VARIoT latest news about IoT security

Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices Trust: 3.5 Fetched: Oct. 25, 2024, 9:17 a.m., Published: Oct. 24, 2024, 9:53 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	google chrome
vendor:	google	model:	chrome

db:

NVD

ids:

CVE-2024-4947

Adaptive Security Appliance RAVPN Vulnerability Trust: 4.5 Fetched: Oct. 25, 2024, 9:15 a.m., Published: Oct. 25, 2024, 6:18 a.m.	Vulnerabilities: denial of service, resource exhaustion

Affected products

External IDs

vendor:	cisco systems	model:	ios software
vendor:	cisco systems	model:	ios xe software
vendor:	cisco systems	model:	nx-os
vendor:	cisco systems	model:	firepower threat defense
vendor:	cisco systems	model:	cisco adaptive security appliance
vendor:	cisco systems	model:	ios xe
vendor:	cisco systems	model:	nx-os software
vendor:	cisco systems	model:	firepower threat defense software
vendor:	cisco systems	model:	firepower
vendor:	cisco systems	model:	adaptive security appliance
vendor:	cisco	model:	ios software
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	nx-os
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	nx-os software
vendor:	cisco	model:	firepower threat defense software
vendor:	cisco	model:	firepower
vendor:	cisco	model:	adaptive security appliance
vendor:	trend	model:	security

db:

NVD

ids:

CVE-2024-20481

IoT Device Certification and Vulnerability Testing Methodology Trust: 3.0 Fetched: Oct. 25, 2024, 9:14 a.m., Published: Oct. 1, 2024, midnight	Vulnerabilities: default credentials, replay attack, information disclosure...

Affected products	External IDs

Understanding Vulnerability Scanners: Essential Tools for Network Security Trust: 3.25 Fetched: Oct. 25, 2024, 9:14 a.m., Published: March 6, 2024, midnight	Vulnerabilities: sql injection, cross-site scripting

Affected products

External IDs

vendor:	trend	model:	antivirus
vendor:	trend	model:	security

Understanding the New Vulnerabilities on Linux’s CUPS: What You Should Know - Sweet Trust: 4.75 Fetched: Oct. 23, 2024, 9:53 a.m., Published: Sept. 27, 2024, 11:44 a.m.	Vulnerabilities: code execution, privilege escalation

Affected products

External IDs

vendor:

cups

model:

cups

db:

NVD

ids:

CVE-2024-47175, CVE-2024-47076, CVE-2024-10367

FDA Strengthens Cybersecurity Standards for International Medical Devices \| Attract Group Trust: 3.75 Fetched: Oct. 23, 2024, 9:52 a.m., Published: Oct. 9, 2024, 7:09 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

trend

model:

security

Vulnerability Intelligence: Cyberattacks On Spring & IoT Devices Trust: 5.0 Fetched: Oct. 23, 2024, 9:51 a.m., Published: Oct. 23, 2024, 8:05 a.m.	Vulnerabilities: path traversal

Affected products

External IDs

vendor:

treck

model:

tcp/ip stack

db:

NVD

ids:

CVE-2020-11900, CVE-2024-7029, CVE-2024-36401, CVE-2020-11899, CVE-2024-4577, CVE-2024-38816

VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability Trust: 5.25 Fetched: Oct. 23, 2024, 9:50 a.m., Published: Oct. 22, 2024, 7:03 a.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2024-38812

94 Vulnerability and protection of Android and iOS device - YouTube Trust: 3.0 Fetched: Oct. 23, 2024, 9:48 a.m., Published: Oct. 21, 2024, 4:15 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

android

Exploring Android Threats \| Cybersecurity Podcast - YouTube Trust: 3.0 Fetched: Oct. 23, 2024, 9:48 a.m., Published: July 30, 2024, 2:09 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

android

Burning Zero Days: FortiJump FortiManager vulnerability used by nation state in espionage via MSPs \| by Kevin Beaumont \| Oct, 2024 \| DoublePulsar Trust: 3.0 Fetched: Oct. 23, 2024, 9:47 a.m., Published: Oct. 23, 2024, midnight	Vulnerabilities: code execution

Affected products	External IDs

Seven way Google incorporates Security by Design Trust: 4.5 Fetched: Oct. 23, 2024, 9:46 a.m., Published: Oct. 22, 2024, midnight	Vulnerabilities: cross-site scripting, sql injection

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	home
vendor:	google	model:	chrome
vendor:	google	model:	pixel

ERROR: The request could not be satisfied Trust: 3.25 Fetched: Oct. 23, 2024, 9:45 a.m., Published: -	Vulnerabilities: configuration error

Affected products	External IDs

TSMC told US of chip in Huawei device - Hardware - iTnews Trust: 3.25 Fetched: Oct. 23, 2024, 9:45 a.m., Published: Nov. 14, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

huawei

model:

huawei

next.js - How to fix the vulnerability - "Regular Expression Denial of Service (ReDoS) in micromatch" - Stack Overflow Trust: 4.0 Fetched: Oct. 23, 2024, 9:44 a.m., Published: Oct. 29, 2024, midnight	Vulnerabilities: denial of service

Affected products	External IDs

CVE-2022-49011 - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() - SecAlerts Trust: 3.25 Fetched: Oct. 23, 2024, 9:44 a.m., Published: Oct. 21, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2022-49011

Researcher Details 0-Day Flaw CVE-2024-44068 in Samsung Exynos Processors Trust: 4.5 Fetched: Oct. 23, 2024, 9:43 a.m., Published: Oct. 23, 2024, 2:28 a.m.	Vulnerabilities: improper memory management

Affected products

External IDs

vendor:	samsung	model:	samsung
vendor:	samsung	model:	exynos

db:

NVD

ids:

CVE-2024-44068

Sciencelogic critical zero day remains unidentified despite in-the-wild exploitation Trust: 4.0 Fetched: Oct. 23, 2024, 9:43 a.m., Published: Oct. 22, 2024, 12:02 p.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2024-9537

Akira ransomware continues to evolve Related entries in the VARIoT vulnerabilities database: VAR-202005-0696, VAR-202403-2416 Trust: 4.25 Fetched: Oct. 23, 2024, 9:42 a.m., Published: Oct. 21, 2024, 4:50 p.m.	Vulnerabilities: code execution, privilege escalation

Affected products

External IDs

vendor:	clamav	model:	clamav
vendor:	trend	model:	security
vendor:	cisco	model:	firepower
vendor:	cisco	model:	web security appliance
vendor:	cisco	model:	guard
vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	clamav
vendor:	cisco	model:	anyconnect ssl vpn
vendor:	cisco	model:	meraki mx
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	umbrella
vendor:	trend micro	model:	security
vendor:	snort.org	model:	snort
vendor:	snort	model:	snort
vendor:	sonicwall	model:	remote access
vendor:	sonicwall	model:	ssl vpn
vendor:	sonicwall	model:	email security
vendor:	sonicwall	model:	sonicos

db:

NVD

ids:

CVE-2020-3259, CVE-2023-20269, CVE-2024-40766, CVE-2024-40711, CVE-2023-20263, CVE-2024-37085, CVE-2023-48788, CVE-2023-27532

ERROR: The request could not be satisfied Trust: 3.25 Fetched: Oct. 23, 2024, 9:42 a.m., Published: -	Vulnerabilities: configuration error

Affected products	External IDs

VARIoT news about IoT security