Sign-up

VARIoT news about IoT security

Secure Boot is completely broken on 200+ models from 5 big device makers | Ars Technica

Trust: 3.0

Fetched: Oct. 2, 2024, 10:45 a.m., Published: July 25, 2024, 6 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: bios

Android Developers Blog: Making security easy: How we are helping you fix vulnerabilities in your Android apps

Trust: 3.75

Fetched: Oct. 2, 2024, 10:44 a.m., Published: -
 Vulnerabilities: directory traversal
Affected productsExternal IDs
vendor: google model: android

CVE-2024-6242 - Rockwell Automation Chassis Restrictions Bypass Vulnerability in Select Logix Devices - SecAlerts

Trust: 3.0

Fetched: Oct. 2, 2024, 10:44 a.m., Published: Oct. 7, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-6242

Critical Security Bypass Vulnerability Found in Rockwell Automation ControlLogix 1756 Devices - VULNERA

Trust: 4.75

Fetched: Oct. 2, 2024, 10:43 a.m., Published: Aug. 5, 2024, 6:07 a.m.
 Vulnerabilities: security bypass
Affected productsExternal IDs
vendor: rockwell automation model: automation controllogix
vendor: rockwell automation model: controllogix controller
vendor: rockwell automation model: controllogix
vendor: rockwell model: automation controllogix
vendor: rockwell model: controllogix controller
vendor: rockwell model: controllogix
db: NVD ids: CVE-2024-6242

Cisco Smart Software Manager Flaw let Attackers Change Any User Passwords

Trust: 3.0

Fetched: Oct. 2, 2024, 10:42 a.m., Published: July 18, 2024, 3:45 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-20419

RomPager - Evaluation of Security Vulnerability - VU#561444 Expanded info on CVE-2014-9222, CVE-2014 | Digi International

Related entries in the VARIoT vulnerabilities database: VAR-201412-0434

Trust: 4.5

Fetched: Oct. 2, 2024, 10:40 a.m., Published: Oct. 2, 2014, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: digi model: anywhereusb
vendor: digi international model: anywhereusb
db: NVD ids: CVE-2014-9223, CVE-2014-9222

Potential Vulnerability: Access to Devices on Network via Teams - Microsoft Community Hub

Trust: 3.25

Fetched: Oct. 2, 2024, 10:39 a.m., Published: Aug. 26, 2024, 11:41 p.m.
 Vulnerabilities: -
Affected productsExternal IDs

CVE-2024-38112: Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks | Trend Micro (US)

Trust: 4.5

Fetched: Oct. 2, 2024, 10:37 a.m., Published: July 15, 2024, midnight
 Vulnerabilities: script execution, privilege escalation, file execution...
Affected productsExternal IDs
vendor: trend model: deep security
vendor: trend model: security
vendor: trend micro model: deep security
vendor: trend micro model: security
db: NVD ids: CVE-2024-38112

Linux Kernel - Security Vulnerabilities in 2024

Trust: 4.25

Fetched: Oct. 2, 2024, 10:33 a.m., Published: Oct. 2, 2024, midnight
 Vulnerabilities: kernel crash, pointer dereference issue, kernel panic...
Affected productsExternal IDs
vendor: rockchip model: rockchip
vendor: rockchip model: kernel
db: NVD ids: CVE-2024-46775, CVE-2024-46853, CVE-2024-46767, CVE-2024-46772, CVE-2024-46829, CVE-2024-46807, CVE-2024-46844, CVE-2024-46858, CVE-2024-46813, CVE-2024-46849, CVE-2024-46773, CVE-2024-46814, CVE-2024-46840, CVE-2024-46867, CVE-2024-46847, CVE-2024-46815, CVE-2024-46843, CVE-2024-46836, CVE-2024-46736, CVE-2024-46837, CVE-2024-46810, CVE-2024-46769, CVE-2024-46761, CVE-2024-46861, CVE-2024-46868, CVE-2024-46768, CVE-2024-46818, CVE-2024-46806, CVE-2024-46771, CVE-2024-46850, CVE-2024-46833, CVE-2024-46869, CVE-2024-46803, CVE-2024-46762, CVE-2024-46811, CVE-2024-46826, CVE-2024-46779, CVE-2024-46827, CVE-2024-46860, CVE-2024-46758, CVE-2024-46834, CVE-2024-46851, CVE-2024-46856, CVE-2024-46812, CVE-2024-46808, CVE-2024-46857, CVE-2024-46846, CVE-2024-46832, CVE-2024-46804, CVE-2024-46759, CVE-2024-46764, CVE-2024-46835, CVE-2024-46855, CVE-2024-46841, CVE-2024-46735, CVE-2024-46739, CVE-2022-48945, CVE-2024-46822, CVE-2024-46763, CVE-2024-46830, CVE-2024-46852, CVE-2024-46848, CVE-2024-46820, CVE-2024-46862, CVE-2024-46824, CVE-2024-46742, CVE-2024-46854, CVE-2024-46743, CVE-2024-46865, CVE-2024-46817, CVE-2024-46776, CVE-2015-3290, CVE-2024-46838, CVE-2024-46778, CVE-2024-46741, CVE-2024-46831, CVE-2024-46866, CVE-2024-46734, CVE-2024-46738, CVE-2024-46740, CVE-2024-46828, CVE-2024-46774, CVE-2024-46809, CVE-2024-46766, CVE-2024-46770, CVE-2024-46819, CVE-2024-46805, CVE-2024-46863, CVE-2024-46845, CVE-2024-46802, CVE-2024-46760, CVE-2024-46825, CVE-2024-46765, CVE-2024-46823, CVE-2024-46859, CVE-2024-46864, CVE-2024-46737, CVE-2024-46777, CVE-2024-46842, CVE-2024-46821, CVE-2024-46816

