VARIoT latest news about IoT security

Critical vulnerability in Rockwell Automation devices could allow unauthorized access - HackYourMom Trust: 3.75 Fetched: Aug. 9, 2024, 9:22 a.m., Published: Aug. 5, 2024, 9:46 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	rockwell	model:	1756-en2tr series
vendor:	rockwell	model:	1756-en3tr series
vendor:	rockwell	model:	1756-en2t series
vendor:	rockwell	model:	controllogix 5580
vendor:	rockwell	model:	controllogix controller
vendor:	rockwell	model:	1756-en2tr series c
vendor:	rockwell	model:	1756-en2f series
vendor:	rockwell	model:	automation controllogix
vendor:	rockwell	model:	1756-en2f series c
vendor:	rockwell	model:	controllogix
vendor:	rockwell	model:	guardlogix
vendor:	rockwell	model:	1756-en3tr series b
vendor:	google	model:	google chrome
vendor:	google	model:	chrome
vendor:	rockwell automation	model:	1756-en2tr series
vendor:	rockwell automation	model:	1756-en3tr series
vendor:	rockwell automation	model:	1756-en2t series
vendor:	rockwell automation	model:	controllogix 5580
vendor:	rockwell automation	model:	controllogix controller
vendor:	rockwell automation	model:	1756-en2tr series c
vendor:	rockwell automation	model:	1756-en2f series
vendor:	rockwell automation	model:	automation controllogix
vendor:	rockwell automation	model:	1756-en2f series c
vendor:	rockwell automation	model:	controllogix
vendor:	rockwell automation	model:	guardlogix
vendor:	rockwell automation	model:	1756-en3tr series b

db:

NVD

ids:

CVE-2024-6242

0.0.0.0 Day - 18 Yr Old Vulnerability Let Attackers Browser Security Trust: 4.5 Fetched: Aug. 9, 2024, 9:21 a.m., Published: Aug. 8, 2024, 7:21 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	google	model:	google chrome
vendor:	google	model:	chrome
vendor:	apple	model:	webkit
vendor:	apple	model:	safari

0.0.0.0 Day: Exploiting Localhost APIs From the Browser \| Oligo Security Trust: 5.25 Fetched: Aug. 9, 2024, 9:21 a.m., Published: Aug. 7, 2024, midnight	Vulnerabilities: cross-site request forgery, request forgery, code execution

Affected products

External IDs

vendor:	apple	model:	webkit
vendor:	apple	model:	safari
vendor:	apple	model:	macos
vendor:	google	model:	home
vendor:	google	model:	google chrome
vendor:	google	model:	chrome

db:

NVD

ids:

CVE-2023-43654

GhostWrite Vulnerability Allows Hackers to Access Computer Memory Trust: 4.0 Fetched: Aug. 9, 2024, 9:20 a.m., Published: Aug. 8, 2024, 5:40 a.m.	Vulnerabilities: code execution

Affected products	External IDs

OWASP Top 10 2021 mitigation options on Google Cloud \| Cloud Architecture Center Trust: 3.5 Fetched: Aug. 9, 2024, 9:18 a.m., Published: Oct. 9, 2021, midnight	Vulnerabilities: directory traversal, information leakage, sql injection...

Affected products

External IDs

vendor:

node.js

model:

node.js

CVE-2024-5963 - Hitachi Device Manager Unquoted Executable Path Vulnerability Trust: 4.0 Fetched: Aug. 9, 2024, 9:17 a.m., Published: Aug. 6, 2024, 3:15 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	hitachi	model:	hitachi device manager
vendor:	hitachi	model:	device manager

db:

NVD

ids:

CVE-2024-5963

CVE-2024-5963 An unquoted executable path exists in Hitachi ... - vulnerability database \| Vulners.com Trust: 4.0 Fetched: Aug. 9, 2024, 9:17 a.m., Published: Aug. 6, 2024, 2:19 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	hitachi	model:	hitachi device manager
vendor:	hitachi	model:	device manager

db:

NVD

ids:

CVE-2024-5963

10 Open Source Web Security Scanner to Find Vulnerabilities \| Geekflare Trust: 4.5 Fetched: Aug. 9, 2024, 9:16 a.m., Published: Nov. 9, 2017, 9:27 a.m.	Vulnerabilities: sql injection, file enumeration, cross-site scripting...

