VARIoT latest news about IoT security

Critical SonicWall SonicOS vulnerability fixed \| SC Media Trust: 5.5 Fetched: Aug. 28, 2024, 9:22 a.m., Published: June 11, 2024, 5 p.m.	Vulnerabilities: improper access control, access control vulnerability

Affected products

External IDs

vendor:	sonicwall	model:	switch
vendor:	sonicwall	model:	sonicos

db:

NVD

ids:

CVE-2024-40766

Product Notice: Improper Access Control Vulnerability in SonicOS \| SonicWall Trust: 3.75 Fetched: Aug. 28, 2024, 9:22 a.m., Published: -	Vulnerabilities: improper access control, access control vulnerability

Affected products

External IDs

vendor:	sonicwall	model:	sonicos
vendor:	sonicwall	model:	soho

Intel® Active Management Technology (Intel® AMT) and... Trust: 3.0 Fetched: Aug. 27, 2024, 9:25 a.m., Published: July 28, 2020, 5:04 p.m.	Vulnerabilities: information disclosure, denial of service

Affected products	External IDs

Protecting Kaspersky Endpoint Security for Android against removal Trust: 3.0 Fetched: Aug. 27, 2024, 9:23 a.m., Published: April 27, 2019, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	samsung	model:	samsung
vendor:	samsung	model:	mobile

The Facts Behind Smart Home Hacking (and How to Stop Worrying) - CNET Trust: 3.25 Fetched: Aug. 27, 2024, 9:10 a.m., Published: May 27, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	huawei	model:	huawei
vendor:	dahua	model:	camera
vendor:	tp-link	model:	routers

Update now! Google Pixel vulnerability is under active exploitation \| Malwarebytes Trust: 3.75 Fetched: Aug. 27, 2024, 9:07 a.m., Published: June 13, 2024, 1:33 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	pixel

db:

NVD

ids:

CVE-2024-32896

Kaspersky finds 24 vulnerabilities in Chinese biometric access systems Trust: 3.75 Fetched: Aug. 27, 2024, 9:06 a.m., Published: June 11, 2024, 11 a.m.	Vulnerabilities: sql injection

Affected products

External IDs

db:

NVD

ids:

CVE-2023-3942, CVE-2023-3940, CVE-2023-3939, CVE-2023-3938, CVE-2023-3943, CVE-2023-3941

Bugs in Microsoft macOS apps open door to camera, mic access • The Register Trust: 3.75 Fetched: Aug. 25, 2024, 10:01 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

macos

db:

NVD

ids:

CVE-2024-41145, CVE-2024-42220, CVE-2024-41138, CVE-2024-39804, CVE-2024-43106, CVE-2024-42004, CVE-2024-41159, CVE-2024-41165

Google Pixel Vulnerability: Millions of Devices at Risk Since 2017 Trust: 3.5 Fetched: Aug. 25, 2024, 9:58 a.m., Published: Aug. 16, 2024, 11 a.m.	Vulnerabilities: code injection

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	pixel

Navigating Cybersecurity Risks in the Healthcare Industry Trust: 3.75 Fetched: Aug. 25, 2024, 9:58 a.m., Published: May 25, 2024, midnight	Vulnerabilities: denial of service

Affected products	External IDs

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution Trust: 5.0 Fetched: Aug. 25, 2024, 9:56 a.m., Published: Aug. 7, 2024, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	google	model:	chrome
vendor:	google	model:	google chrome

China-Linked APT Group Velvet Ant Exploits Cisco Zero-Day (CVE-2024-20399) Vulnerability Trust: 3.75 Fetched: Aug. 25, 2024, 9:55 a.m., Published: Aug. 23, 2024, 4:37 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	mds 9000
vendor:	cisco	model:	series switches
vendor:	cisco	model:	nx-os software
vendor:	cisco	model:	mds 9000 series
vendor:	cisco	model:	nx-os
vendor:	cisco	model:	series

db:

NVD

ids:

CVE-2024-20399

Sensors \| Free Full-Text \| Security Evaluation of Companion Android Applications in IoT: The Case of Smart Security Devices Trust: 4.5 Fetched: Aug. 25, 2024, 9:54 a.m., Published: Jan. 25, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	home
vendor:	google	model:	android
vendor:	samsung	model:	samsung
vendor:	samsung	model:	mobile
vendor:	samsung	model:	note

db:

NVD

ids:

CVE-2010-3492

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities Trust: 5.0 Fetched: Aug. 25, 2024, 9:52 a.m., Published: Aug. 7, 2024, 3:55 p.m.	Vulnerabilities: cross-site scripting

Affected products

External IDs

vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	cisco identity services engine

Android Vulnerability Impacting Millions of Pixel Devices Worldwide Trust: 4.25 Fetched: Aug. 25, 2024, 9:47 a.m., Published: Aug. 16, 2024, 9:45 a.m.	Vulnerabilities: code execution, code injection

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	pixel
vendor:	essential	model:	phone

Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability - Cisco Trust: 5.0 Fetched: Aug. 25, 2024, 9:46 a.m., Published: Aug. 21, 2024, 11:55 a.m.	Vulnerabilities: information disclosure

Affected products

External IDs

vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	cisco identity services engine

Electronics \| Free Full-Text \| The Vulnerability Relationship Prediction Research for Network Risk Assessment Related entries in the VARIoT vulnerabilities database: VAR-202202-0325, VAR-202202-0322, VAR-201605-0077 Trust: 4.5 Fetched: Aug. 25, 2024, 9:44 a.m., Published: Jan. 25, 2024, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	cisco	model:	accesspath
vendor:	cisco	model:	rv340
vendor:	cisco	model:	series

db:

NVD

ids:

CVE-2022-20705, CVE-2019-2729, CVE-2022-20707, CVE-2019-2887, CVE-2016-2107, CVE-2020-1745

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549 Related entries in the VARIoT vulnerabilities database: VAR-202401-2573, VAR-202401-1629 Trust: 6.0 Fetched: Aug. 25, 2024, 9:42 a.m., Published: -	Vulnerabilities: code execution

Affected products

External IDs

vendor:	citrix	model:	netscaler gateway
vendor:	citrix	model:	gateway
vendor:	citrix	model:	netscaler
vendor:	citrix	model:	netscaler adc

db:

NVD

ids:

CVE-2023-6548, CVE-2023-6549

Vulnerabilities Affecting the AiLux RTU62351B Trust: 3.75 Fetched: Aug. 25, 2024, 9:42 a.m., Published: June 11, 2024, midnight	Vulnerabilities: cross-site scripting, request forgery, buffer overflow...

Affected products

External IDs

db:

NVD

ids:

CVE-2023-45600, CVE-2023-45597, CVE-2023-5457, CVE-2023-45598, CVE-2023-45595, CVE-2023-45599, CVE-2023-45596, CVE-2023-45591, CVE-2023-5456, CVE-2023-45592, CVE-2023-45594, CVE-2023-45593

China-Nexus Threat Group ‘Velvet Ant’ Exploits Zero-Day on Cisco Nexus Switches Trust: 4.5 Fetched: Aug. 25, 2024, 9:34 a.m., Published: Aug. 22, 2024, 3:02 p.m.	Vulnerabilities: command injection

Affected products

External IDs

vendor:	cisco	model:	series switches
vendor:	cisco	model:	nexus
vendor:	cisco	model:	cisco nx-os
vendor:	cisco	model:	nx-os
vendor:	cisco	model:	series
vendor:	cisco	model:	nx-os software

db:

NVD

ids:

CVE-2024-20399

VARIoT news about IoT security