Sign-up

VARIoT news about IoT security

Multiple Vulnerabilities in Siemens InterMesh Subscriber Devices Could Allow for Remote Code Execution

Trust: 4.25

Fetched: Nov. 6, 2024, 9:31 a.m., Published: Oct. 29, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

Your Android device is vulnerable to attack and Google's fix is imminent | ZDNET

Trust: 4.75

Fetched: Nov. 6, 2024, 9:31 a.m., Published: -
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
db: NVD ids: CVE-2024-43047, CVE-2024-43093

LibreNMS has Stored Cross-site Scripting vulnerability in "Device Dependencies" feature · CVE-2024-47527 · GitHub Advisory Database · GitHub

Trust: 4.0

Fetched: Nov. 6, 2024, 9:30 a.m., Published: Oct. 1, 2024, midnight
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2024-47527

Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847) - Help Net Security

Trust: 3.75

Fetched: Nov. 6, 2024, 9:28 a.m., Published: Sept. 11, 2024, 11:50 a.m.
 Vulnerabilities: os command injection, privilege escalation, sql injection...
Affected productsExternal IDs
db: NVD ids: CVE-2024-8190, CVE-2024-29847

A privilege escalation (PE) vulnerability in the Palo... · CVE-2024-5915 · GitHub Advisory Database · GitHub

Trust: 5.75

Fetched: Nov. 6, 2024, 9:28 a.m., Published: Aug. 14, 2024, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo alto networks model: networks globalprotect
vendor: palo alto networks model: palo alto networks globalprotect
vendor: palo model: networks
vendor: palo model: networks globalprotect
vendor: palo model: palo alto networks globalprotect
db: NVD ids: CVE-2024-5915

MediaTek Security Bulletin Highlights High Severity Vulnerabilities in Mobile Chipsets

Trust: 4.75

Fetched: Nov. 6, 2024, 9:27 a.m., Published: Nov. 4, 2024, 7:24 a.m.
 Vulnerabilities: privilege escalation, information disclosure, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-20104, CVE-2024-20106

CVE-2024-8130: Addressing Command Injection Vulnerability in D-Link NAS Devices

Related entries in the VARIoT vulnerabilities database: VAR-202408-2311

Trust: 4.0

Fetched: Nov. 6, 2024, 9:26 a.m., Published: -
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-8130

CUPS vulnerabilities affecting Linux, Unix systems can lead to RCE - Help Net Security

Trust: 5.75

Fetched: Nov. 6, 2024, 9:19 a.m., Published: Sept. 27, 2024, 10:17 a.m.
 Vulnerabilities: code execution, arbitrary command execution, command execution
Affected productsExternal IDs
vendor: cups model: cups
db: NVD ids: CVE-2024-47177, CVE-2024-47176, CVE-2024-47175, CVE-2024-47076

Google's AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine

Trust: 3.0

Fetched: Nov. 6, 2024, 9:19 a.m., Published: Nov. 4, 2024, 10:04 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

Five ways cyber criminals target healthcare and how to stop them | ITPro

Trust: 3.75

Fetched: Nov. 6, 2024, 9:18 a.m., Published: Nov. 5, 2024, 4:51 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: sophos model: firewall

Okta Verify agent for Windows Flaw Let Attackers Steal User Passwords

Trust: 4.0

Fetched: Nov. 6, 2024, 9:18 a.m., Published: Nov. 4, 2024, 10:14 a.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2024-9191

Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) - Help Net Security

Trust: 5.75

Fetched: Nov. 5, 2024, 9:55 a.m., Published: Nov. 4, 2024, 2:04 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: synology model: diskstation manager
vendor: synology model: diskstation
db: NVD ids: CVE-2024-10443

Vulnerable Fortinet, SonicWall devices proliferate online | SC Media

Trust: 3.75

Fetched: Nov. 5, 2024, 9:50 a.m., Published: June 11, 2024, 5 p.m.
 Vulnerabilities: access control issue, improper access control
Affected productsExternal IDs
db: NVD ids: CVE-2024-51568, CVE-2024-47575, CVE-2024-51567, CVE-2024-40766, CVE-2024-23113

Update Canonical Ubuntu Desktop: USN-6990-1: znc vulnerability

Trust: 3.25

Fetched: Nov. 5, 2024, 9:48 a.m., Published: Jan. 5, 6990, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

Update Canonical Ubuntu Desktop: USN-7045-1: libppd vulnerability

Trust: 3.25

Fetched: Nov. 5, 2024, 9:47 a.m., Published: Jan. 5, 7045, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

Multiple vulnerabilites in libexpat affecting PRC7000 | Bosch PSIRT

Trust: 4.0

Fetched: Nov. 5, 2024, 9:45 a.m., Published: Aug. 20, 2002, midnight
 Vulnerabilities: integer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2024-45492, CVE-2024-45490, CVE-2024-45491

Cisco - Security device manager Vulnerability Maturity Index CVE

Trust: 3.0

Fetched: Nov. 5, 2024, 9:44 a.m., Published: Nov. 1, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: device manager
vendor: cisco model: security device manager

CVE-2024-43897: Addressing GSO Checksum Validation Vulnerability in Linux Kernel

Trust: 3.0

Fetched: Nov. 5, 2024, 9:44 a.m., Published: Aug. 26, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-43897

iOS 18.1-New Update Warning Issued To All iPhone Users

Trust: 4.75

Fetched: Nov. 5, 2024, 9:43 a.m., Published: Oct. 31, 2024, 4:30 p.m.
 Vulnerabilities: information leakage
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: ipad
vendor: apple model: tvos
vendor: apple model: safari
vendor: apple model: iphone
vendor: apple model: watchos
vendor: apple model: webkit
vendor: apple model: ipad air
vendor: apple model: software update
db: NVD ids: CVE-2024-44255, CVE-2024-44239, CVE-2024-44244, CVE-2024-44261

CyberSecurity news about CVE-2024-7120

Trust: 5.25

Fetched: Nov. 5, 2024, 9:41 a.m., Published: Nov. 5, 2024, 1:04 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-7120