Sign-up

VARIoT news about IoT security

Apple iOS 17.2.1 Screen Time Passcode Retrieval / Mitigation Bypass

Trust: 3.25

Fetched: Sept. 25, 2024, 9:49 a.m., Published: Feb. 17, 2001, midnight
 Vulnerabilities: brute force attack, privilege escalation
Affected productsExternal IDs
vendor: apple model: watch
vendor: apple model: icloud

Intercepting Impact: 2024 Trend Micro Cyber Risk Report | Trend Micro (ES)

Trust: 4.0

Fetched: Sept. 25, 2024, 9:48 a.m., Published: Sept. 25, 2024, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2024-30051, CVE-2023-30040, CVE-2023-6345, CVE-2023-4762, CVE-2023-4863, CVE-2024-26169

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

Trust: 5.0

Fetched: Sept. 25, 2024, 9:46 a.m., Published: Sept. 24, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: google chrome

Apple iOS 17.2.1 Screen Time Passcode Retrieval / Mitigation Bypass ≈ Packet Storm

Trust: 4.25

Fetched: Sept. 25, 2024, 9:45 a.m., Published: Feb. 17, 2001, midnight
 Vulnerabilities: brute force attack, privilege escalation
Affected productsExternal IDs
vendor: apple model: watch
vendor: apple model: icloud
vendor: apple inc. model: watch
vendor: apple inc. model: icloud

20,000 WordPress Sites Affected by Privilege Escalation Vulnerability in WCFM - WooCommerce Frontend Manager WordPress Plugin

Trust: 3.75

Fetched: Sept. 25, 2024, 9:44 a.m., Published: Sept. 24, 2024, 6:02 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs

Multiple critical zero day vulnerabilities found in military and filling station fuel tanks

Trust: 3.75

Fetched: Sept. 25, 2024, 9:44 a.m., Published: Sept. 24, 2024, 4:58 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2024-8497

Vulnerability in compression algorithm - Splunk Community

Trust: 3.25

Fetched: Sept. 25, 2024, 9:43 a.m., Published: July 15, 2024, 8:18 a.m.
 Vulnerabilities: information leakage
Affected productsExternal IDs

Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC | Trend Micro (US)

Trust: 4.5

Fetched: Sept. 25, 2024, 9:42 a.m., Published: Sept. 19, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2024-36401

Critical Vulnerability in Ivanti Cloud Services Appliance (CSA) Exploited in Attacks: CVE-2024-8963 - SOCRadar® Cyber Intelligence Inc.

Trust: 4.75

Fetched: Sept. 25, 2024, 9:41 a.m., Published: Sept. 20, 2024, 11:47 a.m.
 Vulnerabilities: os command injection, command injection, path traversal
Affected productsExternal IDs
db: NVD ids: CVE-2024-8190, CVE-2024-8963

Uncovering IoT Vulnerabilities: Highlights from the Bitdefender - Netgear 2024 Threat Report

Trust: 3.0

Fetched: Sept. 25, 2024, 9:34 a.m., Published: Sept. 25, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs

Uncovering IoT Vulnerabilities: Highlights from the Bitdefender - Netgear 2024 Threat Report

Trust: 3.0

Fetched: Sept. 25, 2024, 9:34 a.m., Published: Sept. 25, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs

Alisonic Sibylla | CISA

Trust: 5.0

Fetched: Sept. 25, 2024, 9:33 a.m., Published: Sept. 25, 2023, midnight
 Vulnerabilities: sql injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-8630

Digital Workspace Vulnerabilities - August 2024

Trust: 4.0

Fetched: Sept. 25, 2024, 9:33 a.m., Published: Aug. 14, 2024, 3:43 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android
vendor: google model: chrome
vendor: google model: google chrome

CERT-EU - Vulnerabilities in OpenVPN

Trust: 4.0

Fetched: Sept. 25, 2024, 9:32 a.m., Published: -
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2024-1305, CVE-2024-27459, CVE-2024-27903, CVE-2024-24974

Vulnerability Disclosure Policy - EPH Controls

Trust: 3.5

Fetched: Sept. 25, 2024, 9:32 a.m., Published: July 30, 2024, 10:07 a.m.
 Vulnerabilities: arbitrary command execution, command injection, directory traversal...
Affected productsExternal IDs

IoT Security: A Call to Action for Improved Vulnerability Disclosure

Trust: 4.5

Fetched: Sept. 25, 2024, 9:31 a.m., Published: Sept. 11, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: huawei model: huawei

IoT Security: A Call to Action for Improved Vulnerability Disclosure

Trust: 4.5

Fetched: Sept. 25, 2024, 9:31 a.m., Published: Sept. 11, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: huawei model: huawei

IoT Security: A Call to Action for Improved Vulnerability Disclosure

Trust: 4.5

Fetched: Sept. 25, 2024, 9:30 a.m., Published: Sept. 11, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: huawei model: huawei

Vulnerability Notice - SolarWinds, Adobe, Mozilla, Ivanti, Microsoft, Apache, and Android

Trust: 5.5

Fetched: Sept. 25, 2024, 9:29 a.m., Published: Aug. 19, 2024, midnight
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
vendor: samsung model: samsung mobile
vendor: samsung model: notes
vendor: samsung model: samsung
vendor: samsung model: mobile
db: NVD ids: CVE-2024-36971

10 security bugs put fuel storage tanks at risk of attacks • The Register

Trust: 4.5

Fetched: Sept. 25, 2024, 9:15 a.m., Published: -
 Vulnerabilities: command injection, privilege escalation, authentication bypass...
Affected productsExternal IDs
db: NVD ids: CVE-2024-45373, CVE-2024-43423, CVE-2024-8310, CVE-2024-6981, CVE-2024-43692, CVE-2024-8630, CVE-2024-41725, CVE-2024-45066, CVE-2024-43693, CVE-2024-8497