Sign-up

VARIoT news about IoT security

Microsoft Entra ID Vulnerability Let Attackers Gain Global Admin Access

Trust: 3.0

Fetched: Aug. 13, 2024, 9:13 a.m., Published: Aug. 8, 2024, 8:18 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs

Critical vulnerabilities found in Ewon Cosy+ industrial VPN gateways - Industrial Cyber

Trust: 3.25

Fetched: Aug. 13, 2024, 9:12 a.m., Published: Aug. 12, 2024, 12:40 p.m.
 Vulnerabilities: password decryption, command injection, cross-site scripting...
Affected productsExternal IDs
vendor: ewon model: ewon
vendor: dropbear model: dropbear ssh

Vulnerability Report | Relyum

Related entries in the VARIoT vulnerabilities database: VAR-202201-0295

Trust: 4.5

Fetched: Aug. 13, 2024, 9:11 a.m., Published: Nov. 17, 2023, 11:26 a.m.
 Vulnerabilities: cross-site scripting, request forgery, information disclosure...
Affected productsExternal IDs
db: NVD ids: CVE-2023-47577, CVE-2023-47573, CVE-2023-47576, CVE-2023-47579, CVE-2021-44142, CVE-2023-47574, CVE-2017-7494, CVE-2023-47578, CVE-2015-3200, CVE-2023-47575

DSA-2024-181: Security Update for Dell Secure Connect Gateway-Application and Appliance Multiple Vulnerabilities. | Dell US

Related entries in the VARIoT vulnerabilities database: VAR-202406-1682, VAR-202406-2467

Trust: 3.0

Fetched: Aug. 13, 2024, 9:09 a.m., Published: May 24, 2000, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-29168, CVE-2024-29169

DSA-2023-377: Security Update for a Dell Client BIOS Vulnerability | Dell US

Trust: 3.0

Fetched: Aug. 13, 2024, 9:09 a.m., Published: May 13, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: bios

CVE-2024-24919 Scanner for the Check Point VPN Vulnerability

Trust: 4.75

Fetched: Aug. 13, 2024, 9:09 a.m., Published: Aug. 1, 2024, midnight
 Vulnerabilities: information disclosure
Affected productsExternal IDs
vendor: checkpoint model: check point
vendor: checkpoint model: check point vpn
vendor: checkpoint model: security gateway
vendor: check point model: check point
vendor: check point model: check point vpn
vendor: check point model: security gateway
db: NVD ids: CVE-2024-24919

CVE-2024-6387: Finding & Preventing the OpenSSH Vulnerability

Trust: 4.75

Fetched: Aug. 13, 2024, 9:08 a.m., Published: Aug. 1, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2006-5051, CVE-2024-3400, CVE-2024-6387, CVE-2008-4109

Notes on ThroughTek Kalay Vulnerabilities and Their Impact on the IoT Ecosystem

Trust: 4.5

Fetched: Aug. 13, 2024, 9:07 a.m., Published: Aug. 3, 2024, midnight
 Vulnerabilities: buffer overflow, command execution, code execution
Affected productsExternal IDs
vendor: roku model: roku
db: NVD ids: CVE-2023-6323, CVE-2023-6324, CVE-2023-6321, CVE-2023-6322

Notes on ThroughTek Kalay Vulnerabilities and Their Impact on the IoT Ecosystem

Trust: 4.5

Fetched: Aug. 13, 2024, 9:07 a.m., Published: Aug. 3, 2024, midnight
 Vulnerabilities: buffer overflow, command execution, code execution
Affected productsExternal IDs
vendor: roku model: roku
db: NVD ids: CVE-2023-6323, CVE-2023-6324, CVE-2023-6321, CVE-2023-6322

Critical Zero-Day Kernel Vulnerability Actively Exploited in Android Devices - Brandefense

Trust: 5.75

Fetched: Aug. 11, 2024, 9:38 a.m., Published: Aug. 7, 2024, 11:46 a.m.
 Vulnerabilities: information disclosure, memory corruption, privilege escalation
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2024-36971, CVE-2024-23350

