Sign-up

VARIoT news about IoT security

Critical Zero-Click Vulnerability In Synology NAS Devices Needs Urgent Patching

Trust: 5.5

Fetched: Nov. 8, 2024, 9:18 a.m., Published: Nov. 7, 2024, 2:10 p.m.
 Vulnerabilities: cross-site scripting, code execution
Affected productsExternal IDs
vendor: cisco model: firepower threat defense
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: firepower
vendor: cisco model: adaptive security appliance
vendor: google model: android
vendor: synology model: diskstation
db: NVD ids: CVE-2024-43093, CVE-2024-10443, CVE-2024-20481, CVE-2024-37383, CVE-2024-43047

CVE-2024-8190: Investigating CISA KEV Ivanti Cloud Service Appliance Command Injection Vulnerability | Horizon3.ai

Trust: 4.5

Fetched: Nov. 6, 2024, 9:33 a.m., Published: Sept. 16, 2024, 3:26 p.m.
 Vulnerabilities: os command injection, code execution, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-8190

MMS Under the Microscope: Examining the Security of a Power Automation Standard | Claroty

Related entries in the VARIoT vulnerabilities database: VAR-201612-0252

Trust: 4.25

Fetched: Nov. 6, 2024, 9:32 a.m., Published: Oct. 8, 2024, midnight
 Vulnerabilities: buffer overflow, denial of service, code execution...
Affected productsExternal IDs
vendor: wireshark model: wireshark
vendor: canary model: canary
vendor: siemens model: iec 61850
db: NVD ids: CVE-2022-2970, CVE-2022-38138, CVE-2015-6574, CVE-2022-2973, CVE-2022-2972, CVE-2022-2971

Multiple Vulnerabilities in Siemens InterMesh Subscriber Devices Could Allow for Remote Code Execution

Trust: 4.25

Fetched: Nov. 6, 2024, 9:31 a.m., Published: Oct. 29, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

Your Android device is vulnerable to attack and Google's fix is imminent | ZDNET

Trust: 4.75

Fetched: Nov. 6, 2024, 9:31 a.m., Published: -
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
db: NVD ids: CVE-2024-43047, CVE-2024-43093

LibreNMS has Stored Cross-site Scripting vulnerability in "Device Dependencies" feature · CVE-2024-47527 · GitHub Advisory Database · GitHub

Trust: 4.0

Fetched: Nov. 6, 2024, 9:30 a.m., Published: Oct. 1, 2024, midnight
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2024-47527

Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847) - Help Net Security

Trust: 3.75

Fetched: Nov. 6, 2024, 9:28 a.m., Published: Sept. 11, 2024, 11:50 a.m.
 Vulnerabilities: os command injection, privilege escalation, sql injection...
Affected productsExternal IDs
db: NVD ids: CVE-2024-8190, CVE-2024-29847

A privilege escalation (PE) vulnerability in the Palo... · CVE-2024-5915 · GitHub Advisory Database · GitHub

Trust: 5.75

Fetched: Nov. 6, 2024, 9:28 a.m., Published: Aug. 14, 2024, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo alto networks model: networks globalprotect
vendor: palo alto networks model: palo alto networks globalprotect
vendor: palo model: networks
vendor: palo model: networks globalprotect
vendor: palo model: palo alto networks globalprotect
db: NVD ids: CVE-2024-5915

MediaTek Security Bulletin Highlights High Severity Vulnerabilities in Mobile Chipsets

Trust: 4.75

Fetched: Nov. 6, 2024, 9:27 a.m., Published: Nov. 4, 2024, 7:24 a.m.
 Vulnerabilities: privilege escalation, information disclosure, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-20104, CVE-2024-20106

CVE-2024-8130: Addressing Command Injection Vulnerability in D-Link NAS Devices

Related entries in the VARIoT vulnerabilities database: VAR-202408-2311

Trust: 4.0

Fetched: Nov. 6, 2024, 9:26 a.m., Published: -
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-8130

CUPS vulnerabilities affecting Linux, Unix systems can lead to RCE - Help Net Security

Trust: 5.75

Fetched: Nov. 6, 2024, 9:19 a.m., Published: Sept. 27, 2024, 10:17 a.m.
 Vulnerabilities: code execution, arbitrary command execution, command execution
Affected productsExternal IDs
vendor: cups model: cups
db: NVD ids: CVE-2024-47177, CVE-2024-47176, CVE-2024-47175, CVE-2024-47076

Google's AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine

Trust: 3.0

Fetched: Nov. 6, 2024, 9:19 a.m., Published: Nov. 4, 2024, 10:04 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

Five ways cyber criminals target healthcare and how to stop them | ITPro

Trust: 3.75

Fetched: Nov. 6, 2024, 9:18 a.m., Published: Nov. 5, 2024, 4:51 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: sophos model: firewall

Okta Verify agent for Windows Flaw Let Attackers Steal User Passwords

Trust: 4.0

Fetched: Nov. 6, 2024, 9:18 a.m., Published: Nov. 4, 2024, 10:14 a.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2024-9191

Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) - Help Net Security

Trust: 5.75

Fetched: Nov. 5, 2024, 9:55 a.m., Published: Nov. 4, 2024, 2:04 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: synology model: diskstation manager
vendor: synology model: diskstation
db: NVD ids: CVE-2024-10443

Vulnerable Fortinet, SonicWall devices proliferate online | SC Media

Trust: 3.75

Fetched: Nov. 5, 2024, 9:50 a.m., Published: June 11, 2024, 5 p.m.
 Vulnerabilities: access control issue, improper access control
Affected productsExternal IDs
db: NVD ids: CVE-2024-51568, CVE-2024-47575, CVE-2024-51567, CVE-2024-40766, CVE-2024-23113

Update Canonical Ubuntu Desktop: USN-6990-1: znc vulnerability

Trust: 3.25

Fetched: Nov. 5, 2024, 9:48 a.m., Published: Jan. 5, 6990, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

Update Canonical Ubuntu Desktop: USN-7045-1: libppd vulnerability

Trust: 3.25

Fetched: Nov. 5, 2024, 9:47 a.m., Published: Jan. 5, 7045, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

Multiple vulnerabilites in libexpat affecting PRC7000 | Bosch PSIRT

Trust: 4.0

Fetched: Nov. 5, 2024, 9:45 a.m., Published: Aug. 20, 2002, midnight
 Vulnerabilities: integer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2024-45492, CVE-2024-45490, CVE-2024-45491

Cisco - Security device manager Vulnerability Maturity Index CVE

Trust: 3.0

Fetched: Nov. 5, 2024, 9:44 a.m., Published: Nov. 1, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: device manager
vendor: cisco model: security device manager