VARIoT latest news about IoT security

Samsung Updates Devices with 25 Patches - CyberMaterial Trust: 5.5 Fetched: May 10, 2024, 9:29 a.m., Published: May 8, 2024, 1:52 p.m.	Vulnerabilities: privilege escalation, code execution, authentication bypass...

Affected products

External IDs

vendor:	google	model:	android
vendor:	samsung	model:	mobile devices
vendor:	samsung	model:	mobile

db:

NVD

ids:

CVE-2024-20856, CVE-2024-20855, CVE-2024-20866

These LG TVs Have Major Security Vulnerabilities \| Lifehacker Trust: 3.25 Fetched: May 10, 2024, 9:28 a.m., Published: April 12, 2024, 3:30 p.m.	Vulnerabilities: -

Affected products	External IDs

Rockwell Automation FactoryTalk Historian SE \| CISA Trust: 3.5 Fetched: May 10, 2024, 9:26 a.m., Published: May 10, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	rockwell automation	model:	factorytalk
vendor:	rockwell automation	model:	automation factorytalk
vendor:	rockwell	model:	factorytalk
vendor:	rockwell	model:	automation factorytalk
vendor:	aveva	model:	edge

db:

NVD

ids:

CVE-2023-31274, CVE-2023-34348

Issue 245: Delinea patches API vulnerability, API vulnerability in Palo Alto devices - API Security News Trust: 4.5 Fetched: May 10, 2024, 9:25 a.m., Published: May 3, 2024, 9:56 a.m.	Vulnerabilities: code execution, buffer overflow, sql injection...

Affected products

External IDs

vendor:

palo

model:

pan-os

db:

NVD

ids:

CVE-2024-3400

WordPress plugin vulnerability poses severe security risk, allows for site takeovers \| TechSpot Trust: 4.0 Fetched: May 10, 2024, 9:24 a.m., Published: May 10, 4070, midnight	Vulnerabilities: sql injection

Affected products

External IDs

db:

NVD

ids:

CVE-2024-27956

CyberPower PowerPanel Enterprise Power Device Network Utility Multiple Vulnerabilities - Research Advisory \| Tenable® Trust: 3.0 Fetched: May 10, 2024, 9:24 a.m., Published: May 9, 2024, 2:39 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2024-32738, CVE-2024-32735, CVE-2024-32736, CVE-2024-32739, CVE-2024-32737

GreyNoise Intelligence \| Cybersecurity Blog Related entries in the VARIoT vulnerabilities database: VAR-201905-0597, VAR-201909-0160, VAR-202103-0773 Trust: 5.5 Fetched: May 10, 2024, 9:23 a.m., Published: May 10, 2024, midnight	Vulnerabilities: privilege escalation, command injection

Affected products

External IDs

vendor:	cisco	model:	router
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	cisco ios xe
vendor:	snort	model:	snort

db:

NVD

ids:

CVE-2019-1862, CVE-2019-12650, CVE-2021-1435, CVE-2023-20198, CVE-2023-20273

How to do a full website vulnerability assessment with Pentest-Tools.com \| Pentest-Tools.com Blog Trust: 3.25 Fetched: May 10, 2024, 9:17 a.m., Published: May 2, 2024, midnight	Vulnerabilities: default credentials, brute force attack, os command injection...

Affected products

External IDs

vendor:	cisco	model:	cisco routers
vendor:	cisco	model:	routers

Cybersecurity Threat Advisory: RCE vulnerabilities in HPE Aruba Networking devices Trust: 5.5 Fetched: May 10, 2024, 9:16 a.m., Published: May 8, 2024, 6:54 p.m.	Vulnerabilities: code execution, buffer overflow

Affected products

External IDs

vendor:	aruba	model:	arubaos
vendor:	barracuda	model:	barracuda

db:

NVD

ids:

CVE-2024-33511, CVE-2024-33512, CVE-2024-26304, CVE-2024-26305

20+ Xiaomi Vulnerabilities Put Users’ Data and Devices at Risk Trust: 4.75 Fetched: May 10, 2024, 9:15 a.m., Published: May 8, 2024, 12:38 p.m.	Vulnerabilities: memory corruption

Affected products

External IDs

vendor:	xiaomi	model:	miui
vendor:	xiaomi	model:	browser

Critical F5 Vulnerabilities: Hackers Could Take Over Devices Trust: 3.25 Fetched: May 10, 2024, 9:14 a.m., Published: May 10, 2024, 8:30 a.m.	Vulnerabilities: sql injection

