Sign-up

VARIoT news about IoT security

12 Mobile App Scanner to Find Security Vulnerabilities

Trust: 4.5

Fetched: Dec. 27, 2024, 9:18 a.m., Published: Dec. 26, 2016, 12:07 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: android
vendor: apple model: macos
vendor: apple model: iphone
vendor: apple model: java

Thousands of SonicWall VPN devices are facing worrying security threats | TechRadar

Trust: 4.0

Fetched: Dec. 27, 2024, 9:18 a.m., Published: Dec. 18, 2024, 8:16 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: sonicwall model: ssl vpn

Microsoft patches worrying zero-day along with 71 other flaws | TechRadar

Trust: 4.0

Fetched: Dec. 27, 2024, 9:18 a.m., Published: Dec. 12, 2024, 7:01 p.m.
 Vulnerabilities: buffer overflow, information disclosure, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2024-49138

Palo Alto Networks Firewall Vulnerability "CVE-2024-3393" Exploited in the Wild

Trust: 5.75

Fetched: Dec. 27, 2024, 9:17 a.m., Published: Dec. 27, 2024, 3:37 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: palo model: pan-os
vendor: palo model: firewall
vendor: palo model: networks
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
db: NVD ids: CVE-2024-3393

CVE-2024-10914: A Critical Vulnerability in D-Link NAS Devices - CYFIRMA

Related entries in the VARIoT vulnerabilities database: VAR-202411-0293

Trust: 4.25

Fetched: Dec. 27, 2024, 9:15 a.m., Published: Dec. 27, 2024, 6:24 a.m.
 Vulnerabilities: os command injection, command injection
Affected productsExternal IDs
vendor: d-link model: dns-340l
vendor: d-link model: dns-325
vendor: d-link model: dns-320
vendor: d-link model: dns-320lw
vendor: d-link model: router
db: NVD ids: CVE-2024-10914

SD1682 | Security Advisory | Rockwell Automation

Trust: 3.75

Fetched: Dec. 27, 2024, 9:15 a.m., Published: May 16, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: rockwell automation model: guardlogix
vendor: rockwell automation model: controllogix
vendor: rockwell model: guardlogix
vendor: rockwell model: controllogix
db: NVD ids: CVE-2024-6242

Active Directory Certificate Services Vulnerability Let Attackers Escalate Privileges

Trust: 3.0

Fetched: Dec. 25, 2024, 9:26 a.m., Published: Nov. 29, 2024, 4:43 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-49019

Apache Foundation fixed a severe Tomcat vulnerability

Trust: 4.25

Fetched: Dec. 25, 2024, 9:25 a.m., Published: Dec. 24, 2024, 8:31 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-56337, CVE-2024-50379

Synology patches critical vulnerabilities, urges users…

Trust: 3.75

Fetched: Dec. 24, 2024, 9:24 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security

Critical Flaws detected in Sophos Firewall

Trust: 5.5

Fetched: Dec. 24, 2024, 9:22 a.m., Published: Dec. 24, 2024, 6:14 a.m.
 Vulnerabilities: code injection, code execution, sql injection
Affected productsExternal IDs
vendor: sophos model: firewall
db: NVD ids: CVE-2024-12729, CVE-2024-12727, CVE-2024-12728

Update Canonical Ubuntu Desktop: USN-7174-1: GStreamer vulnerability

Trust: 4.25

Fetched: Dec. 24, 2024, 9:22 a.m., Published: Jan. 24, 7174, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu

Sophos Firewall Fixes Critical Remote Code Execution Vulnerability - VULNERA

Trust: 4.5

Fetched: Dec. 24, 2024, 9:22 a.m., Published: Dec. 20, 2024, 3:31 p.m.
 Vulnerabilities: code execution, sql injection
Affected productsExternal IDs
vendor: sophos model: firewall
db: NVD ids: CVE-2024-12729, CVE-2024-12727, CVE-2024-12728

CISA Warns of Critical Vulnerabilities in NUUO and Reolink Devices | Windows Forum

Related entries in the VARIoT vulnerabilities database: VAR-201808-0424, VAR-202201-0642, VAR-202201-2026, VAR-201904-1024

