Sign-up

VARIoT news about IoT security

CVE-2024-21741 - GigaDevice GD32E103C8T6 Vulnerability: Incomplete Device File Access Protection

Trust: 3.0

Fetched: July 31, 2024, 9:11 a.m., Published: June 25, 2024, 9:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-21741

IoT Security: A Call to Action for Improved Vulnerability Disclosure

Trust: 4.5

Fetched: July 31, 2024, 9:10 a.m., Published: July 10, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: huawei model: huawei

CVE-2023-3939 - Multiple command injection in ZkTeco-based OEM devices - SecAlerts

Trust: 4.75

Fetched: July 31, 2024, 9:10 a.m., Published: May 21, 2024, midnight
 Vulnerabilities: os command injection, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2023-3939

iommu: Return right value in iommu_sva_bind_device() (CVE-2024-40945) | SecurityVulnerability.io - SecuirtyVulnerability.io

Trust: 5.0

Fetched: July 31, 2024, 9:09 a.m., Published: July 31, 2024, midnight
 Vulnerabilities: pointer dereference issue
Affected productsExternal IDs
db: NVD ids: CVE-2024-40945

Understanding the CVE-2024-7205 Vulnerability in eWeLink

Trust: 3.75

Fetched: July 31, 2024, 9:08 a.m., Published: July 31, 2024, 8:36 a.m.
 Vulnerabilities: information leakage
Affected productsExternal IDs
db: NVD ids: CVE-2024-7205

Threat actors exploited Windows 0-day for more than a year before Microsoft fixed it | Ars Technica

Trust: 4.75

Fetched: July 31, 2024, 9:08 a.m., Published: July 10, 2024, 9:44 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: check point model: check point

Microsoft fixes zero-day vulnerability in Internet Explorer abused by cyber-criminals for over a year | TechSpot

Trust: 5.0

Fetched: July 30, 2024, 9:28 a.m., Published: July 6, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: check point model: check point
db: NVD ids: CVE-2024-38112

CVE-2024-41085 - cxl/mem: Fix no cxl_nvd during pmem region auto-assembling - SecAlerts

Trust: 3.0

Fetched: July 30, 2024, 9:27 a.m., Published: July 29, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-41085

CVE-2024-42127 - drm/lima: fix shared irq handling on driver remove - SecAlerts

Trust: 3.0

Fetched: July 30, 2024, 9:26 a.m., Published: July 30, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-42127

CVE-2024-41637: Critical Vulnerability in RaspAP Exposes Raspberry Pi to Complete Control

Trust: 3.25

Fetched: July 30, 2024, 9:26 a.m., Published: July 29, 2024, 7:17 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-41637

Malware Attacks Surge 30% in First Half of 2024 - Infosecurity Magazine

Related entries in the VARIoT vulnerabilities database: VAR-202303-1268

Trust: 5.25

Fetched: July 30, 2024, 9:24 a.m., Published: July 25, 2024, 10:15 a.m.
 Vulnerabilities: denial of service, command injection
Affected productsExternal IDs
vendor: tp-link model: routers
vendor: sonicwall model: soho
db: NVD ids: CVE-2023-1389

Photon OS 3.0: Device PHSA-2022-3.0-0476 - vulnerability database | Vulners.com

Trust: 3.0

Fetched: July 30, 2024, 9:23 a.m., Published: July 24, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-41973, CVE-2022-41974

New Specula Tool Turns Microsoft Outlook into C2 Beacon for Remote Code Execution | Black Hat Ethical Hacking

Trust: 3.25

Fetched: July 30, 2024, 9:21 a.m., Published: July 30, 2024, 8:47 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

Dahua Security Cameras Unauthorized device timestamp modific... - vulnerability database | Vulners.com

Trust: 3.5

Fetched: July 30, 2024, 9:16 a.m., Published: July 29, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dahua security model: sd5a_firmware
vendor: dahuasecurity model: sd5a_firmware
vendor: dahua model: sd5a_firmware
db: NVD ids: CVE-2022-30564

CVE-2024-40818 - Apple Siri Sensitive Data Disclosure Vulnerability

Trust: 3.75

Fetched: July 30, 2024, 9:15 a.m., Published: July 29, 2024, 11:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: watchos
vendor: apple model: macos
db: NVD ids: CVE-2024-40818

Local Attackers Can Access Device Identifier via Improper Access Control Prior to SMR Jul-2024 Release 1 (CVE-2024-34583) | SecurityVulnerability.io - SecuirtyVulnerability.io

Trust: 3.25

Fetched: July 30, 2024, 9:15 a.m., Published: July 30, 2024, midnight
 Vulnerabilities: improper access control
Affected productsExternal IDs
db: NVD ids: CVE-2024-34583

Virtual Reality and Augmented Reality Security: A Reconnaissance and Vulnerability Assessment Approach

Trust: 4.25

Fetched: July 30, 2024, 9:14 a.m., Published: May 30, 2024, midnight
 Vulnerabilities: denial of service, data injection, cross-site scripting...
Affected productsExternal IDs
vendor: node.js model: node.js
vendor: jquery model: jquery
vendor: wireshark model: wireshark
vendor: google model: android
vendor: google model: home
vendor: google model: nexus
db: NVD ids: CVE-2018-19111

CVE-2024-42092 - "Synopsys Davinci Linux Kernel Out-of-Bounds IRQ Access Vulnerability"

Trust: 3.0

Fetched: July 30, 2024, 9:13 a.m., Published: July 29, 2024, 6:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-42092

Dahua Security Cameras Stack-based Buffer Overflow (CVE-2019... - vulnerability database | Vulners.com

Trust: 5.5

Fetched: July 30, 2024, 9:12 a.m., Published: July 29, 2024, midnight
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: dahua security model: camera
vendor: dahua security model: ipc-hdw1xxx
vendor: dahua security model: ipc-hfw2xxx
vendor: dahua security model: ipc-hfw1xxx
vendor: dahua security model: ip camera
vendor: dahua model: camera
vendor: dahua model: ipc-hdw1xxx
vendor: dahua model: ipc-hfw2xxx
vendor: dahua model: ipc-hfw1xxx
vendor: dahua model: ip camera

CVE-2024-41024 - Linux Kernel fastrpc Privilege Escalation Vulnerability

Trust: 4.0

Fetched: July 30, 2024, 9:12 a.m., Published: July 29, 2024, 3:15 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2024-41024