Sign-up

VARIoT news about IoT security

Uncovering IoT Vulnerabilities: Highlights from the Bitdefender - Netgear 2024 Threat Report

Trust: 3.0

Fetched: Sept. 24, 2024, 9:54 a.m., Published: Sept. 24, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs

Bitdefender & Netgear report reveals major IoT vulnerabilities

Trust: 3.0

Fetched: Sept. 24, 2024, 9:54 a.m., Published: June 28, 2024, 3:25 a.m.
 Vulnerabilities: -
Affected productsExternal IDs

IoT Security: A Call to Action for Improved Vulnerability Disclosure

Trust: 4.5

Fetched: Sept. 24, 2024, 9:52 a.m., Published: Sept. 11, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: huawei model: huawei

Access Denied

Trust: 3.25

Fetched: Sept. 24, 2024, 9:46 a.m., Published: Sept. 30, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone

CVE-2024-5849 Pepperl+Fuchs: Device Master ICDM-RX/* XSS vul... - vulnerability database | Vulners.com

Trust: 3.0

Fetched: Sept. 24, 2024, 9:44 a.m., Published: Aug. 13, 2024, 12:32 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-5849

Windows 10/11 devices are at serious risk due to a newly discovered vulnerability. Here's everything you need to know

Trust: 5.25

Fetched: Sept. 24, 2024, 9:43 a.m., Published: Aug. 13, 2024, 9:42 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2024-6768

A Cyber Risk Assessment Approach to Federated Identity Management Framework-Based Digital Healthcare System

Trust: 4.5

Fetched: Sept. 24, 2024, 9:39 a.m., Published: Jan. 24, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: google model: wifi

SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks

Related entries in the VARIoT vulnerabilities database: VAR-202409-1099, VAR-202409-0703

Trust: 5.75

Fetched: Sept. 24, 2024, 9:39 a.m., Published: Sept. 17, 2024, 4:34 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2024-45697, CVE-2024-45695, CVE-2024-28991, CVE-2024-28990, CVE-2024-45694

FreeBSD -- bhyve(8) privileged guest escape via TPM device p... - vulnerability database | Vulners.com

Trust: 3.0

Fetched: Sept. 24, 2024, 9:37 a.m., Published: Sept. 4, 2024, midnight
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs

Critical Vulnerabilities Found in iOS and macOS After iPhone 16 Launch: Update Now! | Tech News - News9live

Trust: 3.5

Fetched: Sept. 24, 2024, 9:36 a.m., Published: Sept. 23, 2024, 7:26 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome
vendor: apple model: tvos
vendor: apple model: watchos
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: watch
vendor: apple model: safari
vendor: apple model: software update

Showcase.apk Exploit PoC: Remote Code Execution Vulnerability on Google Pixel Devices - Exploit PoC

Trust: 4.25

Fetched: Sept. 24, 2024, 9:35 a.m., Published: Aug. 17, 2024, 3:27 a.m.
 Vulnerabilities: code execution, command execution
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel

Zyxel Wi-Fi の脆弱性 CVE-2024-7261 (CVSS 9.8) が FIX:直ちにパッチ適用を! - IoT OT Security News

Trust: 3.25

Fetched: Sept. 24, 2024, 9:32 a.m., Published: Sept. 2, 2024, 8:36 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-7261, CVE-2024-29973

CVE-2024-46770 ice: Add netif_device_attach/detach into PF r... - vulnerability database | Vulners.com

Trust: 3.0

Fetched: Sept. 24, 2024, 9:29 a.m., Published: Sept. 18, 2024, 7:12 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-46770

Cisco Patches an Exploited Zero-Day Vulnerability

Trust: 4.75

Fetched: Sept. 24, 2024, 9:28 a.m., Published: Sept. 19, 2024, midnight
 Vulnerabilities: command injection, code execution
Affected productsExternal IDs
vendor: cisco model: nexus
vendor: cisco model: nx-os software
vendor: cisco model: nx-os
vendor: cisco model: network access control
db: NVD ids: CVE-2024-20399

CVE-2023-41921 - Apache Device Firmware Remote Code Execution Vulnerability

Trust: 5.25

Fetched: Sept. 24, 2024, 9:28 a.m., Published: July 2, 2024, 8:15 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-41921

CVE-2022-48808 net: dsa: fix panic when DSA master device un... - vulnerability database | Vulners.com

Trust: 3.0

Fetched: Sept. 24, 2024, 9:28 a.m., Published: July 16, 2024, 11:43 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-48808

Major security alert for Apple users in India, know how to protect your device

Trust: 5.0

Fetched: Sept. 24, 2024, 9:27 a.m., Published: Sept. 19, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: apple model: watchos
vendor: apple model: tvos
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: safari

iPhone, Mac and iPad must be updated soon, as critical vulnerabilities detected: CERT-In - India TV

Trust: 3.75

Fetched: Sept. 24, 2024, 9:26 a.m., Published: Sept. 23, 2024, midnight
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: ipad
vendor: apple model: macos
vendor: apple model: apple tv
vendor: apple model: watch
vendor: apple model: safari

Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution

Trust: 4.75

Fetched: Sept. 24, 2024, 9:25 a.m., Published: Sept. 18, 2024, 5:08 a.m.
 Vulnerabilities: privilege escalation, code execution, cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2024-37079, CVE-2024-38813, CVE-2024-38812, CVE-2024-37080

CVE-2022-48853 swiotlb: fix info leak with DMA_FROM_DEVICE - vulnerability database | Vulners.com

Trust: 3.0

Fetched: Sept. 24, 2024, 9:24 a.m., Published: July 16, 2024, 12:25 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-48853, CVE-2018-1000204