VARIoT latest news about IoT security

Top 8 Mobile Code Vulnerabilities and How to Avoid them Trust: 3.5 Fetched: May 17, 2024, 9:23 a.m., Published: March 23, 2022, midnight	Vulnerabilities: privilege escalation, authentication bypass

Affected products

External IDs

vendor:

delegate

model:

delegate

10 Effective Ways to Protect Your Devices from Wi-Fi Vulnerability Trust: 4.5 Fetched: May 17, 2024, 9:16 a.m., Published: June 22, 2023, 5:54 p.m.	Vulnerabilities: default administrator password

Affected products

External IDs

vendor:

essential

model:

phone

Hey, Siri: Hackers Can Control Smart Devices Using Inaudible Sounds Trust: 3.75 Fetched: May 17, 2024, 9:15 a.m., Published: May 5, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	home
vendor:	google	model:	google home

Remote Code Execution (RCE) \| Types, Examples & Mitigation \| Imperva Related entries in the VARIoT vulnerabilities database: VAR-202104-0752, VAR-202112-1782, VAR-202112-0562, VAR-202112-0566 Trust: 5.25 Fetched: May 17, 2024, 9:15 a.m., Published: Dec. 20, 2023, 3:52 p.m.	Vulnerabilities: privilege escalation, injection attack, service disruption...

Affected products

External IDs

vendor:	imperva	model:	web application firewall
vendor:	apple	model:	safari
vendor:	apple	model:	macos
vendor:	apple	model:	watchos

db:

NVD

ids:

CVE-2021-1844, CVE-2019-8942, CVE-2021-45105, CVE-2020-17051, CVE-2021-45046, CVE-2021-44228

OWASP Internet of Things \| OWASP Foundation Trust: 3.75 Fetched: May 17, 2024, 9:14 a.m., Published: May 10, 2024, midnight	Vulnerabilities: code execution

Affected products	External IDs

What is CVE? Common Vulnerabilities & Exposures - CrowdStrike Related entries in the VARIoT vulnerabilities database: VAR-202112-0566 Trust: 4.0 Fetched: May 17, 2024, 9:13 a.m., Published: March 19, 2024, 5:29 p.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2021-34523, CVE-2021-34473, CVE-2021-44228, CVE-2021-31207

The Top 10 IoT Security Tools \| Expert Insights Trust: 3.25 Fetched: May 15, 2024, 9:08 a.m., Published: Aug. 14, 2023, 9:33 a.m.	Vulnerabilities: -

Affected products	External IDs

Is Smart Home Security Easily Hacked? Here's Everything You Should Know - CNET Trust: 3.25 Fetched: May 12, 2024, 9:27 a.m., Published: May 12, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	dahua	model:	camera
vendor:	huawei	model:	huawei

Critical vulnerabilities in BIG-IP appliances leave big networks open to intrusion \| Ars Technica Trust: 3.75 Fetched: May 12, 2024, 9:08 a.m., Published: May 8, 2024, 9:35 p.m.	Vulnerabilities: sql injection

Affected products

External IDs

db:

NVD

ids:

CVE-2024-26026, CVE-2024-21793

CyberPower PowerPanel Enterprise Power Device Network Utility Multiple Vulnerabilities \| allinfosecnews.com Trust: 3.0 Fetched: May 10, 2024, 9:47 a.m., Published: May 9, 2024, 2:39 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2024-32735

Top 100 web vulnerabilities. Injection Vulnerabilities: 1. SQL… \| by Cysigma \| Apr, 2024 \| Medium Trust: 3.0 Fetched: May 10, 2024, 9:45 a.m., Published: -	Vulnerabilities: code execution, file inclusion, cross-site scripting...

Affected products	External IDs

Identification of Big-IP icontrol Rest Vulnerability CVE-2022-1388 by Moon Treader - Vehere Related entries in the VARIoT vulnerabilities database: VAR-202205-0394 Trust: 5.0 Fetched: May 10, 2024, 9:44 a.m., Published: May 9, 2024, 8:50 a.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2022-1388

Decoding D-Link NAS Vulnerabilities: Risks And Mitigation Related entries in the VARIoT vulnerabilities database: VAR-202404-0070, VAR-202404-0069 Trust: 4.75 Fetched: May 10, 2024, 9:43 a.m., Published: April 12, 2024, 4:11 a.m.	Vulnerabilities: command injection

Affected products

External IDs

vendor:	d-link	model:	dns-325
vendor:	d-link	model:	dns-320l
vendor:	d-link	model:	dns-340l
vendor:	d-link	model:	dns-327l

db:

NVD

ids:

CVE-2024-3273, CVE-2024-3272

Frontiers \| Anomalous process detection for Internet of Things based on K-Core Trust: 3.75 Fetched: May 10, 2024, 9:38 a.m., Published: April 4, 2024, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

google

model:

home

Vulnerability support in Microsoft Defender Vulnerability Management - Microsoft Defender Vulnerability Management \| Microsoft Learn Related entries in the VARIoT vulnerabilities database: VAR-201912-0871, VAR-202211-0556, VAR-201708-0792, VAR-202005-1052, VAR-202211-0557, VAR-202111-1183, VAR-202211-0554, VAR-202211-0558, VAR-202309-0672 Trust: 3.75 Fetched: May 10, 2024, 9:33 a.m., Published: June 27, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	siemens	model:	wincc
vendor:	siemens	model:	sinec nms
vendor:	siemens	model:	simatic
vendor:	siemens	model:	simatic wincc
vendor:	siemens	model:	simatic wincc runtime
vendor:	palo	model:	networks
vendor:	samsung	model:	note
vendor:	lenovo	model:	desktop
vendor:	lenovo	model:	thinkcentre m700 firmware
vendor:	lenovo	model:	thinkpad t480
vendor:	lenovo	model:	yoga
vendor:	lenovo	model:	thinkpad
vendor:	lenovo	model:	thinkcentre m700
vendor:	lenovo	model:	updates
vendor:	cisco	model:	netscaler gateway
vendor:	palo alto networks	model:	networks
vendor:	zoom	model:	client
vendor:	node.js	model:	node.js
vendor:	ignite realtime	model:	openfire
vendor:	osisoft	model:	pi server
vendor:	ignite	model:	realtime openfire

db:

NVD

ids:

CVE-2023-28388, CVE-2023-26258, CVE-2019-14568, CVE-2021-36234, CVE-2023-38802, CVE-2023-4373, CVE-2020-10519, CVE-2022-31799, CVE-2022-29893, CVE-2023-24881, CVE-2021-31693, CVE-2017-17408, CVE-2021-22514, CVE-2023-35637, CVE-2020-26941, CVE-2021-22570, CVE-2020-11541, CVE-2017-13774, CVE-2023-36397, CVE-2022-48435, CVE-2020-36160, CVE-2023-46587, CVE-2023-22524, CVE-2017-17409, CVE-2024-1709, CVE-2022-3167, CVE-2022-0778, CVE-2024-0819, CVE-2023-47246, CVE-2022-35909, CVE-2023-3817, CVE-2023-29338, CVE-2023-48995, CVE-2022-40011, CVE-2023-48670, CVE-2020-9484, CVE-2023-32558, CVE-2022-27497, CVE-2021-36324, CVE-2023-24329, CVE-2021-22499, CVE-2023-31102, CVE-2023-47248, CVE-2021-33159, CVE-2022-43946, CVE-2023-48795, CVE-2022-26845, CVE-2021-3606, CVE-2023-38545, CVE-2021-3519, CVE-2014-5455, CVE-2023-28759, CVE-2023-4966, CVE-2021-22500, CVE-2023-6129, CVE-2023-36884, CVE-2023-3935, CVE-2017-17410, CVE-2024-1708, CVE-2023-3446, CVE-2023-38831, CVE-2023-40477, CVE-2023-40481, CVE-2021-36283, CVE-2021-22863

Vulnerability Recap 4/15/24: Palo Alto, Microsoft, Ivanti Exploits Trust: 5.25 Fetched: May 10, 2024, 9:31 a.m., Published: April 15, 2024, 9:17 p.m.	Vulnerabilities: privilege escalation, code execution, command injection...

Affected products

External IDs

vendor:	palo	model:	pan-os
vendor:	palo	model:	networks
vendor:	palo	model:	firewall
vendor:	palo alto networks	model:	pan-os
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	firewall

db:

NVD

ids:

CVE-2023-45590, CVE-2024-31492, CVE-2024-3383, CVE-2023-6320, CVE-2024-21755, CVE-2024-29990, CVE-2024-3384, CVE-2024-3382, CVE-2023-45588, CVE-2024-21894, CVE-2023-41677, CVE-2024-23671, CVE-2024-24576, CVE-2023-6317, CVE-2023-6318, CVE-2024-21756, CVE-2023-6319, CVE-2024-3385, CVE-2024-3400

2 (or 5) Bugs in F5 Asset Manager Allow Full Takeover, Hidden Accounts Trust: 4.5 Fetched: May 10, 2024, 9:29 a.m., Published: May 5, 2024, midnight	Vulnerabilities: code execution, sql injection, request forgery

Affected products

External IDs

vendor:

palo

model:

networks

db:

NVD

ids:

CVE-2024-26026, CVE-2024-21793

Palo Alto Networks discloses RCE zero-day vulnerability \| TechTarget Trust: 4.5 Fetched: May 10, 2024, 9:29 a.m., Published: April 12, 2024, midnight	Vulnerabilities: command injection, code injection

Affected products

External IDs

vendor:	palo	model:	firewall
vendor:	palo	model:	palo alto networks globalprotect
vendor:	palo	model:	networks globalprotect
vendor:	palo	model:	pan-os
vendor:	palo	model:	networks
vendor:	palo alto networks	model:	firewall
vendor:	palo alto networks	model:	palo alto networks globalprotect
vendor:	palo alto networks	model:	networks globalprotect
vendor:	palo alto networks	model:	pan-os
vendor:	palo alto networks	model:	networks

db:

NVD

ids:

CVE-2024-3400

Samsung Updates Devices with 25 Patches - CyberMaterial Trust: 5.5 Fetched: May 10, 2024, 9:29 a.m., Published: May 8, 2024, 1:52 p.m.	Vulnerabilities: privilege escalation, code execution, authentication bypass...

Affected products

External IDs

vendor:	google	model:	android
vendor:	samsung	model:	mobile devices
vendor:	samsung	model:	mobile

db:

NVD

ids:

CVE-2024-20856, CVE-2024-20855, CVE-2024-20866

These LG TVs Have Major Security Vulnerabilities \| Lifehacker Trust: 3.25 Fetched: May 10, 2024, 9:28 a.m., Published: April 12, 2024, 3:30 p.m.	Vulnerabilities: -

Affected products	External IDs

VARIoT news about IoT security