VARIoT latest news about IoT security

UEFIcanhazbufferoverflow Vulnerability Impacts Intel CPUs Trust: 5.0 Fetched: Aug. 6, 2024, 9:27 a.m., Published: June 21, 2024, 8:56 a.m.	Vulnerabilities: buffer overflow

Affected products

External IDs

db:

NVD

ids:

CVE-2024-0762

Bypassing Rockwell Automation Logix Controllers’ Local Chassis Security Protection \| Claroty Trust: 5.5 Fetched: Aug. 6, 2024, 9:26 a.m., Published: -	Vulnerabilities: security bypass

Affected products

External IDs

vendor:	rockwell	model:	automation controllogix
vendor:	rockwell	model:	studio 5000
vendor:	rockwell	model:	controllogix
vendor:	rockwell	model:	guardlogix
vendor:	rockwell automation	model:	automation controllogix
vendor:	rockwell automation	model:	studio 5000
vendor:	rockwell automation	model:	controllogix
vendor:	rockwell automation	model:	guardlogix
vendor:	snort	model:	snort
vendor:	wireshark	model:	wireshark

db:

NVD

ids:

CVE-2024-6242

Juniper Networks Releases Security Updates for a Critical 10.0 Vulnerability Trust: 5.0 Fetched: Aug. 6, 2024, 9:26 a.m., Published: July 1, 2024, 6:45 a.m.	Vulnerabilities: authentication bypass

Affected products

External IDs

db:

NVD

ids:

CVE-2024-2973

Google Warns of Actively Exploited Pixel Firmware Vulnerability - Cyber and Fraud Centre - Scotland Trust: 4.5 Fetched: Aug. 6, 2024, 9:25 a.m., Published: June 13, 2024, 10:26 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	pixel

db:

NVD

ids:

CVE-2024-32896

Linux kernel exploitation SLUBStick can read and write memory arbitrarily \| SC Media Trust: 3.75 Fetched: Aug. 6, 2024, 9:25 a.m., Published: June 11, 2024, 5 p.m.	Vulnerabilities: code execution, privilege escalation

Affected products	External IDs

Wi-Fi Vulnerability Threat for All Windows Users - Altek Business Systems Trust: 3.25 Fetched: Aug. 6, 2024, 9:25 a.m., Published: June 25, 2024, 8 a.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2024-30078

Google Patches Exploited Android Zero-Day on Pixel Devices Trust: 4.5 Fetched: Aug. 6, 2024, 9:24 a.m., Published: Aug. 3, 2024, midnight	Vulnerabilities: code execution, information disclosure, privilege escalation

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	pixel

db:

NVD

ids:

CVE-2024-32896, CVE-2024-29745, CVE-2024-29748, CVE-2024-4610

Hacking Millions of Modems (and Investigating Who Hacked My Modem) Trust: 3.25 Fetched: Aug. 6, 2024, 9:22 a.m., Published: Aug. 6, 2069, midnight	Vulnerabilities: code execution, authorization error, directory traversal

Affected products

External IDs

vendor:	essential	model:	phone
vendor:	nokia	model:	series
vendor:	nokia	model:	impact
vendor:	cisco	model:	router
vendor:	cisco	model:	series
vendor:	cisco	model:	leap
vendor:	cisco	model:	support tools
vendor:	cisco	model:	network access control
vendor:	google	model:	wifi
vendor:	google	model:	home

Vulnerability Recap 8/5/24: Windows, VMware, Android, Apple Trust: 4.25 Fetched: Aug. 6, 2024, 9:22 a.m., Published: Aug. 5, 2024, 7:51 p.m.	Vulnerabilities: security bypass, code execution, authentication bypass...

Affected products

External IDs

vendor:	rockwell	model:	automation controllogix
vendor:	rockwell	model:	controllogix
vendor:	rockwell	model:	guardlogix
vendor:	apple	model:	watch
vendor:	rockwell automation	model:	automation controllogix
vendor:	rockwell automation	model:	controllogix
vendor:	rockwell automation	model:	guardlogix

db:

NVD

ids:

CVE-2024-32113, CVE-2024-37085

New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks Trust: 4.75 Fetched: Aug. 6, 2024, 9:21 a.m., Published: Aug. 3, 2024, midnight	Vulnerabilities: authentication bypass

Affected products

External IDs

vendor:

mesh

model:

mesh

db:

NVD

ids:

CVE-2023-52424

Google Patches New Android Kernel Vulnerability Exploited in the Wild Trust: 5.5 Fetched: Aug. 6, 2024, 9:21 a.m., Published: Aug. 6, 2024, 6:12 a.m.	Vulnerabilities: code execution, information disclosure, privilege escalation

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	pixel

db:

NVD

ids:

CVE-2024-36971, CVE-2024-32896, CVE-2018-0824, CVE-2024-29748, CVE-2024-29745

CERT-EU - Critical Vulnerability in Juniper Networks Products Trust: 5.25 Fetched: Aug. 6, 2024, 9:21 a.m., Published: -	Vulnerabilities: authentication bypass

Affected products

External IDs

db:

NVD

ids:

CVE-2024-2973

Notes on ThroughTek Kalay Vulnerabilities and Their Impact on the IoT Ecosystem Trust: 4.5 Fetched: Aug. 6, 2024, 9:13 a.m., Published: Aug. 3, 2024, midnight	Vulnerabilities: code execution, buffer overflow, command execution

Affected products

External IDs

vendor:

roku

model:

roku

db:

NVD

ids:

CVE-2023-6324, CVE-2023-6323, CVE-2023-6322, CVE-2023-6321

Apple fixes Siri vulnerabilities that could have allowed sensitive data theft from locked device. Update now! \| Malwarebytes Trust: 3.75 Fetched: Aug. 6, 2024, 9:13 a.m., Published: July 31, 2024, 1:04 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	apple	model:	apple tv
vendor:	apple	model:	ipad air
vendor:	apple	model:	ipad
vendor:	apple	model:	software update
vendor:	apple	model:	iphone
vendor:	apple	model:	safari
vendor:	apple	model:	ipod touch
vendor:	apple	model:	macos
vendor:	apple	model:	watch

About the security content of iOS 17.6 and iPadOS 17.6 - Apple Support Trust: 4.25 Fetched: Aug. 6, 2024, 9:12 a.m., Published: Aug. 17, 2024, midnight	Vulnerabilities: process crash, integer overflow, information disclosure...

