VARIoT latest news about IoT security

D-Link will not fix a critical vulnerability in discontinued NAS devices \| TechSpot Related entries in the VARIoT vulnerabilities database: VAR-202404-0070, VAR-202411-0293 Trust: 6.0 Fetched: Nov. 17, 2024, 10:49 a.m., Published: Nov. 11, 2024, midnight	Vulnerabilities: command injection

Affected products

External IDs

vendor:	d-link	model:	dns-340l
vendor:	d-link	model:	dns-320lw
vendor:	d-link	model:	dns-320
vendor:	d-link	model:	dns-325

db:

NVD

ids:

CVE-2024-3273, CVE-2024-10914

Exploited: Cisco, SharePoint, Chrome vulnerabilities - Help Net Security Trust: 5.5 Fetched: Nov. 17, 2024, 10:49 a.m., Published: Oct. 25, 2024, 10:25 a.m.	Vulnerabilities: cross-site scripting, data deserialization vulnerability, denial of service

Affected products

External IDs

vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	firepower
vendor:	cisco	model:	firepower threat defense
vendor:	google	model:	google chrome
vendor:	google	model:	chrome

db:

NVD

ids:

CVE-2024-20377, CVE-2024-20388, CVE-2024-20387, CVE-2024-38094, CVE-2024-4947, CVE-2024-20481

Edge Ai For Smart Sensors Vulnerability \| Restackio Trust: 3.0 Fetched: Nov. 17, 2024, 10:45 a.m., Published: Nov. 8, 2024, midnight	Vulnerabilities: code execution

Affected products	External IDs

Cisco Unified Contact Center Management Portal Stored Cross-Site Scripting Vulnerability - Cisco Trust: 4.25 Fetched: Nov. 17, 2024, 10:45 a.m., Published: Nov. 6, 2024, 10:18 a.m.	Vulnerabilities: cross-site scripting

Affected products	External IDs

CVE-2024-8260: SMB Force-Authentication Vulnerability in OPA Could Lead to Credential Leakage - Blog \| Tenable® Trust: 3.75 Fetched: Nov. 17, 2024, 10:45 a.m., Published: Oct. 22, 2024, 1 p.m.	Vulnerabilities: authentication vulnerability

Affected products

External IDs

db:

NVD

ids:

CVE-2024-8260

Cisco 6800, 7800, 8800, and 9800 Series Phones with Multiplatform Firmware Stored Cross-Site Scripting Vulnerabilities Trust: 4.75 Fetched: Nov. 17, 2024, 10:43 a.m., Published: Nov. 6, 2024, 3:51 p.m.	Vulnerabilities: cross-site scripting

Affected products

External IDs

vendor:	cisco	model:	ip conference phone
vendor:	cisco	model:	series
vendor:	cisco	model:	8831
vendor:	cisco	model:	ip phone

CVE-2024-10456 Delta Electronics InfraSuite Device Master De... - vulnerability database \| Vulners.com Trust: 3.0 Fetched: Nov. 17, 2024, 10:43 a.m., Published: Oct. 30, 2024, 6:04 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2024-10456

Mitigating Risks From A to Z-Wave - Security Industry Association Trust: 3.5 Fetched: Nov. 17, 2024, 10:42 a.m., Published: Sept. 30, 2019, 8:03 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

mesh

model:

mesh

U.S. CISA adds Fortinet FortiManager flaw to its Known Exploited Vulnerabilities catalog Trust: 3.75 Fetched: Nov. 17, 2024, 10:42 a.m., Published: Oct. 24, 2024, 5:19 a.m.	Vulnerabilities: authentication vulnerability, authentication flaw

Affected products

External IDs

db:

NVD

ids:

CVE-2024-47575

Top 6 Most Common Vulnerabilities Found During Penetration Testing \| aqua cloud Trust: 3.75 Fetched: Nov. 17, 2024, 10:41 a.m., Published: May 2, 2023, 9:48 p.m.	Vulnerabilities: default credentials, information disclosure, cross-site scripting...

