Sign-up

VARIoT news about IoT security

CERT-In updates: Keep your Android and Apple devices safe | TechGig

Trust: 4.5

Fetched: Dec. 3, 2024, 10:03 a.m., Published: Nov. 28, 2024, 12:33 p.m.
 Vulnerabilities: code execution, memory corruption, information exposure...
Affected productsExternal IDs
vendor: google model: android
vendor: apple model: iphone
vendor: apple model: icloud
vendor: apple model: macos

CISA, NSA, and Partners Issue Annual Report on Top Exploited Vulnerabilities > National Security Agency/Central Security Service > Press Release View

Trust: 3.25

Fetched: Dec. 3, 2024, 10:02 a.m., Published: Nov. 12, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security

WordPress L Squared Hub WP plugin <= 1.0 - SQL Injection vulnerability - Patchstack

Trust: 3.25

Fetched: Dec. 3, 2024, 10:02 a.m., Published: Dec. 1, 2024, midnight
 Vulnerabilities: sql injection
Affected productsExternal IDs

Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution

Trust: 5.25

Fetched: Dec. 3, 2024, 10:02 a.m., Published: Dec. 2, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android

Samsung monthly updates: November 2024 security patch detailed - SamMobile

Trust: 4.0

Fetched: Dec. 3, 2024, 10:02 a.m., Published: Nov. 5, 2024, 1:44 a.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: samsung model: exynos
vendor: samsung model: samsung
vendor: samsung model: galaxy

CVE-2024-8938: Echelon Network Device Vulnerability - DEC Solutions Group

Trust: 3.0

Fetched: Dec. 3, 2024, 10:01 a.m., Published: Nov. 13, 2024, 5:31 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-8938

Cisco Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul Access Point Command Injection Vulnerability - Cisco

Trust: 3.0

Fetched: Dec. 3, 2024, 10:01 a.m., Published: Nov. 6, 2024, 10:18 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs

CVE-2023-20092 - vulnerability database | Vulners.com

Trust: 4.0

Fetched: Dec. 3, 2024, 9:56 a.m., Published: Nov. 15, 2024, 4:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco telepresence
vendor: cisco model: dx70
vendor: cisco model: telepresence mx series
vendor: cisco model: telepresence sx series
vendor: cisco model: telepresence
vendor: cisco model: series
vendor: cisco model: telepresence ce
vendor: cisco model: dx80
vendor: cisco model: roomos
db: NVD ids: CVE-2023-20092

Conducting a Comprehensive Medical Device Inventory for Enhanced Cybersecurity - Blue Goat Cyber

Trust: 3.75

Fetched: Dec. 3, 2024, 9:54 a.m., Published: Feb. 2, 2024, 8:16 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: serve model: serve

Annual Security Report: Emerging Cybersecurity Threats to Watch in 2025 | Thought Leadership | ShareVault

Trust: 3.75

Fetched: Dec. 3, 2024, 9:49 a.m., Published: Dec. 3, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: serve model: serve

Linux Kernel Vulnerability Fix: Null-Ptr Deref in Target_Alloc_Device() (CVE-2024-50153) | SecurityVulnerability.io - SecuirtyVulnerability.io

Trust: 5.25

Fetched: Dec. 3, 2024, 9:48 a.m., Published: Nov. 7, 2024, midnight
 Vulnerabilities: pointer reference problem
Affected productsExternal IDs
db: NVD ids: CVE-2024-50153

Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities

Trust: 4.25

Fetched: Dec. 3, 2024, 9:48 a.m., Published: Nov. 21, 2024, 9:28 a.m.
 Vulnerabilities: code execution, cross-site scripting
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: webkit
vendor: apple model: ipad
vendor: apple model: software update
vendor: apple model: safari
vendor: apple model: macos
vendor: apple model: ipad air
db: NVD ids: CVE-2024-44309, CVE-2024-44308

MediaTek Processor Vulnerabilities Let Attackers escalate privileges

Related entries in the VARIoT vulnerabilities database: VAR-202412-0091, VAR-202412-0245, VAR-202412-0282

Trust: 3.75

Fetched: Dec. 3, 2024, 9:47 a.m., Published: Dec. 2, 2024, 6:32 a.m.
 Vulnerabilities: privilege escalation, information disclosure, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2024-20135, CVE-2024-20137, CVE-2024-20134, CVE-2024-20129, CVE-2024-20139, CVE-2024-20127, CVE-2024-20125, CVE-2024-20132, CVE-2024-20136, CVE-2024-20116, CVE-2024-20138, CVE-2024-20131, CVE-2024-20133, CVE-2024-20128, CVE-2024-20130

CVE-2022-20931 Cisco Touch 10 Device Downgrade Attack Vulner... - vulnerability database | Vulners.com

Trust: 3.75

Fetched: Dec. 3, 2024, 9:47 a.m., Published: Nov. 15, 2024, 3:30 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco telepresence
vendor: cisco model: telepresence
vendor: cisco model: telepresence endpoint
db: NVD ids: CVE-2022-20931

Understanding and Exploiting CVE-2024-10914: A Critical Vulnerability in D-Link NAS Devices - Jaspreet Singh

Related entries in the VARIoT vulnerabilities database: VAR-202411-0293

Trust: 5.5

Fetched: Dec. 3, 2024, 9:47 a.m., Published: Dec. 1, 2024, 9:29 a.m.
 Vulnerabilities: injection attack, command injection
Affected productsExternal IDs
vendor: dlink model: dns-320lw
vendor: dlink model: dns-325
vendor: dlink model: dns-340l
vendor: dlink model: dns-320
vendor: d-link model: dns-320lw
vendor: d-link model: dns-325
vendor: d-link model: dns-340l
vendor: d-link model: dns-320
db: NVD ids: CVE-2024-10914

Billion Electric 4G/LTE routers patched to plug catastrophic CVSS level 10 severity flaw | Tom's Hardware

Trust: 5.75

Fetched: Dec. 3, 2024, 9:46 a.m., Published: Dec. 2, 2024, 4:24 p.m.
 Vulnerabilities: authentication bypass, os command injection, command injection
Affected productsExternal IDs
vendor: d-link model: router
db: NVD ids: CVE-2024-11983, CVE-2024-11980, CVE-2024-11981, CVE-2024-11982

BSI - Cyber Resilience Act - Cyber Resilience Act

Trust: 3.75

Fetched: Dec. 3, 2024, 9:45 a.m., Published: Dec. 2, 2024, 12:26 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: serve model: serve

CVE-2024-50381 - Missing Authentication for Critical Function in Snap One OVRC cloud - SecAlerts

Trust: 3.25

Fetched: Dec. 3, 2024, 9:45 a.m., Published: Dec. 8, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-50381

Top 7 Endpoint Protection Solutions for 2025

Trust: 4.5

Fetched: Dec. 3, 2024, 9:44 a.m., Published: Nov. 28, 2024, 11:34 a.m.
 Vulnerabilities: code injection
Affected productsExternal IDs
vendor: rising model: antivirus
vendor: trend model: antivirus
vendor: trend model: data loss prevention
vendor: trend model: security
vendor: trend micro model: antivirus
vendor: trend micro model: data loss prevention
vendor: trend micro model: security
vendor: sophos model: firewall
vendor: sophos model: endpoint protection
vendor: sophos model: mobile

Small number of vulnerabilities patched in last Android security update of 2024 | CyberScoop

Trust: 5.75

Fetched: Dec. 3, 2024, 9:41 a.m., Published: Dec. 2, 2024, 9:14 p.m.
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2024-43767