Sign-up

VARIoT news about IoT security

Top 30 Best Penetration Testing Tools - 2024

Trust: 3.25

Fetched: Aug. 21, 2024, 9:27 a.m., Published: Aug. 17, 2024, 1:13 p.m.
 Vulnerabilities: path traversal, sql injection, cross-site scripting...
Affected productsExternal IDs
vendor: wireshark model: wireshark
vendor: aircrack-ng model: aircrack-ng

PKfail Vulnerability Allows Hackers to Install UEFI Malware on Over 200 Device Models - Security Aid

Trust: 3.5

Fetched: Aug. 21, 2024, 9:26 a.m., Published: July 26, 2024, 9:21 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: lenovo model: bios
vendor: lenovo model: system
vendor: lenovo model: updates
vendor: palo alto networks model: networks
vendor: palo model: networks
vendor: dell model: bios

Challenges & Automation for Remote Vulnerability Detection

Related entries in the VARIoT vulnerabilities database: VAR-201810-0569

Trust: 3.5

Fetched: Aug. 21, 2024, 9:25 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: 4321
vendor: cisco model: cisco ios
db: NVD ids: CVE-2018-15377, CVE-2020-1234, CVE-2023-27497, CVE-2020-4321

Update now! Google Pixel vulnerability is under active exploitation | Malwarebytes

Trust: 3.75

Fetched: Aug. 21, 2024, 9:25 a.m., Published: June 13, 2024, 1:33 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
db: NVD ids: CVE-2024-32896

Cisco Vulnerability: CISA Alerts Of Smart Install Exploits - TuxCare

Trust: 3.75

Fetched: Aug. 21, 2024, 9:22 a.m., Published: Aug. 19, 2024, 7 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: series ip phones
vendor: cisco model: ip phones
vendor: cisco model: spa500
vendor: cisco model: spa300
vendor: cisco model: series
vendor: cisco model: spa500 series ip phones
db: NVD ids: CVE-2024-20419, CVE-2024-20450, CVE-2024-20452, CVE-2024-20454

Cisco Vulnerability: CISA Alerts Of Smart Install Exploits - TuxCare

Trust: 3.75

Fetched: Aug. 21, 2024, 9:15 a.m., Published: Aug. 19, 2024, 7 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: series ip phones
vendor: cisco model: ip phones
vendor: cisco model: spa500
vendor: cisco model: spa300
vendor: cisco model: series
vendor: cisco model: spa500 series ip phones
db: NVD ids: CVE-2024-20419, CVE-2024-20450, CVE-2024-20452, CVE-2024-20454

CVE-2024-39950: Dahua Device Initialization Overwrite Vulnerability - DEC Solutions Group

Trust: 3.0

Fetched: Aug. 21, 2024, 9:14 a.m., Published: July 31, 2024, 4:35 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-39950

How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions

Trust: 3.5

Fetched: Aug. 21, 2024, 9:11 a.m., Published: Aug. 19, 2024, 10 a.m.
 Vulnerabilities: code injection
Affected productsExternal IDs
vendor: apple model: macos
vendor: cisco model: webex
vendor: cisco model: spark
vendor: cisco model: webex productivity tools
vendor: cisco model: jabber
vendor: cisco model: cisco webex
vendor: cisco model: cisco webex meetings
vendor: cisco model: webex meetings
vendor: cisco model: guard
vendor: cisco model: series

CISA Adds One Known Exploited Vulnerability to Catalog | CISA

Trust: 3.0

Fetched: Aug. 21, 2024, 9:08 a.m., Published: Aug. 21, 2023, midnight
 Vulnerabilities: path traversal
Affected productsExternal IDs
db: NVD ids: CVE-2024-23897

Resecurity | CVE-2024-4879 and CVE-2024-5217 (ServiceNow RCE) Exploitation in a Global Reconnaissance Campaign

Trust: 4.75

Fetched: Aug. 16, 2024, 10:45 a.m., Published: July 24, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: symantec model: antivirus
db: NVD ids: CVE-2024-5217, CVE-2024-5178, CVE-2024-4879

Vulnerability Charts

Trust: 3.0

Fetched: Aug. 16, 2024, 10:44 a.m., Published: Aug. 2, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-3823, CVE-2024-4577, CVE-2023-3824, CVE-2024-2757

TVT DVR Sensitive Device - Information Disclosure (CVE-2024-7339) - Vulnerability & Exploit Database

Trust: 5.0

Fetched: Aug. 16, 2024, 10:38 a.m., Published: Aug. 5, 2024, midnight
 Vulnerabilities: information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2024-7339

Sonos Speaker Flaws Could Have Let Remote Hackers Eavesdrop on Users

Trust: 5.5

Fetched: Aug. 16, 2024, 10:37 a.m., Published: Aug. 9, 2024, 1:18 p.m.
 Vulnerabilities: memory corruption, code execution, privilege escalation
Affected productsExternal IDs
vendor: sonos model: sonos
db: NVD ids: CVE-2023-50810, CVE-2024-20018, CVE-2023-50809

