Sign-up

VARIoT news about IoT security

Cisco Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul Access Point Command Injection Vulnerability - Cisco

Trust: 3.0

Fetched: Dec. 3, 2024, 10:01 a.m., Published: Nov. 6, 2024, 10:18 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs

CVE-2023-20092 - vulnerability database | Vulners.com

Trust: 4.0

Fetched: Dec. 3, 2024, 9:56 a.m., Published: Nov. 15, 2024, 4:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco telepresence
vendor: cisco model: dx70
vendor: cisco model: telepresence mx series
vendor: cisco model: telepresence sx series
vendor: cisco model: telepresence
vendor: cisco model: series
vendor: cisco model: telepresence ce
vendor: cisco model: dx80
vendor: cisco model: roomos
db: NVD ids: CVE-2023-20092

Conducting a Comprehensive Medical Device Inventory for Enhanced Cybersecurity - Blue Goat Cyber

Trust: 3.75

Fetched: Dec. 3, 2024, 9:54 a.m., Published: Feb. 2, 2024, 8:16 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: serve model: serve

Annual Security Report: Emerging Cybersecurity Threats to Watch in 2025 | Thought Leadership | ShareVault

Trust: 3.75

Fetched: Dec. 3, 2024, 9:49 a.m., Published: Dec. 3, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: serve model: serve

Linux Kernel Vulnerability Fix: Null-Ptr Deref in Target_Alloc_Device() (CVE-2024-50153) | SecurityVulnerability.io - SecuirtyVulnerability.io

Trust: 5.25

Fetched: Dec. 3, 2024, 9:48 a.m., Published: Nov. 7, 2024, midnight
 Vulnerabilities: pointer reference problem
Affected productsExternal IDs
db: NVD ids: CVE-2024-50153

Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities

Trust: 4.25

Fetched: Dec. 3, 2024, 9:48 a.m., Published: Nov. 21, 2024, 9:28 a.m.
 Vulnerabilities: code execution, cross-site scripting
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: webkit
vendor: apple model: ipad
vendor: apple model: software update
vendor: apple model: safari
vendor: apple model: macos
vendor: apple model: ipad air
db: NVD ids: CVE-2024-44309, CVE-2024-44308

MediaTek Processor Vulnerabilities Let Attackers escalate privileges

Trust: 3.75

Fetched: Dec. 3, 2024, 9:47 a.m., Published: Dec. 2, 2024, 6:32 a.m.
 Vulnerabilities: privilege escalation, information disclosure, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2024-20135, CVE-2024-20137, CVE-2024-20134, CVE-2024-20129, CVE-2024-20139, CVE-2024-20127, CVE-2024-20125, CVE-2024-20132, CVE-2024-20136, CVE-2024-20116, CVE-2024-20138, CVE-2024-20131, CVE-2024-20133, CVE-2024-20128, CVE-2024-20130

CVE-2022-20931 Cisco Touch 10 Device Downgrade Attack Vulner... - vulnerability database | Vulners.com

Trust: 3.75

Fetched: Dec. 3, 2024, 9:47 a.m., Published: Nov. 15, 2024, 3:30 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco telepresence
vendor: cisco model: telepresence
vendor: cisco model: telepresence endpoint
db: NVD ids: CVE-2022-20931

Understanding and Exploiting CVE-2024-10914: A Critical Vulnerability in D-Link NAS Devices - Jaspreet Singh

Related entries in the VARIoT vulnerabilities database: VAR-202411-0293

Trust: 5.5

Fetched: Dec. 3, 2024, 9:47 a.m., Published: Dec. 1, 2024, 9:29 a.m.
 Vulnerabilities: injection attack, command injection
Affected productsExternal IDs
vendor: dlink model: dns-320lw
vendor: dlink model: dns-325
vendor: dlink model: dns-340l
vendor: dlink model: dns-320
vendor: d-link model: dns-320lw
vendor: d-link model: dns-325
vendor: d-link model: dns-340l
vendor: d-link model: dns-320
db: NVD ids: CVE-2024-10914

Billion Electric 4G/LTE routers patched to plug catastrophic CVSS level 10 severity flaw | Tom's Hardware

Trust: 5.75

Fetched: Dec. 3, 2024, 9:46 a.m., Published: Dec. 2, 2024, 4:24 p.m.
 Vulnerabilities: authentication bypass, os command injection, command injection
Affected productsExternal IDs
vendor: d-link model: router
db: NVD ids: CVE-2024-11983, CVE-2024-11980, CVE-2024-11981, CVE-2024-11982

BSI - Cyber Resilience Act - Cyber Resilience Act

Trust: 3.75

Fetched: Dec. 3, 2024, 9:45 a.m., Published: Dec. 2, 2024, 12:26 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: serve model: serve

CVE-2024-50381 - Missing Authentication for Critical Function in Snap One OVRC cloud - SecAlerts

Trust: 3.25

Fetched: Dec. 3, 2024, 9:45 a.m., Published: Dec. 8, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-50381

Top 7 Endpoint Protection Solutions for 2025

Trust: 4.5

Fetched: Dec. 3, 2024, 9:44 a.m., Published: Nov. 28, 2024, 11:34 a.m.
 Vulnerabilities: code injection
Affected productsExternal IDs
vendor: rising model: antivirus
vendor: trend model: antivirus
vendor: trend model: data loss prevention
vendor: trend model: security
vendor: trend micro model: antivirus
vendor: trend micro model: data loss prevention
vendor: trend micro model: security
vendor: sophos model: firewall
vendor: sophos model: endpoint protection
vendor: sophos model: mobile

Small number of vulnerabilities patched in last Android security update of 2024 | CyberScoop

Trust: 5.75

Fetched: Dec. 3, 2024, 9:41 a.m., Published: Dec. 2, 2024, 9:14 p.m.
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2024-43767

Zyxel security advisory for buffer overflow and post-authentication command injection vulnerabilities in some 4G LTE/5G NR CPE, DSL/Ethernet CPE, fiber ONTs, and WiFi extenders | Zyxel Networks

Trust: 3.5

Fetched: Dec. 3, 2024, 9:40 a.m., Published: Dec. 7, 2024, midnight
 Vulnerabilities: buffer overflow, denial of service, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-9197, CVE-2024-8748, CVE-2024-9200

Why OT environments are vulnerable - and what to do about it | SC Media

Trust: 3.75

Fetched: Dec. 3, 2024, 9:40 a.m., Published: Dec. 2, 2024, midnight
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: serve model: serve

MediaTek Patches High-Severity Vulnerability in Smartphone Chipsets (CVE-2024-20125)

Trust: 3.75

Fetched: Dec. 3, 2024, 9:39 a.m., Published: Dec. 2, 2024, 4:14 a.m.
 Vulnerabilities: privilege escalation, information disclosure, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2024-20125

Max-Critical Cisco Bug Enables Command-Injection Attacks

Trust: 5.0

Fetched: Dec. 3, 2024, 9:38 a.m., Published: Dec. 5, 2024, midnight
 Vulnerabilities: improper validation
Affected productsExternal IDs
vendor: cisco model: access points
vendor: cisco model: catalyst
db: NVD ids: CVE-2024-20418

Qt vulnerability CVE-2023-32762

Trust: 3.0

Fetched: Dec. 3, 2024, 9:38 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-32762

BD Discloses Viper, Pyxis Medical Device Vulnerabilities | TechTarget

Trust: 3.0

Fetched: Dec. 3, 2024, 9:37 a.m., Published: March 4, 2022, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-22765, CVE-2022-22766