VARIoT latest news about IoT security

Local Attackers Can Access Device Identifier via Improper Access Control Prior to SMR Jul-2024 Release 1 (CVE-2024-34583) \| SecurityVulnerability.io - SecuirtyVulnerability.io Trust: 3.25 Fetched: July 30, 2024, 9:15 a.m., Published: July 30, 2024, midnight	Vulnerabilities: improper access control

Affected products

External IDs

db:

NVD

ids:

CVE-2024-34583

Virtual Reality and Augmented Reality Security: A Reconnaissance and Vulnerability Assessment Approach Trust: 4.25 Fetched: July 30, 2024, 9:14 a.m., Published: May 30, 2024, midnight	Vulnerabilities: denial of service, data injection, cross-site scripting...

Affected products

External IDs

vendor:	node.js	model:	node.js
vendor:	jquery	model:	jquery
vendor:	wireshark	model:	wireshark
vendor:	google	model:	android
vendor:	google	model:	home
vendor:	google	model:	nexus

db:

NVD

ids:

CVE-2018-19111

CVE-2024-42092 - "Synopsys Davinci Linux Kernel Out-of-Bounds IRQ Access Vulnerability" Trust: 3.0 Fetched: July 30, 2024, 9:13 a.m., Published: July 29, 2024, 6:15 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2024-42092

Dahua Security Cameras Stack-based Buffer Overflow (CVE-2019... - vulnerability database \| Vulners.com Trust: 5.5 Fetched: July 30, 2024, 9:12 a.m., Published: July 29, 2024, midnight	Vulnerabilities: buffer overflow, code execution

Affected products

External IDs

vendor:	dahua security	model:	camera
vendor:	dahua security	model:	ipc-hdw1xxx
vendor:	dahua security	model:	ipc-hfw2xxx
vendor:	dahua security	model:	ipc-hfw1xxx
vendor:	dahua security	model:	ip camera
vendor:	dahua	model:	camera
vendor:	dahua	model:	ipc-hdw1xxx
vendor:	dahua	model:	ipc-hfw2xxx
vendor:	dahua	model:	ipc-hfw1xxx
vendor:	dahua	model:	ip camera

CVE-2024-41024 - Linux Kernel fastrpc Privilege Escalation Vulnerability Trust: 4.0 Fetched: July 30, 2024, 9:12 a.m., Published: July 29, 2024, 3:15 p.m.	Vulnerabilities: privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2024-41024

CVE-2024-41024 - vulnerability database \| Vulners.com Trust: 3.25 Fetched: July 30, 2024, 9:12 a.m., Published: July 29, 2024, 3:15 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2024-41024

CVE-2024-42074 - "AMD ACP Null Pointer Dereference Vulnerability" Trust: 4.0 Fetched: July 30, 2024, 9:12 a.m., Published: July 29, 2024, 4:15 p.m.	Vulnerabilities: pointer dereference vulnerability

Affected products

External IDs

db:

NVD

ids:

CVE-2024-42074

Massive ‘PKFail’ Secure Boot Bypass Threatens Millions of Devices - VULNERA Related entries in the VARIoT vulnerabilities database: VAR-201609-0149 Trust: 3.75 Fetched: July 30, 2024, 9:11 a.m., Published: July 26, 2024, 9:08 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	asus	model:	asus
vendor:	lenovo	model:	updates

db:

NVD

ids:

CVE-2016-5247

Moderate: linux-firmware security update Trust: 3.25 Fetched: July 30, 2024, 9:11 a.m., Published: July 9, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2023-31346

Google warns Samsung Galaxy phone owners about unpatched vulnerability - PhoneArena Trust: 4.75 Fetched: July 30, 2024, 9:11 a.m., Published: July 16, 2024, midnight	Vulnerabilities: privilege escalation

Affected products

External IDs

vendor:	google	model:	android
vendor:	google	model:	pixel
vendor:	samsung	model:	samsung galaxy
vendor:	samsung	model:	galaxy

db:

NVD

ids:

CVE-2024-31320, CVE-2024-32896

Could Your Device Be One of the 500 Devices Affected by Major Secure Boot Vulnerability? - PUPUWEB Trust: 3.0 Fetched: July 30, 2024, 9:10 a.m., Published: July 30, 2024, 7:25 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

dell

model:

bios

Secure Boot rendered useless, over 200 PC models from different makers are affected \| TechSpot Trust: 3.0 Fetched: July 30, 2024, 9:10 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:

dell

model:

bios

Security Profile: Vulnerability Protection Trust: 3.25 Fetched: July 30, 2024, 9:08 a.m., Published: July 29, 2024, midnight	Vulnerabilities: sql injection, command injection

