Sign-up

VARIoT news about IoT security

Cisco SD-WAN vEdge Software UDP Packet Validation Denial of Service Vulnerability - Cisco

Trust: 5.0

Fetched: Oct. 1, 2024, 9:43 a.m., Published: Sept. 25, 2024, 11:50 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: cisco sd-wan
vendor: cisco model: vedge
vendor: cisco model: cisco sd-wan vedge
vendor: cisco model: sd-wan
vendor: cisco model: sd-wan vedge

Cisco Unified Threat Defense Snort Intrusion Prevention System Engine for Cisco IOS XE Software Security Policy Bypass and Denial of Service Vulnerability - Cisco

Trust: 4.75

Fetched: Oct. 1, 2024, 9:42 a.m., Published: Sept. 25, 2024, 11:50 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: snort model: snort
vendor: cisco model: firepower threat defense
vendor: cisco model: ios xe software
vendor: cisco model: cisco ios
vendor: cisco model: firepower
vendor: cisco model: ios xe
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: intrusion prevention system
vendor: cisco model: series integrated services routers
vendor: cisco model: catalyst 8500
vendor: cisco model: firepower management center
vendor: cisco model: adaptive security appliance
vendor: cisco model: integrated services routers
vendor: cisco model: router
vendor: cisco model: series
vendor: cisco model: 1000v
vendor: cisco model: series routers
vendor: cisco model: routers
vendor: cisco model: catalyst
vendor: cisco model: cisco ios xe

JVNVU#95133448: Insecure initial password configuration issue in SEIKO EPSON Web Config

Trust: 5.25

Fetched: Oct. 1, 2024, 9:40 a.m., Published: Sept. 30, 2024, midnight
 Vulnerabilities: configuration issue
Affected productsExternal IDs

OpenPrinting CUPS Vulnerabilities: Analysis of related CVEs | Wiz Blog

Trust: 5.75

Fetched: Oct. 1, 2024, 9:39 a.m., Published: Sept. 29, 2024, 5 p.m.
 Vulnerabilities: command execution, arbitrary command execution
Affected productsExternal IDs
vendor: cups model: cups
db: NVD ids: CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, CVE-2024-47177

CISA Urges Action As Attackers Exploit Critical Systems Using Basic Tactics

Trust: 3.75

Fetched: Oct. 1, 2024, 9:39 a.m., Published: Sept. 30, 2024, 5:56 a.m.
 Vulnerabilities: service disruption, default credentials
Affected productsExternal IDs

Multiple Vulnerabilities Disclosed in Linux-based CUPS Printing Service - Arctic Wolf

Trust: 4.5

Fetched: Oct. 1, 2024, 9:38 a.m., Published: Sept. 27, 2024, 3:23 p.m.
 Vulnerabilities: command execution, arbitrary command execution
Affected productsExternal IDs
vendor: cups model: cups
vendor: iproute2 model: iproute2
db: NVD ids: CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, CVE-2024-47177

CUPS: A Critical 9.9 Linux Vulnerability Reviewed

Trust: 4.75

Fetched: Oct. 1, 2024, 9:37 a.m., Published: Sept. 27, 2024, 3:54 a.m.
 Vulnerabilities: command execution, code execution, arbitrary command execution
Affected productsExternal IDs
vendor: cups model: cups
db: NVD ids: CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, CVE-2024-47177

Critical Vulnerabilities in Tank Gauge Systems Could Lead to Remote Attacks - VULNERA

Related entries in the VARIoT vulnerabilities database: VAR-202409-0653

Trust: 4.75

Fetched: Oct. 1, 2024, 9:36 a.m., Published: Sept. 30, 2024, 11:55 a.m.
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-34026

Compromised device remains vulnerable after firmware update (CVE-2022-29850) | Lexmark C2326

Trust: 4.5

Fetched: Oct. 1, 2024, 9:35 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: lexmark model: lexmark
db: NVD ids: CVE-2022-29850

