Sign-up

VARIoT news about IoT security

Cisco - Firepower device manager Vulnerability Maturity Index CVE

Trust: 3.0

Fetched: Nov. 17, 2024, 10:35 a.m., Published: Nov. 2, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: firepower
vendor: cisco model: device manager

Update Canonical Ubuntu Desktop: USN-7071-1: Linux kernel vulnerability

Trust: 4.0

Fetched: Nov. 17, 2024, 10:35 a.m., Published: Jan. 17, 7071, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2024-45016

Cisco Industrial Wireless Software Flaw Let Attackers Run Command As Root User

Trust: 3.75

Fetched: Nov. 17, 2024, 10:32 a.m., Published: Nov. 7, 2024, 2:54 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: aironet 2800 series
vendor: cisco model: catalyst iw6300
vendor: cisco model: aironet 1830 series
vendor: cisco model: aironet 1830
vendor: cisco model: series
vendor: cisco model: aironet 1810 series
vendor: cisco model: wireless lan controller
vendor: cisco model: aironet 4800
vendor: cisco model: aironet 3800 series
vendor: cisco model: aironet 1810
vendor: cisco model: aironet
vendor: cisco model: aironet 2800
vendor: cisco model: aironet 1540
vendor: cisco model: aironet 1850
vendor: cisco model: aironet 1810w series access points
vendor: cisco model: access points
vendor: cisco model: aironet 3800
vendor: cisco model: aironet 1560
vendor: cisco model: aironet 1850 series
vendor: cisco model: catalyst
vendor: cisco model: aironet 1560 series
vendor: cisco model: catalyst 9100
vendor: cisco model: catalyst 9100 series
vendor: cisco model: aironet 1540 series
vendor: mesh model: mesh
db: NVD ids: CVE-2024-20418

Emerging Technology Impact on Medical Device Cybersecurity - Blue Goat Cyber

Trust: 3.75

Fetched: Nov. 17, 2024, 10:31 a.m., Published: Feb. 11, 2024, 2:34 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security

Critical Command Injection Bug Hits Cisco’s URWB Devices

Trust: 5.75

Fetched: Nov. 17, 2024, 10:31 a.m., Published: Nov. 7, 2024, 6:48 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: cisco model: series
vendor: cisco model: aironet
vendor: cisco model: access points
vendor: cisco model: catalyst
db: NVD ids: CVE-2024-20418

How to Respond: OpenSSH Vulnerability CVE-2024-6387 | UpGuard

Trust: 4.0

Fetched: Nov. 17, 2024, 10:24 a.m., Published: Nov. 19, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-21410, CVE-2024-6387, CVE-2006-5051, CVE-2024-638

Securing the Internet of Things: AI-Powered Threat Detection and Safety Measures | SpringerLink

Trust: 5.5

Fetched: Nov. 17, 2024, 10:17 a.m., Published: Nov. 17, 2024, midnight
 Vulnerabilities: injection attack

No Fix Coming for Critical D-Link Vulnerability - Lansweeper

Related entries in the VARIoT vulnerabilities database: VAR-202411-0293

Trust: 5.75

Fetched: Nov. 17, 2024, 10:17 a.m., Published: Nov. 12, 2024, 12:35 p.m.
 Vulnerabilities: command execution, command injection, privilege escalation
Affected productsExternal IDs
vendor: d-link model: dns-340l
vendor: d-link model: dns-320lw
vendor: d-link model: dns-325
vendor: d-link model: dns-320
db: NVD ids: CVE-2024-10914

Critical Bug In Cisco’s URWB Exposes Systems To Root Privilege Command Injection

Trust: 5.5

Fetched: Nov. 17, 2024, 10:16 a.m., Published: Nov. 7, 2024, 12:05 p.m.
 Vulnerabilities: command execution, cross-site scripting, command injection
Affected productsExternal IDs
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: cisco ios
vendor: cisco model: series
vendor: cisco model: adaptive security appliance
vendor: cisco model: firepower
vendor: cisco model: small business
vendor: cisco model: aironet
vendor: cisco model: access points
vendor: cisco model: cisco ios xe
vendor: cisco model: ios xe
vendor: cisco model: catalyst
vendor: cisco model: catalyst 9100
vendor: cisco model: catalyst 9100 series
vendor: cisco model: firepower threat defense
db: NVD ids: CVE-2024-20418, CVE-2024-37383, CVE-2024-20481

