Sign-up

VARIoT news about IoT security

Understanding CVE-2024-0029: Elevation of Privilege in Android 13

Trust: 5.0

Fetched: Nov. 1, 2024, 9:15 a.m., Published: Nov. 13, 2024, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2024-0029

CVE-2024-50022 - Linux Device-Dax Pagetable Alignment Vulnerability

Trust: 3.0

Fetched: Nov. 1, 2024, 9:14 a.m., Published: Oct. 21, 2024, 8:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-50022

Untraceable Memory Access Vulnerability in PCI Devices (CVE-2024-31145) | SecurityVulnerability.io - SecuirtyVulnerability.io

Trust: 4.0

Fetched: Nov. 1, 2024, 9:13 a.m., Published: Sept. 25, 2024, midnight
 Vulnerabilities: memory access vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2024-31145

DoS vulnerability on IndraDrive | Bosch PSIRT

Trust: 4.75

Fetched: Nov. 1, 2024, 9:13 a.m., Published: Nov. 3, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2024-48989

Analysis of CVE-2023-45576: Buffer Overflow Vulnerability in D-Link Devices

Trust: 4.25

Fetched: Nov. 1, 2024, 9:12 a.m., Published: Aug. 23, 2025, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2023-45576

TALOS-2024-1996 || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence

Trust: 5.5

Fetched: Nov. 1, 2024, 9:11 a.m., Published: Nov. 1, 6012, midnight
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: cisco model: soho
vendor: cisco model: router

Hacking these IoT baby monitors is child's play, researchers reveal

Trust: 3.75

Fetched: Oct. 30, 2024, 9:38 a.m., Published: Nov. 4, 2024, midnight
 Vulnerabilities: default credentials
Affected productsExternal IDs

Siemens InterMesh Subscriber Devices | CISA

Trust: 4.5

Fetched: Oct. 30, 2024, 9:35 a.m., Published: Oct. 30, 2023, midnight
 Vulnerabilities: code execution, os command injection, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-47902, CVE-2024-47904, CVE-2024-47903, CVE-2024-47901

CISA issues four ICS advisories highlighting hardware vulnerabilities in critical infrastructure equipment - Industrial Cyber

Trust: 4.5

Fetched: Oct. 30, 2024, 9:34 a.m., Published: Oct. 28, 2024, 9:59 a.m.
 Vulnerabilities: improper access control, path traversal
Affected productsExternal IDs
db: NVD ids: CVE-2024-6981, CVE-2024-5947, CVE-2024-10313, CVE-2024-9692

Considerations and Safeguards Addressing Potential Vulnerabilities in Connected Medical Devices and the Internet of Things (IoT) | Healthcare IT Today

Trust: 3.75

Fetched: Oct. 30, 2024, 9:32 a.m., Published: Oct. 28, 2024, 8:26 p.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs

Delta Electronics InfraSuite Device Master | CISA

Trust: 4.75

Fetched: Oct. 30, 2024, 9:31 a.m., Published: Oct. 30, 2023, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: trend micro model: security
vendor: trend model: security
db: NVD ids: CVE-2024-10456

Mitigating CVE-2024-41999: Debug Code Vulnerability in Smart-tab Android App

Trust: 3.0

Fetched: Oct. 30, 2024, 9:31 a.m., Published: Sept. 30, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-41999

Critical Command Injection Vulnerability in D-Link Devices (CVE-2024-8213) | SecurityVulnerability.io - SecuirtyVulnerability.io

Related entries in the VARIoT vulnerabilities database: VAR-202408-2337

Trust: 6.0

Fetched: Oct. 30, 2024, 9:30 a.m., Published: -
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: d-link model: dns-323
vendor: d-link model: dnr-322l
vendor: d-link model: dns-327l
vendor: d-link model: dns-325
vendor: d-link model: dns-320l
vendor: d-link model: dns-320
vendor: d-link model: dns-340l
vendor: d-link model: dnr-326
vendor: d-link model: dns-345
vendor: d-link model: dns-320lw
db: NVD ids: CVE-2024-8213

