Sign-up

VARIoT news about IoT security

Security Bulletin: NVIDIA GPU Display Driver - October 2024 | NVIDIA

Trust: 4.25

Fetched: Dec. 10, 2024, 9:35 a.m., Published: Oct. 10, 2024, midnight
 Vulnerabilities: information disclosure, code execution, denial of service
Affected productsExternal IDs
vendor: citrix model: licensing
vendor: citrix model: hypervisor

Update Your Apple Device! Security Snafu! | Mark Wein Guitar Lessons

Trust: 5.5

Fetched: Dec. 10, 2024, 9:30 a.m., Published: -
 Vulnerabilities: cross-site scripting, code execution
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: safari
vendor: apple model: iphone
vendor: apple model: macos
db: NVD ids: CVE-2024-44309, CVE-2024-44308

Top Software Weaknesses of 2024 by MITRE (Critical Insights for Every Organization) - SOCRadar® Cyber Intelligence Inc.

Related entries in the VARIoT vulnerabilities database: VAR-201501-0347, VAR-201403-0466, VAR-202403-2416

Trust: 4.25

Fetched: Dec. 10, 2024, 9:29 a.m., Published: Dec. 9, 2024, 1:38 p.m.
 Vulnerabilities: privilege escalation, use after free, request forgery...
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: d-link model: router
vendor: d-link model: dir-600
vendor: palo model: networks
vendor: cisco model: router
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: ios xe
vendor: cisco model: routers
vendor: cisco model: cisco ios
vendor: cisco model: adaptive security appliance
vendor: solarwinds model: serv-u
vendor: apple model: watchos
vendor: apple model: macos
db: NVD ids: CVE-2014-100005, CVE-2024-0519, CVE-2023-7024, CVE-2014-2120, CVE-2024-9379, CVE-2024-28995, CVE-2023-34362, CVE-2024-21762, CVE-2024-8963, CVE-2024-4761, CVE-2024-23225, CVE-2024-37383, CVE-2024-8190, CVE-2023-48788, CVE-2024-9465, CVE-2024-6670, CVE-2024-11667, CVE-2024-23296, CVE-2023-34048, CVE-2021-26086, CVE-2024-29824, CVE-2024-32113

Solved: CISCO Meraki MS 120 - Qualys Vulnerability Scan - The Meraki Community

Trust: 3.25

Fetched: Dec. 10, 2024, 9:26 a.m., Published: Jan. 5, 2024, 12:17 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: meraki ms

Access Denied

Trust: 3.25

Fetched: Dec. 10, 2024, 9:25 a.m., Published: May 19, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung

Attackers Could Use Vulnerability in Smart Gas Meters to Reset Them or Run Code, Researchers Find

Trust: 4.0

Fetched: Dec. 10, 2024, 9:24 a.m., Published: Dec. 1, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

Vulnerability In Tinxy Mobile Application Exposes User Data

Trust: 5.0

Fetched: Dec. 10, 2024, 9:18 a.m., Published: Dec. 9, 2024, 7:34 a.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2024-12094

CyberOps Associate (version 1.0) - Course Final Exam Answers

Trust: 3.25

Fetched: Dec. 8, 2024, 11:02 a.m., Published: Nov. 19, 2024, 1:58 a.m.
 Vulnerabilities: sql injection, buffer overflow, cross-site scripting...
Affected productsExternal IDs
vendor: essential model: phone
vendor: wireshark model: wireshark
vendor: extreme model: wireless ap
vendor: snort.org model: snort
vendor: clamav model: clamav
vendor: snort model: snort
vendor: cisco model: security agent
vendor: cisco model: series
vendor: cisco model: clamav
vendor: cisco model: intrusion prevention system
vendor: cisco model: routers
vendor: cisco model: cisco security agent
vendor: cisco model: wireless access point
vendor: cisco model: firepower
vendor: cisco model: router
vendor: cisco model: catalyst

How the BEAST Attack Works: Reading Encrypted Data Without Decryption

Related entries in the VARIoT vulnerabilities database: VAR-201109-0130

Trust: 3.5

Fetched: Dec. 8, 2024, 11:01 a.m., Published: Nov. 14, 2024, 4:54 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: google chrome
db: NVD ids: CVE-2011-3389

Hackers Unleash Mayhem on Unpatched D-Link NAS Devices: CVE-2024-10914 Exploited! - The Nimble Nerd

Related entries in the VARIoT vulnerabilities database: VAR-202411-0293

Trust: 3.0

Fetched: Dec. 8, 2024, 11 a.m., Published: Nov. 15, 2024, 12:39 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-10914

