Sign-up

VARIoT news about IoT security

CVE-2022-49011 - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() - SecAlerts

Trust: 3.25

Fetched: Oct. 23, 2024, 9:44 a.m., Published: Oct. 21, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-49011

Researcher Details 0-Day Flaw CVE-2024-44068 in Samsung Exynos Processors

Trust: 4.5

Fetched: Oct. 23, 2024, 9:43 a.m., Published: Oct. 23, 2024, 2:28 a.m.
 Vulnerabilities: improper memory management
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: samsung model: exynos
db: NVD ids: CVE-2024-44068

Sciencelogic critical zero day remains unidentified despite in-the-wild exploitation

Trust: 4.0

Fetched: Oct. 23, 2024, 9:43 a.m., Published: Oct. 22, 2024, 12:02 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-9537

Akira ransomware continues to evolve

Related entries in the VARIoT vulnerabilities database: VAR-202005-0696, VAR-202403-2416

Trust: 4.25

Fetched: Oct. 23, 2024, 9:42 a.m., Published: Oct. 21, 2024, 4:50 p.m.
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs
vendor: clamav model: clamav
vendor: trend model: security
vendor: cisco model: firepower
vendor: cisco model: web security appliance
vendor: cisco model: guard
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: clamav
vendor: cisco model: anyconnect ssl vpn
vendor: cisco model: meraki mx
vendor: cisco model: adaptive security appliance
vendor: cisco model: firepower threat defense
vendor: cisco model: umbrella
vendor: trend micro model: security
vendor: snort.org model: snort
vendor: snort model: snort
vendor: sonicwall model: remote access
vendor: sonicwall model: ssl vpn
vendor: sonicwall model: email security
vendor: sonicwall model: sonicos
db: NVD ids: CVE-2020-3259, CVE-2023-20269, CVE-2024-40766, CVE-2024-40711, CVE-2023-20263, CVE-2024-37085, CVE-2023-48788, CVE-2023-27532

ERROR: The request could not be satisfied

Trust: 3.25

Fetched: Oct. 23, 2024, 9:42 a.m., Published: -
 Vulnerabilities: configuration error
Affected productsExternal IDs

FortiGate admins report active exploitation 0-day. Vendor isn’t talking. - Ars Technica

Trust: 4.0

Fetched: Oct. 23, 2024, 9:42 a.m., Published: Oct. 22, 2024, 7:49 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

Mozilla Issues Emergency Patch for Critical Firefox Vulnerability

Trust: 3.75

Fetched: Oct. 23, 2024, 9:41 a.m., Published: Oct. 18, 2024, 11:42 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-9680

[RELEASE NOTES] VMware vCenter Server 7.0 Update 3t Release Notes

Trust: 3.25

Fetched: Oct. 23, 2024, 9:41 a.m., Published: Oct. 7, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-38812

Old devices, new dangers: The risks of unsupported IoT tech | ESET

Trust: 4.75

Fetched: Oct. 23, 2024, 9:38 a.m., Published: May 9, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: trend model: security

Cyble Sensors Detect Attacks On Java Framework, IoT Devices

Trust: 5.5

Fetched: Oct. 23, 2024, 9:35 a.m., Published: Oct. 22, 2024, 12:17 p.m.
 Vulnerabilities: brute force attack, path traversal
Affected productsExternal IDs
vendor: treck model: tcp/ip stack
vendor: cisco model: series
db: NVD ids: CVE-2020-11900, CVE-2024-7029, CVE-2024-36401, CVE-2020-11899, CVE-2024-4577, CVE-2024-38816

Linux kernel exploitation SLUBStick can read and write memory arbitrarily | SC Media

Trust: 3.75

Fetched: Oct. 23, 2024, 9:33 a.m., Published: June 11, 2024, 5 p.m.
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs

ShadyShader: Crashing Apple Devices with a Single Click | Imperva

Trust: 4.25

Fetched: Oct. 23, 2024, 9:33 a.m., Published: Oct. 22, 2024, 1 p.m.
 Vulnerabilities: kernel panic, system crash, resource exhaustion
Affected productsExternal IDs
vendor: google model: pixel
vendor: apple model: safari
vendor: apple model: macos
db: NVD ids: CVE-2023-40441

Alienware Aurora R16 System BIOS | Szczegóły sterownika | Dell Polska

Trust: 3.25

Fetched: Oct. 23, 2024, 9:32 a.m., Published: Oct. 22, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: bios

Surface Laptop 4 with Intel October 2024 update is now available to install via Windows Update - SurfaceTip

Trust: 3.75

Fetched: Oct. 23, 2024, 9:31 a.m., Published: Oct. 21, 2024, 4 a.m.
 Vulnerabilities: code execution, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2023-31315

