Sign-up

VARIoT news about IoT security

Google Fixes GCP Composer Flaw That Could've Led to Remote Code Execution

Trust: 3.0

Fetched: Oct. 13, 2024, 10:14 a.m., Published: Sept. 16, 2024, 1:07 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

CVE-2024-8449 PLANET Technology switch devices - Local users... - vulnerability database | Vulners.com

Trust: 3.25

Fetched: Oct. 13, 2024, 10:13 a.m., Published: Sept. 30, 2024, 6:45 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-8449

Kandji Product Updates | Kandji Web App Release 2024.09.16

Trust: 3.0

Fetched: Oct. 13, 2024, 10:12 a.m., Published: Sept. 16, 2024, 8:19 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: software update
vendor: apple model: safari
vendor: apple model: macos
vendor: apple model: tvos

Siemens SIMATIC S7-200 SMART Devices - CloudCentric

Related entries in the VARIoT vulnerabilities database: VAR-202409-0292

Trust: 4.5

Fetched: Oct. 13, 2024, 10:12 a.m., Published: Sept. 17, 2024, 3:40 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: siemens model: simatic s7-200 smart cpu st20
vendor: siemens model: simatic s7-200 smart cpu st60
vendor: siemens model: s7-200 smart
vendor: siemens model: simatic s7-200 smart
vendor: siemens model: simatic s7-200 smart cpu sr20
vendor: siemens model: simatic s7-200 smart cpu sr60
vendor: siemens model: simatic s7-200 smart cpu cr40
vendor: siemens model: simatic s7-200 smart cpu st30
vendor: siemens model: simatic s7-200 smart cpu sr40
vendor: siemens model: simatic s7-200 smart cpu cr60
vendor: siemens model: simatic
vendor: siemens model: simatic s7-200 smart cpu st40
vendor: siemens model: simatic s7-200 smart cpu sr30
vendor: siemens model: simatic s7-200 smart cpu
vendor: siemens model: simatic s7-200
db: NVD ids: CVE-2024-43647

Qualcomm Patched Multi Flaws, Including 0-day CVE-2024-43047 & RCE (CVE-2024-33066, CVSS 9.8)

Trust: 6.0

Fetched: Oct. 13, 2024, 10:12 a.m., Published: Oct. 7, 2024, 10:01 a.m.
 Vulnerabilities: information disclosure, memory corruption, denial of service
Affected productsExternal IDs
vendor: google model: home
db: NVD ids: CVE-2024-33064, CVE-2024-43047, CVE-2024-33066, CVE-2024-23369

Urgent Update: Apple Fixes Security Flaws That Could Expose Your Passwords | Certo Software

Trust: 4.25

Fetched: Oct. 13, 2024, 10:06 a.m., Published: Oct. 11, 2024, 9:27 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone
db: NVD ids: CVE-2024-44204, CVE-2024-44207

20 Best Penetration Testing Tools Reviewed For 2024 - The CTO Club

Trust: 3.25

Fetched: Oct. 13, 2024, 10:05 a.m., Published: Sept. 30, 2024, 6:53 p.m.
 Vulnerabilities: cross-site scripting, sql injection
Affected productsExternal IDs
vendor: axis model: axis
vendor: essential model: phone

17 Best Vulnerability Scanning Software QAs Are Using In 2024 - The CTO Club

Trust: 3.75

Fetched: Oct. 13, 2024, 10:04 a.m., Published: Sept. 30, 2024, 5:45 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: mulesoft model: api gateway

Windows 11 KB5044284 KB5044285 KB5044280 October 2024 Patches And 5 Zero-Day Vulnerabilities 118 Flaws HTMD Blog

Trust: 3.75

Fetched: Oct. 13, 2024, 10:03 a.m., Published: Oct. 8, 2024, 6:45 p.m.
 Vulnerabilities: information disclosure, feature bypass, memory leak...
Affected productsExternal IDs
db: NVD ids: CVE-2024-43583, CVE-2024-6197, CVE-2024-20659, CVE-2024-43573, CVE-2024-43572

CUPS vulnerabilities could put Linux systems at risk | TechTarget

Trust: 5.5

Fetched: Oct. 13, 2024, 10:02 a.m., Published: Sept. 27, 2024, midnight
 Vulnerabilities: code execution, arbitrary command execution, command execution
Affected productsExternal IDs
vendor: cups model: cups
vendor: google model: chrome
vendor: google model: chrome os
db: NVD ids: CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177

Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild

Trust: 5.0

Fetched: Oct. 13, 2024, 10 a.m., Published: Oct. 9, 2024, 6:53 a.m.
 Vulnerabilities: code execution, feature bypass, security feature bypass
Affected productsExternal IDs
db: NVD ids: CVE-2024-43582, CVE-2024-43583, CVE-2024-43468, CVE-2024-6197, CVE-2024-43461, CVE-2024-43572, CVE-2024-38112, CVE-2024-43488, CVE-2024-43573, CVE-2024-20659