Update Canonical Ubuntu Desktop: USN-7102-1: MySQL vulnerabilities

Trust: 3.25

Fetched: Dec. 8, 2024, 10:59 a.m., Published: Jan. 8, 7102, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

November Apple Security Update Fixes Critical Flaws

Trust: 5.25

Fetched: Dec. 8, 2024, 10:58 a.m., Published: Nov. 20, 2024, 1:27 p.m.
 Vulnerabilities: cross-site scripting, code execution
Affected productsExternal IDs
vendor: apple model: ipad air
vendor: apple model: iphone
vendor: apple model: ipad
vendor: apple model: safari
vendor: apple model: webkit
vendor: apple model: macos
db: NVD ids: CVE-2024-44309, CVE-2024-44308

Duo Administration - Policy & Control | Duo Security

Trust: 3.5

Fetched: Dec. 8, 2024, 10:55 a.m., Published: Dec. 12, 2024, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: essential model: phone
vendor: google model: chrome os
vendor: google model: home
vendor: google model: android
vendor: google model: chrome
vendor: apple model: safari
vendor: apple model: java
vendor: apple model: software update
vendor: apple model: macos
vendor: symantec model: symantec endpoint protection
vendor: symantec model: antivirus
vendor: symantec model: endpoint protection
vendor: trend model: antivirus
vendor: trend model: security
vendor: blackberry model: blackberry
vendor: blackberry model: smartphone
vendor: blackberry model: link
vendor: trend micro model: antivirus
vendor: trend micro model: security
vendor: cisco model: security agent
vendor: cisco model: service portal
vendor: sophos model: mobile
vendor: sophos model: endpoint protection
vendor: sophos model: firewall
vendor: palo model: networks
vendor: palo model: firewall

CVE-2024-9474 PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface

Trust: 4.5

Fetched: Dec. 8, 2024, 10:52 a.m., Published: Nov. 18, 2024, 2:20 p.m.
 Vulnerabilities: privilege escalation, command injection, os command injection
Affected productsExternal IDs
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os
vendor: paloaltonetworks model: firewall
vendor: paloaltonetworks model: networks
vendor: paloaltonetworks model: pan-os
vendor: palo model: firewall
vendor: palo model: networks
vendor: palo model: pan-os
db: NVD ids: CVE-2024-9474

Exposure Risks with File Transfer Protocol (FTP) | UpGuard

Trust: 3.5

Fetched: Dec. 8, 2024, 10:51 a.m., Published: Dec. 8, 2025, midnight
 Vulnerabilities: traffic interception
Affected productsExternal IDs
vendor: winscp model: winscp
vendor: putty model: putty
vendor: filezilla model: server

8 Best OT Security Vendors for 2024 - with Links to Demos

Trust: 3.5

Fetched: Dec. 8, 2024, 10:42 a.m., Published: Feb. 11, 2021, 3:41 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: nozomi model: guardian
vendor: nozomi model: networks guardian
vendor: schneider model: monitor

Mitel MiCollab PoC Exploit Links CVE-2024-41713 and Zero-Day, Exposing Sensitive Files - SOCRadar® Cyber Intelligence Inc.

Trust: 5.75

Fetched: Dec. 8, 2024, 10:18 a.m., Published: Dec. 6, 2024, 2:39 p.m.
 Vulnerabilities: sql injection, authentication bypass, path traversal
Affected productsExternal IDs
vendor: mitel model: micollab
db: NVD ids: CVE-2024-41713, CVE-2024-35286

Vulnerability in License Center - Security Advisory | QNAP

Trust: 4.25

Fetched: Dec. 8, 2024, 10:15 a.m., Published: Dec. 2, 2024, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs

Windows, macOS, Linux, iOS and Android: Top Cyberattacks Targeting Operating Systems

Trust: 3.25

Fetched: Dec. 8, 2024, 10:15 a.m., Published: Dec. 8, 2024, midnight
 Vulnerabilities: command injection, authentication bypass
Affected productsExternal IDs
vendor: google model: android
vendor: google model: home
vendor: blackberry model: blackberry
vendor: apple model: iphone
vendor: apple model: macos

Where There’s Smoke, There’s Fire - Mitel MiCollab CVE-2024-35286, CVE-2024-41713 And An 0day

Trust: 5.25

Fetched: Dec. 8, 2024, 10:13 a.m., Published: Dec. 5, 2024, 11 a.m.
 Vulnerabilities: injection attack, sql injection, authentication bypass...
Affected productsExternal IDs
vendor: mitel model: micollab
vendor: axis model: axis
vendor: axis model: communications
vendor: google model: home
db: NVD ids: CVE-2024-35286, CVE-2024-41713