Critical Vulnerability in D-Link Devices Could Allow Command Injection (CVE-2024-8214) | SecurityVulnerability.io - SecuirtyVulnerability.io

Related entries in the VARIoT vulnerabilities database: VAR-202408-2339

Trust: 6.0

Fetched: Oct. 23, 2024, 9:31 a.m., Published: -
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: d-link model: dns-320l
vendor: d-link model: dns-340l
vendor: d-link model: dnr-326
vendor: d-link model: dns-323
vendor: d-link model: dns-327l
vendor: d-link model: dnr-322l
vendor: d-link model: dns-325
vendor: d-link model: dns-345
vendor: d-link model: dns-320
vendor: d-link model: dns-320lw
db: NVD ids: CVE-2024-8214

Rockwell PLC Security Bypass Threatens Manufacturing Processes

Trust: 4.75

Fetched: Oct. 23, 2024, 9:30 a.m., Published: Oct. 5, 2024, midnight
 Vulnerabilities: security bypass
Affected productsExternal IDs
vendor: rockwell automation model: 1756-en3tr series
vendor: rockwell automation model: 1756-en2f series c
vendor: rockwell automation model: 1756-en3tr series b
vendor: rockwell automation model: 1756-en2t series
vendor: rockwell automation model: controllogix
vendor: rockwell automation model: controllogix 5580
vendor: rockwell automation model: guardlogix
vendor: rockwell automation model: 1756-en2f series
vendor: rockwell automation model: 1756-en2tr series
vendor: rockwell automation model: 1756-en2tr series c
vendor: rockwell automation model: automation controllogix
vendor: rockwell model: 1756-en3tr series
vendor: rockwell model: 1756-en2f series c
vendor: rockwell model: 1756-en3tr series b
vendor: rockwell model: 1756-en2t series
vendor: rockwell model: controllogix
vendor: rockwell model: controllogix 5580
vendor: rockwell model: guardlogix
vendor: rockwell model: 1756-en2f series
vendor: rockwell model: 1756-en2tr series
vendor: rockwell model: 1756-en2tr series c
vendor: rockwell model: automation controllogix
db: NVD ids: CVE-2024-6242

Rockwell Automation Logix Controllers | CISA

Trust: 3.75

Fetched: Oct. 23, 2024, 9:30 a.m., Published: Oct. 23, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: rockwell automation model: 1756-en2tr series a
vendor: rockwell automation model: 1756-en3tr series
vendor: rockwell automation model: 1756-en2f series c
vendor: rockwell automation model: controllogix controller
vendor: rockwell automation model: 1756-en3tr series b
vendor: rockwell automation model: 1756-en2t series
vendor: rockwell automation model: controllogix
vendor: rockwell automation model: controllogix 5580
vendor: rockwell automation model: guardlogix
vendor: rockwell automation model: 1756-en2f series
vendor: rockwell automation model: 1756-en2tr series
vendor: rockwell automation model: 1756-en2tr series c
vendor: rockwell automation model: 1756-en2f series a
vendor: rockwell automation model: 1756-en2t series a
vendor: rockwell model: 1756-en2tr series a
vendor: rockwell model: 1756-en3tr series
vendor: rockwell model: 1756-en2f series c
vendor: rockwell model: controllogix controller
vendor: rockwell model: 1756-en3tr series b
vendor: rockwell model: 1756-en2t series
vendor: rockwell model: controllogix
vendor: rockwell model: controllogix 5580
vendor: rockwell model: guardlogix
vendor: rockwell model: 1756-en2f series
vendor: rockwell model: 1756-en2tr series
vendor: rockwell model: 1756-en2tr series c
vendor: rockwell model: 1756-en2f series a
vendor: rockwell model: 1756-en2t series a
db: NVD ids: CVE-2024-6242

Surface Laptop 4 with AMD October 2024 update is now available to install via Windows Update - SurfaceTip

Trust: 3.75

Fetched: Oct. 23, 2024, 9:30 a.m., Published: Oct. 21, 2024, 4 a.m.
 Vulnerabilities: code execution, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2023-31315

CVE-2021-20123, CVE-2021-20124: DrayTek Vulnerabilities Discovered by Tenable Research Added to CISA KEV - Blog | Tenable®

Trust: 4.25

Fetched: Oct. 23, 2024, 9:29 a.m., Published: Sept. 9, 2024, 4:20 p.m.
 Vulnerabilities: local file inclusion, file inclusion, path traversal
Affected productsExternal IDs
vendor: draytek model: routers
vendor: draytek model: vigor
db: NVD ids: CVE-2021-20124, CVE-2021-20123

Western Digital’s My Cloud Devices Critical Vulnerability

Trust: 4.5

Fetched: Oct. 23, 2024, 9:21 a.m., Published: Oct. 1, 2024, 3:38 p.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2024-22170