State of Exploitation - A Peek into 1H-2024 Vulnerability Exploitation

Trust: 3.5

Fetched: Aug. 11, 2024, 9:36 a.m., Published: Aug. 11, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: series
vendor: palo alto networks model: networks
vendor: google model: google chrome
vendor: google model: chrome
vendor: palo model: networks
vendor: citrix model: netscaler
vendor: apple model: safari
db: NVD ids: CVE-2024-21412, CVE-2023-46805, CVE-2024-21887, CVE-2024-21893, CVE-2024-1708, CVE-2024-3400, CVE-2024-4577, CVE-2024-1709, CVE-2023-22527, CVE-2024-27198

Microsoft Warns of Increasing Number of Vulnerabilities in OpenVPN -- Redmondmag.com

Trust: 4.0

Fetched: Aug. 11, 2024, 9:36 a.m., Published: -
 Vulnerabilities: denial of service, code execution, privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2024-27903, CVE-2024-1305, CVE-2024-24974, CVE-2024-27459

Malware Attacks Surge 30% in First Half of 2024 - Kowatek

Related entries in the VARIoT vulnerabilities database: VAR-202303-1268

Trust: 5.25

Fetched: Aug. 11, 2024, 9:35 a.m., Published: July 25, 2024, 9:43 a.m.
 Vulnerabilities: command injection, denial of service
Affected productsExternal IDs
vendor: tp-link model: routers
vendor: sonicwall model: soho
db: NVD ids: CVE-2023-1389

Best antivirus software for Windows PCs 2024: Reviews and top picks | PCWorld

Trust: 3.25

Fetched: Aug. 11, 2024, 9:34 a.m., Published: Aug. 9, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: serve model: serve
vendor: trend model: password manager
vendor: trend model: micro maximum security
vendor: trend model: antivirus
vendor: trend model: internet security
vendor: trend model: security
vendor: trend micro model: password manager
vendor: trend micro model: micro maximum security
vendor: trend micro model: antivirus
vendor: trend micro model: internet security
vendor: trend micro model: security
vendor: google model: android
vendor: google model: home
vendor: google model: google chrome
vendor: google model: chrome
vendor: avira model: antivirus
vendor: avast model: antivirus
vendor: essential model: phone
vendor: apple model: macos
vendor: apple model: watch

New Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution

Trust: 4.75

Fetched: Aug. 11, 2024, 9:33 a.m., Published: Aug. 6, 2024, 4:16 a.m.
 Vulnerabilities: path traversal, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-38856, CVE-2024-32113, CVE-2023-51467, CVE-2024-36104

Microsoft exposes vulnerabilities in OpenVPN -- millions of devices at risk

Trust: 4.75

Fetched: Aug. 11, 2024, 9:33 a.m., Published: Aug. 9, 2024, 9:35 p.m.
 Vulnerabilities: denial of service, code execution, privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2024-27903, CVE-2024-1305, CVE-2024-24974, CVE-2024-27459

BOSCH-SA-587194-BT | Bosch PSIRT

Trust: 3.75

Fetched: Aug. 11, 2024, 9:31 a.m., Published: Aug. 3, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: bosch model: divar ip all-in-one 5000
vendor: bosch model: divar ip all-in-one
vendor: bosch model: bosch divar ip
vendor: bosch model: divar ip
db: NVD ids: CVE-2024-2398, CVE-2023-46219, CVE-2023-46218, CVE-2024-2004

How to Bypass Replika Pro? (Is It Possible?) - REPLIKA AI PRO

Trust: 3.0

Fetched: Aug. 11, 2024, 9:30 a.m., Published: July 20, 2024, 2:06 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: serve model: serve

Major Vulnerability in Rockwell Devices

Trust: 3.75

Fetched: Aug. 11, 2024, 9:29 a.m., Published: Aug. 3, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: rockwell model: controllogix
vendor: rockwell automation model: controllogix
db: NVD ids: CVE-2024-6242

Advance comprehensive analysis for Zigbee network-based IoT system security | Discover Computing

Trust: 4.0

Fetched: Aug. 11, 2024, 9:26 a.m., Published: July 24, 2024, midnight
 Vulnerabilities: session hijacking, message forgery, code injection