Affected products

External IDs

vendor:

symantec

model:

web security

MOA 225-24-015 \| FDA Trust: 3.75 Fetched: Aug. 9, 2024, 9:15 a.m., Published: Aug. 7, 2024, 4:06 p.m.	Vulnerabilities: information disclosure

Affected products

External IDs

vendor:

serve

model:

serve

Dahua Vulnerability Leads to Device Crash (CVE-2024-39947) \| SecurityVulnerability.io - SecuirtyVulnerability.io Trust: 3.25 Fetched: Aug. 9, 2024, 9:15 a.m., Published: Aug. 9, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2024-39947

Chrome, Safari and other browsers vulnerable to 0.0.0.0 Day vulnerability - what you need to know \| Tom's Guide Trust: 3.75 Fetched: Aug. 9, 2024, 9:15 a.m., Published: Aug. 8, 2024, 5:03 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	google	model:	google chrome
vendor:	google	model:	chrome
vendor:	apple	model:	webkit
vendor:	apple	model:	safari
vendor:	apple	model:	macos

0.0.0.0 Day: 18-Year-Old Browser Vulnerability Impacts MacOS and Linux Devices Trust: 4.75 Fetched: Aug. 9, 2024, 9:14 a.m., Published: Aug. 8, 2024, 1:25 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	google	model:	google chrome
vendor:	google	model:	chrome
vendor:	apple	model:	safari
vendor:	apple	model:	macos

CISA Warns of Hackers Exploiting Legacy Cisco Smart Install Feature Trust: 5.75 Fetched: Aug. 9, 2024, 9:12 a.m., Published: Aug. 9, 2024, 5:41 a.m.	Vulnerabilities: buffer overflow, weak password

Affected products

External IDs

vendor:	cisco	model:	ip phones
vendor:	cisco	model:	small business
vendor:	cisco	model:	spa500
vendor:	cisco	model:	series ip phones
vendor:	cisco	model:	series
vendor:	cisco	model:	spa300
vendor:	cisco	model:	spa500 series ip phones
vendor:	cisco	model:	small business spa300 series

db:

NVD

ids:

CVE-2024-20454, CVE-2024-20450, CVE-2024-20452, CVE-2024-20419

Hackers Exploit Cisco Smart Install Vulnerability: CISA Warns Trust: 3.75 Fetched: Aug. 9, 2024, 9:12 a.m., Published: Aug. 9, 2024, 5:41 a.m.	Vulnerabilities: weak password

Affected products	External IDs

Mobile Device Forensics: Enhancing Enterprise Security Trust: 3.25 Fetched: Aug. 9, 2024, 9:11 a.m., Published: May 31, 2024, 9:24 p.m.	Vulnerabilities: sql injection, cross-site scripting

Affected products

External IDs

vendor:	essential	model:	phone
vendor:	google	model:	android
vendor:	apple	model:	icloud

BlackHat USA 2024: NCC Group reveals vulnerabilities on Sonos devices Trust: 3.0 Fetched: Aug. 9, 2024, 9:11 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:

sonos

model:

sonos

IoT exploitation during security engagements Trust: 4.25 Fetched: Aug. 9, 2024, 9:11 a.m., Published: Aug. 8, 2024, midnight	Vulnerabilities: command injection, privilege escalation, command execution

Affected products

External IDs

vendor:	lighttpd	model:	lighttpd
vendor:	serve	model:	serve

db:

NVD

ids:

CVE-2024-30169, CVE-2024-30168

Apple fixes Siri vulnerabilities that could have allowed sensitive data theft from locked device. Update now! \| Malwarebytes Trust: 3.75 Fetched: Aug. 9, 2024, 9:10 a.m., Published: July 31, 2024, 1:04 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	ipod touch
vendor:	apple	model:	iphone
vendor:	apple	model:	ipad air
vendor:	apple	model:	safari
vendor:	apple	model:	apple tv
vendor:	apple	model:	macos
vendor:	apple	model:	ipad
vendor:	apple	model:	software update
vendor:	apple	model:	watch

Configuration vulnerability analysis and management in Device Farm - AWS Device Farm Trust: 3.0 Fetched: Aug. 9, 2024, 9:10 a.m., Published: April 4, 2002, midnight	Vulnerabilities: configuration vulnerability

Affected products	External IDs

New Ransomware Group Exploiting Veeam Backup Software Vulnerability Trust: 3.5 Fetched: Aug. 7, 2024, 9:34 a.m., Published: July 10, 2024, 1:06 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	blackberry	model:	storm
vendor:	blackberry	model:	blackberry

db:

NVD

ids:

CVE-2023-27532

VARIoT news about IoT security