Sign-up

VARIoT news about IoT security

Pixel Update Bulletin-March 2024 | Android Open Source Project

Trust: 4.25

Fetched: March 10, 2024, 9:59 a.m., Published: March 10, 2024, midnight
 Vulnerabilities: denial of service, code execution, information disclosure
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
db: NVD ids: CVE-2024-25985, CVE-2024-27213, CVE-2024-27220, CVE-2024-27230, CVE-2023-33090, CVE-2024-27234, CVE-2024-27207, CVE-2024-27208, CVE-2024-25993, CVE-2024-27225, CVE-2024-27223, CVE-2024-25989, CVE-2024-22010, CVE-2024-27221, CVE-2024-25990, CVE-2024-22009, CVE-2023-33078, CVE-2024-27237, CVE-2024-27226, CVE-2024-22006, CVE-2024-27236, CVE-2024-22011, CVE-2024-27210, CVE-2024-22008, CVE-2024-27235, CVE-2023-37368, CVE-2023-50806, CVE-2024-27218, CVE-2024-25988, CVE-2024-27222, CVE-2024-27209, CVE-2024-27205, CVE-2024-27233, CVE-2023-50807, CVE-2024-25986, CVE-2024-27227, CVE-2024-27212, CVE-2023-36481, CVE-2024-27219, CVE-2023-49927, CVE-2024-27224, CVE-2023-50805, CVE-2024-27211, CVE-2024-25987, CVE-2024-27206, CVE-2024-25984, CVE-2024-22007, CVE-2023-50804, CVE-2024-22005, CVE-2024-27228, CVE-2024-25991, CVE-2024-27204, CVE-2024-25992, CVE-2024-27229

Log4j Vulnerability Explained⚠️ - Wallarm

Related entries in the VARIoT vulnerabilities database: VAR-202112-1782, VAR-202112-0566, VAR-202112-2011

Trust: 4.5

Fetched: March 10, 2024, 9:59 a.m., Published: May 10, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: essential model: phone
vendor: cisco model: routers
vendor: apple model: iphone
db: NVD ids: CVE-2021-45105, CVE-2021-44228, CVE-2021-44832

Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection and Buffer Overflow Vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202403-1815

Trust: 5.75

Fetched: March 10, 2024, 9:58 a.m., Published: March 6, 2024, 4:13 p.m.
 Vulnerabilities: buffer overflow, command injection
Affected productsExternal IDs
vendor: cisco model: access points
vendor: cisco model: small business
vendor: cisco model: cisco small business
vendor: cisco model: series
db: NVD ids: CVE-2024-20336, CVE-2024-20335

About the security content of iOS 17.4 and iPadOS 17.4 - Apple Support

Trust: 4.25

Fetched: March 10, 2024, 9:57 a.m., Published: March 17, 2024, midnight
 Vulnerabilities: buffer overflow, code execution, memory corruption...
Affected productsExternal IDs
vendor: trend micro model: security
vendor: apple model: webkit
vendor: apple model: ipad air
vendor: apple model: iphone
vendor: apple model: safari
vendor: apple model: ipad
vendor: trend model: security
db: NVD ids: CVE-2024-23293, CVE-2024-23242, CVE-2024-23241, CVE-2024-23252, CVE-2024-23265, CVE-2024-23255, CVE-2024-23263, CVE-2024-23250, CVE-2024-23235, CVE-2024-23243, CVE-2024-0258, CVE-2024-23262, CVE-2022-48554, CVE-2024-23254, CVE-2024-23239, CVE-2024-23256, CVE-2024-23226, CVE-2024-23296, CVE-2024-23280, CVE-2024-23240, CVE-2024-23205, CVE-2024-23288, CVE-2024-23225, CVE-2024-23278, CVE-2024-23289, CVE-2024-23284, CVE-2024-23292, CVE-2024-23297, CVE-2024-23246, CVE-2024-23259, CVE-2024-23286, CVE-2024-23231, CVE-2024-23273, CVE-2024-23264, CVE-2024-23290, CVE-2024-23287, CVE-2024-23277, CVE-2024-23220, CVE-2024-23270, CVE-2024-23291

Helmet Hack - Hackster.io

Trust: 3.0

Fetched: March 10, 2024, 9:56 a.m., Published: May 10, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs

Cisco Duo Authentication for Windows Logon and RDP Authentication Bypass Vulnerability - Cisco

Trust: 4.25

Fetched: March 10, 2024, 9:55 a.m., Published: March 6, 2024, 10:15 a.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs

ConnectWise ScreenConnect 23.9.8 security fix

Trust: 3.5

Fetched: March 10, 2024, 9:54 a.m., Published: Feb. 19, 2024, 10:37 p.m.
 Vulnerabilities: authentication bypass, path traversal
Affected productsExternal IDs
db: NVD ids: CVE-2024-1709

CVE-2021-46985 - vulnerability database | Vulners.com

Trust: 3.25

Fetched: March 10, 2024, 9:53 a.m., Published: Feb. 28, 2024, 9:15 a.m.
 Vulnerabilities: memory leak
Affected productsExternal IDs
db: NVD ids: CVE-2021-46985

iOS 17.4-Update Now Warning Issued To All iPhone Users

Trust: 4.5

Fetched: March 10, 2024, 9:52 a.m., Published: March 8, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: ipad air
vendor: apple model: iphone
vendor: apple model: watchos
vendor: apple model: ipod touch
vendor: apple model: tvos
vendor: apple model: macos
vendor: apple model: safari
vendor: apple model: ipad
db: NVD ids: CVE-2024-23225, CVE-2024-23284, CVE-2024-23239, CVE-2024-23270, CVE-2024-23263, CVE-2024-23226, CVE-2024-23296, CVE-2024-23286

Cisco AppDynamics Controller Cross-Site Scripting Vulnerability

Trust: 3.25

Fetched: March 10, 2024, 9:52 a.m., Published: March 6, 2024, 4:13 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs

What is Remote Code Execution (RCE) Vulnerability❓

Trust: 4.25

Fetched: March 10, 2024, 9:49 a.m., Published: May 10, 2024, midnight
 Vulnerabilities: buffer overflow, code execution, privilege escalation
Affected productsExternal IDs
vendor: apple model: watchos
vendor: apple model: macos
vendor: apple model: safari

QNAP critical auth bypass flaw in its NAS - patch now - Security - VHT Forum

Trust: 3.75

Fetched: March 10, 2024, 9:49 a.m., Published: Dec. 25, 2023, 4:09 a.m.
 Vulnerabilities: authentication bypass, command injection, sql injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-21899

Update now! ConnectWise ScreenConnect vulnerability needs your attention | Malwarebytes

Trust: 3.75

Fetched: March 10, 2024, 9:48 a.m., Published: Feb. 23, 2024, 1:37 p.m.
 Vulnerabilities: code execution, authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2024-1709

Cisco NX-OS Allocation of Resources Without Limits or Thrott... - vulnerability database | Vulners.com

Trust: 5.75

Fetched: March 10, 2024, 9:44 a.m., Published: March 8, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: nx-os software
vendor: cisco model: nx-os
vendor: cisco model: cisco nx-os
db: NVD ids: CVE-2024-20321

Authentication flaw - vulnerability database | Vulners.com

Trust: 4.25

Fetched: March 10, 2024, 9:44 a.m., Published: March 6, 2024, 5:15 p.m.
 Vulnerabilities: authentication flaw
Affected productsExternal IDs

CVE-2024-20345 - vulnerability database | Vulners.com

Trust: 5.25

Fetched: March 10, 2024, 9:43 a.m., Published: March 6, 2024, 5:15 p.m.
 Vulnerabilities: directory traversal
Affected productsExternal IDs
db: NVD ids: CVE-2024-20345

Critical iOS Update Fixes Zero-Day Vulnerabilities Exploited in Attacks - Cyber and Fraud Centre - Scotland

Related entries in the VARIoT vulnerabilities database: VAR-202301-1714, VAR-202302-1097

Trust: 4.0

Fetched: March 10, 2024, 9:37 a.m., Published: March 6, 2024, 1:21 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: safari
vendor: apple model: ipad
vendor: apple model: macos
vendor: apple model: ipod touch
db: NVD ids: CVE-2023-23513, CVE-2023-23529

Cisco Secure Client for Linux with ISE Posture Module Privilege Escalation Vulnerability

Trust: 3.0

Fetched: March 10, 2024, 9:31 a.m., Published: March 6, 2024, 4:13 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs

Cisco AppDynamics Controller Path Traversal Vulnerability

Trust: 3.25

Fetched: March 10, 2024, 9:30 a.m., Published: March 6, 2024, 4:13 p.m.
 Vulnerabilities: path traversal
Affected productsExternal IDs

Google Online Security Blog: Hardening cellular basebands in Android

Trust: 3.25

Fetched: March 10, 2024, 9:28 a.m., Published: Dec. 12, 2023, midnight
 Vulnerabilities: code execution, integer overflow
Affected productsExternal IDs
vendor: google model: android
vendor: trend model: security