Sign-up

VARIoT news about IoT security

IoT Vulnerabilities for Cybersecurity

Trust: 3.25

Fetched: Oct. 9, 2024, 9:22 a.m., Published: Oct. 2, 2024, midnight
 Vulnerabilities: denial of service, default password
Affected productsExternal IDs
vendor: google model: wifi
vendor: google model: home

New Scanner Released to Detect CUPS RCE Vulnerability CVE-2024-47176 | Black Hat Ethical Hacking

Trust: 5.0

Fetched: Oct. 9, 2024, 9:22 a.m., Published: Oct. 9, 2024, 8:18 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cups model: cups
db: NVD ids: CVE-2024-47176

Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited

Trust: 4.75

Fetched: Oct. 9, 2024, 9:20 a.m., Published: Oct. 8, 2024, 4:38 p.m.
 Vulnerabilities: code execution, sql injection, os command injection...
Affected productsExternal IDs
db: NVD ids: CVE-2024-9379, CVE-2024-8963, CVE-2024-8190, CVE-2024-9380, CVE-2024-9381, CVE-2024-29824

Following the Trail of Flax Typhoon to Uncover Newly Discovered Vulnerabilities in Linear Emerge Access Control Devices

Related entries in the VARIoT vulnerabilities database: VAR-201907-0157

Trust: 3.75

Fetched: Oct. 9, 2024, 9:19 a.m., Published: Oct. 8, 2024, midnight
 Vulnerabilities: os command injection, code execution, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2019-7256, CVE-2024-9441

Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202205-0394

Trust: 4.5

Fetched: Oct. 9, 2024, 9:17 a.m., Published: Oct. 9, 2023, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: citrix model: netscaler
vendor: check point model: check point
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: pan-os
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo model: pan-os
vendor: sophos model: firewall
db: NVD ids: CVE-2024-24919, CVE-2024-3400, CVE-2022-1388, CVE-2023-3519, CVE-2024-21887, CVE-2019-19781

High-severity Qualcomm zero-day vulnerability under attack | TechTarget

Trust: 5.0

Fetched: Oct. 9, 2024, 9:16 a.m., Published: Oct. 8, 2024, midnight
 Vulnerabilities: privilege escalation, code execution, memory corruption
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2024-43047

14 DrayTek vulnerabilities patched, including max-severity RCE flaw | SC Media

Related entries in the VARIoT vulnerabilities database: VAR-202407-1768

Trust: 5.25

Fetched: Oct. 8, 2024, 9:26 a.m., Published: Feb. 13, 2024, 7 p.m.
 Vulnerabilities: cross-site scripting, code execution, buffer overflow...
Affected productsExternal IDs
vendor: draytek model: draytek routers
vendor: draytek model: routers
vendor: draytek model: vigor
db: NVD ids: CVE-2024-41502, CVE-2024-41589, CVE-2024-41492, CVE-2024-41585

【Vulnerability Alert】 Multiple High-Risk Vulnerabilities Found in Planet Technology Switch Devices

Trust: 4.75

Fetched: Oct. 8, 2024, 9:26 a.m., Published: Oct. 8, 2024, midnight
 Vulnerabilities: privilege escalation, cross-site request forgery, request forgery
Affected productsExternal IDs
db: NVD ids: CVE-2024-8458, CVE-2024-8456, CVE-2024-8448

What Is A Virtual Machine Escape? How It Works & Examples | Twingate

Related entries in the VARIoT vulnerabilities database: VAR-201505-0417

Trust: 3.5

Fetched: Oct. 8, 2024, 9:23 a.m., Published: Aug. 7, 2024, midnight
 Vulnerabilities: buffer overflow, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2015-3456, CVE-2018-2698, CVE-2017-4903, CVE-2009-1244, CVE-2019-5183, CVE-2008-0923

New DDoS Attack Vector Discovered In CUPS, Exposing 58,000+ Vulnerable Devices Online