About the security content of iOS 17.5 and iPadOS 17.5 - Apple Support

Trust: 5.25

Fetched: Aug. 16, 2024, 10:34 a.m., Published: Aug. 17, 2024, midnight
 Vulnerabilities: bounds access issue, authentication issue, code execution...
Affected productsExternal IDs
vendor: trend model: security
vendor: apple model: ipad air
vendor: apple model: iphone
vendor: apple model: ipad
vendor: trend micro model: security
db: NVD ids: CVE-2024-27815, CVE-2024-27818, CVE-2024-27834, CVE-2024-27830, CVE-2024-27800, CVE-2024-27826, CVE-2024-27832, CVE-2024-27833, CVE-2024-27796, CVE-2024-27811, CVE-2024-27804, CVE-2024-27823, CVE-2024-27847, CVE-2024-27839, CVE-2024-27819, CVE-2024-27841, CVE-2024-23251, CVE-2024-27806, CVE-2024-27816, CVE-2024-27807, CVE-2024-27805, CVE-2024-27850, CVE-2024-27838, CVE-2024-27831, CVE-2024-27821, CVE-2024-27852, CVE-2024-27835, CVE-2024-27851, CVE-2024-27884, CVE-2024-27801, CVE-2024-27845, CVE-2024-27857, CVE-2024-27810, CVE-2024-27836, CVE-2024-27803, CVE-2024-27808, CVE-2024-27802, CVE-2024-27840, CVE-2024-27820, CVE-2024-23282, CVE-2024-27855, CVE-2024-27828, CVE-2023-42893, CVE-2024-27817, CVE-2024-27848

​Zigbee explained: Hubs, the best Zigbee devices and everything you need to know - The Ambient

Trust: 3.25

Fetched: Aug. 16, 2024, 10:32 a.m., Published: Jan. 24, 2018, 5:42 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: mesh model: mesh
vendor: samsung model: samsung
vendor: samsung smartthings model: samsung
vendor: comcast model: xfinity
vendor: comcast model: comcast xfinity
vendor: amazon model: echo show
vendor: google model: google home
vendor: google model: home

GhostWrite: New T-Head CPU Bugs Expose Devices to Unrestricted Attacks

Trust: 4.75

Fetched: Aug. 16, 2024, 10:26 a.m., Published: Aug. 13, 2024, 2:02 p.m.
 Vulnerabilities: improper validation, code execution, privilege escalation
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2023-31315

CVE-2024-41976 - Siemens SCALANCE and RUGGEDCOM Routing Devices Remote Code Execution Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-202408-0003

Trust: 4.75

Fetched: Aug. 16, 2024, 10:26 a.m., Published: Aug. 13, 2024, 8:15 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: siemens model: ruggedcom
vendor: siemens model: scalance s615
vendor: siemens model: ruggedcom rm1224
vendor: siemens model: scalance
db: NVD ids: CVE-2024-41976

IBM QRadar Vulnerabilities Lets Attackers Trigger Arbitrary Code Remotely

Trust: 5.75

Fetched: Aug. 16, 2024, 10:21 a.m., Published: Aug. 15, 2024, 3:42 a.m.
 Vulnerabilities: cross-site scripting, code execution, denial of service...
Affected productsExternal IDs
vendor: node.js model: node.js
db: NVD ids: CVE-2024-29415, CVE-2024-30261, CVE-2024-25024, CVE-2024-28799, CVE-2024-3651, CVE-2024-39008, CVE-2024-28176, CVE-2024-37168, CVE-2024-34064, CVE-2024-30260

Microsoft’s August 2024 Patch Tuesday Addresses 88 CVEs - Blog | Tenable®

Trust: 3.5

Fetched: Aug. 16, 2024, 10:20 a.m., Published: Aug. 13, 2024, 7:05 p.m.
 Vulnerabilities: code execution, memory corruption, information disclosure...
Affected productsExternal IDs
db: NVD ids: CVE-2024-38107, CVE-2024-38141, CVE-2024-38199, CVE-2024-38193, CVE-2024-38200, CVE-2024-38189, CVE-2024-38106, CVE-2024-38202, CVE-2024-21302, CVE-2024-38142, CVE-2024-38063, CVE-2024-38213, CVE-2024-38109, CVE-2024-38133, CVE-2024-38153, CVE-2024-38206, CVE-2024-38178, CVE-2024-38163

Critical 0-Click RCE in Windows TCP/IP Stack Impacts All Systems

Trust: 4.25

Fetched: Aug. 16, 2024, 10:19 a.m., Published: Aug. 14, 2024, 3:47 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-38063