Affected products

External IDs

vendor:	apple	model:	ipad
vendor:	apple	model:	iphone
vendor:	apple	model:	ipad air
vendor:	apple	model:	webkit
vendor:	trend micro	model:	security
vendor:	trend	model:	security

db:

NVD

ids:

CVE-2024-40813, CVE-2024-40793, CVE-2024-40799, CVE-2024-40809, CVE-2024-4558, CVE-2024-40835, CVE-2024-40822, CVE-2024-40784, CVE-2024-40794, CVE-2024-40806, CVE-2024-40789, CVE-2024-27873, CVE-2024-40836, CVE-2024-40788, CVE-2024-40779, CVE-2024-40776, CVE-2024-40815, CVE-2024-27863, CVE-2024-40795, CVE-2024-40818, CVE-2023-6277, CVE-2024-40777, CVE-2024-40829, CVE-2024-40812, CVE-2023-52356, CVE-2024-40774, CVE-2024-40787, CVE-2024-40780, CVE-2024-40778, CVE-2024-27871, CVE-2024-40824, CVE-2024-40782, CVE-2024-40786, CVE-2024-40785, CVE-2024-40805

Critical Flaw in Rockwell Automation Devices Allows Unauthorized Access Trust: 4.75 Fetched: Aug. 6, 2024, 9:12 a.m., Published: Aug. 5, 2024, 6:07 a.m.	Vulnerabilities: security bypass

Affected products

External IDs

vendor:	rockwell	model:	controllogix 5580
vendor:	rockwell	model:	1756-en2tr series c
vendor:	rockwell	model:	controllogix controller
vendor:	rockwell	model:	1756-en2f series c
vendor:	rockwell	model:	automation controllogix
vendor:	rockwell	model:	1756-en3tr series b
vendor:	rockwell	model:	1756-en3tr series
vendor:	rockwell	model:	controllogix
vendor:	rockwell	model:	1756-en2t series
vendor:	rockwell	model:	guardlogix
vendor:	rockwell	model:	1756-en2f series
vendor:	rockwell	model:	1756-en2tr series
vendor:	rockwell automation	model:	controllogix 5580
vendor:	rockwell automation	model:	1756-en2tr series c
vendor:	rockwell automation	model:	controllogix controller
vendor:	rockwell automation	model:	1756-en2f series c
vendor:	rockwell automation	model:	automation controllogix
vendor:	rockwell automation	model:	1756-en3tr series b
vendor:	rockwell automation	model:	1756-en3tr series
vendor:	rockwell automation	model:	controllogix
vendor:	rockwell automation	model:	1756-en2t series
vendor:	rockwell automation	model:	guardlogix
vendor:	rockwell automation	model:	1756-en2f series
vendor:	rockwell automation	model:	1756-en2tr series

db:

NVD

ids:

CVE-2024-6242

Changelog of the Cyberwatch software \| Cyberwatch Documentation Trust: 3.5 Fetched: Aug. 4, 2024, 10:08 a.m., Published: Aug. 13, 2024, midnight	Vulnerabilities: authentication problem

Affected products

External IDs

vendor:	cisco	model:	firepower
vendor:	cisco	model:	wireless lan controller
vendor:	cisco	model:	catalyst
vendor:	pulse secure	model:	connect secure
vendor:	zoom	model:	client
vendor:	zoom	model:	zoom
vendor:	schneider electric	model:	monitor
vendor:	schneider electric	model:	m340
vendor:	schneider electric	model:	modicon m340
vendor:	schneider electric	model:	control expert
vendor:	schneider electric	model:	ecostruxure control expert
vendor:	dell	model:	bios
vendor:	dell emc	model:	bios
vendor:	google	model:	google chrome
vendor:	google	model:	chrome
vendor:	siemens	model:	simatic
vendor:	siemens	model:	navigator
vendor:	schneider	model:	monitor
vendor:	schneider	model:	m340
vendor:	schneider	model:	modicon m340
vendor:	schneider	model:	control expert
vendor:	schneider	model:	ecostruxure control expert

Microsoft's July Update Patches 143 Flaws, Including Two Actively Exploited Trust: 5.75 Fetched: Aug. 4, 2024, 10:06 a.m., Published: July 10, 2024, 11:05 a.m.	Vulnerabilities: privilege escalation, feature bypass, code execution...

Affected products

External IDs

vendor:

check point

model:

check point

db:

NVD

ids:

CVE-2024-38080, CVE-2024-38112, CVE-2024-37985, CVE-2024-3596, CVE-2024-38021, CVE-2024-35264

History of IoT: How, When, and Especially the Dangers. - Aiutocomputerhelp.it EN Trust: 3.75 Fetched: Aug. 4, 2024, 10:02 a.m., Published: July 9, 2024, 7:16 a.m.	Vulnerabilities: denial of service

Affected products	External IDs

HyperOS 1.5 August tracker is now available for Xiaomi devices - Tech Mukul Trust: 3.0 Fetched: Aug. 4, 2024, 9:59 a.m., Published: Aug. 3, 2024, 2:56 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

xiaomi

model:

redmi

VARIoT news about IoT security