Affected products

External IDs

vendor:	palo alto networks	model:	firewall
vendor:	palo alto networks	model:	networks
vendor:	palo	model:	firewall
vendor:	palo	model:	networks

Threat Response - Check Point Security Gateway Information Disclosure vulnerability Trust: 4.25 Fetched: July 30, 2024, 9:07 a.m., Published: May 28, 2024, midnight	Vulnerabilities: information disclosure, privilege escalation

Affected products

External IDs

vendor:	check point	model:	gaia os
vendor:	check point	model:	gaia
vendor:	check point	model:	security gateway
vendor:	check point	model:	check point

db:

NVD

ids:

CVE-2024-24919

CISA, FBI warn: Act now on network device vulnerabilities. \| Cyber Security Peek Trust: 3.75 Fetched: July 28, 2024, 10:28 a.m., Published: July 11, 2024, 10:10 p.m.	Vulnerabilities: command injection, os command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2024-21887, CVE-2024-3400, CVE-2024-20399

Critical Cisco bug allows crims to change admin passwords • The Register Trust: 3.0 Fetched: July 28, 2024, 10:28 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2024-20419, CVE-2024-20401

CMC \| Free Full-Text \| Privacy-Preserving Information Fusion Technique for Device to Server-Enabled Communication in the Internet of Things: A Hybrid Approach Trust: 4.5 Fetched: July 28, 2024, 10:19 a.m., Published: July 18, 2024, midnight	Vulnerabilities: server impersonation

Affected products

External IDs

vendor:

google

model:

home

Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server (regreSSHion): July 2024 Trust: 3.75 Fetched: July 28, 2024, 10:11 a.m., Published: July 26, 2024, 6:19 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	cisco	model:	unified communications
vendor:	cisco	model:	meeting server
vendor:	cisco	model:	catalyst 9100
vendor:	cisco	model:	asr 5000
vendor:	cisco	model:	packet data network gateway
vendor:	cisco	model:	firepower threat defense
vendor:	cisco	model:	telepresence video communication server
vendor:	cisco	model:	access points
vendor:	cisco	model:	cisco meeting server
vendor:	cisco	model:	aironet 1540
vendor:	cisco	model:	unity connection
vendor:	cisco	model:	telepresence
vendor:	cisco	model:	unified communications manager session management edition
vendor:	cisco	model:	nexus 3000
vendor:	cisco	model:	application policy infrastructure controller
vendor:	cisco	model:	expressway series
vendor:	cisco	model:	emergency responder
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	aironet 1560
vendor:	cisco	model:	prime collaboration
vendor:	cisco	model:	network convergence system
vendor:	cisco	model:	series
vendor:	cisco	model:	nx-os
vendor:	cisco	model:	aironet 1560 series
vendor:	cisco	model:	series wireless controllers
vendor:	cisco	model:	connected mobile experiences
vendor:	cisco	model:	mds 9000
vendor:	cisco	model:	webex
vendor:	cisco	model:	firepower
vendor:	cisco	model:	aironet 1540 series
vendor:	cisco	model:	catalyst 9100 series
vendor:	cisco	model:	catalyst iw6300
vendor:	cisco	model:	meeting
vendor:	cisco	model:	nexus
vendor:	cisco	model:	prime infrastructure
vendor:	cisco	model:	roomos
vendor:	cisco	model:	ucs manager
vendor:	cisco	model:	mds 9000 series
vendor:	cisco	model:	series routers
vendor:	cisco	model:	common services platform collector
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	fxos
vendor:	cisco	model:	series switches
vendor:	cisco	model:	integrated management controller
vendor:	cisco	model:	aironet
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	prime collaboration deployment
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	application services engine
vendor:	cisco	model:	identity services engine
vendor:	cisco	model:	nexus 9000
vendor:	cisco	model:	catalyst 9800
vendor:	cisco	model:	unity
vendor:	cisco	model:	routers
vendor:	cisco	model:	unified communications manager
vendor:	cisco	model:	cisco meeting
vendor:	cisco	model:	evolved programmable network manager
vendor:	cisco	model:	expressway
vendor:	cisco	model:	ucs director
vendor:	cisco	model:	ucs c-series rack servers
vendor:	cisco	model:	firepower management center
vendor:	cisco	model:	nexus 9000 series

Enabling Safe IoT Devices with Mobile App Security \| Guardsquare Trust: 3.5 Fetched: July 28, 2024, 10:11 a.m., Published: July 29, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

trend

model:

security

Photon OS 4.0: Device PHSA-2022-4.0-0269 - vulnerability database \| Vulners.com Trust: 3.0 Fetched: July 28, 2024, 10:10 a.m., Published: July 23, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2022-41973, CVE-2022-41974

VARIoT news about IoT security