VARIoT latest news about IoT security

CVE-2024-38063 - Security Update Guide - Microsoft - Windows TCP/IP Remote Code Execution Vulnerability Trust: 3.0 Fetched: Aug. 21, 2024, 9:47 a.m., Published: -	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2024-38063

CVE-2024-6242 - Rockwell Automation Chassis Restrictions Bypass Vulnerability in Select Logix Devices - SecAlerts Trust: 3.0 Fetched: Aug. 21, 2024, 9:45 a.m., Published: Aug. 7, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2024-6242

BlackHat USA 2024: NCC Group reveals vulnerabilities on Sonos devices Trust: 3.0 Fetched: Aug. 21, 2024, 9:44 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:

sonos

model:

sonos

Co to jest cyberwymuszenie? - GeeksforGeeks Trust: 3.5 Fetched: Aug. 21, 2024, 9:44 a.m., Published: May 19, 2024, 3:46 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	nokia	model:	impact
vendor:	trend	model:	security
vendor:	trend	model:	antivirus

Top 10 Ethical Hacking Projects to Sharpen Your Skills \| Jahidul Islam Trust: 3.5 Fetched: Aug. 21, 2024, 9:43 a.m., Published: July 27, 2024, midnight	Vulnerabilities: sql injection

Affected products

External IDs

vendor:	wireshark	model:	wireshark
vendor:	aircrack-ng	model:	aircrack-ng

What is vulnerability assessment in RMF? - Advanced Security Trust: 3.0 Fetched: Aug. 21, 2024, 9:42 a.m., Published: Aug. 21, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

trend

model:

security

August 2024 Patch Tuesday Highlights: 89 CVEs, 6 Zero-Day Vulnerabilities Under Exploitation - SOCRadar® Cyber Intelligence Inc. Trust: 5.5 Fetched: Aug. 21, 2024, 9:41 a.m., Published: Aug. 14, 2024, 2:47 p.m.	Vulnerabilities: denial of service, feature bypass, cross-site scripting...

Affected products

External IDs

vendor:

apple

model:

itunes

db:

NVD

ids:

CVE-2023-36025, CVE-2024-38107, CVE-2023-40547, CVE-2024-41730, CVE-2024-38213, CVE-2024-38166, CVE-2024-38178, CVE-2024-38125, CVE-2024-38144, CVE-2024-38163, CVE-2024-38140, CVE-2024-38150, CVE-2024-38196, CVE-2024-38193, CVE-2024-38141, CVE-2022-3775, CVE-2024-38109, CVE-2024-38200, CVE-2024-38159, CVE-2024-38198, CVE-2024-38199, CVE-2024-38202, CVE-2024-38189, CVE-2024-21302, CVE-2024-38206, CVE-2024-38147, CVE-2024-38148, CVE-2024-38106, CVE-2024-38063, CVE-2024-38160, CVE-2024-38133, CVE-2024-21412

Novel Knowledge Graph-Based Modeling for Vulnerability Detection in the Internet of Medical Things \| SpringerLink Trust: 3.0 Fetched: Aug. 21, 2024, 9:39 a.m., Published: Aug. 21, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

android

The biggest cyber attacks and vulnerabilities from July 2024 Trust: 4.5 Fetched: Aug. 21, 2024, 9:32 a.m., Published: July 31, 2024, 8:14 a.m.	Vulnerabilities: authentication bypass, input validation vulnerability, code execution

Affected products

External IDs

vendor:

check point

model:

check point

db:

NVD

ids:

CVE-2024-6387, CVE-2024-4879, CVE-2008-4109, CVE-2024-5217, CVE-2024-37085, CVE-2006-5051

What is Data Security \| Threats, Risks & Solutions \| Imperva Trust: 3.25 Fetched: Aug. 21, 2024, 9:29 a.m., Published: Aug. 15, 2024, 10:02 a.m.	Vulnerabilities: system crash, sql injection

Affected products

External IDs

vendor:	netapp	model:	cloud backup
vendor:	google	model:	home

Top 30 Best Penetration Testing Tools - 2024 Trust: 3.25 Fetched: Aug. 21, 2024, 9:27 a.m., Published: Aug. 17, 2024, 1:13 p.m.	Vulnerabilities: path traversal, sql injection, cross-site scripting...