Affected products	External IDs

FortiManager Devices Mass Compromise Exploiting CVE-2024-47575 Vulnerability Trust: 3.0 Fetched: Nov. 17, 2024, 10:40 a.m., Published: Oct. 25, 2024, 3:15 a.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2024-47575

Windows 11 KB5046617 KB5046633 November 2024 Patches And 4 Zero Day Vulnerabilities 91 Flaws HTMD Blog Trust: 4.5 Fetched: Nov. 17, 2024, 10:39 a.m., Published: Nov. 12, 2024, 6:48 p.m.	Vulnerabilities: memory leak

Affected products

External IDs

vendor:	essential	model:	phone
vendor:	asus	model:	asus

db:

NVD

ids:

CVE-2024-49040, CVE-2024-43451, CVE-2024-49019, CVE-2024-49039

Apple Users In India Warned About Critical Security Vulnerability: Here's What You Need To Know Trust: 3.75 Fetched: Nov. 17, 2024, 10:38 a.m., Published: Nov. 11, 2024, 9:12 a.m.	Vulnerabilities: information disclosure, denial of service

Affected products

External IDs

vendor:	apple	model:	safari
vendor:	apple	model:	apple tv
vendor:	apple	model:	ipad
vendor:	apple	model:	macos
vendor:	apple	model:	watchos
vendor:	apple	model:	watch
vendor:	apple	model:	tvos
vendor:	apple	model:	iphone
vendor:	apple	model:	software update

Infosec Press Reader Trust: 4.5 Fetched: Nov. 17, 2024, 10:37 a.m., Published: Nov. 14, 2024, midnight	Vulnerabilities: sql injection

Affected products

External IDs

vendor:	google	model:	home
vendor:	google	model:	google chrome
vendor:	google	model:	chrome
vendor:	sophos	model:	mobile

db:

NVD

ids:

CVE-2024-47139, CVE-2024-38814, CVE-2024-40711, CVE-2024-45844

IoT in the Crosshairs: Securing the New Digital Frontier - Security Buzz Trust: 3.75 Fetched: Nov. 17, 2024, 10:36 a.m., Published: Nov. 5, 2024, 11:30 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

trend

model:

security

Update Canonical Ubuntu Desktop: USN-7080-1: Unbound vulnerability Trust: 3.0 Fetched: Nov. 17, 2024, 10:36 a.m., Published: Jan. 17, 7080, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

canonical

model:

ubuntu

Cisco - Firepower device manager Vulnerability Maturity Index CVE Trust: 3.0 Fetched: Nov. 17, 2024, 10:35 a.m., Published: Nov. 2, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	firepower
vendor:	cisco	model:	device manager

Update Canonical Ubuntu Desktop: USN-7071-1: Linux kernel vulnerability Trust: 4.0 Fetched: Nov. 17, 2024, 10:35 a.m., Published: Jan. 17, 7071, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

canonical

model:

ubuntu

db:

NVD

ids:

CVE-2024-45016

Cisco Industrial Wireless Software Flaw Let Attackers Run Command As Root User Trust: 3.75 Fetched: Nov. 17, 2024, 10:32 a.m., Published: Nov. 7, 2024, 2:54 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	aironet 2800 series
vendor:	cisco	model:	catalyst iw6300
vendor:	cisco	model:	aironet 1830 series
vendor:	cisco	model:	aironet 1830
vendor:	cisco	model:	series
vendor:	cisco	model:	aironet 1810 series
vendor:	cisco	model:	wireless lan controller
vendor:	cisco	model:	aironet 4800
vendor:	cisco	model:	aironet 3800 series
vendor:	cisco	model:	aironet 1810
vendor:	cisco	model:	aironet
vendor:	cisco	model:	aironet 2800
vendor:	cisco	model:	aironet 1540
vendor:	cisco	model:	aironet 1850
vendor:	cisco	model:	aironet 1810w series access points
vendor:	cisco	model:	access points
vendor:	cisco	model:	aironet 3800
vendor:	cisco	model:	aironet 1560
vendor:	cisco	model:	aironet 1850 series
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	aironet 1560 series
vendor:	cisco	model:	catalyst 9100
vendor:	cisco	model:	catalyst 9100 series
vendor:	cisco	model:	aironet 1540 series
vendor:	mesh	model:	mesh

db:

NVD

ids:

CVE-2024-20418

Emerging Technology Impact on Medical Device Cybersecurity - Blue Goat Cyber Trust: 3.75 Fetched: Nov. 17, 2024, 10:31 a.m., Published: Feb. 11, 2024, 2:34 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

trend

model:

security

VARIoT news about IoT security