Sign-up

VARIoT news about IoT security

CISA Vulnerability Bulletin Dec 2024 : Over 270 Critical Vulnerabilities Listed

Trust: 5.5

Fetched: Dec. 17, 2024, 9:59 a.m., Published: Dec. 10, 2024, 6:07 a.m.
 Vulnerabilities: file inclusion, sql injection, privilege escalation...
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: google chrome
vendor: google model: nexus
vendor: google model: wifi
vendor: google model: android
db: NVD ids: CVE-2024-53940, CVE-2024-51550, CVE-2024-37861, CVE-2024-38920, CVE-2024-53908, CVE-2024-52547, CVE-2024-11317, CVE-2024-12053, CVE-2024-53981, CVE-2024-10516, CVE-2024-11391, CVE-2024-52335, CVE-2024-9200, CVE-2024-47547, CVE-2018-9380, CVE-2024-54221, CVE-2024-48839, CVE-2018-9430, CVE-2024-51541, CVE-2024-54209

Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 and CVE-2024-9474 (Updated) - Cyber Security Review

Trust: 4.5

Fetched: Dec. 17, 2024, 9:58 a.m., Published: Nov. 20, 2024, 7:05 a.m.
 Vulnerabilities: authentication bypass, privilege escalation, command execution...
Affected productsExternal IDs
vendor: trend micro model: security
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: ssl vpn
vendor: palo alto networks model: networks
vendor: palo model: pan-os
vendor: palo model: ssl vpn
vendor: palo model: networks
vendor: trend model: security
vendor: mitel model: micollab
db: NVD ids: CVE-2024-9474, CVE-2024-55550, CVE-2024-0012, CVE-2024-41713

Multiple Critical Vulnerabilities Affected Dell Wyse Management Suite

Trust: 4.5

Fetched: Dec. 17, 2024, 9:58 a.m., Published: Nov. 26, 2024, 7:20 a.m.
 Vulnerabilities: authentication bypass, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2024-49596, CVE-2024-49597, CVE-2024-7553, CVE-2024-49595

Update Canonical Ubuntu Server: USN-7151-1: oFono vulnerabilities

Trust: 5.25

Fetched: Dec. 17, 2024, 9:58 a.m., Published: Dec. 17, 2070, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2023-4235, CVE-2023-4232

SSA-354569

Trust: 5.5

Fetched: Dec. 17, 2024, 9:57 a.m., Published: Dec. 1, 2024, midnight
 Vulnerabilities: authentication bypass, privilege escalation, command injection...
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo model: pan-os
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: pan-os
db: NVD ids: CVE-2024-2552, CVE-2024-9474, CVE-2024-2550, CVE-2024-0012

Vulnerability (CVE-2024-54143 ) Discovered in OpenWrt's Firmware Upgrade System

Trust: 4.25

Fetched: Dec. 17, 2024, 9:57 a.m., Published: Dec. 13, 2024, 12:19 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-54143

Update Barco ClickShare C-10: Fix vulnerability CVE-2024-53919

Trust: 3.75

Fetched: Dec. 17, 2024, 9:56 a.m., Published: Dec. 10, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: pixel
vendor: barco model: clickshare
db: NVD ids: CVE-2024-53919

QNAP Fixes Several Vulnerabilities Affecting High-End NAS Devices - Cyber Security Review

Trust: 4.75

Fetched: Dec. 17, 2024, 9:56 a.m., Published: Dec. 10, 2024, 7:12 a.m.
 Vulnerabilities: certificate validation vulnerability
Affected productsExternal IDs
vendor: apple model: software update
vendor: apple model: safari
vendor: sonicwall model: netextender
vendor: sonicwall model: sma100
vendor: sonicwall model: ssl vpn
db: NVD ids: CVE-2024-48865, CVE-2024-29014

Authentication Bypass Vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer: Software Vulnerability Information: Software: Hitachi

Trust: 4.0

Fetched: Dec. 17, 2024, 9:49 a.m., Published: Dec. 9, 2024, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: hitachi model: hitachi infrastructure analytics advisor

