Sign-up

VARIoT news about IoT security

PKfail Vulnerability Allows Hackers to Install UEFI Malware on Over 200 Device Models - VIP Protection Technologies

Trust: 3.5

Fetched: Aug. 6, 2024, 9:44 a.m., Published: July 26, 2024, 8:42 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: lenovo model: system
vendor: lenovo model: updates
vendor: lenovo model: bios
vendor: dell model: bios

Introduction to Common Gateway Interface and CGI Vulnerabilities

Trust: 5.5

Fetched: Aug. 6, 2024, 9:42 a.m., Published: July 25, 2018, midnight
 Vulnerabilities: command execution
Affected productsExternal IDs
vendor: cisco model: meeting
vendor: cisco model: information server
vendor: cisco model: intrusion prevention system
db: NVD ids: CVE-1999-0260, CVE-1999-0174, CVE-1999-0237

Security bypass possible with now-addressed Rockwell Logix PLC flaw | SC Media

Trust: 5.0

Fetched: Aug. 6, 2024, 9:41 a.m., Published: June 11, 2024, 5 p.m.
 Vulnerabilities: security bypass
Affected productsExternal IDs
db: NVD ids: CVE-2024-6242

Vulnerability of certain Ubiquiti devices. -ZAM

Trust: 5.75

Fetched: Aug. 6, 2024, 9:40 a.m., Published: Aug. 2, 2024, 7:34 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: ubiquiti networks model: edgemax
vendor: ubiquiti model: edgemax
vendor: check point model: check point
vendor: check point software technologies model: check point
db: NVD ids: CVE-2017-0938

Android Automotive OS Update Bulletin-August 2024 - vulnerability database | Vulners.com

Trust: 3.5

Fetched: Aug. 6, 2024, 9:40 a.m., Published: July 1, 2024, midnight
 Vulnerabilities: denial of service, information disclosure, code execution
Affected productsExternal IDs
vendor: huawei model: huawei
vendor: samsung model: notes
vendor: samsung model: samsung
vendor: google model: android
vendor: google model: pixel
vendor: motorola model: motorola
vendor: motorola model: android

Prevent Your Baby Monitor from Getting Hacked | Batten Safe

Trust: 3.5

Fetched: Aug. 6, 2024, 9:40 a.m., Published: Nov. 11, 2021, 12:01 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: essential model: phone

Security Advisory | Rockwell Automation | US

Trust: 3.75

Fetched: Aug. 6, 2024, 9:39 a.m., Published: Aug. 1, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: rockwell model: controllogix
vendor: rockwell model: guardlogix
vendor: rockwell automation model: controllogix
vendor: rockwell automation model: guardlogix
db: NVD ids: CVE-2024-6242

ERROR: The request could not be satisfied

Trust: 3.25

Fetched: Aug. 6, 2024, 9:39 a.m., Published: Aug. 1, 2024, midnight
 Vulnerabilities: configuration error
Affected productsExternal IDs

India’s CERT-IN flags ‘multiple vulnerabilities’ in software of Apple devices including iPhone, VisionPro headset, Mac, iPad, and Apple Watch - The Hindu

Trust: 3.75

Fetched: Aug. 6, 2024, 9:38 a.m., Published: Aug. 5, 2024, 5:29 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: apple model: watchos
vendor: apple model: ipad
vendor: apple model: macos
vendor: apple model: iphone
vendor: apple model: tvos
vendor: apple model: watch
vendor: apple model: safari

Critical Flaw in Rockwell Automation Devices Allows Unauthorized Access - OSINT without borders

Trust: 5.75

Fetched: Aug. 6, 2024, 9:36 a.m., Published: Aug. 5, 2024, 7:23 a.m.
 Vulnerabilities: security bypass
Affected productsExternal IDs
vendor: rockwell model: controllogix 5580
vendor: rockwell model: 1756-en2tr series c
vendor: rockwell model: controllogix controller
vendor: rockwell model: 1756-en2f series c
vendor: rockwell model: automation controllogix
vendor: rockwell model: 1756-en3tr series b
vendor: rockwell model: 1756-en3tr series
vendor: rockwell model: controllogix
vendor: rockwell model: 1756-en2t series
vendor: rockwell model: guardlogix
vendor: rockwell model: 1756-en2f series
vendor: rockwell model: 1756-en2tr series
vendor: rockwell automation model: controllogix 5580
vendor: rockwell automation model: 1756-en2tr series c
vendor: rockwell automation model: controllogix controller
vendor: rockwell automation model: 1756-en2f series c
vendor: rockwell automation model: automation controllogix
vendor: rockwell automation model: 1756-en3tr series b
vendor: rockwell automation model: 1756-en3tr series
vendor: rockwell automation model: controllogix
vendor: rockwell automation model: 1756-en2t series
vendor: rockwell automation model: guardlogix
vendor: rockwell automation model: 1756-en2f series
vendor: rockwell automation model: 1756-en2tr series
db: NVD ids: CVE-2024-6242

What is a Denial of Service (DoS) attack? types, Examples

Trust: 3.5

Fetched: Aug. 6, 2024, 9:36 a.m., Published: July 10, 2024, 10:06 a.m.
 Vulnerabilities: service disruption, denial of service, resource exhaustion...
Affected productsExternal IDs

