Sign-up

VARIoT news about IoT security

Linux kernel exploitation SLUBStick can read and write memory arbitrarily | SC Media

Trust: 3.75

Fetched: Oct. 23, 2024, 9:33 a.m., Published: June 11, 2024, 5 p.m.
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs

ShadyShader: Crashing Apple Devices with a Single Click | Imperva

Trust: 4.25

Fetched: Oct. 23, 2024, 9:33 a.m., Published: Oct. 22, 2024, 1 p.m.
 Vulnerabilities: kernel panic, system crash, resource exhaustion
Affected productsExternal IDs
vendor: google model: pixel
vendor: apple model: safari
vendor: apple model: macos
db: NVD ids: CVE-2023-40441

Alienware Aurora R16 System BIOS | Szczegóły sterownika | Dell Polska

Trust: 3.25

Fetched: Oct. 23, 2024, 9:32 a.m., Published: Oct. 22, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: bios

Surface Laptop 4 with Intel October 2024 update is now available to install via Windows Update - SurfaceTip

Trust: 3.75

Fetched: Oct. 23, 2024, 9:31 a.m., Published: Oct. 21, 2024, 4 a.m.
 Vulnerabilities: code execution, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2023-31315

Critical Vulnerability in D-Link Devices Could Allow Command Injection (CVE-2024-8214) | SecurityVulnerability.io - SecuirtyVulnerability.io

Related entries in the VARIoT vulnerabilities database: VAR-202408-2339

Trust: 6.0

Fetched: Oct. 23, 2024, 9:31 a.m., Published: -
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: d-link model: dns-320l
vendor: d-link model: dns-340l
vendor: d-link model: dnr-326
vendor: d-link model: dns-323
vendor: d-link model: dns-327l
vendor: d-link model: dnr-322l
vendor: d-link model: dns-325
vendor: d-link model: dns-345
vendor: d-link model: dns-320
vendor: d-link model: dns-320lw
db: NVD ids: CVE-2024-8214

Rockwell PLC Security Bypass Threatens Manufacturing Processes

Trust: 4.75

Fetched: Oct. 23, 2024, 9:30 a.m., Published: Oct. 5, 2024, midnight
 Vulnerabilities: security bypass
Affected productsExternal IDs
vendor: rockwell automation model: 1756-en3tr series
vendor: rockwell automation model: 1756-en2f series c
vendor: rockwell automation model: 1756-en3tr series b
vendor: rockwell automation model: 1756-en2t series
vendor: rockwell automation model: controllogix
vendor: rockwell automation model: controllogix 5580
vendor: rockwell automation model: guardlogix
vendor: rockwell automation model: 1756-en2f series
vendor: rockwell automation model: 1756-en2tr series
vendor: rockwell automation model: 1756-en2tr series c
vendor: rockwell automation model: automation controllogix
vendor: rockwell model: 1756-en3tr series
vendor: rockwell model: 1756-en2f series c
vendor: rockwell model: 1756-en3tr series b
vendor: rockwell model: 1756-en2t series
vendor: rockwell model: controllogix
vendor: rockwell model: controllogix 5580
vendor: rockwell model: guardlogix
vendor: rockwell model: 1756-en2f series
vendor: rockwell model: 1756-en2tr series
vendor: rockwell model: 1756-en2tr series c
vendor: rockwell model: automation controllogix
db: NVD ids: CVE-2024-6242

Rockwell Automation Logix Controllers | CISA

Trust: 3.75

Fetched: Oct. 23, 2024, 9:30 a.m., Published: Oct. 23, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: rockwell automation model: 1756-en2tr series a
vendor: rockwell automation model: 1756-en3tr series
vendor: rockwell automation model: 1756-en2f series c
vendor: rockwell automation model: controllogix controller
vendor: rockwell automation model: 1756-en3tr series b
vendor: rockwell automation model: 1756-en2t series
vendor: rockwell automation model: controllogix
vendor: rockwell automation model: controllogix 5580
vendor: rockwell automation model: guardlogix
vendor: rockwell automation model: 1756-en2f series
vendor: rockwell automation model: 1756-en2tr series
vendor: rockwell automation model: 1756-en2tr series c
vendor: rockwell automation model: 1756-en2f series a
vendor: rockwell automation model: 1756-en2t series a
vendor: rockwell model: 1756-en2tr series a
vendor: rockwell model: 1756-en3tr series
vendor: rockwell model: 1756-en2f series c
vendor: rockwell model: controllogix controller
vendor: rockwell model: 1756-en3tr series b
vendor: rockwell model: 1756-en2t series
vendor: rockwell model: controllogix
vendor: rockwell model: controllogix 5580
vendor: rockwell model: guardlogix
vendor: rockwell model: 1756-en2f series
vendor: rockwell model: 1756-en2tr series
vendor: rockwell model: 1756-en2tr series c
vendor: rockwell model: 1756-en2f series a
vendor: rockwell model: 1756-en2t series a
db: NVD ids: CVE-2024-6242

