VARIoT latest news about IoT security

[BRLY-DVA-2023-025] SMM memory corruption vulnerability in combined DXE/SMM driver on Fujitsu device (SMRAM write) Trust: 3.0 Fetched: Aug. 25, 2024, 9:25 a.m., Published: July 2, 2024, midnight	Vulnerabilities: memory corruption

Affected products	External IDs

D-Link Technical Support Trust: 3.75 Fetched: Aug. 25, 2024, 9:24 a.m., Published: April 25, 2024, midnight	Vulnerabilities: path traversal

Affected products

External IDs

db:

NVD

ids:

CVE-2024-6045, CVE-2024-6044

Apple fixes Siri vulnerabilities that could have allowed sensitive data theft from locked device. Update now! \| Malwarebytes Trust: 3.75 Fetched: Aug. 25, 2024, 9:24 a.m., Published: July 31, 2024, 1:04 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	safari
vendor:	apple	model:	ipod touch
vendor:	apple	model:	watch
vendor:	apple	model:	ipad air
vendor:	apple	model:	iphone
vendor:	apple	model:	macos
vendor:	apple	model:	software update
vendor:	apple	model:	apple tv
vendor:	apple	model:	ipad

Apple fixes Siri vulnerabilities that could have allowed sensitive data theft from locked device. Update now! \| Malwarebytes Trust: 3.75 Fetched: Aug. 25, 2024, 9:23 a.m., Published: July 31, 2024, 1:04 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	safari
vendor:	apple	model:	ipod touch
vendor:	apple	model:	watch
vendor:	apple	model:	ipad air
vendor:	apple	model:	iphone
vendor:	apple	model:	macos
vendor:	apple	model:	software update
vendor:	apple	model:	apple tv
vendor:	apple	model:	ipad

CVE-2024-32912 - Cisco Device Debug Code Denial of Service Vulnerability Trust: 5.75 Fetched: Aug. 25, 2024, 9:17 a.m., Published: June 13, 2024, 9:15 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	pixel

db:

NVD

ids:

CVE-2024-32912

Cisco Unified Communications Manager Denial of Service Vulnerability - Cisco Trust: 4.0 Fetched: Aug. 25, 2024, 9:15 a.m., Published: Aug. 21, 2024, 11:55 a.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	cisco unified communications manager
vendor:	cisco	model:	unified communications
vendor:	cisco	model:	unified communications manager

Microsoft Uncovers Critical Flaws in Rockwell Automation PanelView Plus Related entries in the VARIoT vulnerabilities database: VAR-202310-1699, VAR-202309-2171 Trust: 5.5 Fetched: Aug. 25, 2024, 9:14 a.m., Published: July 4, 2024, 9:10 a.m.	Vulnerabilities: code execution, input validation vulnerability, information disclosure

Affected products

External IDs

vendor:	rockwell automation	model:	factorytalk
vendor:	rockwell automation	model:	factorytalk linx
vendor:	rockwell automation	model:	factorytalk view
vendor:	rockwell automation	model:	automation panelview plus
vendor:	rockwell automation	model:	automation panelview
vendor:	rockwell	model:	factorytalk
vendor:	rockwell	model:	factorytalk linx
vendor:	rockwell	model:	factorytalk view
vendor:	rockwell	model:	automation panelview plus
vendor:	rockwell	model:	automation panelview

db:

NVD

ids:

CVE-2024-23692, CVE-2023-29464, CVE-2023-2071

Dell SupportAssist Vulnerability Exposes PCs to Privilege Escalation Attacks Trust: 5.25 Fetched: Aug. 23, 2024, 9:50 a.m., Published: Aug. 21, 2024, 10:26 a.m.	Vulnerabilities: privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2024-38305

Does the Management Center affected by "CGI Generic SQL Injection (blind)" vulnerability? Trust: 3.25 Fetched: Aug. 23, 2024, 9:49 a.m., Published: May 23, 2024, midnight	Vulnerabilities: sql injection

Affected products	External IDs

CVE-2024-43851 - Xilinx Soc Linux Kernel Device ID Renaming Information Disclosure Vulnerability Trust: 5.25 Fetched: Aug. 23, 2024, 9:48 a.m., Published: Aug. 17, 2024, 10:15 a.m.	Vulnerabilities: information disclosure

Affected products

External IDs

db:

NVD

ids:

CVE-2024-43851

IoT in Healthcare: 17 Examples of Devices & Technology \| Built In Trust: 3.75 Fetched: Aug. 23, 2024, 9:47 a.m., Published: Aug. 17, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

home

CVE-2024-43044: A Critical RCE Vulnerability in Jenkins With 80,000 Exposed Devices Found \| CIP Blog Trust: 3.0 Fetched: Aug. 23, 2024, 9:43 a.m., Published: Aug. 21, 2024, 8:45 p.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2024-43044, CVE-2024-43045

Cisco Identity Services Engine REST API Blind SQL Injection Vulnerabilities - Cisco Trust: 5.0 Fetched: Aug. 23, 2024, 9:43 a.m., Published: Aug. 22, 2024, 8:55 a.m.	Vulnerabilities: sql injection

Affected products

External IDs

vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	cisco identity services engine

Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability Trust: 5.0 Fetched: Aug. 23, 2024, 9:35 a.m., Published: Aug. 21, 2024, 3:53 p.m.	Vulnerabilities: information disclosure

Affected products

External IDs

vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	cisco identity services engine

Zero-Day Vulnerability In Arcadyan WiFi Devices Allows RCE for Root Access Trust: 4.5 Fetched: Aug. 23, 2024, 9:35 a.m., Published: Aug. 22, 2024, 9:54 a.m.	Vulnerabilities: command execution, command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2024-41992

Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability Trust: 4.75 Fetched: Aug. 23, 2024, 9:35 a.m., Published: Aug. 21, 2024, 3:53 p.m.	Vulnerabilities: request forgery, cross-site request forgery

Affected products

External IDs

vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	cisco identity services engine

Cisco Unified Communications Manager Denial of Service Vulnerability Trust: 4.0 Fetched: Aug. 23, 2024, 9:34 a.m., Published: Aug. 21, 2024, 3:53 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	cisco	model:	unified communications manager
vendor:	cisco	model:	cisco unified communications manager
vendor:	cisco	model:	unified communications

Report suggests TVs are more vulnerable to cyber-attack than other smart devices - Hiddenwires Magazine Trust: 4.75 Fetched: Aug. 23, 2024, 9:33 a.m., Published: July 16, 2024, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	netgear	model:	orbi
vendor:	netgear	model:	router

Cloud Software Group Inc Patent for Credential Vulnerability Check Trust: 3.25 Fetched: Aug. 23, 2024, 9:33 a.m., Published: Aug. 23, 2024, 3:46 a.m.	Vulnerabilities: code execution

Affected products	External IDs

Google Pixel Devices Found Vulnerable Due To Pre-Installed App Trust: 4.25 Fetched: Aug. 23, 2024, 9:32 a.m., Published: Aug. 20, 2024, 7:30 a.m.	Vulnerabilities: code injection, code execution

Affected products

External IDs

vendor:	google	model:	pixel
vendor:	google	model:	android

VARIoT news about IoT security