Project Zero: The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit

Related entries in the VARIoT vulnerabilities database: VAR-202409-0013

Trust: 4.25

Fetched: Dec. 17, 2024, 9:46 a.m., Published: Dec. 15, 2024, midnight
 Vulnerabilities: kernel panic, privilege escalation, code execution...
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: google model: android
db: NVD ids: CVE-2024-43047, CVE-2024-21455, CVE-2024-33060, CVE-2024-49848

16th December - Threat Intelligence Report - Check Point Research

Trust: 4.5

Fetched: Dec. 17, 2024, 9:45 a.m., Published: Dec. 16, 2024, 7:36 a.m.
 Vulnerabilities: privilege escalation, use after free
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: google chrome
vendor: check point model: check point
db: NVD ids: CVE-2024-49138, CVE-2024-54526, CVE-2024-12381, CVE-2024-12382

Cleo File Transfer Vulnerabilities (CVE-2024-50623, CVE-2024-55956) - Cl0P's Latest Attack Vector - SOCRadar® Cyber Intelligence Inc.

Trust: 5.25

Fetched: Dec. 17, 2024, 9:45 a.m., Published: Dec. 16, 2024, 1:34 p.m.
 Vulnerabilities: command execution, code execution
Affected productsExternal IDs
vendor: trend model: security
vendor: sophos model: firewall
db: NVD ids: CVE-2024-55956, CVE-2024-50623

Nine Updated Security Measures For The Modern Smart Home

Trust: 3.5

Fetched: Dec. 17, 2024, 9:43 a.m., Published: Dec. 17, 2024, 5:16 a.m.
 Vulnerabilities: default password
Affected productsExternal IDs

INTEL-SA-01185

Trust: 5.75

Fetched: Dec. 17, 2024, 9:41 a.m., Published: Dec. 3, 2024, 10:26 p.m.
 Vulnerabilities: information disclosure, denial of service, improper access control
Affected productsExternal IDs
vendor: asus model: asus
db: NVD ids: CVE-2024-23498, CVE-2024-36297, CVE-2024-23197, CVE-2024-34159, CVE-2024-36483

Update now! Apple releases new security patches for vulnerabilities in iPhones, Macs, and more | Malwarebytes

Trust: 3.75

Fetched: Dec. 17, 2024, 9:41 a.m., Published: Dec. 12, 2024, 3:14 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: software update
vendor: apple model: safari
vendor: apple model: macos
db: NVD ids: CVE-2024-54529, CVE-2024-45490

New NoviSpy Android Spyware Exploits Flaw in Qualcomm Chips

Trust: 4.75

Fetched: Dec. 17, 2024, 9:41 a.m., Published: Dec. 16, 2024, 12:49 p.m.
 Vulnerabilities: kernel panic, code execution, heap corruption
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2024-43047

Samsung Electronics Scales Up Mobile Security Rewards Program To Boost Industry Collaboration and Safety - Samsung Newsroom Malaysia

Trust: 3.5

Fetched: Dec. 17, 2024, 9:40 a.m., Published: Dec. 16, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: samsung model: mobile
vendor: samsung model: samsung galaxy
vendor: samsung model: samsung
vendor: samsung model: samsung mobile
vendor: samsung model: galaxy
vendor: samsung model: mobile devices

Data | Smart Security Enhancer as a Device Guardian to Mitigate Software Vulnerabilities | Dell Technologies Info Hub

Trust: 3.0

Fetched: Dec. 17, 2024, 9:29 a.m., Published: Dec. 1, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2020-9558

Command Injection Vulnerability in D-Link NAS Devices: Recommended Fixes -SecureMyOrg - SecureMyOrg

Trust: 4.25

Fetched: Dec. 17, 2024, 9:29 a.m., Published: Dec. 12, 2024, 5:01 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs

Firefox and Chrome Mobile Vulnerabilities | Threat Intel

Trust: 5.0

Fetched: Dec. 17, 2024, 9:27 a.m., Published: Oct. 30, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: android
vendor: google model: google chrome
db: NVD ids: CVE-2024-9956, CVE-2024-10231, CVE-2024-9966, CVE-2024-9955, CVE-2024-9936, CVE-2024-10230, CVE-2024-9680, CVE-2024-9954