Sign-up

VARIoT news about IoT security

Latest news

The news are found with our scripts for filtering search results.
Additional information about vulnerabilities, affected products and external identifiers are obtained with NLP and custom filters from found news.

Specific Ricoh MFP and Printer Products - Buffer overflow vulnerability (CVE-2024-39927) | Ricoh Europe

Trust: 5.0

Fetched: July 12, 2024, 9:44 a.m., Published: -
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2024-39927

Vulnerabilities on Sensor Net Connect and Thermoscan IP Could Allow Admin Privileges Over Medical Data Systems

Trust: 3.5

Fetched: July 12, 2024, 9:43 a.m., Published: July 12, 2024, midnight
 Vulnerabilities: request forgery, denial of service, buffer overflow...
Affected productsExternal IDs
db: NVD ids: CVE-2024-31201, CVE-2024-31203, CVE-2024-3083, CVE-2024-3082, CVE-2024-31200, CVE-2024-31202, CVE-2024-31199

New Vulnerability Discovered in Android Devices Sparks Security Concerns

Trust: 3.75

Fetched: July 12, 2024, 9:42 a.m., Published: June 23, 2024, 11:51 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2024-32896, CVE-2024-54321

More than two dozen Android vulnerabilities fixed • The Register

Trust: 4.5

Fetched: July 12, 2024, 9:42 a.m., Published: -
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
vendor: xiaomi model: miui
db: NVD ids: CVE-2021-0600, CVE-2024-0017, CVE-2023-20963

GitLab update addresses pipeline execution vulnerability

Trust: 3.0

Fetched: July 12, 2024, 9:41 a.m., Published: July 11, 2024, 1:05 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-6385, CVE-2024-2880, CVE-2024-5528, CVE-2024-5470, CVE-2024-5257, CVE-2024-6595

[AL-050] Multiple Vulnerabilities in VMWare Workstation and Fusion

Trust: 4.25

Fetched: July 12, 2024, 9:39 a.m., Published: July 12, 2024, midnight
 Vulnerabilities: information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2024-22268, CVE-2024-22267, CVE-2024-22270, CVE-2024-22269

15 vulnerabilities discovered in software development kit for wireless routers

Trust: 5.5

Fetched: July 12, 2024, 9:38 a.m., Published: July 10, 2024, 4 p.m.
 Vulnerabilities: arbitrary command execution, request forgery, cross-site request forgery...
Affected productsExternal IDs
vendor: snort model: snort
vendor: snort.org model: snort
vendor: cisco model: ip phone
vendor: cisco model: soho
vendor: cisco model: series
vendor: cisco model: router
vendor: cisco model: routers
db: NVD ids: CVE-2023-46685, CVE-2024-32937, CVE-2023-45742, CVE-2023-50383, CVE-2023-34435, CVE-2023-50382, CVE-2023-50381, CVE-2023-47677, CVE-2023-49593, CVE-2024-21778

Kaspersky identifies significant security risks in widely used Cinterion modems | Kaspersky

Trust: 4.75

Fetched: July 12, 2024, 9:38 a.m., Published: May 16, 2024, 2:02 p.m.
 Vulnerabilities: privilege escalation, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-47610, CVE-2023-47616, CVE-2023-47611

alpitronic Hypercharger EV Charger | CISA

Trust: 4.75

Fetched: July 12, 2024, 9:37 a.m., Published: July 12, 2023, midnight
 Vulnerabilities: default password, default credentials
Affected productsExternal IDs
db: NVD ids: CVE-2024-4622

What is the OpenSSH regreSSHion vulnerability (CVE-2024-6387)?

Trust: 3.75

Fetched: July 12, 2024, 9:36 a.m., Published: July 3, 2024, midnight
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2006-5051, CVE-2024-6387

Connecting the Dots: Darktrace’s Detection of the Exploitation of the ConnectWise ScreenConnect Vulnerabilities | Darktrace Blog

Trust: 4.25

Fetched: July 12, 2024, 9:35 a.m., Published: July 15, 2024, midnight
 Vulnerabilities: privilege escalation, authentication bypass
Affected productsExternal IDs
vendor: trendmicro model: security
vendor: paloaltonetworks model: networks
db: NVD ids: CVE-2024-1708, CVE-2024-22245, CVE-2024-17091, CVE-2024-1709, CVE-2024-1597, CVE-2024-17091116, CVE-2024-1709124780657328783