Android Developers Blog: Making security easy: How we are helping you fix vulnerabilities in your Android apps

Trust: 3.75

Fetched: Aug. 6, 2024, 9:35 a.m., Published: -
 Vulnerabilities: directory traversal
Affected productsExternal IDs
vendor: google model: android

Rockwell Automation Devices Flaw Let Hackers Gain Unauthorized Access

Trust: 3.75

Fetched: Aug. 6, 2024, 9:35 a.m., Published: Aug. 5, 2024, 8:08 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: rockwell model: controllogix 5580
vendor: rockwell model: controllogix
vendor: rockwell model: controllogix controllers
vendor: rockwell model: guardlogix controllers
vendor: rockwell model: guardlogix
vendor: snort model: snort
vendor: rockwell automation model: controllogix 5580
vendor: rockwell automation model: controllogix
vendor: rockwell automation model: controllogix controllers
vendor: rockwell automation model: guardlogix controllers
vendor: rockwell automation model: guardlogix
db: NVD ids: CVE-2024-6242

Android Security Bulletin-August 2024 | Android Open Source Project

Related entries in the VARIoT vulnerabilities database: VAR-202408-1859, VAR-202408-2138

Trust: 4.25

Fetched: Aug. 6, 2024, 9:33 a.m., Published: Aug. 6, 2024, midnight
 Vulnerabilities: denial of service, information disclosure, code execution
Affected productsExternal IDs
vendor: huawei model: huawei
vendor: samsung model: notes
vendor: samsung model: mobile
vendor: samsung model: note
vendor: samsung model: samsung
vendor: google model: android
vendor: google model: pixel
vendor: motorola model: motorola
vendor: motorola model: android
db: NVD ids: CVE-2024-36971, CVE-2024-34727, CVE-2024-34734, CVE-2024-2937, CVE-2024-34738, CVE-2024-34737, CVE-2024-34736, CVE-2024-23356, CVE-2024-4607, CVE-2024-23357, CVE-2024-34731, CVE-2024-34739, CVE-2023-21351, CVE-2024-23355, CVE-2024-34741, CVE-2024-31333, CVE-2024-34743, CVE-2024-34735, CVE-2024-20082, CVE-2024-34742, CVE-2024-23350, CVE-2024-23353, CVE-2023-20971, CVE-2024-34740, CVE-2024-21481, CVE-2024-23352

Threat Actors Actively Exploiting CVE-2024-24919: Underground Forums Share IP Addresses of Vulnerable Check Point Security Gateway Devices - CYFIRMA

Trust: 5.25

Fetched: Aug. 6, 2024, 9:31 a.m., Published: July 12, 2024, midnight
 Vulnerabilities: information disclosure, path traversal
Affected productsExternal IDs
vendor: check point model: check point
vendor: check point model: security gateway
vendor: check point model: quantum security gateway
db: NVD ids: CVE-2024-24919

Zero-Day Vulnerability | JFrog

Related entries in the VARIoT vulnerabilities database: VAR-202107-1010, VAR-202112-0566, VAR-202008-0248

Trust: 3.75

Fetched: Aug. 6, 2024, 9:30 a.m., Published: June 12, 2024, 11:43 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-34527, CVE-2021-44228, CVE-2024-23478, CVE-2021-27065, CVE-2021-26855, CVE-2021-26857, CVE-2020-1472, CVE-2021-26858

UEFIcanhazbufferoverflow: Widespread Impact from Vulnerability in Popular PC and Server Firmware - Eclypsium | Supply Chain Security for the Modern Enterprise

Trust: 4.25

Fetched: Aug. 6, 2024, 9:30 a.m., Published: June 19, 2024, 6:59 p.m.
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
vendor: lenovo model: system
vendor: lenovo model: desktop
vendor: lenovo model: bios
vendor: lenovo model: thinkpad x1 carbon
vendor: lenovo model: yoga
vendor: lenovo model: updates
vendor: lenovo model: thinkpad x1
vendor: lenovo model: thinkpad
db: NVD ids: CVE-2024-0762

Bitdefender VPN Unaffected by TunnelVision Vulnerability (CVE-2024-3661)

Related entries in the VARIoT vulnerabilities database: VAR-202405-0458

Trust: 4.25

Fetched: Aug. 6, 2024, 9:29 a.m., Published: May 24, 2024, 1:24 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2024-3661

Critical Security Bypass Vulnerability Found in Rockwell Automation ControlLogix 1756 Devices - VULNERA

Trust: 4.75

Fetched: Aug. 6, 2024, 9:27 a.m., Published: Aug. 5, 2024, 6:07 a.m.
 Vulnerabilities: security bypass
Affected productsExternal IDs
vendor: rockwell model: automation controllogix
vendor: rockwell model: controllogix
vendor: rockwell model: controllogix controller
vendor: rockwell automation model: automation controllogix
vendor: rockwell automation model: controllogix
vendor: rockwell automation model: controllogix controller
db: NVD ids: CVE-2024-6242

Solved: Armor portal, devices show as disconnected, and vu... - NETGEAR Communities

Trust: 3.75

Fetched: Aug. 6, 2024, 9:27 a.m., Published: June 25, 2024, 8 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: netgear model: router
vendor: netgear model: orbi
vendor: netgear model: rbr750