Affected products

External IDs

db:

NVD

ids:

CVE-2024-26026, CVE-2024-21793

Big Vulnerabilities in Next-Gen BIG-IP - Eclypsium \| Supply Chain Security for the Modern Enterprise Trust: 5.75 Fetched: May 10, 2024, 9:13 a.m., Published: May 8, 2024, 4 p.m.	Vulnerabilities: sql injection

Affected products

External IDs

vendor:

cisco

model:

series

db:

NVD

ids:

CVE-2024-26026, CVE-2024-21793

Botnets Continue Exploiting CVE-2023-1389 for Wide-Scale Spread \| FortiGuard Labs Related entries in the VARIoT vulnerabilities database: VAR-202303-1268 Trust: 4.5 Fetched: May 10, 2024, 9:11 a.m., Published: April 16, 2024, 3 p.m.	Vulnerabilities: denial of service, command injection, brute force attack

Affected products

External IDs

db:

NVD

ids:

CVE-2023-1389

20 Security Issues Found in Xiaomi Devices \| Oversecured Blog Trust: 4.25 Fetched: May 10, 2024, 9:09 a.m., Published: May 20, 2024, midnight	Vulnerabilities: memory corruption, traversal attack, path traversal...

Affected products

External IDs

vendor:	xiaomi	model:	miui
vendor:	google	model:	android
vendor:	google	model:	wifi
vendor:	delegate	model:	delegate

Delta Electronics InfraSuite Device Master \| CISA Trust: 4.75 Fetched: May 10, 2024, 9:09 a.m., Published: May 10, 2023, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	trend	model:	security
vendor:	trend micro	model:	security

db:

NVD

ids:

CVE-2023-46604

Multiple Xiaomi Android Devices Flaw : Attackers Hijack Phones Trust: 3.75 Fetched: May 10, 2024, 9:08 a.m., Published: May 6, 2024, 11:29 a.m.	Vulnerabilities: memory corruption, command injection

Affected products

External IDs

vendor:

xiaomi

model:

miui

Vulnerability Assessment/Scanning Trust: 3.5 Fetched: May 10, 2024, 9:06 a.m., Published: May 10, 2024, midnight	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:	citrix	model:	netscaler
vendor:	palo alto networks	model:	pan-os
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	firewall
vendor:	palo	model:	pan-os
vendor:	palo	model:	networks
vendor:	palo	model:	firewall

Cisco IOS XE Software for Wireless LAN Controllers Multicast DNS Denial of Service Vulnerability Trust: 4.0 Fetched: May 8, 2024, 9:22 a.m., Published: March 27, 2024, 3:55 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	wireless lan controllers
vendor:	cisco	model:	cisco ios xe
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	ios xe

Vulnerability Summary for the Week of April 22, 2024 \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202404-1912, VAR-202404-1373, VAR-202404-2629, VAR-202404-1559, VAR-202404-1374, VAR-202404-2082, VAR-202404-1726 Trust: 5.25 Fetched: May 8, 2024, 9:18 a.m., Published: April 22, 2024, midnight	Vulnerabilities: certificate validation vulnerability, request forgery, privilege escalation...

Affected products

External IDs

vendor:	cisco	model:	routers
vendor:	cisco	model:	router
vendor:	cisco	model:	telepresence management suite
vendor:	cisco	model:	cisco telepresence
vendor:	cisco	model:	cisco telepresence management suite
vendor:	cisco	model:	telepresence
vendor:	apple	model:	itunes
vendor:	apple	model:	tvos
vendor:	apple	model:	macos
vendor:	apple	model:	safari
vendor:	apple	model:	watchos
vendor:	lenovo	model:	system
vendor:	lenovo	model:	yoga
vendor:	ruijie	model:	router
vendor:	samsung	model:	notes
vendor:	samsung	model:	samsung galaxy
vendor:	samsung	model:	galaxy
vendor:	samsung	model:	note
vendor:	samsung	model:	mobile
vendor:	d-link	model:	dap-2695
vendor:	d-link	model:	dir-822
vendor:	d-link	model:	dap-2360
vendor:	d-link	model:	dap-2690
vendor:	d-link	model:	dap-2310
vendor:	d-link	model:	dap-2230
vendor:	d-link	model:	router
vendor:	d-link	model:	dap-2553
vendor:	d-link	model:	dap-2330
vendor:	d-link	model:	dap-3662
vendor:	nokia	model:	impact
vendor:	asus	model:	routers
vendor:	asus	model:	router
vendor:	asus	model:	asus
vendor:	asus	model:	rt-n12
vendor:	google	model:	android
vendor:	tenda	model:	router
vendor:	motorola	model:	android
vendor:	motorola	model:	motorola

db:

