Sign-up

VARIoT news about IoT security

Malware Attacks Surge 30% in First Half of 2024 - Kowatek

Related entries in the VARIoT vulnerabilities database: VAR-202303-1268

Trust: 5.25

Fetched: Aug. 11, 2024, 9:35 a.m., Published: July 25, 2024, 9:43 a.m.
 Vulnerabilities: command injection, denial of service
Affected productsExternal IDs
vendor: tp-link model: routers
vendor: sonicwall model: soho
db: NVD ids: CVE-2023-1389

Best antivirus software for Windows PCs 2024: Reviews and top picks | PCWorld

Trust: 3.25

Fetched: Aug. 11, 2024, 9:34 a.m., Published: Aug. 9, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: serve model: serve
vendor: trend model: password manager
vendor: trend model: micro maximum security
vendor: trend model: antivirus
vendor: trend model: internet security
vendor: trend model: security
vendor: trend micro model: password manager
vendor: trend micro model: micro maximum security
vendor: trend micro model: antivirus
vendor: trend micro model: internet security
vendor: trend micro model: security
vendor: google model: android
vendor: google model: home
vendor: google model: google chrome
vendor: google model: chrome
vendor: avira model: antivirus
vendor: avast model: antivirus
vendor: essential model: phone
vendor: apple model: macos
vendor: apple model: watch

New Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution

Trust: 4.75

Fetched: Aug. 11, 2024, 9:33 a.m., Published: Aug. 6, 2024, 4:16 a.m.
 Vulnerabilities: path traversal, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-38856, CVE-2024-32113, CVE-2023-51467, CVE-2024-36104

Microsoft exposes vulnerabilities in OpenVPN -- millions of devices at risk

Trust: 4.75

Fetched: Aug. 11, 2024, 9:33 a.m., Published: Aug. 9, 2024, 9:35 p.m.
 Vulnerabilities: denial of service, code execution, privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2024-27903, CVE-2024-1305, CVE-2024-24974, CVE-2024-27459

BOSCH-SA-587194-BT | Bosch PSIRT

Trust: 3.75

Fetched: Aug. 11, 2024, 9:31 a.m., Published: Aug. 3, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: bosch model: divar ip all-in-one 5000
vendor: bosch model: divar ip all-in-one
vendor: bosch model: bosch divar ip
vendor: bosch model: divar ip
db: NVD ids: CVE-2024-2398, CVE-2023-46219, CVE-2023-46218, CVE-2024-2004

How to Bypass Replika Pro? (Is It Possible?) - REPLIKA AI PRO

Trust: 3.0

Fetched: Aug. 11, 2024, 9:30 a.m., Published: July 20, 2024, 2:06 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: serve model: serve

Major Vulnerability in Rockwell Devices

Trust: 3.75

Fetched: Aug. 11, 2024, 9:29 a.m., Published: Aug. 3, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: rockwell model: controllogix
vendor: rockwell automation model: controllogix
db: NVD ids: CVE-2024-6242

Advance comprehensive analysis for Zigbee network-based IoT system security | Discover Computing

Trust: 4.0

Fetched: Aug. 11, 2024, 9:26 a.m., Published: July 24, 2024, midnight
 Vulnerabilities: session hijacking, message forgery, code injection

7 Best IoT Vulnerability Scanning Tools - Greyhat Infosec

Trust: 4.5

Fetched: Aug. 11, 2024, 9:26 a.m., Published: Aug. 8, 2024, 1:27 p.m.
 Vulnerabilities: cross-site scripting, sql injection
Affected productsExternal IDs
vendor: cisco model: routers

Assessing IoT Device Vulnerabilities Effectively - Greyhat Infosec

Trust: 3.5

Fetched: Aug. 11, 2024, 9:20 a.m., Published: Aug. 8, 2024, 1:19 p.m.
 Vulnerabilities: cross-site scripting, resource exhaustion, buffer overflow...
Affected productsExternal IDs

Critical OpenVPN Vulnerabilities Expose Millions of Devices to RCE Attack

Trust: 4.0

Fetched: Aug. 11, 2024, 9:18 a.m., Published: Aug. 10, 2024, 11:14 a.m.
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2024-27903, CVE-2024-1305, CVE-2024-24974, CVE-2024-27459