Surface Laptop 4 with AMD October 2024 update is now available to install via Windows Update - SurfaceTip

Trust: 3.75

Fetched: Oct. 23, 2024, 9:30 a.m., Published: Oct. 21, 2024, 4 a.m.
 Vulnerabilities: code execution, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2023-31315

CVE-2021-20123, CVE-2021-20124: DrayTek Vulnerabilities Discovered by Tenable Research Added to CISA KEV - Blog | Tenable®

Trust: 4.25

Fetched: Oct. 23, 2024, 9:29 a.m., Published: Sept. 9, 2024, 4:20 p.m.
 Vulnerabilities: local file inclusion, file inclusion, path traversal
Affected productsExternal IDs
vendor: draytek model: routers
vendor: draytek model: vigor
db: NVD ids: CVE-2021-20124, CVE-2021-20123

Western Digital’s My Cloud Devices Critical Vulnerability

Trust: 4.5

Fetched: Oct. 23, 2024, 9:21 a.m., Published: Oct. 1, 2024, 3:38 p.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2024-22170

Microsoft rolled out new firmware updates (October 21, 2024) for Surface Pro 7 Plus - SurfaceTip

Trust: 3.0

Fetched: Oct. 23, 2024, 9:20 a.m., Published: Oct. 21, 2024, 4 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-38102, CVE-2022-36392

Trend Micro ZDI Hosts Hacking Contest for Vulnerabilities in AI-Enabled Devices

Trust: 3.75

Fetched: Oct. 23, 2024, 9:20 a.m., Published: Oct. 22, 2024, 12:02 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trendmicro model: security
vendor: trendmicro model: micro trend micro
vendor: google model: home
vendor: trend micro model: security
vendor: trend micro model: micro trend micro
vendor: trend model: security
vendor: trend model: micro trend micro

Surface Pro 7 gets new (October 21, 2024) firmware updates - SurfaceTip

Trust: 3.0

Fetched: Oct. 23, 2024, 9:19 a.m., Published: Oct. 21, 2024, 4 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-29871

IoT Security: A Call to Action for Improved Vulnerability Disclosure

Trust: 4.5

Fetched: Oct. 22, 2024, 9:13 a.m., Published: Oct. 11, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: huawei model: huawei

Fortinet releases patches for undisclosed critical FortiManager vulnerability - Help Net Security

Trust: 6.0

Fetched: Oct. 22, 2024, 9:13 a.m., Published: Oct. 21, 2024, 1:34 p.m.
 Vulnerabilities: format string vulnerability
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2024-23113

IoT Device Certification and Vulnerability Testing Methodology

Trust: 3.0

Fetched: Oct. 22, 2024, 9:12 a.m., Published: Oct. 1, 2024, midnight
 Vulnerabilities: information leak, default password, information disclosure...
Affected productsExternal IDs

Most common IoT security issues and how to prevent them

Trust: 3.75

Fetched: Oct. 20, 2024, 9:49 a.m., Published: Oct. 18, 2024, 11:38 a.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: palo model: networks

New macOS Vulnerability Allows Unauthorized Data Access

Trust: 3.75

Fetched: Oct. 20, 2024, 9:46 a.m., Published: Oct. 20, 2024, 8:02 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: home
vendor: apple model: safari
vendor: apple model: macos
db: NVD ids: CVE-2024-44133

Microsoft discovers macOS vulnerability that could expose your data - what we know | Tom's Guide

Trust: 3.75

Fetched: Oct. 20, 2024, 9:45 a.m., Published: Oct. 18, 2024, 6:25 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: home
vendor: google model: chrome
vendor: apple model: safari
vendor: apple model: macos
db: NVD ids: CVE-2024-44133

ERROR: The request could not be satisfied

Trust: 3.25

Fetched: Oct. 20, 2024, 9:45 a.m., Published: -
 Vulnerabilities: configuration error
Affected productsExternal IDs