Sign-up

VARIoT news about IoT security

Update Canonical Ubuntu Desktop: USN-7158-1: Smarty vulnerabilities

Trust: 6.0

Fetched: Dec. 20, 2024, 9:58 a.m., Published: Jan. 20, 7158, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2018-25047, CVE-2023-28447, CVE-2024-35226

Update Canonical Ubuntu Server: USN-7089-6: Linux kernel vulnerabilities

Trust: 3.75

Fetched: Dec. 20, 2024, 9:56 a.m., Published: June 20, 7089, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu
vendor: alsa model: alsa
db: NVD ids: CVE-2024-25741

Cyware Daily Threat Intelligence, December 19, 2024 - Dec 19, 2024 | Cyware

Related entries in the VARIoT vulnerabilities database: VAR-202412-2453

Trust: 4.0

Fetched: Dec. 20, 2024, 9:56 a.m., Published: Dec. 19, 2024, midnight
 Vulnerabilities: default credentials
Affected productsExternal IDs
db: NVD ids: CVE-2024-48889, CVE-2024-50570, CVE-2024-51479, CVE-2023-34990

Patch Tuesday - December 2024 - Cyber Security Review

Trust: 4.5

Fetched: Dec. 20, 2024, 9:53 a.m., Published: Dec. 10, 2024, 11 a.m.
 Vulnerabilities: code execution, certificate validation vulnerability
Affected productsExternal IDs
vendor: qnap model: helpdesk
vendor: sonicwall model: sma100
vendor: sonicwall model: netextender
vendor: sonicwall model: ssl vpn
vendor: sonicwall model: remote access
vendor: apple model: software update
vendor: apple model: safari
db: NVD ids: CVE-2024-48865, CVE-2024-29014, CVE-2024-12356

Clop is back to wreak havoc via vulnerable file-transfer software | CyberScoop

Trust: 3.75

Fetched: Dec. 20, 2024, 9:53 a.m., Published: Dec. 17, 2024, 7:33 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-50623, CVE-2024-55956

آسیب پذیری بحرانی OpenWrt منجر به تزریق فریمور مخرب به دستگاه‌ها می‌شود - Vulnerbyte

Trust: 3.0

Fetched: Dec. 20, 2024, 9:52 a.m., Published: Dec. 17, 2024, 1:06 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-5414, CVE-2024-54143

Breached but not broken.

Related entries in the VARIoT vulnerabilities database: VAR-202412-2453

Trust: 5.25

Fetched: Dec. 20, 2024, 9:51 a.m., Published: Dec. 1, 2024, midnight
 Vulnerabilities: default credentials, path traversal, command injection...
Affected productsExternal IDs
vendor: google model: chrome
vendor: check point model: check point
vendor: tp-link model: routers
db: NVD ids: CVE-2024-48889, CVE-2024-46873, CVE-2023-34990

Security Researchers: 7 Vulnerabilities found in Android and Pixel devices

Trust: 6.0

Fetched: Dec. 20, 2024, 9:50 a.m., Published: Nov. 26, 2024, 7:54 a.m.
 Vulnerabilities: configuration flaw
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2021-0600, CVE-2023-21292, CVE-2023-20963, CVE-2023-21383, CVE-2024-34719, CVE-2024-0017

CVE-2024-53677 - Exploitation Attempts Of Critical Apache Struts RCE Vulnerability | Ervik.as

Trust: 5.5

Fetched: Dec. 20, 2024, 9:50 a.m., Published: Dec. 19, 2024, 5:58 p.m.
 Vulnerabilities: code execution, path traversal
Affected productsExternal IDs
vendor: palo model: pan-os
vendor: palo model: networks
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: networks
db: NVD ids: CVE-2024-9474, CVE-2023-50164, CVE-2024-53677, CVE-2024-0012

2000+ Palo Alto Firewalls Hacked Exploiting New Vulnerabilities

Trust: 5.5

Fetched: Dec. 20, 2024, 9:49 a.m., Published: Nov. 22, 2024, 2:11 a.m.
 Vulnerabilities: authentication bypass, privilege escalation
Affected productsExternal IDs
vendor: palo model: pan-os
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
db: NVD ids: CVE-2024-9474, CVE-2024-0012