Security Bulletin: PAN-OS Remote Code Execution Vulnerability

Trust: 3.25

Fetched: Nov. 17, 2024, 10:13 a.m., Published: Nov. 19, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

Revamped Remcos RAT Deployed Against Microsoft Users

Trust: 4.75

Fetched: Nov. 17, 2024, 10:02 a.m., Published: Nov. 5, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2017-0199

A new vulnerability on IPv6 parsing in linux | Hacker News

Trust: 3.0

Fetched: Nov. 17, 2024, 10:01 a.m., Published: Nov. 17, 2033, midnight
 Vulnerabilities: memory leak
Affected productsExternal IDs

CVE-2022-20846 - Cisco IOS XR Software Cisco Discovery Protocol Buffer Overflow Vulnerability - SecAlerts

Trust: 5.5

Fetched: Nov. 17, 2024, 10:01 a.m., Published: Nov. 4, 2024, midnight
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: cisco model: ios xr
vendor: cisco model: cisco ios xr
vendor: cisco model: ios xr software
vendor: cisco model: cisco ios
db: NVD ids: CVE-2022-20846

D-Link says it won’t fix a serious security flaw affecting 60,000 older NAS devices | TechRadar

Related entries in the VARIoT vulnerabilities database: VAR-202411-0293

Trust: 6.0

Fetched: Nov. 17, 2024, 10:01 a.m., Published: Nov. 11, 2024, 7:06 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: d-link model: dns-320
db: NVD ids: CVE-2024-10914

CISA adds two more vulnerabilities in Palo Alto Networks tools to exploited catalogue

Trust: 5.5

Fetched: Nov. 17, 2024, 10 a.m., Published: Nov. 15, 2024, 12:39 p.m.
 Vulnerabilities: sql injection, command injection, directory traversal...
Affected productsExternal IDs
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: palo model: pan-os
vendor: palo model: firewall
vendor: palo model: networks
db: NVD ids: CVE-2019-16278, CVE-2024-51567, CVE-2024-9465, CVE-2024-43093, CVE-2024-9463, CVE-2024-5910

New Campaign Uses Remcos RAT to Exploit Victims | FortiGuard Labs

Trust: 4.75

Fetched: Nov. 17, 2024, 9:59 a.m., Published: Nov. 8, 2024, 2 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: wireshark model: wireshark
db: NVD ids: CVE-2017-0199

Critical Vulnerabilities in Cisco URWB and HPE Aruba Access Points (CVE-2024-20418, CVE-2024-42509) - SOCRadar® Cyber Intelligence Inc.

Trust: 5.25

Fetched: Nov. 17, 2024, 9:59 a.m., Published: Nov. 7, 2024, 10:22 a.m.
 Vulnerabilities: improper validation, path traversal, command injection...
Affected productsExternal IDs
vendor: aruba model: instant
vendor: cisco model: access points
vendor: cisco model: catalyst
db: NVD ids: CVE-2024-47462, CVE-2024-47464, CVE-2024-47461, CVE-2024-47463, CVE-2024-20418, CVE-2024-42509, CVE-2024-47460

GitLab Patch Release: 17.5.2, 17.4.4, 17.3.7 | GitLab

Trust: 4.75

Fetched: Nov. 17, 2024, 9:55 a.m., Published: Nov. 13, 2024, midnight
 Vulnerabilities: information disclosure, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2024-10240, CVE-2024-8648, CVE-2024-8180, CVE-2024-7404, CVE-2024-9693

Debunking fake stock Pixel OS vulnerability from an EDR company - GrapheneOS Discussion Forum

Trust: 3.5

Fetched: Nov. 17, 2024, 9:55 a.m., Published: Nov. 17, 2021, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android

BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA | Volexity

Trust: 3.25

Fetched: Nov. 17, 2024, 9:54 a.m., Published: Nov. 15, 2024, 7:50 p.m.
 Vulnerabilities: code execution, credential disclosure
Affected productsExternal IDs
vendor: blackberry model: blackberry
vendor: blackberry model: style
vendor: trend model: security
vendor: winscp model: winscp
vendor: trend micro model: security
vendor: putty model: putty