NVD

ids:

CVE-2024-33665, CVE-2023-38301, CVE-2024-33217, CVE-2024-3261, CVE-2024-23228, CVE-2022-48611, CVE-2024-32418, CVE-2024-32051, CVE-2023-38300, CVE-2024-28325, CVE-2024-33213, CVE-2024-31609, CVE-2024-2972, CVE-2023-52646416, CVE-2024-27574, CVE-2024-33247, CVE-2024-33667, CVE-2024-31828, CVE-2023-38296, CVE-2024-23527, CVE-2024-3075, CVE-2022-46897, CVE-2023-20248, CVE-2024-26923416, CVE-2024-31741, CVE-2024-33663, CVE-2023-38295, CVE-2024-29661, CVE-2024-3265, CVE-2023-48184, CVE-2024-32358, CVE-2024-29205, CVE-2024-31077, CVE-2024-27349, CVE-2023-51794, CVE-2024-28699, CVE-2024-28436, CVE-2024-22813, CVE-2024-31545, CVE-2024-22632, CVE-2022-34561, CVE-2023-38290, CVE-2024-21319, CVE-2024-33851, CVE-2024-32238, CVE-2024-28722, CVE-2024-32405, CVE-2024-29368, CVE-2023-38291, CVE-2024-3048, CVE-2024-33260, CVE-2024-28613, CVE-2024-28890, CVE-2022-35503, CVE-2024-32324, CVE-2024-30886, CVE-2024-28326, CVE-2023-38294, CVE-2024-32406, CVE-2024-33344, CVE-2024-2310, CVE-2024-29217, CVE-2024-31502, CVE-2024-28328, CVE-2024-31406, CVE-2024-2159, CVE-2024-32236, CVE-2024-33661, CVE-2024-2429, CVE-2024-32399, CVE-2022-29217, CVE-2024-33214, CVE-2024-31601, CVE-2024-0905, CVE-2024-33342, CVE-2024-28717, CVE-2024-31615, CVE-2024-32368, CVE-2024-2402, CVE-2024-2908, CVE-2023-38299, CVE-2024-23271, CVE-2024-0151, CVE-2023-48183, CVE-2024-28327, CVE-2024-30799, CVE-2024-31857, CVE-2024-33668, CVE-2024-29733, CVE-2023-26603, CVE-2024-30890, CVE-2024-32394, CVE-2023-47252, CVE-2023-7252, CVE-2024-22808, CVE-2024-31804, CVE-2024-30800, CVE-2024-31036, CVE-2024-2907, CVE-2024-31551, CVE-2024-33255, CVE-2024-3058, CVE-2024-31616, CVE-2024-33666, CVE-2024-26925416, CVE-2024-22811, CVE-2024-33259, CVE-2024-2837, CVE-2024-2404, CVE-2024-3059, CVE-2023-38297, CVE-2024-33211, CVE-2024-1743, CVE-2023-38302, CVE-2022-34562, CVE-2024-31574, CVE-2024-33215, CVE-2024-33531, CVE-2023-38292, CVE-2024-31610, CVE-2023-38298, CVE-2024-28322, CVE-2024-22809, CVE-2024-33664, CVE-2023-6237, CVE-2024-29660, CVE-2024-32407, CVE-2024-32404, CVE-2024-1756, CVE-2024-22807, CVE-2023-38293, CVE-2024-2439, CVE-2024-3076, CVE-2024-31755, CVE-2024-3188, CVE-2024-32258, CVE-2024-33258, CVE-2024-27347, CVE-2023-7253, CVE-2024-2603, CVE-2024-31666, CVE-2024-22633, CVE-2024-33212, CVE-2022-34560, CVE-2024-27791, CVE-2024-26924416, CVE-2024-3060, CVE-2024-26922416, CVE-2024-33343, CVE-2024-30939, CVE-2024-22856, CVE-2024-29376, CVE-2024-28627, CVE-2024-27348, CVE-2024-25343, CVE-2024-26926416, CVE-2024-30804, CVE-2024-22815

“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps \| Microsoft Security Blog Trust: 3.25 Fetched: May 8, 2024, 9:07 a.m., Published: May 1, 2024, midnight	Vulnerabilities: code execution, path traversal

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	home
vendor:	xiaomi	model:	browser

VARIoT news about IoT security