Sign-up

VARIoT news about IoT security

Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution

Trust: 4.75

Fetched: Sept. 24, 2024, 9:25 a.m., Published: Sept. 18, 2024, 5:08 a.m.
 Vulnerabilities: privilege escalation, code execution, cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2024-37079, CVE-2024-38813, CVE-2024-38812, CVE-2024-37080

CVE-2022-48853 swiotlb: fix info leak with DMA_FROM_DEVICE - vulnerability database | Vulners.com

Trust: 3.0

Fetched: Sept. 24, 2024, 9:24 a.m., Published: July 16, 2024, 12:25 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-48853, CVE-2018-1000204

CVE-2024-40910 - "Linux kernel ax25 device refcount vulnerability"

Trust: 3.0

Fetched: Sept. 24, 2024, 9:22 a.m., Published: July 12, 2024, 1:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-40910

Zyxel security advisory for post-authentication memory corruption vulnerabilities in some DSL/Ethernet CPE, fiber ONT, WiFi extender, and security router versions | Zyxel Networks

Related entries in the VARIoT vulnerabilities database: VAR-202409-1843

Trust: 3.75

Fetched: Sept. 24, 2024, 9:20 a.m., Published: Sept. 7, 2024, midnight
 Vulnerabilities: memory corruption
Affected productsExternal IDs
db: NVD ids: CVE-2024-38267, CVE-2024-38268, CVE-2024-38266, CVE-2024-38269

New MacOS Malware Let Attackers Control The Device Remotely

Trust: 3.0

Fetched: Sept. 24, 2024, 9:20 a.m., Published: Sept. 20, 2024, 11:12 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos

Critical vulnerabilities in Microchip ASF, MediaTek expose RCE risks | SC Media

Trust: 5.0

Fetched: Sept. 24, 2024, 9:20 a.m., Published: Feb. 13, 2024, 7 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-20017, CVE-2024-7490

CVE-2024-6786 - Apache IoT MQTT Device File Disclosure Vulnerability

Trust: 5.75

Fetched: Sept. 24, 2024, 9:18 a.m., Published: Sept. 21, 2024, 5:15 a.m.
 Vulnerabilities: path traversal
Affected productsExternal IDs
vendor: moxa inc model: mxview
vendor: moxa model: mxview
db: NVD ids: CVE-2024-6786

Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk

Trust: 4.75

Fetched: Sept. 24, 2024, 9:17 a.m., Published: Sept. 23, 2024, 9:58 a.m.
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-20017, CVE-2024-7490

MediaTek Chipsets Zero-Click Vulnerability Detected by Researchers, Can Affect Routers and Smartphones | Technology News

Trust: 5.0

Fetched: Sept. 24, 2024, 9:16 a.m., Published: Sept. 23, 2024, 9:51 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-20017

System BIOS dla komputera Dell Inspiron 3521 | Szczegóły sterownika | Dell Polska

Trust: 3.25

Fetched: Sept. 22, 2024, 10:27 a.m., Published: Sept. 22, 3521, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: bios

Vulnerabilities in Cellular Packet Cores Part IV Authentication | Trend Micro (MY)

Trust: 3.0

Fetched: Sept. 22, 2024, 10:26 a.m., Published: Sept. 18, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-20685

Windows Downdate, Quick Share Vulnerability & More | SafeBreach

Trust: 4.25

Fetched: Sept. 22, 2024, 10:25 a.m., Published: Aug. 27, 2024, 7:59 p.m.
 Vulnerabilities: code execution, directory traversal
Affected productsExternal IDs
vendor: google model: wifi
vendor: google model: android
vendor: google model: chrome
db: NVD ids: CVE-2024-38202, CVE-2024-38272, CVE-2024-38271, CVE-2024-21302

How to disrupt wifi? - GB Times

Trust: 4.0

Fetched: Sept. 22, 2024, 10:23 a.m., Published: Sept. 19, 2024, 2:19 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: wireshark model: wireshark

Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw

Trust: 4.5

Fetched: Sept. 22, 2024, 10:23 a.m., Published: Sept. 13, 2024, 11:04 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: trend micro model: security
vendor: trend model: security
db: NVD ids: CVE-2023-22527, CVE-2024-4885, CVE-2024-6671, CVE-2024-6670

Vulnerabilities in Cellular Packet Cores Part IV Authentication | Trend Micro (UK)

Trust: 3.0

Fetched: Sept. 22, 2024, 10:19 a.m., Published: Sept. 18, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-20685

System BIOS dla komputera Dell Inspiron 15 3510 | Szczegóły sterownika | Dell Polska

Trust: 3.25

Fetched: Sept. 22, 2024, 10:19 a.m., Published: Sept. 12, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: bios

August 27, 2024 Advisory: Versa Director Dangerous File Type Upload Vulnerability [CVE-2024-39717] | Censys

Trust: 3.0

Fetched: Sept. 22, 2024, 10:18 a.m., Published: Aug. 27, 2024, 5:55 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-39717

Endpoint security risks: threats and challenges explained

Trust: 4.25

Fetched: Sept. 22, 2024, 10:18 a.m., Published: Aug. 30, 2024, midnight
 Vulnerabilities: denial of service, sql injection
Affected productsExternal IDs
vendor: trend model: security
vendor: trend model: antivirus
vendor: trendmicro model: security
vendor: trendmicro model: antivirus

Hikvision Patches High-Severity Vulnerability in Security Management System - SECURITYHOT

Trust: 3.5

Fetched: Sept. 22, 2024, 10:17 a.m., Published: Sept. 10, 2024, 1:37 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: hikvision model: hikvision
vendor: cisco model: nexus
db: NVD ids: CVE-2021-36260

Old devices, new dangers: The risks of unsupported IoT tech

Trust: 4.75

Fetched: Sept. 22, 2024, 10:16 a.m., Published: Aug. 27, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: trend model: security