Sign-up

VARIoT news about IoT security

Vulnerabilities in Longse Technology devices | CERT Polska

Trust: 3.75

Fetched: July 27, 2024, 6:04 p.m., Published: July 9, 2024, midnight
 Vulnerabilities: default credentials, default password
Affected productsExternal IDs
db: NVD ids: CVE-2024-5633, CVE-2024-5632, CVE-2024-5634, CVE-2024-5631

Secure Boot is completely broken on 200+ models from 5 big device makers | Ars Technica

Trust: 3.0

Fetched: July 27, 2024, 6:04 p.m., Published: July 25, 2024, 6 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: bios

Specific Ricoh MFP and Printer Products - Buffer overflow vulnerability (CVE-2024-39927) | Ricoh Europe

Trust: 5.0

Fetched: July 12, 2024, 9:44 a.m., Published: -
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2024-39927

Vulnerabilities on Sensor Net Connect and Thermoscan IP Could Allow Admin Privileges Over Medical Data Systems

Trust: 3.5

Fetched: July 12, 2024, 9:43 a.m., Published: July 12, 2024, midnight
 Vulnerabilities: request forgery, denial of service, buffer overflow...
Affected productsExternal IDs
db: NVD ids: CVE-2024-31201, CVE-2024-31203, CVE-2024-3083, CVE-2024-3082, CVE-2024-31200, CVE-2024-31202, CVE-2024-31199

New Vulnerability Discovered in Android Devices Sparks Security Concerns

Trust: 3.75

Fetched: July 12, 2024, 9:42 a.m., Published: June 23, 2024, 11:51 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2024-32896, CVE-2024-54321

More than two dozen Android vulnerabilities fixed • The Register

Trust: 4.5

Fetched: July 12, 2024, 9:42 a.m., Published: -
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
vendor: xiaomi model: miui
db: NVD ids: CVE-2021-0600, CVE-2024-0017, CVE-2023-20963

GitLab update addresses pipeline execution vulnerability

Trust: 3.0

Fetched: July 12, 2024, 9:41 a.m., Published: July 11, 2024, 1:05 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-6385, CVE-2024-2880, CVE-2024-5528, CVE-2024-5470, CVE-2024-5257, CVE-2024-6595

[AL-050] Multiple Vulnerabilities in VMWare Workstation and Fusion

Trust: 4.25

Fetched: July 12, 2024, 9:39 a.m., Published: July 12, 2024, midnight
 Vulnerabilities: information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2024-22268, CVE-2024-22267, CVE-2024-22270, CVE-2024-22269

15 vulnerabilities discovered in software development kit for wireless routers

Trust: 5.5

Fetched: July 12, 2024, 9:38 a.m., Published: July 10, 2024, 4 p.m.
 Vulnerabilities: arbitrary command execution, request forgery, cross-site request forgery...
Affected productsExternal IDs
vendor: snort model: snort
vendor: snort.org model: snort
vendor: cisco model: ip phone
vendor: cisco model: soho
vendor: cisco model: series
vendor: cisco model: router
vendor: cisco model: routers
db: NVD ids: CVE-2023-46685, CVE-2024-32937, CVE-2023-45742, CVE-2023-50383, CVE-2023-34435, CVE-2023-50382, CVE-2023-50381, CVE-2023-47677, CVE-2023-49593, CVE-2024-21778

Kaspersky identifies significant security risks in widely used Cinterion modems | Kaspersky

Trust: 4.75

Fetched: July 12, 2024, 9:38 a.m., Published: May 16, 2024, 2:02 p.m.
 Vulnerabilities: privilege escalation, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-47610, CVE-2023-47616, CVE-2023-47611

alpitronic Hypercharger EV Charger | CISA

Trust: 4.75

Fetched: July 12, 2024, 9:37 a.m., Published: July 12, 2023, midnight
 Vulnerabilities: default password, default credentials
Affected productsExternal IDs
db: NVD ids: CVE-2024-4622

What is the OpenSSH regreSSHion vulnerability (CVE-2024-6387)?