Trust: 4.75

Fetched: Oct. 8, 2024, 9:22 a.m., Published: Oct. 7, 2024, 6:53 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cups model: cups
db: NVD ids: CVE-2024-47176, CVE-2024-47076, CVE-2024-47177, CVE-2024-47175

XSS Attacks Possible With LiteSpeed Cache Plugin Vulnerability | ChannelE2E

Trust: 4.0

Fetched: Oct. 8, 2024, 9:22 a.m., Published: Oct. 7, 2024, midnight
 Vulnerabilities: cross-site scripting, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-47374, CVE-2024-7772, CVE-2024-44000

Version 6.22.2.10: Security Vulnerability Maintenance Release | Nexthink V6 Documentation

Trust: 5.0

Fetched: Oct. 8, 2024, 9:21 a.m., Published: June 22, 2002, 10 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2019-1552

【Vulnerability Alert】 Multiple High-Risk Vulnerabilities Found in Planet Technology Switch Devices

Trust: 4.75

Fetched: Oct. 8, 2024, 9:20 a.m., Published: Oct. 8, 2024, midnight
 Vulnerabilities: privilege escalation, cross-site request forgery, request forgery
Affected productsExternal IDs
db: NVD ids: CVE-2024-8458, CVE-2024-8456, CVE-2024-8448

SonicWall firewall CVE exploits linked to ransomware attacks | Cybersecurity Dive

Trust: 4.5

Fetched: Oct. 8, 2024, 9:19 a.m., Published: Sept. 10, 2024, midnight
 Vulnerabilities: improper access control, access control vulnerability
Affected productsExternal IDs
vendor: palo model: firewall
vendor: palo model: networks
vendor: palo model: ssl vpn
vendor: barracuda model: barracuda
vendor: barracuda model: running
vendor: sonicwall model: sonicos
vendor: sonicwall model: ssl vpn
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: palo alto networks model: ssl vpn
db: NVD ids: CVE-2024-40766

The What, Why and How of Medical Device Cybersecurity

Trust: 3.5

Fetched: Oct. 8, 2024, 9:17 a.m., Published: Oct. 3, 2024, midnight
 Vulnerabilities: information disclosure, denial of service
Affected productsExternal IDs
vendor: essential model: phone

Vulnerabilities in Espressif ESP-NOW Allow Attackers to Replay Communications

Trust: 3.75

Fetched: Oct. 6, 2024, 9:50 a.m., Published: Oct. 15, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: nozomi model: guardian
db: NVD ids: CVE-2024-42483, CVE-2024-42484

Akamai warns enterprises that VPN attacks will only increase | TechTarget

Trust: 3.75

Fetched: Oct. 6, 2024, 9:48 a.m., Published: Aug. 7, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2023-27996

Google patches 46 Android bugs, including exploited kernel flaw | SC Media

Trust: 4.75

Fetched: Oct. 6, 2024, 9:45 a.m., Published: June 11, 2024, 5 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2024-23350, CVE-2024-36971

Top Linux Security Vulnerabilities and How to Prevent Them | Sternum IoT

Related entries in the VARIoT vulnerabilities database: VAR-202101-1926, VAR-202203-0043

Trust: 3.5

Fetched: Oct. 6, 2024, 9:43 a.m., Published: Aug. 26, 2024, 12:10 p.m.
 Vulnerabilities: sql injection, denial of service, buffer overflow...
Affected productsExternal IDs
db: NVD ids: CVE-2021-3156, CVE-2023-1252, CVE-2024-4011, CVE-2024-3094, CVE-2023-2235, CVE-2022-0847, CVE-2023-40547

Hundreds of Acer, Dell, GIGABYTE, Intel, and Supermicro devices have had their UEFI Secure Boot platform keys leaked, putting them at risk of system compromise - GIGAZINE

Trust: 4.75

Fetched: Oct. 6, 2024, 9:36 a.m., Published: July 26, 2024, 2 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: dell model: bios