VARIoT latest news about IoT security

Response to vulnerabilities in Toshiba Tec's digital multi-function peripherals Trust: 3.5 Fetched: June 19, 2024, 9:27 a.m., Published: -	Vulnerabilities: command injection, authentication bypass, default credentials...

Affected products

External IDs

db:

NVD

ids:

CVE-2024-27171, CVE-2024-27176, CVE-2024-27164, CVE-2024-27179, CVE-2024-27173, CVE-2024-27165, CVE-2024-27141, CVE-2024-27151, CVE-2024-27162, CVE-2024-27152, CVE-2024-27156, CVE-2024-27169, CVE-2024-27153, CVE-2024-27154, CVE-2024-27168, CVE-2024-27178, CVE-2024-3496, CVE-2024-3497, CVE-2024-27146, CVE-2024-27174, CVE-2024-27157, CVE-2024-27155, CVE-2024-27167, CVE-2024-27175, CVE-2024-27160, CVE-2024-27147, CVE-2024-27170, CVE-2024-27148, CVE-2024-27143, CVE-2024-27163, CVE-2024-27142, CVE-2024-27158, CVE-2024-27172, CVE-2024-27150, CVE-2024-27180, CVE-2024-3498, CVE-2024-27166, CVE-2024-27159, CVE-2024-27144, CVE-2024-7145, CVE-2024-27161, CVE-2024-27149

Taiwan IT Authority Report Telnet Backdoor Vulnerability in D-Link Routers Trust: 3.0 Fetched: June 19, 2024, 9:27 a.m., Published: June 19, 2024, 6:28 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

d-link

model:

router

Android and Google Devices Security Reward Program Rules - Rules - About - Google Bug Hunters Trust: 4.5 Fetched: June 19, 2024, 9:26 a.m., Published: -	Vulnerabilities: code execution

Affected products

External IDs

vendor:	nest	model:	nest cam
vendor:	nest	model:	learning thermostat
vendor:	google	model:	android
vendor:	google	model:	wifi
vendor:	google	model:	chromecast
vendor:	google	model:	pixel

OWASP Mobile Top 10 2024 Vulnerabilities \| Indusface Blog Trust: 3.5 Fetched: June 19, 2024, 9:13 a.m., Published: June 5, 2024, 5:03 a.m.	Vulnerabilities: cross-site scripting, command injection, sql injection

Affected products

External IDs

vendor:

essential

model:

phone

CVE-2023-52424: New WiFi Flaw Leaves All Devices Vulnerable to 'SSID Confusion' Attacks Trust: 4.75 Fetched: June 19, 2024, 9:12 a.m., Published: May 15, 2024, 2:56 a.m.	Vulnerabilities: traffic interception

Affected products

External IDs

vendor:

mesh

model:

mesh

db:

NVD

ids:

CVE-2023-52424

Zero-Day Vulnerability CVE-2024-24919 \| Security Advisory 2024 Trust: 5.75 Fetched: June 18, 2024, 9:33 a.m., Published: June 4, 2024, 4:47 p.m.	Vulnerabilities: information disclosure

Affected products

External IDs

vendor:	check point	model:	security gateway
vendor:	check point	model:	check point
vendor:	check point	model:	quantum security gateway
vendor:	check point	model:	check point vpn

db:

NVD

ids:

CVE-2024-24919

What are application vulnerabilities? Trust: 3.75 Fetched: June 18, 2024, 9:32 a.m., Published: May 28, 2024, 10:38 p.m.	Vulnerabilities: cross-site request forgery, request forgery, cross-site scripting...

Affected products	External IDs

Alienware Aurora R15 System BIOS \| Szczegóły sterownika \| Dell Polska Trust: 3.25 Fetched: June 18, 2024, 9:31 a.m., Published: June 5, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

dell

model:

bios

Attackers attack devices: Extra security updates for Google Pixel \| heise online Trust: 4.0 Fetched: June 18, 2024, 9:31 a.m., Published: June 13, 2024, 9:35 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

pixel

db:

NVD

ids:

CVE-2024-32913, CVE-2024-32905, CVE-2024-32896

Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass Trust: 3.0 Fetched: June 18, 2024, 9:30 a.m., Published: May 22, 2024, 3:45 a.m.	Vulnerabilities: privilege escalation, code execution, authentication bypass

Affected products

External IDs

db:

NVD

ids:

CVE-2023-27532, CVE-2024-29850, CVE-2024-29849, CVE-2024-29212, CVE-2024-29853, CVE-2024-29851, CVE-2024-29852

Alienware Aurora R15 System BIOS \| Szczegóły sterownika \| Dell Polska Trust: 3.25 Fetched: June 18, 2024, 9:29 a.m., Published: June 5, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

dell

model:

bios

System BIOS komputera Dell Inspiron 3502 \| Szczegóły sterownika \| Dell Polska Trust: 3.25 Fetched: June 18, 2024, 9:28 a.m., Published: June 18, 3502, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

dell

model:

bios

12 Essential Types of Mobile App Testing for Robust Performance \| HeadSpin Trust: 3.75 Fetched: June 18, 2024, 9:25 a.m., Published: June 18, 2020, midnight	Vulnerabilities: memory leak

Affected products

External IDs

vendor:

essential

model:

phone

Critical Security Vulnerability in GitHub Enterprise Server Allows Authentication Bypass - VULNERA Trust: 3.25 Fetched: June 18, 2024, 9:24 a.m., Published: May 21, 2024, 4:16 p.m.	Vulnerabilities: authentication bypass

Affected products

External IDs

db:

NVD

ids:

CVE-2024-4985

ASUS Issues Firmware Patches for Critical Router Vulnerabilities Trust: 4.75 Fetched: June 18, 2024, 9:24 a.m., Published: June 17, 2024, 6:27 a.m.	Vulnerabilities: buffer overflow

Affected products

External IDs

vendor:	asus	model:	rt-ax88u
vendor:	asus	model:	dsl-ac750
vendor:	asus	model:	rt-ac68u
vendor:	asus	model:	dsl-n14u
vendor:	asus	model:	dsl-ac56u
vendor:	asus	model:	routers
vendor:	asus	model:	zenwifi xt8
vendor:	asus	model:	dsl-n55u_d1
vendor:	asus	model:	rt-ac86u
vendor:	asus	model:	dsl-n12e_c1
vendor:	asus	model:	dsl-n55u_c1
vendor:	asus	model:	dsl-ac55u
vendor:	asus	model:	dsl-n66u
vendor:	asus	model:	rt-ax58u
vendor:	asus	model:	dsl-ac51
vendor:	asus	model:	dsl-n16u
vendor:	asus	model:	router
vendor:	asus	model:	dsl-ac52u
vendor:	asus	model:	dsl-n17u
vendor:	asus	model:	asus
vendor:	asus	model:	dsl-n16p
vendor:	asus	model:	dsl-n16
vendor:	asus	model:	dsl-n10_c1

db:

NVD

ids:

CVE-2024-3079, CVE-2024-3912, CVE-2024-3080

Zyxel NAS Pre-Auth Command Injection vulnerability (CVE-2023... - vulnerability database \| Vulners.com Trust: 4.25 Fetched: June 18, 2024, 9:18 a.m., Published: June 11, 2024, midnight	Vulnerabilities: command injection

Affected products	External IDs

CVE-2024-36022 drm/amdgpu: Init zone device and drm client a... - vulnerability database \| Vulners.com Trust: 4.25 Fetched: June 18, 2024, 9:10 a.m., Published: May 30, 2024, 3:03 p.m.	Vulnerabilities: kernel panic

Affected products

External IDs

db:

NVD

ids:

CVE-2024-36022

CVE-2024-6047 GeoVision EOL device - OS Command Injection - vulnerability database \| Vulners.com Related entries in the VARIoT vulnerabilities database: VAR-202406-0975 Trust: 3.75 Fetched: June 18, 2024, 9:08 a.m., Published: June 17, 2024, 5:48 a.m.	Vulnerabilities: command injection, os command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2024-6047

The In-Depth Guide to OWASP Top 10 Vulnerabilities \| Jit Trust: 3.5 Fetched: June 18, 2024, 9:07 a.m., Published: June 10, 2024, midnight	Vulnerabilities: request forgery, cross-site scripting, sql injection...

Affected products	External IDs

Top 5 threats IoT devices pose to data security - Quintech Trust: 3.25 Fetched: June 18, 2024, 9:07 a.m., Published: June 17, 2024, 1:29 p.m.	Vulnerabilities: denial of service

Affected products	External IDs

VARIoT news about IoT security