Sign-up

VARIoT news about IoT security

Microsoft Security Advisory CVE-2024-43484 | .NET Denial of Service Vulnerability · Issue #328 · dotnet/announcements

Trust: 5.0

Fetched: Nov. 5, 2024, 9:39 a.m., Published: Nov. 5, 2044, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2024-43484

CVE-2024-20475: Cisco SD-WAN vManage Cross-Site Scripting Vulnerability and Mitigation

Related entries in the VARIoT vulnerabilities database: VAR-202409-1826

Trust: 4.5

Fetched: Nov. 5, 2024, 9:39 a.m., Published: June 20, 2001, midnight
 Vulnerabilities: cross-site scripting, improper validation
Affected productsExternal IDs
vendor: cisco model: catalyst
vendor: cisco model: sd-wan vmanage
vendor: cisco model: sd-wan
vendor: cisco model: cisco sd-wan
vendor: cisco model: wan manager
db: NVD ids: CVE-2024-20475

Microsoft’s September 2024 Patch Tuesday Addresses 79 CVEs (CVE-2024-43491) - Blog | Tenable®

Trust: 4.75

Fetched: Nov. 5, 2024, 9:36 a.m., Published: Sept. 10, 2024, 6:21 p.m.
 Vulnerabilities: command execution, code execution, feature bypass...
Affected productsExternal IDs
db: NVD ids: CVE-2024-37339, CVE-2024-43487, CVE-2024-38014, CVE-2024-37337, CVE-2024-26191, CVE-2024-37338, CVE-2024-37966, CVE-2024-26186, CVE-2024-37335, CVE-2024-38217, CVE-2024-37342, CVE-2024-43491, CVE-2024-38018, CVE-2024-38213, CVE-2024-38226, CVE-2024-37340

Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability · Issue #327 · dotnet/announcements

Trust: 5.0

Fetched: Nov. 5, 2024, 9:33 a.m., Published: Nov. 5, 2044, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2024-43483

Understanding and Mitigating CVE-2024-49390: A Local Privilege Escalation Vulnerability in Acronis Cyber Files

Trust: 5.0

Fetched: Nov. 5, 2024, 9:32 a.m., Published: Nov. 3, 2024, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2024-49390

Siemens InterMesh Subscriber Devices - vulnerability database | Vulners.com

Trust: 4.5

Fetched: Nov. 5, 2024, 9:31 a.m., Published: Oct. 29, 2024, noon
 Vulnerabilities: command injection, code execution, os command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-47904, CVE-2024-47903, CVE-2024-47901, CVE-2024-47902

CVE-2024-45259 - vulnerability database | Vulners.com

Trust: 3.25

Fetched: Nov. 5, 2024, 9:30 a.m., Published: Oct. 24, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-45259

Hacked TP-Link routers at center of massive botnet used to attack Azure customers | TechSpot

Trust: 3.75

Fetched: Nov. 5, 2024, 9:22 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: tp-link model: routers

Critical Error Handling in Linux Kernel: MIPI I3C HCI Driver Vulnerability

Trust: 3.25

Fetched: Nov. 5, 2024, 9:21 a.m., Published: Nov. 11, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-47665

Fortinet Devices Under Active Threat Due to Zero Day Vulnerability

Trust: 5.25

Fetched: Nov. 5, 2024, 9:19 a.m., Published: Oct. 25, 2024, midnight
 Vulnerabilities: authentication issue
Affected productsExternal IDs
db: NVD ids: CVE-2024-47575

Some Samsung Exynos Devices Have Security Vulnerability Concerns

Trust: 3.75

Fetched: Nov. 5, 2024, 9:19 a.m., Published: Oct. 26, 2024, 10:40 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: galaxy
vendor: samsung model: exynos
vendor: samsung model: galaxy s10
vendor: samsung model: mobile
vendor: samsung model: note
vendor: samsung model: samsung galaxy
vendor: samsung model: galaxy note
vendor: samsung model: samsung
vendor: samsung model: note 10
db: NVD ids: CVE-2024-44068

Understanding CVE-2024-0029: Elevation of Privilege in Android 13

Trust: 5.0

Fetched: Nov. 5, 2024, 9:18 a.m., Published: Nov. 13, 2024, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2024-0029

