Sign-up

VARIoT news about IoT security

A Vulnerability in Cisco Secure Email Gateway Could Allow for Remote Code Execution

Trust: 4.25

Fetched: July 27, 2024, 7:33 p.m., Published: July 22, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

Cisco VPN Client Software Download (Windows 32bit - 64bit, Linux 32bit - 64bit, MacOS)

Trust: 3.0

Fetched: July 27, 2024, 7:27 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: vpn client
vendor: cisco model: cisco vpn client

Cisco Secure Web Appliance Privilege Escalation Vulnerability - Cisco

Trust: 3.0

Fetched: July 27, 2024, 7:26 p.m., Published: July 17, 2024, 11:40 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs

Smart Home Device Security

Trust: 4.5

Fetched: July 27, 2024, 7:24 p.m., Published: July 18, 2024, 4:37 p.m.
 Vulnerabilities: weak password
Affected productsExternal IDs
vendor: essential model: phone

Does CVE-2022-38023 have any impact to ONTAP 9? - NetApp Knowledge Base

Trust: 3.0

Fetched: July 27, 2024, 7:24 p.m., Published: Jan. 2, 2023, 12:17 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-38023

RegreSSHion Attack: Protecting Against Unpatched OpenSSH CVE

Trust: 5.0

Fetched: July 27, 2024, 7:24 p.m., Published: July 16, 2024, 7 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-6387, CVE-2008-4109, CVE-2006-5051

CVE-2024-39149 - Post-auth blind OS command injection vulnerability in NETGEAR's X6 R8000 devices

Trust: 5.5

Fetched: July 27, 2024, 7:21 p.m., Published: March 11, 2024, midnight
 Vulnerabilities: command execution, arbitrary command execution, command injection...
Affected productsExternal IDs
vendor: netgear model: r8000
db: NVD ids: CVE-2024-39149

OpenSSH Vulnerability: CVE-2024-6387 Explained

Trust: 3.0

Fetched: July 27, 2024, 7:19 p.m., Published: July 2, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-6387

Legacy Vulnerabilities in IoT: Why Updating Your Devices is Critical - Responsible Cyber

Trust: 3.75

Fetched: July 27, 2024, 7:18 p.m., Published: July 29, 2024, midnight
 Vulnerabilities: default credentials
Affected productsExternal IDs

CocoaPods Vulnerabilities Expose Apple Devices to Supply Chain Attacks - The Review Hive

Trust: 4.75

Fetched: July 27, 2024, 7:17 p.m., Published: July 8, 2024, 8:09 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2024-38366, CVE-2024-38367, CVE-2024-38368

Vulnerability in Cisco Smart Software Manager lets attackers change any user password | Ars Technica

Trust: 4.0

Fetched: July 27, 2024, 7:16 p.m., Published: July 17, 2024, 7:47 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-20419

Vulnerabilities in PanelView Plus devices could lead to remote code execution - TQT Group

Related entries in the VARIoT vulnerabilities database: VAR-202309-2171

Trust: 5.25

Fetched: July 27, 2024, 7:15 p.m., Published: July 9, 2024, 9:54 a.m.
 Vulnerabilities: code execution, information disclosure
Affected productsExternal IDs
vendor: rockwellautomation model: automation panelview plus
vendor: rockwellautomation model: factorytalk view
vendor: rockwellautomation model: factorytalk
vendor: rockwellautomation model: automation panelview
vendor: rockwellautomation model: rslogix
vendor: rockwell model: automation panelview plus
vendor: rockwell model: factorytalk view
vendor: rockwell model: factorytalk
vendor: rockwell model: automation panelview
vendor: rockwell model: rslogix
vendor: rockwell automation model: automation panelview plus
vendor: rockwell automation model: factorytalk view
vendor: rockwell automation model: factorytalk
vendor: rockwell automation model: automation panelview
vendor: rockwell automation model: rslogix
db: NVD ids: CVE-2023-20719, CVE-2023-2071, CVE-2023-294648

