Sign-up

VARIoT news about IoT security

Everything you need to know about the ‘mass exploitation’ of FortiManager appliances | ITPro

Trust: 5.0

Fetched: Oct. 27, 2024, 9:48 a.m., Published: Oct. 25, 2024, 9:25 a.m.
 Vulnerabilities: authentication flaw
Affected productsExternal IDs
db: NVD ids: CVE-2024-47575

Security Highlight: Side-Channel Vulnerability in Infineon Cryptographic Library - Riscure

Related entries in the VARIoT vulnerabilities database: VAR-202409-0398

Trust: 3.75

Fetched: Oct. 27, 2024, 9:48 a.m., Published: Sept. 25, 2024, 9:28 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: yubico model: yubikey
db: NVD ids: CVE-2024-45678

CISA Warns Critical Vulnerabilities in Vonets WiFi Bridge Devices, No Patch Available

Trust: 3.0

Fetched: Oct. 27, 2024, 9:47 a.m., Published: Aug. 15, 2024, 1:54 a.m.
 Vulnerabilities: authentication flaw, directory traversal, access control issue...
Affected productsExternal IDs
db: NVD ids: CVE-2024-29082, CVE-2024-37023, CVE-2024-41936, CVE-2024-42001, CVE-2024-39791, CVE-2024-41161, CVE-2024-39815

This vulnerability exists in Philips lighting devices due... · CVE-2024-9991 · GitHub Advisory Database · GitHub

Trust: 3.25

Fetched: Oct. 27, 2024, 9:47 a.m., Published: Oct. 25, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-9991

Fortinet Confirms Exploitation of Critical FortiManager Zero-Day - Infosecurity Magazine

Trust: 4.0

Fetched: Oct. 27, 2024, 9:47 a.m., Published: Oct. 24, 2024, 11:45 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2024-47575, CVE-2024-23113

ERROR: The request could not be satisfied

Trust: 3.25

Fetched: Oct. 27, 2024, 9:44 a.m., Published: -
 Vulnerabilities: configuration error
Affected productsExternal IDs

Okta Verify for iOS ContextExtension CVE-2024-10327

Trust: 3.75

Fetched: Oct. 27, 2024, 9:42 a.m., Published: Sept. 25, 2001, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: watch
db: NVD ids: CVE-2024-10327

IoT Security: A Call to Action for Improved Vulnerability Disclosure

Trust: 4.5

Fetched: Oct. 27, 2024, 9:42 a.m., Published: Oct. 11, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: huawei model: huawei

Vulnerabilities of Realtek SD card reader driver, part 1 | ZwClose

Trust: 3.75

Fetched: Oct. 27, 2024, 9:40 a.m., Published: Oct. 14, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: lenovo model: desktop
db: NVD ids: CVE-2022-25476, CVE-2022-25477, CVE-2024-40431, CVE-2022-25478, CVE-2022-25479, CVE-2024-40432, CVE-2022-25480

Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning

Trust: 3.25

Fetched: Oct. 27, 2024, 9:37 a.m., Published: Oct. 1, 2024, 10 a.m.
 Vulnerabilities: injection attack, sql injection
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo model: networks
vendor: palo model: firewall

Critical Security Alert: Vulnerabilities in Kieback&Peter DDC4000 Devices | Windows Forum

Trust: 4.75

Fetched: Oct. 27, 2024, 9:37 a.m., Published: May 27, 2024, midnight
 Vulnerabilities: path traversal
Affected productsExternal IDs
db: NVD ids: CVE-2024-41717, CVE-2024-43812, CVE-2024-43698

Critical Vulnerability in D-Link Devices Could Allow Remote Command Injection (CVE-2024-8211) | SecurityVulnerability.io - SecuirtyVulnerability.io

Related entries in the VARIoT vulnerabilities database: VAR-202408-2336

Trust: 5.75

Fetched: Oct. 27, 2024, 9:36 a.m., Published: -
 Vulnerabilities: remote command injection, command injection
Affected productsExternal IDs
vendor: d-link model: dns-325
vendor: d-link model: dns-320lw
vendor: d-link model: dns-327l
vendor: d-link model: dns-345
vendor: d-link model: dns-320l
vendor: d-link model: dns-323
vendor: d-link model: dnr-322l
vendor: d-link model: dnr-326
vendor: d-link model: dns-320
vendor: d-link model: dns-340l
db: NVD ids: CVE-2024-8211

IoT Devices and Their Potential Vulnerability to Modern Cyberattacks!

Trust: 3.0

Fetched: Oct. 27, 2024, 9:29 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs

Critical Warning For Samsung Users; Indian Government Flags High-Risk Security Issue - Tech

Trust: 3.75

Fetched: Oct. 27, 2024, 9:24 a.m., Published: Oct. 25, 2024, 6:37 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: samsung model: mobile
vendor: samsung model: samsung mobile
vendor: samsung model: samsung
db: NVD ids: CVE-2024-44068

Security Bulletin: NVIDIA GPU Display Driver - October 2024 | NVIDIA

Trust: 4.25

Fetched: Oct. 27, 2024, 9:22 a.m., Published: Oct. 27, 2024, midnight
 Vulnerabilities: denial of service, code execution, information disclosure
Affected productsExternal IDs
vendor: citrix model: hypervisor
vendor: citrix model: licensing

I2c Module Vulnerability in Linux Kernel Affects ACPI Devices (CVE-2024-45029) | SecurityVulnerability.io - SecuirtyVulnerability.io

Trust: 3.25

Fetched: Oct. 27, 2024, 9:22 a.m., Published: Sept. 11, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-45029

What is Internet of Things (IoT) Security?

Trust: 3.0

Fetched: Oct. 27, 2024, 9:19 a.m., Published: Sept. 23, 2024, 6:26 a.m.
 Vulnerabilities: -
Affected productsExternal IDs

Med Device Cybersecurity and Patient Harm - Blue Goat Cyber

Trust: 3.0

Fetched: Oct. 27, 2024, 9:17 a.m., Published: Dec. 25, 2022, 5:45 p.m.
 Vulnerabilities: -
Affected productsExternal IDs

Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack

Trust: 4.75

Fetched: Oct. 27, 2024, 9:17 a.m., Published: Oct. 24, 2024, 12:41 p.m.
 Vulnerabilities: resource exhaustion
Affected productsExternal IDs
vendor: sonicwall model: remote access
vendor: cisco model: adaptive security appliance
vendor: cisco model: firepower
vendor: cisco model: series
vendor: cisco model: firepower threat defense
vendor: check point model: check point
vendor: mikrotik model: mikrotik
db: NVD ids: CVE-2024-20424, CVE-2024-20412, CVE-2024-20329, CVE-2024-20481

Lazarus Hackers Exploited Google Chrome Vulnerability To Infect Devices

Trust: 3.5

Fetched: Oct. 25, 2024, 9:43 a.m., Published: Oct. 24, 2024, 3:47 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome
db: NVD ids: CVE-2024-4947