Pwn2Own: WAN-to-LAN Exploit Showcase | Claroty

Trust: 6.25

Fetched: July 12, 2024, 9:34 a.m., Published: July 9, 2024, midnight
 Vulnerabilities: buffer overflow, buffer overrun, improper validation...
Affected productsExternal IDs
vendor: tp-link model: routers
vendor: synology model: dns server
db: NVD ids: CVE-2024-5243, CVE-2024-5242, CVE-2024-5244

Zyxel security advisory for multiple vulnerabilities in NAS products - Zyxel Community

Trust: 5.5

Fetched: July 12, 2024, 9:33 a.m., Published: June 4, 2024, midnight
 Vulnerabilities: command injection, code execution, privilege management vulnerability
Affected productsExternal IDs
vendor: zyxel model: nas542
vendor: zyxel model: nas326
db: NVD ids: CVE-2024-29975, CVE-2024-29973, CVE-2024-29974, CVE-2024-29976, CVE-2024-29972

Cybersecurity Vulnerabilities in Implantable Medical Devices - Solondais

Trust: 4.75

Fetched: July 12, 2024, 9:32 a.m., Published: -
 Vulnerabilities: session hijacking
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2023-31222

Understanding the QNAP QTS Zero-Day Vulnerability - Cyber and Fraud Centre - Scotland

Trust: 5.5

Fetched: July 12, 2024, 9:32 a.m., Published: May 21, 2024, 12:55 p.m.
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: qnap model: qnap qts
db: NVD ids: CVE-2024-27130

Vulnerabilities in employee management system could lead to remote code execution, login credential theft

Trust: 5.5

Fetched: July 12, 2024, 9:31 a.m., Published: May 1, 2024, 4 p.m.
 Vulnerabilities: memory corruption, information disclosure, buffer overflow...
Affected productsExternal IDs
vendor: snort model: snort
vendor: snort.org model: snort
db: NVD ids: CVE-2024-22373, CVE-2024-25648, CVE-2023-43491, CVE-2023-51391, CVE-2024-22391, CVE-2023-45744, CVE-2023-39367, CVE-2023-45209, CVE-2024-28130, CVE-2024-25569, CVE-2024-25575, CVE-2024-25938, CVE-2023-40146

ICS hardware vulnerabilities found in TELSAT, SDG Technologies, Yokogawa, Johnson Controls equipment - Industrial Cyber

Trust: 5.5

Fetched: July 12, 2024, 9:29 a.m., Published: June 28, 2024, 5:53 p.m.
 Vulnerabilities: improper access control, authorization vulnerability, cross-site scripting...
Affected productsExternal IDs
vendor: yokogawa model: fast/tools
db: NVD ids: CVE-2024-32756, CVE-2024-32755, CVE-2024-4105, CVE-2024-32932, CVE-2024-32757, CVE-2024-4106, CVE-2024-2882

Palo Alto Networks API Exploit Causing Critical Infrastructure and Enterprise Epidemics - API Security

Trust: 5.5

Fetched: July 12, 2024, 9:28 a.m., Published: April 13, 2024, 9:57 p.m.
 Vulnerabilities: path traversal, command injection, code execution
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: pan-os
vendor: paloaltonetworks model: networks
vendor: paloaltonetworks model: firewall
vendor: paloaltonetworks model: pan-os
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo model: pan-os
db: NVD ids: CVE-2024-3400

CVE-2023-45866: A Critical Bluetooth Security Flaw - EXPLOIT | by Hacker's Dump | Medium

Trust: 4.75

Fetched: July 12, 2024, 9:27 a.m., Published: May 3, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: chromecast
vendor: google model: android
vendor: apple model: iphone
vendor: oneplus model: 3
vendor: raspberry pi model: 3
db: NVD ids: CVE-2023-45866

State-Sponsored Espionage Campaign Exploits Cisco Vulnerabilities - Infosecurity Magazine

Trust: 3.5

Fetched: July 12, 2024, 9:27 a.m., Published: April 25, 2024, 2 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: asa software
vendor: cisco model: adaptive security appliance
vendor: cisco model: cisco adaptive security appliance
vendor: trend model: security
db: NVD ids: CVE-2024-20353, CVE-2024-20359