Sign-up

VARIoT news about IoT security

SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks

Related entries in the VARIoT vulnerabilities database: VAR-202409-1099, VAR-202409-0703

Trust: 5.75

Fetched: Sept. 24, 2024, 9:39 a.m., Published: Sept. 17, 2024, 4:34 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2024-45697, CVE-2024-45695, CVE-2024-28991, CVE-2024-28990, CVE-2024-45694

FreeBSD -- bhyve(8) privileged guest escape via TPM device p... - vulnerability database | Vulners.com

Trust: 3.0

Fetched: Sept. 24, 2024, 9:37 a.m., Published: Sept. 4, 2024, midnight
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs

Critical Vulnerabilities Found in iOS and macOS After iPhone 16 Launch: Update Now! | Tech News - News9live

Trust: 3.5

Fetched: Sept. 24, 2024, 9:36 a.m., Published: Sept. 23, 2024, 7:26 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome
vendor: apple model: tvos
vendor: apple model: watchos
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: watch
vendor: apple model: safari
vendor: apple model: software update

Showcase.apk Exploit PoC: Remote Code Execution Vulnerability on Google Pixel Devices - Exploit PoC

Trust: 4.25

Fetched: Sept. 24, 2024, 9:35 a.m., Published: Aug. 17, 2024, 3:27 a.m.
 Vulnerabilities: code execution, command execution
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel

Zyxel Wi-Fi の脆弱性 CVE-2024-7261 (CVSS 9.8) が FIX:直ちにパッチ適用を! - IoT OT Security News

Trust: 3.25

Fetched: Sept. 24, 2024, 9:32 a.m., Published: Sept. 2, 2024, 8:36 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-7261, CVE-2024-29973

CVE-2024-46770 ice: Add netif_device_attach/detach into PF r... - vulnerability database | Vulners.com

Trust: 3.0

Fetched: Sept. 24, 2024, 9:29 a.m., Published: Sept. 18, 2024, 7:12 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-46770

Cisco Patches an Exploited Zero-Day Vulnerability

Trust: 4.75

Fetched: Sept. 24, 2024, 9:28 a.m., Published: Sept. 19, 2024, midnight
 Vulnerabilities: command injection, code execution
Affected productsExternal IDs
vendor: cisco model: nexus
vendor: cisco model: nx-os software
vendor: cisco model: nx-os
vendor: cisco model: network access control
db: NVD ids: CVE-2024-20399

CVE-2023-41921 - Apache Device Firmware Remote Code Execution Vulnerability

Trust: 5.25

Fetched: Sept. 24, 2024, 9:28 a.m., Published: July 2, 2024, 8:15 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-41921

CVE-2022-48808 net: dsa: fix panic when DSA master device un... - vulnerability database | Vulners.com

Trust: 3.0

Fetched: Sept. 24, 2024, 9:28 a.m., Published: July 16, 2024, 11:43 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-48808

Major security alert for Apple users in India, know how to protect your device

Trust: 5.0

Fetched: Sept. 24, 2024, 9:27 a.m., Published: Sept. 19, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: apple model: watchos
vendor: apple model: tvos
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: safari

iPhone, Mac and iPad must be updated soon, as critical vulnerabilities detected: CERT-In - India TV

Trust: 3.75

Fetched: Sept. 24, 2024, 9:26 a.m., Published: Sept. 23, 2024, midnight
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: ipad
vendor: apple model: macos
vendor: apple model: apple tv
vendor: apple model: watch
vendor: apple model: safari

Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution

Trust: 4.75

Fetched: Sept. 24, 2024, 9:25 a.m., Published: Sept. 18, 2024, 5:08 a.m.
 Vulnerabilities: privilege escalation, code execution, cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2024-37079, CVE-2024-38813, CVE-2024-38812, CVE-2024-37080

CVE-2022-48853 swiotlb: fix info leak with DMA_FROM_DEVICE - vulnerability database | Vulners.com

Trust: 3.0

Fetched: Sept. 24, 2024, 9:24 a.m., Published: July 16, 2024, 12:25 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-48853, CVE-2018-1000204

CVE-2024-40910 - "Linux kernel ax25 device refcount vulnerability"

Trust: 3.0

Fetched: Sept. 24, 2024, 9:22 a.m., Published: July 12, 2024, 1:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-40910

Zyxel security advisory for post-authentication memory corruption vulnerabilities in some DSL/Ethernet CPE, fiber ONT, WiFi extender, and security router versions | Zyxel Networks

Related entries in the VARIoT vulnerabilities database: VAR-202409-1843

Trust: 3.75

Fetched: Sept. 24, 2024, 9:20 a.m., Published: Sept. 7, 2024, midnight
 Vulnerabilities: memory corruption
Affected productsExternal IDs
db: NVD ids: CVE-2024-38267, CVE-2024-38268, CVE-2024-38266, CVE-2024-38269

New MacOS Malware Let Attackers Control The Device Remotely

Trust: 3.0

Fetched: Sept. 24, 2024, 9:20 a.m., Published: Sept. 20, 2024, 11:12 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos

Critical vulnerabilities in Microchip ASF, MediaTek expose RCE risks | SC Media

Trust: 5.0

Fetched: Sept. 24, 2024, 9:20 a.m., Published: Feb. 13, 2024, 7 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-20017, CVE-2024-7490

CVE-2024-6786 - Apache IoT MQTT Device File Disclosure Vulnerability

Trust: 5.75

Fetched: Sept. 24, 2024, 9:18 a.m., Published: Sept. 21, 2024, 5:15 a.m.
 Vulnerabilities: path traversal
Affected productsExternal IDs
vendor: moxa inc model: mxview
vendor: moxa model: mxview
db: NVD ids: CVE-2024-6786

Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk

Trust: 4.75

Fetched: Sept. 24, 2024, 9:17 a.m., Published: Sept. 23, 2024, 9:58 a.m.
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-20017, CVE-2024-7490

MediaTek Chipsets Zero-Click Vulnerability Detected by Researchers, Can Affect Routers and Smartphones | Technology News

Trust: 5.0

Fetched: Sept. 24, 2024, 9:16 a.m., Published: Sept. 23, 2024, 9:51 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-20017