Juniper Networks Releases Critical Security Update for Routers

Trust: 6.5

Fetched: Aug. 11, 2024, 9:12 a.m., Published: July 1, 2024, 6:25 a.m.
 Vulnerabilities: authentication bypass, code execution
Affected productsExternal IDs
vendor: hewlett packard model: switches
vendor: hewlett packard enterprise model: switches
db: NVD ids: CVE-2024-21591, CVE-2024-2973

Frontiers | Exploring security threats and solutions Techniques for Internet of Things (IoT): from vulnerabilities to vigilance

Trust: 4.25

Fetched: Aug. 11, 2024, 9:08 a.m., Published: -
 Vulnerabilities: information exposure, cross-site scripting, denial of service...
Affected productsExternal IDs
vendor: cisco model: series
vendor: cisco model: h
vendor: cisco model: routers
vendor: schneider model: concept
vendor: schneider model: monitor

Android vulnerability used in targeted attacks patched by Google | Malwarebytes

Trust: 5.5

Fetched: Aug. 11, 2024, 9:07 a.m., Published: Aug. 6, 2024, 1:47 p.m.
 Vulnerabilities: use after free, code execution
Affected productsExternal IDs
vendor: google model: android
vendor: samsung model: samsung
vendor: samsung model: mobile devices
vendor: samsung model: mobile
vendor: samsung model: android phone
db: NVD ids: CVE-2024-36971

Critical Kibana Vulnerability Let Attackers Execute Arbitrary Code

Trust: 4.25

Fetched: Aug. 9, 2024, 9:31 a.m., Published: Aug. 7, 2024, 7:09 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-37287

CVE-2024-42149 - vulnerability database | Vulners.com

Trust: 3.0

Fetched: Aug. 9, 2024, 9:30 a.m., Published: Aug. 1, 2024, 12:08 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-42149

CVE-2024-20451 - Cisco SPA300/500 Series IP Phones HTTP Error Handling Remote DoS Vulnerability

Trust: 3.75

Fetched: Aug. 9, 2024, 9:26 a.m., Published: Aug. 7, 2024, 5:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco systems model: ip phones
vendor: cisco systems model: small business
vendor: cisco systems model: spa500
vendor: cisco systems model: cisco small business
vendor: cisco systems model: series ip phones
vendor: cisco systems model: series
vendor: cisco systems model: spa300
vendor: cisco systems model: spa500 series ip phones
vendor: cisco systems model: small business spa300 series
vendor: cisco systems model: small business spa500 series ip phones
vendor: cisco systems model: spa300 series ip phones
vendor: cisco systems model: small business spa300 series ip phones
vendor: cisco systems model: h
vendor: cisco systems model: small business spa500 series
vendor: cisco model: ip phones
vendor: cisco model: small business
vendor: cisco model: spa500
vendor: cisco model: cisco small business
vendor: cisco model: series ip phones
vendor: cisco model: series
vendor: cisco model: spa300
vendor: cisco model: spa500 series ip phones
vendor: cisco model: small business spa300 series
vendor: cisco model: small business spa500 series ip phones
vendor: cisco model: spa300 series ip phones
vendor: cisco model: small business spa300 series ip phones
vendor: cisco model: h
vendor: cisco model: small business spa500 series
db: NVD ids: CVE-2024-20451

CERT-In issues security warning for smartphones running on Mediatek and Qualcomm chips: Details here

Trust: 3.0

Fetched: Aug. 9, 2024, 9:25 a.m., Published: Aug. 8, 2024, 8:54 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

CVE-2024-5963 An unquoted executable path exists in Hitachi ... - vulnerability database | Vulners.com

Trust: 4.0

Fetched: Aug. 9, 2024, 9:24 a.m., Published: Aug. 6, 2024, 2:19 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: hitachi model: hitachi device manager
vendor: hitachi model: device manager
db: NVD ids: CVE-2024-5963

Security vulnerabilities detected in Apple devices, update them now: CERT-In

Trust: 3.5

Fetched: Aug. 9, 2024, 9:23 a.m., Published: Aug. 5, 2024, 8:34 a.m.
 Vulnerabilities: authentication issue, denial of service
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: software update