CVE - CVE-2018-0002

Related entries in the VARIoT vulnerabilities database: VAR-201801-1070

Trust: 5.0

Fetched: July 27, 2024, 7:14 p.m., Published: Aug. 24, 2030, midnight
 Vulnerabilities: memory corruption, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2018-0002

Samsung Galaxy Critical Update Expected In August For…

Trust: 3.75

Fetched: July 27, 2024, 7:13 p.m., Published: Aug. 27, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
vendor: samsung model: galaxy
vendor: samsung model: samsung galaxy
db: NVD ids: CVE-2024-29745, CVE-2024-32896

North Korean Hacker, Critical Software Flaws, Secure Boot At Risk

Trust: 4.0

Fetched: July 27, 2024, 7:12 p.m., Published: July 26, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-6327

China’s ‘Velvet Ant’ hackers caught exploiting new zero-day in Cisco devices

Trust: 4.0

Fetched: July 27, 2024, 7:12 p.m., Published: July 1, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: nx-os software
vendor: cisco model: nx-os
vendor: cisco model: nexus
vendor: cisco model: series switches
vendor: cisco model: series
vendor: cisco model: cisco nx-os
db: NVD ids: CVE-2024-20399

D-Link DAP-1650 EOL Device Multiple Command Injection Vulner... - vulnerability database | Vulners.com

Trust: 5.75

Fetched: July 27, 2024, 7:11 p.m., Published: July 19, 2024, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: dlink model: dap-1650_firmware
vendor: dlink model: dap-1650
vendor: d-link model: dap-1650_firmware
vendor: d-link model: dap-1650
db: NVD ids: CVE-2024-23625, CVE-2024-23624

RADIUS Protocol Spoofing Vulnerability (Blast-RADIUS): July 2024

Trust: 3.0

Fetched: July 27, 2024, 7:11 p.m., Published: July 24, 2024, 7:33 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: aironet 3800 series
vendor: cisco model: aironet 1560
vendor: cisco model: nexus
vendor: cisco model: umbrella
vendor: cisco model: aironet 1810w series access points
vendor: cisco model: catalyst iw6300
vendor: cisco model: firepower
vendor: cisco model: catalyst 9100
vendor: cisco model: wireless lan controllers
vendor: cisco model: series
vendor: cisco model: aironet 1850
vendor: cisco model: catalyst
vendor: cisco model: fxos
vendor: cisco model: aironet 1540
vendor: cisco model: catalyst 9100 series
vendor: cisco model: evolved programmable network manager
vendor: cisco model: aironet 1810
vendor: cisco model: aironet 1830 series
vendor: cisco model: aironet
vendor: cisco model: policy suite
vendor: cisco model: aironet 1540 series
vendor: cisco model: aireos
vendor: cisco model: aironet 2800 series
vendor: cisco model: aironet 3800
vendor: cisco model: aironet 1560 series
vendor: cisco model: aironet 2800
vendor: cisco model: ucs b-series blade servers
vendor: cisco model: access points
vendor: cisco model: aironet 1810 series
vendor: cisco model: aironet 1830
vendor: cisco model: aironet 4800
vendor: cisco model: aironet 1850 series
vendor: cisco model: cisco evolved programmable network manager

Siemens vulnerability (CVE-2024-35292) - Find affected devices

Related entries in the VARIoT vulnerabilities database: VAR-202406-0059

Trust: 4.5

Fetched: July 27, 2024, 7:09 p.m., Published: July 16, 2024, 9 p.m.
 Vulnerabilities: code execution, denial of service, privilege escalation...
Affected productsExternal IDs
vendor: siemens model: s7-200 smart
vendor: siemens model: scalance
vendor: siemens model: simatic s7-200
vendor: siemens model: simatic s7-200 smart
vendor: siemens model: simatic
vendor: siemens model: ruggedcom
db: NVD ids: CVE-2024-35292

CVE-2024-6422 - TelnetD Remote Unauthenticated Command Execution Vulnerability in Cisco Device

Trust: 5.0

Fetched: July 27, 2024, 7:08 p.m., Published: July 10, 2024, 8:15 a.m.
 Vulnerabilities: command execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-6422