Trust: 5.25

Fetched: Dec. 24, 2024, 9:21 a.m., Published: May 24, 2024, midnight
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
vendor: reolink model: rlc-410w
vendor: nuuo model: crystal
vendor: nuuo model: nvrmini
vendor: nuuo model: nvrmini 2
db: NVD ids: CVE-2018-14933, CVE-2021-40407, CVE-2022-23227, CVE-2019-11001

DigiEver IoT Devices Exploited for Mirai Malware Attack

Related entries in the VARIoT vulnerabilities database: VAR-202303-1268, VAR-201810-0455

Trust: 5.5

Fetched: Dec. 24, 2024, 9:20 a.m., Published: Dec. 20, 2024, 8:12 a.m.
 Vulnerabilities: command injection, default credentials, code execution
Affected productsExternal IDs
vendor: huawei model: huawei
vendor: tp-link model: routers
db: NVD ids: CVE-2023-1389, CVE-2018-17532

"Vulnerability Assessment for Smart Home Devices | Professional Certificate"

Trust: 3.0

Fetched: Dec. 24, 2024, 9:17 a.m., Published: Dec. 24, 2024, 9:17 a.m.
 Vulnerabilities: -
Affected productsExternal IDs

Understanding and Mitigating CVE-2024-47864: A Buffer Overflow Vulnerability in Sharp Devices

Trust: 5.0

Fetched: Dec. 24, 2024, 9:15 a.m., Published: -
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2024-47864

MediaTek Bluetooth Chipset Vulnerabilities Affected of 1.5 Billion Android Users

Trust: 3.75

Fetched: Dec. 24, 2024, 9:14 a.m., Published: Dec. 2, 2024, 5:38 a.m.
 Vulnerabilities: information disclosure, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2024-20132, CVE-2024-20133, CVE-2024-20134, CVE-2024-20136, CVE-2024-20135, CVE-2024-20137, CVE-2024-20128, CVE-2024-20130, CVE-2024-20138, CVE-2024-20139, CVE-2024-20129, CVE-2024-20125, CVE-2024-20131, CVE-2024-20127

Cyble Sensors Detect Attacks On Ivanti, PHP, SAML, Network Devices, And More

Related entries in the VARIoT vulnerabilities database: VAR-202303-1268

Trust: 5.5

Fetched: Dec. 24, 2024, 9:13 a.m., Published: Dec. 24, 2024, 7:58 a.m.
 Vulnerabilities: information disclosure, authentication bypass, brute force attack...
Affected productsExternal IDs
vendor: tp-link model: gateway
vendor: cisco model: cisco ios
vendor: cisco model: ios xe
vendor: cisco model: cisco ios xe
vendor: citrix model: netscaler adc
vendor: citrix model: netscaler
vendor: citrix model: gateway
db: NVD ids: CVE-2023-20198, CVE-2023-46747, CVE-2023-20273, CVE-2017-0147, CVE-2023-4966, CVE-2024-4577, CVE-2023-47643, CVE-2024-7593, CVE-2023-1389, CVE-2024-45409

New Androxgh0st botnet targets vulnerabilities in IoT devices and web applications via Mozi integration | TechRadar

Related entries in the VARIoT vulnerabilities database: VAR-202303-1268

Trust: 4.5

Fetched: Dec. 24, 2024, 9:12 a.m., Published: Dec. 22, 2024, 9:03 p.m.
 Vulnerabilities: code execution, file inclusion, command injection...
Affected productsExternal IDs
vendor: tp-link model: routers
vendor: cisco model: routers
db: NVD ids: CVE-2021-26086, CVE-2024-36401, CVE-2018-15133, CVE-2017-9841, CVE-2023-1389

SHARP Routers Vulnerabilities Lets Attacker Trigger RCE to Gain Root Acces

Trust: 4.75

Fetched: Dec. 24, 2024, 9:11 a.m., Published: Dec. 23, 2024, 5:23 a.m.
 Vulnerabilities: privilege escalation, os command injection, buffer overflow...
Affected productsExternal IDs
db: NVD ids: CVE-2024-46873, CVE-2024-54082, CVE-2024-45721, CVE-2024-47864, CVE-2024-52321