Sign-up

VARIoT news about IoT security

Android Security Bulletin-August 2024 | Android Open Source Project

Related entries in the VARIoT vulnerabilities database: VAR-202408-2138, VAR-202408-1859

Trust: 4.25

Fetched: Oct. 2, 2024, 9:54 a.m., Published: Aug. 2, 2024, midnight
 Vulnerabilities: code execution, information disclosure, denial of service
Affected productsExternal IDs
vendor: samsung model: mobile
vendor: samsung model: samsung
vendor: samsung model: notes
vendor: samsung model: note
vendor: motorola model: android
vendor: motorola model: motorola
vendor: google model: pixel
vendor: google model: android
vendor: huawei model: huawei
db: NVD ids: CVE-2024-34738, CVE-2024-34736, CVE-2023-20971, CVE-2024-34737, CVE-2023-21351, CVE-2024-34735, CVE-2024-34734, CVE-2024-23356, CVE-2024-31333, CVE-2024-23355, CVE-2024-34731, CVE-2024-21481, CVE-2024-34740, CVE-2024-34727, CVE-2024-34739, CVE-2024-23357, CVE-2024-23350, CVE-2024-34742, CVE-2024-34741, CVE-2024-23353, CVE-2024-2937, CVE-2024-23352, CVE-2024-36971, CVE-2024-4607, CVE-2024-20082, CVE-2024-34743

15 Best Vulnerability Assessment Scanning Tools (Free and Paid) for 2024

Trust: 4.25

Fetched: Oct. 2, 2024, 9:52 a.m., Published: June 30, 2021, 3:31 p.m.
 Vulnerabilities: cross-site scripting, sql injection
Affected productsExternal IDs
vendor: wireshark model: wireshark
vendor: netbsd model: current
vendor: tripwire model: ip360
vendor: aircrack-ng model: aircrack-ng

PKfail Vulnerability Allows Hackers to Install UEFI Malware

Trust: 3.5

Fetched: Oct. 2, 2024, 9:50 a.m., Published: July 26, 2024, 8:42 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: dell model: bios
vendor: lenovo model: bios
vendor: lenovo model: updates
vendor: lenovo model: system

Security Advisory | Rockwell Automation | US

Trust: 3.75

Fetched: Oct. 2, 2024, 9:50 a.m., Published: May 16, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: rockwell automation model: guardlogix
vendor: rockwell automation model: controllogix
vendor: rockwell model: guardlogix
vendor: rockwell model: controllogix
db: NVD ids: CVE-2024-6242

Apple fixes Siri vulnerabilities that could have allowed sensitive data theft from locked device. Update now! | Malwarebytes

Trust: 3.75

Fetched: Oct. 2, 2024, 9:49 a.m., Published: July 31, 2024, 1:04 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: apple tv
vendor: apple model: watch
vendor: apple model: ipad air
vendor: apple model: macos
vendor: apple model: iphone
vendor: apple model: software update
vendor: apple model: ipod touch
vendor: apple model: safari
vendor: apple model: ipad

The Vulnerability Relationship Prediction Research for Network Risk Assessment

Related entries in the VARIoT vulnerabilities database: VAR-202202-0325, VAR-201605-0077, VAR-202202-0322

Trust: 4.5

Fetched: Oct. 2, 2024, 9:47 a.m., Published: Jan. 2, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: accesspath
vendor: cisco model: series
vendor: cisco model: rv340
db: NVD ids: CVE-2019-2887, CVE-2020-1745, CVE-2022-20705, CVE-2016-2107, CVE-2022-20707, CVE-2019-2729

What Is an Authentication Bypass Vulnerability? | StrongDM

Trust: 3.5

Fetched: Oct. 2, 2024, 9:45 a.m., Published: Oct. 4, 2024, midnight
 Vulnerabilities: authentication bypass, brute force attack, code execution
Affected productsExternal IDs
vendor: delegate model: delegate

Secure by Design Alert: Eliminating OS Command Injection Vulnerabilities | CISA

Trust: 3.75

Fetched: Oct. 2, 2024, 9:44 a.m., Published: Oct. 2, 2023, midnight
 Vulnerabilities: os command injection, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-20399, CVE-2024-3400, CVE-2024-21887

CERT-EU - Critical Vulnerabilities in Cisco Products

Trust: 5.0

Fetched: Oct. 2, 2024, 9:44 a.m., Published: -
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: asyncos
vendor: cisco model: advanced malware protection
vendor: cisco model: cisco asyncos
db: NVD ids: CVE-2024-20419, CVE-2024-20401

