VARIoT latest news about IoT security

Printer bug sends researchers into uproar, affects major Linux distros \| CyberScoop Trust: 3.5 Fetched: Sept. 27, 2024, 9:24 a.m., Published: Sept. 26, 2024, 11:42 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	canonical	model:	ubuntu
vendor:	cups	model:	cups

db:

NVD

ids:

CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, CVE-2024-47177

Android Security Bulletin-August 2024 \| Android Open Source Project Related entries in the VARIoT vulnerabilities database: VAR-202408-1859, VAR-202408-2138 Trust: 4.25 Fetched: Sept. 27, 2024, 9:16 a.m., Published: Aug. 27, 2024, midnight	Vulnerabilities: code execution, information disclosure, denial of service

Affected products

External IDs

vendor:	motorola	model:	android
vendor:	motorola	model:	motorola
vendor:	google	model:	pixel
vendor:	google	model:	android
vendor:	huawei	model:	huawei
vendor:	samsung	model:	mobile
vendor:	samsung	model:	samsung
vendor:	samsung	model:	notes
vendor:	samsung	model:	note

db:

NVD

ids:

CVE-2024-23355, CVE-2024-34734, CVE-2023-21351, CVE-2024-34738, CVE-2024-20082, CVE-2024-34742, CVE-2024-23356, CVE-2024-34741, CVE-2024-34731, CVE-2024-34740, CVE-2024-23353, CVE-2024-23352, CVE-2024-2937, CVE-2024-34735, CVE-2024-31333, CVE-2024-4607, CVE-2024-34737, CVE-2024-23350, CVE-2023-20971, CVE-2024-34727, CVE-2024-34739, CVE-2024-34743, CVE-2024-21481, CVE-2024-36971, CVE-2024-23357, CVE-2024-34736

10 security bugs put fuel storage tanks at risk of attacks • The Register Trust: 4.5 Fetched: Sept. 27, 2024, 9:15 a.m., Published: -	Vulnerabilities: cross-site scripting, os command injection, authentication bypass...

Affected products

External IDs

db:

NVD

ids:

CVE-2024-43423, CVE-2024-8497, CVE-2024-41725, CVE-2024-6981, CVE-2024-43692, CVE-2024-8310, CVE-2024-45373, CVE-2024-8630, CVE-2024-45066, CVE-2024-43693

Ivanti Says ‘Critical’ Cloud Gateway Vulnerability Seeing Exploitation Trust: 3.0 Fetched: Sept. 25, 2024, 10:04 a.m., Published: Sept. 19, 2024, 5:29 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2024-8190, CVE-2024-8963

Indian Govt Issues High Risk Alert For Apple iPhone, iPad And Mac Users: Update Your Devices Immediately \| Times Now Trust: 4.75 Fetched: Sept. 25, 2024, 10:04 a.m., Published: Sept. 2, 2024, midnight	Vulnerabilities: information disclosure, cross-site scripting, privilege escalation

Affected products

External IDs

vendor:	apple	model:	ipad
vendor:	apple	model:	iphone
vendor:	apple	model:	watchos
vendor:	apple	model:	safari
vendor:	apple	model:	macos
vendor:	apple	model:	tvos

System BIOS komputerów Dell Inspiron 15 3511 i Vostro 15 3510 \| Szczegóły sterownika \| Dell Polska Trust: 3.25 Fetched: Sept. 25, 2024, 10:04 a.m., Published: Sept. 10, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

dell

model:

bios

Alienware x14 R2/x16 R1 System BIOS \| Szczegóły sterownika \| Dell Polska Trust: 3.25 Fetched: Sept. 25, 2024, 10:03 a.m., Published: Sept. 12, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

dell

model:

bios

Pentester Guide: Weak or Default Credentials \| Cobalt Trust: 5.25 Fetched: Sept. 25, 2024, 10:02 a.m., Published: -	Vulnerabilities: default password, default credentials