Trust: 3.75

Fetched: July 12, 2024, 9:36 a.m., Published: July 3, 2024, midnight
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2006-5051, CVE-2024-6387

Connecting the Dots: Darktrace’s Detection of the Exploitation of the ConnectWise ScreenConnect Vulnerabilities | Darktrace Blog

Trust: 4.25

Fetched: July 12, 2024, 9:35 a.m., Published: July 15, 2024, midnight
 Vulnerabilities: privilege escalation, authentication bypass
Affected productsExternal IDs
vendor: trendmicro model: security
vendor: paloaltonetworks model: networks
db: NVD ids: CVE-2024-1708, CVE-2024-22245, CVE-2024-17091, CVE-2024-1709, CVE-2024-1597, CVE-2024-17091116, CVE-2024-1709124780657328783

Pwn2Own: WAN-to-LAN Exploit Showcase | Claroty

Trust: 6.25

Fetched: July 12, 2024, 9:34 a.m., Published: July 9, 2024, midnight
 Vulnerabilities: buffer overflow, buffer overrun, improper validation...
Affected productsExternal IDs
vendor: tp-link model: routers
vendor: synology model: dns server
db: NVD ids: CVE-2024-5243, CVE-2024-5242, CVE-2024-5244

Zyxel security advisory for multiple vulnerabilities in NAS products - Zyxel Community

Trust: 5.5

Fetched: July 12, 2024, 9:33 a.m., Published: June 4, 2024, midnight
 Vulnerabilities: command injection, code execution, privilege management vulnerability
Affected productsExternal IDs
vendor: zyxel model: nas542
vendor: zyxel model: nas326
db: NVD ids: CVE-2024-29975, CVE-2024-29973, CVE-2024-29974, CVE-2024-29976, CVE-2024-29972

Cybersecurity Vulnerabilities in Implantable Medical Devices - Solondais

Trust: 4.75

Fetched: July 12, 2024, 9:32 a.m., Published: -
 Vulnerabilities: session hijacking
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2023-31222

Understanding the QNAP QTS Zero-Day Vulnerability - Cyber and Fraud Centre - Scotland

Trust: 5.5

Fetched: July 12, 2024, 9:32 a.m., Published: May 21, 2024, 12:55 p.m.
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: qnap model: qnap qts
db: NVD ids: CVE-2024-27130

Vulnerabilities in employee management system could lead to remote code execution, login credential theft

Trust: 5.5

Fetched: July 12, 2024, 9:31 a.m., Published: May 1, 2024, 4 p.m.
 Vulnerabilities: memory corruption, information disclosure, buffer overflow...
Affected productsExternal IDs
vendor: snort model: snort
vendor: snort.org model: snort
db: NVD ids: CVE-2024-22373, CVE-2024-25648, CVE-2023-43491, CVE-2023-51391, CVE-2024-22391, CVE-2023-45744, CVE-2023-39367, CVE-2023-45209, CVE-2024-28130, CVE-2024-25569, CVE-2024-25575, CVE-2024-25938, CVE-2023-40146

ICS hardware vulnerabilities found in TELSAT, SDG Technologies, Yokogawa, Johnson Controls equipment - Industrial Cyber

Trust: 5.5

Fetched: July 12, 2024, 9:29 a.m., Published: June 28, 2024, 5:53 p.m.
 Vulnerabilities: improper access control, authorization vulnerability, cross-site scripting...
Affected productsExternal IDs
vendor: yokogawa model: fast/tools
db: NVD ids: CVE-2024-32756, CVE-2024-32755, CVE-2024-4105, CVE-2024-32932, CVE-2024-32757, CVE-2024-4106, CVE-2024-2882

Palo Alto Networks API Exploit Causing Critical Infrastructure and Enterprise Epidemics - API Security

Trust: 5.5

Fetched: July 12, 2024, 9:28 a.m., Published: April 13, 2024, 9:57 p.m.
 Vulnerabilities: path traversal, command injection, code execution
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: pan-os
vendor: paloaltonetworks model: networks
vendor: paloaltonetworks model: firewall
vendor: paloaltonetworks model: pan-os
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo model: pan-os
db: NVD ids: CVE-2024-3400