Unquoted Executable Path Vulnerability Affects Hitachi Device Manager on Windows (CVE-2024-5963) | SecurityVulnerability.io - SecuirtyVulnerability.io

Trust: 4.0

Fetched: Oct. 2, 2024, 9:44 a.m., Published: Aug. 6, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: hitachi model: hitachi device manager
vendor: hitachi model: device manager
db: NVD ids: CVE-2024-5963

Android vulnerability used in targeted attacks patched by Google | Malwarebytes

Trust: 5.5

Fetched: Oct. 2, 2024, 9:43 a.m., Published: Aug. 6, 2024, 1:47 p.m.
 Vulnerabilities: use after free, code execution
Affected productsExternal IDs
vendor: samsung model: mobile devices
vendor: samsung model: android phone
vendor: samsung model: mobile
vendor: samsung model: samsung
vendor: google model: android
db: NVD ids: CVE-2024-36971

Security Profile: Vulnerability Protection

Trust: 3.25

Fetched: Oct. 2, 2024, 9:41 a.m., Published: Sept. 10, 2024, midnight
 Vulnerabilities: sql injection, command injection
Affected productsExternal IDs
vendor: palo model: firewall
vendor: palo model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks

DIVD-2024-00011 - Six vulnerabilities in Enphase IQ Gateway devices | DIVD CSIRT

Trust: 4.75

Fetched: Oct. 2, 2024, 9:40 a.m., Published: Oct. 2, 2024, midnight
 Vulnerabilities: command execution
Affected productsExternal IDs
vendor: enphase model: envoy
db: NVD ids: CVE-2024-21878, CVE-2020-25754

Vulnerability in Security: A Complete Overview | Simplilearn

Trust: 3.75

Fetched: Oct. 2, 2024, 9:40 a.m., Published: Feb. 9, 2022, 5:54 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs

How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions

Trust: 3.5

Fetched: Oct. 2, 2024, 9:36 a.m., Published: Aug. 19, 2024, 10 a.m.
 Vulnerabilities: code injection
Affected productsExternal IDs
vendor: apple model: macos
vendor: cisco model: webex meetings
vendor: cisco model: cisco webex
vendor: cisco model: webex
vendor: cisco model: guard
vendor: cisco model: jabber
vendor: cisco model: series
vendor: cisco model: spark
vendor: cisco model: webex productivity tools
vendor: cisco model: cisco webex meetings

Vulnerability Details Page

Trust: 3.5

Fetched: Oct. 2, 2024, 9:35 a.m., Published: Sept. 27, 2024, 8:52 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo model: pan-os
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os

Medical Device Vulnerability Management: Best Practices for Ensuring Patient Safety

Trust: 3.75

Fetched: Oct. 2, 2024, 9:35 a.m., Published: Sept. 1, 2024, 9:17 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security

Vulnerabilities Page

Trust: 4.5

Fetched: Oct. 2, 2024, 9:33 a.m., Published: Sept. 27, 2024, 8:52 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo alto networks model: networks

Vulnerabilities in Longse Technology devices | CERT Polska

Trust: 3.75

Fetched: Oct. 2, 2024, 9:29 a.m., Published: July 9, 2024, midnight
 Vulnerabilities: default credentials, default password
Affected productsExternal IDs
db: NVD ids: CVE-2024-5631, CVE-2024-5632, CVE-2024-5634, CVE-2024-5633

RADIUS Protocol Vulnerability Impacted Multiple Cisco Products

Trust: 3.75

Fetched: Oct. 2, 2024, 9:29 a.m., Published: July 29, 2024, 6:01 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: access points
vendor: cisco model: series switches
vendor: cisco model: ios xe software
vendor: cisco model: application policy infrastructure controller
vendor: cisco model: identity services engine
vendor: cisco model: ucs manager
vendor: cisco model: ucs b-series blade servers
vendor: cisco model: ios xe
vendor: cisco model: adaptive security appliance
vendor: cisco model: sd-wan
vendor: cisco model: series
vendor: cisco model: catalyst
vendor: cisco model: ucs central software
vendor: cisco model: firepower
vendor: cisco model: routers
vendor: cisco model: nexus 3000
vendor: cisco model: series routers
vendor: cisco model: asr 5000
vendor: cisco model: nexus
vendor: cisco model: ios xr
vendor: cisco model: device manager
db: NVD ids: CVE-2024-3596