Zero-Day Vulnerability In Arcadyan WiFi Devices Allows RCE for Root Access

Trust: 4.5

Fetched: Oct. 2, 2024, 10:31 a.m., Published: Aug. 22, 2024, 9:54 a.m.
 Vulnerabilities: command injection, command execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-41992

CVE-LLM : Automatic vulnerability evaluation in medical device industry using large language models

Trust: 3.5

Fetched: Oct. 2, 2024, 10:29 a.m., Published: Oct. 1, 2024, midnight
 Vulnerabilities: cross-site scripting, authentication bypass, sql injection...
Affected productsExternal IDs
db: NVD ids: CVE-2022-12345

27 Best Free Network IP Scanning Tools for 2024 - PrivacySavvy

Trust: 4.25

Fetched: Oct. 2, 2024, 10:27 a.m., Published: Aug. 23, 2024, 2:17 p.m.
 Vulnerabilities: sql injection
Affected productsExternal IDs
vendor: snort model: snort
vendor: cisco model: routers
vendor: wireshark model: wireshark
vendor: essential model: phone

NSA, FBI warn of PRC-linked cyber hackers compromising routers, IoT devices for botnet operations - Industrial Cyber

Trust: 3.75

Fetched: Oct. 2, 2024, 10:26 a.m., Published: Sept. 19, 2024, 12:14 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs

Modules 13 - 17: Threats and Attacks Group Exam (Answers)

Trust: 5.25

Fetched: Oct. 2, 2024, 10:24 a.m., Published: Aug. 31, 2024, 3:55 a.m.
 Vulnerabilities: cross-site scripting, resource exhaustion, session hijacking...
Affected productsExternal IDs
vendor: cisco model: cisco ios
vendor: cisco model: router

CISA Warns of Hackers Exploiting Legacy Cisco Smart Install Feature

Trust: 5.75

Fetched: Oct. 2, 2024, 10:24 a.m., Published: Aug. 9, 2024, 5:41 a.m.
 Vulnerabilities: buffer overflow, weak password
Affected productsExternal IDs
vendor: cisco model: series ip phones
vendor: cisco model: small business
vendor: cisco model: small business spa300 series
vendor: cisco model: series
vendor: cisco model: spa300
vendor: cisco model: ip phones
vendor: cisco model: spa500 series ip phones
vendor: cisco model: spa500
db: NVD ids: CVE-2024-20419, CVE-2024-20450, CVE-2024-20452, CVE-2024-20454

Top 15 Cybersecurity Trends in 2024 to Secure Data

Trust: 5.5

Fetched: Oct. 2, 2024, 10:22 a.m., Published: July 4, 2024, 6 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: trend model: antivirus
vendor: trend model: security
vendor: tesla model: model

Nearly All Google Pixel Phones Exposed by Unpatched Flaw in Hidden Android App | WIRED

Trust: 3.75

Fetched: Oct. 2, 2024, 10:21 a.m., Published: Aug. 15, 2024, 1 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android

CISA and FBI Release Secure by Design Alert on Eliminating OS Command Injection Vulnerabilities | CISA

Trust: 4.0

Fetched: Oct. 2, 2024, 10:21 a.m., Published: Oct. 2, 2023, midnight
 Vulnerabilities: os command injection, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-20399, CVE-2024-3400, CVE-2024-21887

CERT-EU - RADIUS Vulnerability Impacts Cisco Products

Trust: 3.0

Fetched: Oct. 2, 2024, 10:20 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-3596

Configure Microsoft Defender for Endpoint on iOS features - Microsoft Defender for Endpoint | Microsoft Learn

Trust: 3.0

Fetched: Oct. 2, 2024, 10:13 a.m., Published: Aug. 29, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: ipad