Surface Laptop 4 with AMD recieves new (October 10, 2024) firmware updates - SurfaceTip

Trust: 3.75

Fetched: Oct. 13, 2024, 9:50 a.m., Published: Oct. 10, 2024, midnight
 Vulnerabilities: code execution, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2023-31315

PAN-SA-2024-0010 Expedition: Multiple Vulnerabilities in Expedition Lead to Exposure of Firewall Credentials

Trust: 5.25

Fetched: Oct. 13, 2024, 9:50 a.m., Published: Oct. 9, 2024, 4 p.m.
 Vulnerabilities: os command injection, sql injection, cross-site scripting...
Affected productsExternal IDs
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os
vendor: palo model: firewall
vendor: palo model: networks
vendor: palo model: pan-os
db: NVD ids: CVE-2024-94639, CVE-2024-9467, CVE-2024-94659, CVE-2024-9466, CVE-2024-9463, CVE-2024-94677, CVE-2024-9465, CVE-2024-9464, CVE-2024-94668, CVE-2024-94649

Exploitation of RAISECOM Gateway Devices Vulnerability CVE-2024-7120, (Tue, Sep 24th) - TQT Group

Trust: 4.25

Fetched: Oct. 13, 2024, 9:49 a.m., Published: Sept. 24, 2024, 4:05 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-7120

Cisco CVE - OpenCVE

Trust: 3.5

Fetched: Oct. 13, 2024, 9:47 a.m., Published: April 6, 2024, midnight
 Vulnerabilities: path traversal, injection attack, command injection...
Affected productsExternal IDs
vendor: cisco model: nexus
vendor: cisco model: cisco small business
vendor: cisco model: ios xe
vendor: cisco model: rv340
vendor: cisco model: small business
vendor: cisco model: identity services engine
vendor: cisco model: routers
vendor: cisco model: cisco ios xe
vendor: cisco model: cisco ios
vendor: cisco model: sd-wan vmanage
vendor: cisco model: sd-wan vmanage software
vendor: cisco model: rv340w
vendor: cisco model: expressway
vendor: cisco model: rv345
vendor: cisco model: series
vendor: cisco model: small business rv340
vendor: cisco model: expressway series
vendor: cisco model: ios xe software
vendor: cisco model: cisco data center network manager
vendor: cisco model: expressway edge
vendor: cisco model: cisco expressway
vendor: cisco model: data center network manager
vendor: cisco model: rv345p dual wan gigabit vpn routers
vendor: cisco model: rv345p
vendor: cisco model: cisco sd-wan
vendor: cisco model: meraki mx
vendor: cisco model: sd-wan
vendor: cisco model: cisco identity services engine

Vulnerability Recap 10/7/24: Apple, DrayTek, Ivanti, Okta

Related entries in the VARIoT vulnerabilities database: VAR-202410-3635

Trust: 5.25

Fetched: Oct. 13, 2024, 9:46 a.m., Published: Oct. 8, 2024, 12:46 p.m.
 Vulnerabilities: privilege escalation, buffer overflow, cross-site scripting...
Affected productsExternal IDs
vendor: draytek model: routers
vendor: draytek model: draytek routers
vendor: apple model: watch
db: NVD ids: CVE-2024-45519, CVE-2024-44207, CVE-2024-41592, CVE-2024-29824, CVE-2024-44204, CVE-2024-41585

Medical Device Security Market Anticipated to Reach USD

Trust: 3.5

Fetched: Oct. 13, 2024, 9:46 a.m., Published: Oct. 11, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: check point model: endpoint security
vendor: check point model: check point
vendor: rising model: antivirus

Fortinet Flaw Triggers CISA Alert, Patches from Cisco, Palo Alto

Trust: 5.5

Fetched: Oct. 13, 2024, 9:42 a.m., Published: Oct. 3, 2024, midnight
 Vulnerabilities: cross-site scripting, command injection, format string vulnerability...
Affected productsExternal IDs
vendor: cisco model: nexus
vendor: palo alto networks model: networks
vendor: palo model: networks
db: NVD ids: CVE-2024-9467, CVE-2024-9466, CVE-2024-23113, CVE-2024-20432, CVE-2024-9463, CVE-2024-9465, CVE-2024-9464

ERROR: The request could not be satisfied

Trust: 3.25

Fetched: Oct. 13, 2024, 9:42 a.m., Published: -
 Vulnerabilities: configuration error
Affected productsExternal IDs

Zero-day gap in Qualcomm mobile processors already attacked in isolated cases | heise online

Trust: 3.75

Fetched: Oct. 13, 2024, 9:41 a.m., Published: Oct. 11, 2024, 7:43 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2024-43047