Sign-up

VARIoT news about IoT security

Malware Attacks Surge 30% in First Half of 2024 - Infosecurity Magazine

Related entries in the VARIoT vulnerabilities database: VAR-202303-1268

Trust: 5.25

Fetched: July 30, 2024, 9:24 a.m., Published: July 25, 2024, 10:15 a.m.
 Vulnerabilities: denial of service, command injection
Affected productsExternal IDs
vendor: tp-link model: routers
vendor: sonicwall model: soho
db: NVD ids: CVE-2023-1389

Photon OS 3.0: Device PHSA-2022-3.0-0476 - vulnerability database | Vulners.com

Trust: 3.0

Fetched: July 30, 2024, 9:23 a.m., Published: July 24, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-41973, CVE-2022-41974

New Specula Tool Turns Microsoft Outlook into C2 Beacon for Remote Code Execution | Black Hat Ethical Hacking

Trust: 3.25

Fetched: July 30, 2024, 9:21 a.m., Published: July 30, 2024, 8:47 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

Dahua Security Cameras Unauthorized device timestamp modific... - vulnerability database | Vulners.com

Trust: 3.5

Fetched: July 30, 2024, 9:16 a.m., Published: July 29, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dahua security model: sd5a_firmware
vendor: dahuasecurity model: sd5a_firmware
vendor: dahua model: sd5a_firmware
db: NVD ids: CVE-2022-30564

CVE-2024-40818 - Apple Siri Sensitive Data Disclosure Vulnerability

Trust: 3.75

Fetched: July 30, 2024, 9:15 a.m., Published: July 29, 2024, 11:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: watchos
vendor: apple model: macos
db: NVD ids: CVE-2024-40818

Local Attackers Can Access Device Identifier via Improper Access Control Prior to SMR Jul-2024 Release 1 (CVE-2024-34583) | SecurityVulnerability.io - SecuirtyVulnerability.io

Trust: 3.25

Fetched: July 30, 2024, 9:15 a.m., Published: July 30, 2024, midnight
 Vulnerabilities: improper access control
Affected productsExternal IDs
db: NVD ids: CVE-2024-34583

Virtual Reality and Augmented Reality Security: A Reconnaissance and Vulnerability Assessment Approach

Trust: 4.25

Fetched: July 30, 2024, 9:14 a.m., Published: May 30, 2024, midnight
 Vulnerabilities: denial of service, data injection, cross-site scripting...
Affected productsExternal IDs
vendor: node.js model: node.js
vendor: jquery model: jquery
vendor: wireshark model: wireshark
vendor: google model: android
vendor: google model: home
vendor: google model: nexus
db: NVD ids: CVE-2018-19111

CVE-2024-42092 - "Synopsys Davinci Linux Kernel Out-of-Bounds IRQ Access Vulnerability"

Trust: 3.0

Fetched: July 30, 2024, 9:13 a.m., Published: July 29, 2024, 6:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-42092

Dahua Security Cameras Stack-based Buffer Overflow (CVE-2019... - vulnerability database | Vulners.com

Trust: 5.5

Fetched: July 30, 2024, 9:12 a.m., Published: July 29, 2024, midnight
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: dahua security model: camera
vendor: dahua security model: ipc-hdw1xxx
vendor: dahua security model: ipc-hfw2xxx
vendor: dahua security model: ipc-hfw1xxx
vendor: dahua security model: ip camera
vendor: dahua model: camera
vendor: dahua model: ipc-hdw1xxx
vendor: dahua model: ipc-hfw2xxx
vendor: dahua model: ipc-hfw1xxx
vendor: dahua model: ip camera

CVE-2024-41024 - Linux Kernel fastrpc Privilege Escalation Vulnerability

Trust: 4.0

Fetched: July 30, 2024, 9:12 a.m., Published: July 29, 2024, 3:15 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2024-41024

CVE-2024-41024 - vulnerability database | Vulners.com

Trust: 3.25

Fetched: July 30, 2024, 9:12 a.m., Published: July 29, 2024, 3:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-41024

CVE-2024-42074 - "AMD ACP Null Pointer Dereference Vulnerability"

Trust: 4.0

Fetched: July 30, 2024, 9:12 a.m., Published: July 29, 2024, 4:15 p.m.
 Vulnerabilities: pointer dereference vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2024-42074

Massive ‘PKFail’ Secure Boot Bypass Threatens Millions of Devices - VULNERA

Related entries in the VARIoT vulnerabilities database: VAR-201609-0149

Trust: 3.75

Fetched: July 30, 2024, 9:11 a.m., Published: July 26, 2024, 9:08 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: asus model: asus
vendor: lenovo model: updates
db: NVD ids: CVE-2016-5247

Moderate: linux-firmware security update

Trust: 3.25

Fetched: July 30, 2024, 9:11 a.m., Published: July 9, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-31346

Google warns Samsung Galaxy phone owners about unpatched vulnerability - PhoneArena

Trust: 4.75

Fetched: July 30, 2024, 9:11 a.m., Published: July 16, 2024, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
vendor: samsung model: samsung galaxy
vendor: samsung model: galaxy
db: NVD ids: CVE-2024-31320, CVE-2024-32896

Could Your Device Be One of the 500 Devices Affected by Major Secure Boot Vulnerability? - PUPUWEB

Trust: 3.0

Fetched: July 30, 2024, 9:10 a.m., Published: July 30, 2024, 7:25 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: bios

Secure Boot rendered useless, over 200 PC models from different makers are affected | TechSpot

Trust: 3.0

Fetched: July 30, 2024, 9:10 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: bios

Security Profile: Vulnerability Protection

Trust: 3.25

Fetched: July 30, 2024, 9:08 a.m., Published: July 29, 2024, midnight
 Vulnerabilities: sql injection, command injection
Affected productsExternal IDs
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: palo model: firewall
vendor: palo model: networks

Threat Response - Check Point Security Gateway Information Disclosure vulnerability

Trust: 4.25

Fetched: July 30, 2024, 9:07 a.m., Published: May 28, 2024, midnight
 Vulnerabilities: information disclosure, privilege escalation
Affected productsExternal IDs
vendor: check point model: gaia os
vendor: check point model: gaia
vendor: check point model: security gateway
vendor: check point model: check point
db: NVD ids: CVE-2024-24919

CISA, FBI warn: Act now on network device vulnerabilities. | Cyber Security Peek

Trust: 3.75

Fetched: July 28, 2024, 10:28 a.m., Published: July 11, 2024, 10:10 p.m.
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-21887, CVE-2024-3400, CVE-2024-20399