About the security content of macOS Sonoma 14.7.1 - Apple Support

Trust: 4.25

Fetched: Oct. 30, 2024, 9:29 a.m., Published: July 14, 2001, midnight
 Vulnerabilities: information disclosure, buffer overflow, bounds access issue...
Affected productsExternal IDs
vendor: trend micro model: security
vendor: trend model: security
vendor: apple model: macos
db: NVD ids: CVE-2024-44218, CVE-2024-44215, CVE-2024-44278, CVE-2024-44137, CVE-2024-44156, CVE-2024-44297, CVE-2024-44270, CVE-2024-44260, CVE-2024-44213, CVE-2024-44247, CVE-2024-44253, CVE-2024-44256, CVE-2024-44240, CVE-2024-44279, CVE-2024-44197, CVE-2024-44275, CVE-2024-44216, CVE-2024-44175, CVE-2024-44159, CVE-2024-44236, CVE-2024-44295, CVE-2024-44301, CVE-2024-44267, CVE-2024-44283, CVE-2024-44122, CVE-2024-40855, CVE-2024-44302, CVE-2024-44144, CVE-2024-44222, CVE-2024-44294, CVE-2024-44284, CVE-2024-44281, CVE-2024-44273, CVE-2024-44239, CVE-2024-44287, CVE-2024-44257, CVE-2024-44269, CVE-2024-44255, CVE-2024-44280, CVE-2024-44289, CVE-2024-44282, CVE-2024-44264, CVE-2024-44254, CVE-2024-44265, CVE-2024-44237, CVE-2024-44196

ShadyShader: Crashing Apple Devices with a Single Click - vulnerability database | Vulners.com

Trust: 5.25

Fetched: Oct. 30, 2024, 9:28 a.m., Published: Oct. 22, 2024, 1 p.m.
 Vulnerabilities: kernel panic, system crash, resource exhaustion
Affected productsExternal IDs
vendor: google model: pixel
vendor: apple model: safari
vendor: apple model: macos
db: NVD ids: CVE-2023-40441

Improper Privilege Management Vulnerability Affects ZTE Networking Devices (CVE-2024-22068) | SecurityVulnerability.io - SecuirtyVulnerability.io

Related entries in the VARIoT vulnerabilities database: VAR-202410-1229

Trust: 3.25

Fetched: Oct. 30, 2024, 9:27 a.m., Published: -
 Vulnerabilities: privilege management vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2024-22068

Apple Vision Pro Vulnerabilities Addressed In VisionOS 2.1

Trust: 4.25

Fetched: Oct. 30, 2024, 9:27 a.m., Published: Oct. 29, 2024, 6:08 a.m.
 Vulnerabilities: information disclosure, memory corruption
Affected productsExternal IDs
vendor: trend micro model: security
vendor: trend model: security
vendor: apple model: safari
vendor: apple model: webkit
db: NVD ids: CVE-2024-44262, CVE-2024-44229, CVE-2024-44285, CVE-2024-44244, CVE-2024-44240, CVE-2024-44215, CVE-2024-44278, CVE-2024-44255, CVE-2024-44296, CVE-2024-44282, CVE-2024-44239, CVE-2024-44273, CVE-2024-44259

Understanding and Mitigating CVE-2024-20083: MediaTek Devices Out-of-Bounds Write Vulnerability

Trust: 3.0

Fetched: Oct. 30, 2024, 9:26 a.m., Published: Oct. 12, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-20083

CVE-2024-34617: Vulnerability in Samsung Mobile Devices and Mitigation Strategies

Trust: 3.75

Fetched: Oct. 30, 2024, 9:20 a.m., Published: Aug. 7, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: mobile
vendor: samsung model: samsung
vendor: samsung model: samsung mobile
vendor: samsung model: mobile devices
db: NVD ids: CVE-2024-34617

Xerox Printers Vulnerability Let Attackers Remotely Takeover Devices

Trust: 5.0

Fetched: Oct. 30, 2024, 9:19 a.m., Published: Oct. 23, 2024, 4:45 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: xerox model: altalink c8030
vendor: xerox model: altalink b8045
vendor: xerox model: workcentre
db: NVD ids: CVE-2024-6333