Critical Vulnerability Alert: Update Required for TropOS Devices | Windows Forum

Related entries in the VARIoT vulnerabilities database: VAR-201401-0184

Trust: 5.5

Fetched: Dec. 20, 2024, 9:44 a.m., Published: May 20, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: delegate model: delegate
vendor: mesh model: mesh
db: NVD ids: CVE-2013-5211

Device Detector <= 4.2.0 - Reflected Cross-Site Scripting via id

Trust: 3.0

Fetched: Dec. 20, 2024, 9:43 a.m., Published: Dec. 14, 2024, midnight
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs

Sophos Firewall Vulnerabilities Let Attackers Execute Remote Code

Trust: 5.5

Fetched: Dec. 20, 2024, 9:43 a.m., Published: Dec. 20, 2024, 4:35 a.m.
 Vulnerabilities: code injection, code execution, sql injection
Affected productsExternal IDs
vendor: sophos model: firewall
db: NVD ids: CVE-2024-12728, CVE-2024-12727, CVE-2024-12729

Critical Path Traversal in FortiWLM (CVE-2023-34990) Permits Code Execution; Next.js Auth Bypass (CVE-2024-51479) - SOCRadar® Cyber Intelligence Inc.

Related entries in the VARIoT vulnerabilities database: VAR-202412-2453

Trust: 3.75

Fetched: Dec. 20, 2024, 9:37 a.m., Published: Dec. 19, 2024, 12:49 p.m.
 Vulnerabilities: authentication bypass, code execution, directory traversal...
Affected productsExternal IDs
db: NVD ids: CVE-2024-50570, CVE-2024-48889, CVE-2024-51479, CVE-2023-34990

Exploring vulnerable Windows drivers

Trust: 4.25

Fetched: Dec. 20, 2024, 9:34 a.m., Published: Dec. 19, 2024, 11:04 a.m.
 Vulnerabilities: code injection, process termination vulnerability, code execution...
Affected productsExternal IDs
vendor: cisco model: series
vendor: cisco model: guard
vendor: lenovo model: system
vendor: lenovo model: updates
vendor: trendmicro model: antivirus
vendor: trendmicro model: security
db: NVD ids: CVE-2024-1853, CVE-2022-3699

New Cyber Vulnerability in Schneider Electric Modicon Controllers: XSS Threat Analysis | Windows Forum

Related entries in the VARIoT vulnerabilities database: VAR-202407-0346

Trust: 4.5

Fetched: Dec. 20, 2024, 9:33 a.m., Published: May 20, 2024, midnight
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: schneider electric model: ecostruxure machine expert
vendor: schneider electric model: monitor
vendor: schneider model: ecostruxure machine expert
vendor: schneider model: monitor
db: NVD ids: CVE-2024-6528

ALAS-2024-2709

Trust: 3.75

Fetched: Dec. 20, 2024, 9:32 a.m., Published: Dec. 20, 2024, 1 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: opensc model: opensc
db: NVD ids: CVE-2024-45616, CVE-2024-45620, CVE-2024-45618, CVE-2024-45615, CVE-2024-45619, CVE-2024-45617

Breached but not broken.

Trust: 3.75

Fetched: Dec. 20, 2024, 9:32 a.m., Published: Dec. 1, 2024, midnight
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: google chrome

US eyes ban on TP-Link routers amid cybersecurity concerns | CSO Online

Trust: 3.0

Fetched: Dec. 20, 2024, 9:32 a.m., Published: Dec. 19, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: tp-link model: routers

Redguard AG - Security Advisory: Multiple Vulnerabilities in the Open Source Software phpLDAPadmin

Trust: 4.75

Fetched: Dec. 20, 2024, 9:30 a.m., Published: Dec. 19, 2024, midnight
 Vulnerabilities: code injection, cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2024-9101