Cisco Family September 2024 Secondary Security Update Advisory - ASEC

Trust: 4.5

Fetched: Oct. 1, 2024, 9:34 a.m., Published: Sept. 27, 2024, 8:28 a.m.
 Vulnerabilities: request forgery, cross-site request forgery, denial of service
Affected productsExternal IDs
vendor: cisco model: ios software
vendor: cisco model: ios xe software
vendor: cisco model: cisco ios
vendor: cisco model: ios xe
vendor: cisco model: routers
vendor: cisco model: catalyst
vendor: cisco model: dna center
vendor: cisco model: cisco ios xe
vendor: cisco model: sd-wan
db: NVD ids: CVE-2024-20480, CVE-2024-20437, CVE-2024-20433, CVE-2024-20350, CVE-2024-20455, CVE-2024-20464, CVE-2024-20467, CVE-2024-20436

Weekly IT Vulnerability Report: Cyble Urges Fixes For Ivanti, GitLab And Microchip - Cyble

Trust: 5.5

Fetched: Oct. 1, 2024, 9:33 a.m., Published: Oct. 1, 2024, 6:27 a.m.
 Vulnerabilities: buffer overflow, authentication vulnerability, sql injection...
Affected productsExternal IDs
vendor: sun microsystems model: solaris
vendor: sun microsystems model: linux
vendor: rejetto model: http file server
db: NVD ids: CVE-2024-45409, CVE-2024-36837, CVE-2024-46740, CVE-2024-20439, CVE-2024-7490, CVE-2024-8956, CVE-2024-23692, CVE-2024-8963, CVE-1999-1587, CVE-2024-7593, CVE-2024-8190

Breaking Boundaries: Investigating Vulnerable Drivers and Mitigating Risks - Check Point Research

Trust: 4.5

Fetched: Oct. 1, 2024, 9:30 a.m., Published: Sept. 30, 2024, 12:46 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: check point model: check point
vendor: avast model: antivirus
vendor: google model: home
db: NVD ids: CVE-2024-21338

Critical RCE Vulnerabilities Found in Common Unix Printing System - Infosecurity Magazine

Trust: 7.0

Fetched: Oct. 1, 2024, 9:29 a.m., Published: Sept. 30, 2024, 4:30 p.m.
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs
vendor: cups model: cups
db: NVD ids: CVE-2024-47176, CVE-2024-47076

CERT-EU - Multiple Vulnerabilities in Cisco NX-OS Software

Trust: 5.75

Fetched: Oct. 1, 2024, 9:28 a.m., Published: -
 Vulnerabilities: process crash, code execution, command injection...
Affected productsExternal IDs
vendor: cisco model: nexus 9000
vendor: cisco model: nexus
vendor: cisco model: nexus 9000 series
vendor: cisco model: series switches
vendor: cisco model: series
vendor: cisco model: nexus 3000
vendor: cisco model: nx-os software
vendor: cisco model: nx-os
vendor: cisco model: cisco nx-os
db: NVD ids: CVE-2024-20446

Critical Vulnerabilities Discovered in Automated Tank Gauge Systems | Bitsight

Trust: 4.25

Fetched: Oct. 1, 2024, 9:27 a.m., Published: -
 Vulnerabilities: sql injection, path traversal, denial of service
Affected productsExternal IDs
vendor: trend micro model: security
vendor: schneider electric model: monitor
vendor: trend model: security
vendor: schneider model: monitor

JVN#42445661: Multiple vulnerabilities in Smart-tab

Trust: 3.25

Fetched: Oct. 1, 2024, 9:26 a.m., Published: Sept. 30, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-41999, CVE-2024-42496

MIPC Camera Firmware Vulnerability | CVE-2024-39091

Trust: 4.5

Fetched: Oct. 1, 2024, 9:26 a.m., Published: Aug. 1, 2024, midnight
 Vulnerabilities: os command injection, code execution, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-39091

NCC Group reveals Sonos smart speaker vulnerability research at Black Hat 2024 | Security Info Watch

Trust: 3.0

Fetched: Oct. 1, 2024, 9:24 a.m., Published: Aug. 9, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sonos model: sonos

DIVD responsibly discloses six new zero-day vulnerabilities to vendor

Trust: 3.0

Fetched: Oct. 1, 2024, 9:23 a.m., Published: Aug. 12, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: enphase model: envoy

IoT Security: A Call to Action for Improved Vulnerability Disclosure

Trust: 4.5

Fetched: Oct. 1, 2024, 9:23 a.m., Published: Oct. 11, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: huawei model: huawei