Affected products

External IDs

vendor:	wireshark	model:	wireshark
vendor:	aircrack-ng	model:	aircrack-ng

PKfail Vulnerability Allows Hackers to Install UEFI Malware on Over 200 Device Models - Security Aid Trust: 3.5 Fetched: Aug. 21, 2024, 9:26 a.m., Published: July 26, 2024, 9:21 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	lenovo	model:	bios
vendor:	lenovo	model:	system
vendor:	lenovo	model:	updates
vendor:	palo alto networks	model:	networks
vendor:	palo	model:	networks
vendor:	dell	model:	bios

Challenges & Automation for Remote Vulnerability Detection Related entries in the VARIoT vulnerabilities database: VAR-201810-0569 Trust: 3.5 Fetched: Aug. 21, 2024, 9:25 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	4321
vendor:	cisco	model:	cisco ios

db:

NVD

ids:

CVE-2018-15377, CVE-2020-1234, CVE-2023-27497, CVE-2020-4321

Update now! Google Pixel vulnerability is under active exploitation \| Malwarebytes Trust: 3.75 Fetched: Aug. 21, 2024, 9:25 a.m., Published: June 13, 2024, 1:33 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	google	model:	pixel
vendor:	google	model:	android

db:

NVD

ids:

CVE-2024-32896

Cisco Vulnerability: CISA Alerts Of Smart Install Exploits - TuxCare Trust: 3.75 Fetched: Aug. 21, 2024, 9:22 a.m., Published: Aug. 19, 2024, 7 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	series ip phones
vendor:	cisco	model:	ip phones
vendor:	cisco	model:	spa500
vendor:	cisco	model:	spa300
vendor:	cisco	model:	series
vendor:	cisco	model:	spa500 series ip phones

db:

NVD

ids:

CVE-2024-20419, CVE-2024-20450, CVE-2024-20452, CVE-2024-20454

Cisco Vulnerability: CISA Alerts Of Smart Install Exploits - TuxCare Trust: 3.75 Fetched: Aug. 21, 2024, 9:15 a.m., Published: Aug. 19, 2024, 7 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	series ip phones
vendor:	cisco	model:	ip phones
vendor:	cisco	model:	spa500
vendor:	cisco	model:	spa300
vendor:	cisco	model:	series
vendor:	cisco	model:	spa500 series ip phones

db:

NVD

ids:

CVE-2024-20419, CVE-2024-20450, CVE-2024-20452, CVE-2024-20454

CVE-2024-39950: Dahua Device Initialization Overwrite Vulnerability - DEC Solutions Group Trust: 3.0 Fetched: Aug. 21, 2024, 9:14 a.m., Published: July 31, 2024, 4:35 a.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2024-39950

How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions Trust: 3.5 Fetched: Aug. 21, 2024, 9:11 a.m., Published: Aug. 19, 2024, 10 a.m.	Vulnerabilities: code injection

Affected products

External IDs

vendor:	apple	model:	macos
vendor:	cisco	model:	webex
vendor:	cisco	model:	spark
vendor:	cisco	model:	webex productivity tools
vendor:	cisco	model:	jabber
vendor:	cisco	model:	cisco webex
vendor:	cisco	model:	cisco webex meetings
vendor:	cisco	model:	webex meetings
vendor:	cisco	model:	guard
vendor:	cisco	model:	series

CISA Adds One Known Exploited Vulnerability to Catalog \| CISA Trust: 3.0 Fetched: Aug. 21, 2024, 9:08 a.m., Published: Aug. 21, 2023, midnight	Vulnerabilities: path traversal

Affected products

External IDs

db:

NVD

ids:

CVE-2024-23897

Resecurity \| CVE-2024-4879 and CVE-2024-5217 (ServiceNow RCE) Exploitation in a Global Reconnaissance Campaign Trust: 4.75 Fetched: Aug. 16, 2024, 10:45 a.m., Published: July 24, 2024, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:

symantec

model:

antivirus

db:

NVD

ids:

CVE-2024-5217, CVE-2024-5178, CVE-2024-4879

VARIoT news about IoT security