Delta Electronics InfraSuite Device Master - vulnerability database | Vulners.com

Trust: 5.75

Fetched: Nov. 5, 2024, 9:18 a.m., Published: Oct. 29, 2024, noon
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: trend micro model: security
vendor: trend model: security
db: NVD ids: CVE-2024-10456

Android Security Bulletin November 2024 | Android Open Source Project

Trust: 4.25

Fetched: Nov. 5, 2024, 9:16 a.m., Published: Nov. 5, 2024, midnight
 Vulnerabilities: information disclosure, denial of service, code execution
Affected productsExternal IDs
vendor: huawei model: huawei
vendor: motorola model: android
vendor: motorola model: motorola
vendor: samsung model: mobile
vendor: samsung model: note
vendor: samsung model: notes
vendor: samsung model: samsung
vendor: google model: pixel
vendor: google model: android
vendor: google model: wifi
db: NVD ids: CVE-2024-43082, CVE-2023-35659, CVE-2024-20104, CVE-2024-43093, CVE-2024-43087, CVE-2024-23715, CVE-2024-43084, CVE-2024-31337, CVE-2024-43088, CVE-2024-43081, CVE-2024-34729, CVE-2024-38424, CVE-2024-38408, CVE-2024-34747, CVE-2024-43089, CVE-2023-35686, CVE-2024-43080, CVE-2024-23385, CVE-2024-43086, CVE-2024-43090, CVE-2024-43083, CVE-2024-40671, CVE-2024-43085, CVE-2024-38403, CVE-2024-29779, CVE-2024-43091, CVE-2024-40661, CVE-2024-43047, CVE-2024-20106, CVE-2024-34719, CVE-2024-40660

Detecting command injection vulnerabilities in Linux-based embedded firmware with LLM-based taint analysis of library functions | Computers and Security

Trust: 3.75

Fetched: Nov. 3, 2024, 10:01 a.m., Published: Sept. 3, 2024, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs

Cellular IoT Vulnerabilities: Another Door to Cellular Networks | Trend Micro (PH)

Related entries in the VARIoT vulnerabilities database: VAR-202408-1859, VAR-202310-0004, VAR-202011-1308

Trust: 4.5

Fetched: Nov. 3, 2024, 10 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: tp-link model: routers
vendor: tp-link model: gateway
vendor: trend micro model: security
vendor: d-link model: router
vendor: trend model: security
db: NVD ids: CVE-2023-47610, CVE-2024-20082, CVE-2023-43261, CVE-2020-3657

Samsung Galaxy Security Alert: Exynos Chip Vulnerability Exploited by Attackers| Certo Software

Trust: 3.75

Fetched: Nov. 3, 2024, 9:55 a.m., Published: Nov. 1, 2024, 2:07 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: mobile
vendor: samsung model: galaxy
vendor: samsung model: galaxy note
vendor: samsung model: mobile devices
vendor: samsung model: exynos
vendor: samsung model: samsung
vendor: samsung model: note
vendor: samsung model: galaxy s10
vendor: samsung model: note 10
vendor: samsung model: samsung galaxy
vendor: trend model: security
db: NVD ids: CVE-2024-44068

A security flaw in Synology's Photos App exposes users to Zero-Click Attacks - Neowin

Trust: 5.75

Fetched: Nov. 3, 2024, 9:53 a.m., Published: Nov. 10, 2024, midnight
 Vulnerabilities: os command injection, code execution, command injection...
Affected productsExternal IDs
vendor: synology model: diskstation
db: NVD ids: CVE-2024-50388

New Zero-Day Vulnerability in Windows Themes Threatens NTLM Security - SOCRadar® Cyber Intelligence Inc.

Trust: 3.0

Fetched: Nov. 3, 2024, 9:52 a.m., Published: Oct. 30, 2024, 10:29 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-21320, CVE-2024-38030

GreyNoise uncovers key cyber vulnerabilities - with the help of AI | TechRadar

Trust: 3.75

Fetched: Nov. 3, 2024, 9:51 a.m., Published: Oct. 31, 2024, 12:01 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-8957, CVE-2024-8956