Affected products

External IDs

vendor:	google	model:	home
vendor:	sonicwall	model:	remote access

Are Indian iPhone Users at Risk? Detailed Outlook Trust: 3.0 Fetched: Sept. 25, 2024, 10:01 a.m., Published: Sept. 19, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	iphone
vendor:	apple	model:	safari
vendor:	apple	model:	watchos
vendor:	apple	model:	macos
vendor:	apple	model:	tvos

Direct Memory Access (DMA) attacks. Risks, techniques, and mitigations in hardware hacking \| Pen Test Partners Related entries in the VARIoT vulnerabilities database: VAR-201704-0340 Trust: 4.25 Fetched: Sept. 25, 2024, 10 a.m., Published: Sept. 23, 2020, midnight	Vulnerabilities: code execution, code injection

Affected products

External IDs

vendor:	dell	model:	bios
vendor:	dell	model:	optiplex

db:

NVD

ids:

CVE-2016-7585

PKfail security flaw is far more extensive than initially thought \| TechSpot Trust: 3.75 Fetched: Sept. 25, 2024, 9:55 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:

lenovo

model:

system

db:

NVD

ids:

CVE-2024-8105

BitSight discloses zero-day vulnerabilities in ATG systems, posing major threat to critical infrastructure - Industrial Cyber Trust: 4.25 Fetched: Sept. 25, 2024, 9:54 a.m., Published: Sept. 25, 2024, 7:16 a.m.	Vulnerabilities: sql injection, path traversal

Affected products

External IDs

vendor:	schneider electric	model:	monitor
vendor:	trend	model:	security
vendor:	schneider	model:	monitor

Critical Microchip Vulnerability In Advanced Software Framework Trust: 3.75 Fetched: Sept. 25, 2024, 9:53 a.m., Published: Sept. 25, 2024, 8:16 a.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2024-7490

Security and Privacy Protection of Internet of Things Devices in 6G Networks \| International Journal of System Assurance Engineering and Management Trust: 3.5 Fetched: Sept. 25, 2024, 9:52 a.m., Published: Sept. 24, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

home

Critical CVE-2024-7490 Microchip ASF IOT Vulnerability Trust: 3.5 Fetched: Sept. 25, 2024, 9:52 a.m., Published: Sept. 23, 2024, 1:21 p.m.	Vulnerabilities: code execution, buffer overflow

Affected products

External IDs

db:

NVD

ids:

CVE-2024-7490

Exploitation of RAISECOM Gateway Devices Vulnerability CVE-2024-7120 - SANS Internet Storm Center Trust: 4.75 Fetched: Sept. 25, 2024, 9:51 a.m., Published: April 9, 2024, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	tplink	model:	gateway
vendor:	tplink	model:	routers

db:

NVD

ids:

CVE-2024-7120

Exploding pagers and walkie-talkies are a reminder of how easily your devices can be hacked - here’s how to make sure they are safe Trust: 3.75 Fetched: Sept. 25, 2024, 9:51 a.m., Published: Sept. 24, 2024, 6:32 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

huawei

model:

huawei

A sotware for a networking device is written \| StudyX Trust: 4.0 Fetched: Sept. 25, 2024, 9:50 a.m., Published: Sept. 1, 2024, midnight	Vulnerabilities: buffer overflow

Affected products	External IDs

Apple iOS 17.2.1 Screen Time Passcode Retrieval / Mitigation Bypass Trust: 3.25 Fetched: Sept. 25, 2024, 9:49 a.m., Published: Feb. 17, 2001, midnight	Vulnerabilities: brute force attack, privilege escalation

Affected products

External IDs

vendor:	apple	model:	watch
vendor:	apple	model:	icloud

Intercepting Impact: 2024 Trend Micro Cyber Risk Report \| Trend Micro (ES) Trust: 4.0 Fetched: Sept. 25, 2024, 9:48 a.m., Published: Sept. 25, 2024, midnight	Vulnerabilities: buffer overflow

Affected products

External IDs

db:

NVD

ids:

CVE-2024-30051, CVE-2023-30040, CVE-2023-6345, CVE-2023-4762, CVE-2023-4863, CVE-2024-26169

VARIoT news about IoT security