.
 Vulnerabilities: denial of service, code execution, information disclosure
Affected productsExternal IDs

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution

Trust: 3.5

Fetched: Nov. 20, 2024, 10:06 a.m., Published: Oct. 27, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

Mobile Endpoint Protection: Definition and Implementation

Trust: 3.5

Fetched: Nov. 20, 2024, 10:05 a.m., Published: Nov. 13, 2024, 2:49 p.m.
 Vulnerabilities: denial of service, sql injection
Affected productsExternal IDs
vendor: essential model: phone

GitLab Patches Critical HTML Injection Flaw Leading To XSS Attacks

Trust: 4.75

Fetched: Nov. 20, 2024, 10:04 a.m., Published: Oct. 24, 2024, 9:13 a.m.
 Vulnerabilities: denial of service, cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2024-8312, CVE-2024-6826

Cisco Secure Client Software Denial of Service Vulnerability

Trust: 4.0

Fetched: Nov. 20, 2024, 10:04 a.m., Published: Oct. 23, 2024, 3:57 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: anyconnect secure mobility client
vendor: cisco model: cisco anyconnect secure mobility client

RCE Vulnerability in PAN-OS Exploited in-the-Wild

Trust: 5.75

Fetched: Nov. 20, 2024, 10:02 a.m., Published: Nov. 19, 2024, 3:54 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: networks
vendor: palo model: pan-os
vendor: palo model: networks
db: NVD ids: CVE-2024-0012

Over 22,000 CyberPanel Servers at Risk from Critical Vulnerabilities Exploitation by PSAUX Ransomware - SOCRadar® Cyber Intelligence Inc.

Trust: 4.75

Fetched: Nov. 20, 2024, 10:01 a.m., Published: Oct. 30, 2024, 2 p.m.
 Vulnerabilities: command execution, code execution, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-51378, CVE-2024-51568, CVE-2024-51567

Data tables in the Microsoft Defender XDR advanced hunting schema - Microsoft Defender XDR | Microsoft Learn

Trust: 3.0

Fetched: Nov. 20, 2024, 9:56 a.m., Published: April 22, 2024, midnight
 Vulnerabilities: configuration attack
Affected productsExternal IDs

Apple Confirms Zero-Day Attacks Hitting macOS Systems | Hacker News

Trust: 3.25

Fetched: Nov. 20, 2024, 9:53 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos

Microsoft's new Quick Machine Recovery will remotely fix unbootable PCs

Trust: 4.25

Fetched: Nov. 20, 2024, 9:49 a.m., Published: Nov. 20, 2024, 5:30 a.m.
 Vulnerabilities: sql injection, privilege escalation, code execution...
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo model: firewall
vendor: google model: chrome
vendor: google model: home
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: trend model: security
vendor: trend model: password manager
vendor: trend micro model: security
vendor: trend micro model: password manager
vendor: blackberry model: link
vendor: blackberry model: blackberry
db: NVD ids: CVE-2024-9474, CVE-2024-0012, CVE-2024-38812, CVE-2024-38813, CVE-2024-21287

D-Link Urges Users to Replace VPN Routers Due to Unresolved RCE Vulnerability - VULNERA

Related entries in the VARIoT vulnerabilities database: VAR-202411-0293

Trust: 5.75

Fetched: Nov. 20, 2024, 9:48 a.m., Published: Nov. 19, 2024, 5:58 p.m.
 Vulnerabilities: code execution, command injection
Affected productsExternal IDs
vendor: d-link model: router
vendor: d-link model: dsr-250n firmware
vendor: d-link model: dsr-150
vendor: d-link model: dsr-250n
vendor: d-link model: dsr-250
vendor: d-link model: dsr-150n
db: NVD ids: CVE-2024-10914, CVE-2024-11066, CVE-2024-11068, CVE-2024-11067

Protect your Software from the Zero Day Wget Vulnerability

Trust: 3.5

Fetched: Nov. 20, 2024, 9:41 a.m., Published: Nov. 18, 2024, 5:48 p.m.
 Vulnerabilities: restriction bypass, request forgery, command injection...
Affected productsExternal IDs
db: NVD ids: CVE-2024-10524, CVE-2024-38428

Rockwell Automation ControlLogix | CISA

Trust: 3.5

Fetched: Nov. 20, 2024, 9:40 a.m., Published: Nov. 20, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: rockwell model: controllogix 5580
vendor: rockwell model: automation controllogix
vendor: rockwell model: compactlogix
vendor: rockwell model: guardlogix
vendor: rockwell model: controllogix
vendor: rockwell model: factorytalk
vendor: rockwell automation model: controllogix 5580
vendor: rockwell automation model: automation controllogix
vendor: rockwell automation model: compactlogix
vendor: rockwell automation model: guardlogix
vendor: rockwell automation model: controllogix
vendor: rockwell automation model: factorytalk
db: NVD ids: CVE-2024-6207

Palo Alto Networks customers grapple with another actively exploited zero-day | Cybersecurity Dive

Trust: 5.5

Fetched: Nov. 20, 2024, 9:40 a.m., Published: Nov. 19, 2024, midnight
 Vulnerabilities: privilege escalation, command execution, authentication bypass
Affected productsExternal IDs
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo model: pan-os
vendor: palo model: networks
vendor: palo model: firewall
db: NVD ids: CVE-2024-9474, CVE-2024-0012

Critical vulnerabilities found in Mongoose Web Server Library, updating to v7.15 remediates issues - Industrial Cyber

Trust: 4.5

Fetched: Nov. 20, 2024, 9:38 a.m., Published: Nov. 18, 2024, 10:16 a.m.
 Vulnerabilities: memory corruption, denial of service, system crash
Affected productsExternal IDs
vendor: embedthis model: goahead
vendor: embedthis model: goahead web server
vendor: cesanta model: mongoose
db: NVD ids: CVE-2024-42386, CVE-2024-42384

Memory Management Vulnerability in Linux Kernel: rpcrdma Device Memory Leak

Trust: 4.75

Fetched: Nov. 20, 2024, 9:37 a.m., Published: Nov. 13, 2024, midnight
 Vulnerabilities: improper memory management, memory leak
Affected productsExternal IDs
db: NVD ids: CVE-2024-53077

Palo Alto Networks has identified a critical zero-day vulnerability - ThinScale

Trust: 4.25

Fetched: Nov. 20, 2024, 9:36 a.m., Published: Nov. 19, 2024, 3:41 p.m.
 Vulnerabilities: command execution, code execution
Affected productsExternal IDs
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo model: pan-os
vendor: palo model: networks
vendor: palo model: firewall

Chinese Hackers Hijacked Routers & IoT Devices to Create Botnet, NSA Warns

Trust: 3.0

Fetched: Nov. 20, 2024, 9:35 a.m., Published: Sept. 18, 2024, 3:04 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs

Record-Breaking 3.15 Billion Packets Per Second DDOS Attack Towards Minecraft Server

Trust: 4.5

Fetched: Nov. 20, 2024, 9:34 a.m., Published: Sept. 2, 2024, 6:59 a.m.
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-2231