Sign-up

VARIoT news about IoT security

Helmet Hack - Hackster.io

Trust: 3.0

Fetched: March 10, 2024, 9:56 a.m., Published: May 10, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs

Cisco Duo Authentication for Windows Logon and RDP Authentication Bypass Vulnerability - Cisco

Trust: 4.25

Fetched: March 10, 2024, 9:55 a.m., Published: March 6, 2024, 10:15 a.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs

ConnectWise ScreenConnect 23.9.8 security fix

Trust: 3.5

Fetched: March 10, 2024, 9:54 a.m., Published: Feb. 19, 2024, 10:37 p.m.
 Vulnerabilities: authentication bypass, path traversal
Affected productsExternal IDs
db: NVD ids: CVE-2024-1709

CVE-2021-46985 - vulnerability database | Vulners.com

Trust: 3.25

Fetched: March 10, 2024, 9:53 a.m., Published: Feb. 28, 2024, 9:15 a.m.
 Vulnerabilities: memory leak
Affected productsExternal IDs
db: NVD ids: CVE-2021-46985

iOS 17.4-Update Now Warning Issued To All iPhone Users

Trust: 4.5

Fetched: March 10, 2024, 9:52 a.m., Published: March 8, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: ipad air
vendor: apple model: iphone
vendor: apple model: watchos
vendor: apple model: ipod touch
vendor: apple model: tvos
vendor: apple model: macos
vendor: apple model: safari
vendor: apple model: ipad
db: NVD ids: CVE-2024-23225, CVE-2024-23284, CVE-2024-23239, CVE-2024-23270, CVE-2024-23263, CVE-2024-23226, CVE-2024-23296, CVE-2024-23286

Cisco AppDynamics Controller Cross-Site Scripting Vulnerability

Trust: 3.25

Fetched: March 10, 2024, 9:52 a.m., Published: March 6, 2024, 4:13 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs

What is Remote Code Execution (RCE) Vulnerability❓

Trust: 4.25

Fetched: March 10, 2024, 9:49 a.m., Published: May 10, 2024, midnight
 Vulnerabilities: buffer overflow, code execution, privilege escalation
Affected productsExternal IDs
vendor: apple model: watchos
vendor: apple model: macos
vendor: apple model: safari

QNAP critical auth bypass flaw in its NAS - patch now - Security - VHT Forum

Trust: 3.75

Fetched: March 10, 2024, 9:49 a.m., Published: Dec. 25, 2023, 4:09 a.m.
 Vulnerabilities: authentication bypass, command injection, sql injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-21899

Update now! ConnectWise ScreenConnect vulnerability needs your attention | Malwarebytes

Trust: 3.75

Fetched: March 10, 2024, 9:48 a.m., Published: Feb. 23, 2024, 1:37 p.m.
 Vulnerabilities: code execution, authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2024-1709

Cisco NX-OS Allocation of Resources Without Limits or Thrott... - vulnerability database | Vulners.com

Trust: 5.75

Fetched: March 10, 2024, 9:44 a.m., Published: March 8, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: nx-os software
vendor: cisco model: nx-os
vendor: cisco model: cisco nx-os
db: NVD ids: CVE-2024-20321

Authentication flaw - vulnerability database | Vulners.com

Trust: 4.25

Fetched: March 10, 2024, 9:44 a.m., Published: March 6, 2024, 5:15 p.m.
 Vulnerabilities: authentication flaw
Affected productsExternal IDs

CVE-2024-20345 - vulnerability database | Vulners.com

Trust: 5.25

Fetched: March 10, 2024, 9:43 a.m., Published: March 6, 2024, 5:15 p.m.
 Vulnerabilities: directory traversal
Affected productsExternal IDs
db: NVD ids: CVE-2024-20345

Critical iOS Update Fixes Zero-Day Vulnerabilities Exploited in Attacks - Cyber and Fraud Centre - Scotland

Related entries in the VARIoT vulnerabilities database: VAR-202301-1714, VAR-202302-1097

Trust: 4.0

Fetched: March 10, 2024, 9:37 a.m., Published: March 6, 2024, 1:21 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: safari
vendor: apple model: ipad
vendor: apple model: macos
vendor: apple model: ipod touch
db: NVD ids: CVE-2023-23513, CVE-2023-23529

Cisco Secure Client for Linux with ISE Posture Module Privilege Escalation Vulnerability

Trust: 3.0

Fetched: March 10, 2024, 9:31 a.m., Published: March 6, 2024, 4:13 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs

Cisco AppDynamics Controller Path Traversal Vulnerability

Trust: 3.25

Fetched: March 10, 2024, 9:30 a.m., Published: March 6, 2024, 4:13 p.m.
 Vulnerabilities: path traversal
Affected productsExternal IDs

Google Online Security Blog: Hardening cellular basebands in Android

Trust: 3.25

Fetched: March 10, 2024, 9:28 a.m., Published: Dec. 12, 2023, midnight
 Vulnerabilities: code execution, integer overflow
Affected productsExternal IDs
vendor: google model: android
vendor: trend model: security

Understanding CVE, Its Identifiers, Uses, and Challenges | Spiceworks - Spiceworks

Trust: 3.5

Fetched: March 10, 2024, 9:22 a.m., Published: Feb. 7, 2024, 7:22 a.m.
 Vulnerabilities: brute force attack, code execution, sql injection
Affected productsExternal IDs
db: NVD ids: CVE-2023-12345

Cisco Duo Authentication for Windows Logon and RDP Authentication Bypass Vulnerability

Trust: 4.25

Fetched: March 10, 2024, 9:19 a.m., Published: March 6, 2024, 4:13 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs

CISA's Advisory on Ivanti Vulnerabilities and Mitigation Challenges (CVE-2023-46805, CVE-2024-21887) - OP INNOVATE

Trust: 3.25

Fetched: March 10, 2024, 9:19 a.m., Published: Jan. 23, 2024, 10:42 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-21887, CVE-2023-46805

Details on Apple’s Shortcuts Vulnerability: A Deep Dive into CVE-2024-23204

Trust: 4.5

Fetched: March 10, 2024, 9:18 a.m., Published: March 4, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: watchos
vendor: apple model: mac os
vendor: apple model: macos
db: NVD ids: CVE-2024-23204