Sign-up

VARIoT news about IoT security

2025 January KB5049981 Windows 10 Patch And 8 Zero-Day Vulnerabilities And 159 Flaws HTMD Blog

Trust: 4.0

Fetched: Jan. 17, 2025, 9:15 a.m., Published: Jan. 14, 2025, 7:08 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-21395, CVE-2025-21333, CVE-2025-21186, CVE-2025-21334, CVE-2025-21366, CVE-2025-21335, CVE-2025-21275, CVE-2025-21308

CVE-2024-55591: Fortinet Authentication Bypass Zero-Day Vulnerability Exploited in the Wild - Blog | TenableĀ®

Trust: 4.5

Fetched: Jan. 17, 2025, 9:15 a.m., Published: Jan. 14, 2025, 8 p.m.
 Vulnerabilities: response splitting vulnerability, denial of service, access control vulnerability...
Affected productsExternal IDs
vendor: node.js model: node.js
vendor: fortigate model: fortios
db: NVD ids: CVE-2024-55591

CVE-2025-0193: Stored Cross-site Scripting (XSS) Vulnerability in the MGate 5121/5122/5123 Series

Trust: 5.5

Fetched: Jan. 17, 2025, 9:14 a.m., Published: -
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2025-0193

TTCSIRT - 440. 14.01.2025 - Cybersecurity Advisory: Fortinet FortiGate Authentication Bypass Zero-Day Vulnerability (CVE-2024-55591)

Trust: 6.25

Fetched: Jan. 17, 2025, 9:14 a.m., Published: Jan. 14, 2025, 9:04 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2024-55591

New Hacking Group Leaks Configuration of 15,000 Fortinet Firewalls - Infosecurity Magazine

Related entries in the VARIoT vulnerabilities database: VAR-202210-0198

Trust: 4.75

Fetched: Jan. 17, 2025, 9:13 a.m., Published: Jan. 16, 2025, 12:50 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2024-55591, CVE-2022-40684

Note

Related entries in the VARIoT vulnerabilities database: VAR-202412-2770

Trust: 3.75

Fetched: Jan. 17, 2025, 9:10 a.m., Published: May 17, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: hikvision model: hikvision
db: NVD ids: CVE-2024-12569

What You Need to Know About the Critical Apple Security Vulnerabilities

Trust: 4.5

Fetched: Jan. 17, 2025, 9:09 a.m., Published: Sept. 8, 2023, 7:11 p.m.
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
vendor: apple model: ipad air
vendor: apple model: watch
vendor: apple model: iphone
vendor: apple model: ios
vendor: apple model: macos
vendor: apple model: ipad
vendor: apple model: watchos

Ivanti Connect Secure Zero-Day Threat: 2,048 Vulnerable Devices and Critical Exploitation Details Unveiled

Trust: 4.0

Fetched: Jan. 17, 2025, 9:08 a.m., Published: Jan. 11, 2025, 1:40 a.m.
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2025-0282

Fortinet Authentication Bypass Vulnerability Audit - CVE-2024-55591 - Lansweeper

Trust: 4.0

Fetched: Jan. 17, 2025, 9:07 a.m., Published: Jan. 15, 2025, 2:24 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2024-55591

CISA Warns of Three Vulnerabilities Actively Exploited in Attacks

Trust: 5.0

Fetched: Jan. 15, 2025, 9:58 a.m., Published: Jan. 8, 2025, 2:50 p.m.
 Vulnerabilities: path traversal
Affected productsExternal IDs
vendor: mitel model: micollab
db: NVD ids: CVE-2024-55550, CVE-2024-41713, CVE-2020-2883

Multiple Vulnerabilities in Ivanti Avalanche Could Allow for Authentication Bypass

Trust: 3.0

Fetched: Jan. 15, 2025, 9:54 a.m., Published: Jan. 14, 2025, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs

Understanding CVE-2025-21229: Elevation of Privilege Vulnerability in Windows | Windows Forum

Trust: 3.75

Fetched: Jan. 15, 2025, 9:53 a.m., Published: May 15, 2025, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2025-21229

CVE-2024-12847 : Authentication Bypass Vulnerability in NETGEAR DGN1000 Router | SecurityVulnerability.io

Related entries in the VARIoT vulnerabilities database: VAR-202501-1344

Trust: 5.0

Fetched: Jan. 15, 2025, 9:53 a.m., Published: Jan. 10, 2025, 8:15 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: netgear model: router
vendor: netgear model: dgn1000
db: NVD ids: CVE-2024-12847

Schneider Electric Vulnerability: CVE-2024-8401 in EcoStruxure Systems Explained | Windows Forum

Trust: 4.0

Fetched: Jan. 15, 2025, 9:52 a.m., Published: May 15, 2025, midnight
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2024-8401

Samsung has fixed RCS vulnerability (for your information) - Samsung Community

Trust: 3.25

Fetched: Jan. 15, 2025, 9:51 a.m., Published: Jan. 15, 2025, 7:30 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung

CVE-2024-12398 impacts Zyxel Devices

Related entries in the VARIoT vulnerabilities database: VAR-202205-0957

Trust: 5.75

Fetched: Jan. 15, 2025, 9:51 a.m., Published: Jan. 14, 2025, 1:14 p.m.
 Vulnerabilities: privilege management flaw, denial of service, code execution...
Affected productsExternal IDs
vendor: zyxel model: nas542
vendor: zyxel model: nas326
db: NVD ids: CVE-2024-12398, CVE-2022-30525, CVE-2024-29973, CVE-2024-29972

CVE-2024-7344: Secure Boot Vulnerability Discovered in Howyar Taiwan Devices | Windows Forum

Trust: 3.75

Fetched: Jan. 15, 2025, 9:50 a.m., Published: May 15, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2024-7344

Understanding CVE-2025-21207: Windows Cdpsvc Vulnerability Overview | Windows Forum

Trust: 4.5

Fetched: Jan. 15, 2025, 9:49 a.m., Published: May 15, 2025, midnight
 Vulnerabilities: privilege escalation, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2025-21207

DSA-2025-033: Security Update for Dell Display Manager for Multiple Vulnerabilities | Dell US

Trust: 3.0

Fetched: Jan. 15, 2025, 9:46 a.m., Published: Feb. 3, 2002, 6 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-21101

Fortinet addresses security concerns over Fortinet FortiGate zero-day - Cyber Daily

Trust: 5.75

Fetched: Jan. 15, 2025, 9:45 a.m., Published: Jan. 15, 2025, 12:43 a.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: node.js model: node.js
vendor: fortigate model: fortios
db: NVD ids: CVE-2024-55591