Sign-up

VARIoT news about IoT security

Ivanti Patches Critical Endpoint Security Vulnerability

Trust: 6.0

Fetched: Feb. 2, 2024, 10:36 a.m., Published: Feb. 19, 2024, midnight
 Vulnerabilities: sql injection, code execution
Affected productsExternal IDs
vendor: mobileiron model: sentry
db: NVD ids: CVE-2023-39336, CVE-2023-38035

Distributed Energy Generation Gateway (In)Security - Security News

Trust: 5.0

Fetched: Feb. 2, 2024, 10:35 a.m., Published: -
 Vulnerabilities: default password
Affected productsExternal IDs
vendor: enphase model: envoy

X.Org 21.1.11 arrives with 6 vulnerabilities fixed | Ubunlog

Trust: 4.5

Fetched: Feb. 2, 2024, 10:35 a.m., Published: Jan. 25, 2024, 7:51 p.m.
 Vulnerabilities: buffer overflow, privilege escalation, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-6816, CVE-2024-21886, CVE-2024-0229, CVE-2024-0409, CVE-2024-0408, CVE-2024-21885

Applied Sciences | Free Full-Text | Research on Digital Forensics Analyzing Heterogeneous Internet of Things Incident Investigations

Trust: 3.25

Fetched: Feb. 2, 2024, 10:32 a.m., Published: Jan. 2, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: mobile devices
vendor: samsung model: mobile
vendor: samsung model: smartthings hub
vendor: samsung smartthings model: mobile devices
vendor: samsung smartthings model: mobile
vendor: samsung smartthings model: smartthings hub
vendor: hikvision model: ip cameras
vendor: smartthings model: smartthings hub
vendor: xiaomi model: browser

Apple iOS 17.3: How to Turn on iPhone's New Stolen Device Pr... - vulnerability database | Vulners.com

Trust: 3.0

Fetched: Feb. 2, 2024, 10:31 a.m., Published: Jan. 22, 2024, 6:43 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone

Warning: Threat actors getting around some Ivanti mitigations | IT World Canada News

Trust: 3.75

Fetched: Feb. 2, 2024, 10:30 a.m., Published: Jan. 31, 2024, 4:26 p.m.
 Vulnerabilities: privilege escalation, command injection, authentication bypass...
Affected productsExternal IDs
db: NVD ids: CVE-2024-21893, CVE-2023-46805, CVE-2024-21887, CVE-2024-21888

Alert: New Vulnerabilities Discovered in QNAP and Kyocera Device Manager

Trust: 4.75

Fetched: Feb. 2, 2024, 10:29 a.m., Published: Jan. 9, 2024, 5:52 p.m.
 Vulnerabilities: path traversal, code execution, command injection...
Affected productsExternal IDs
vendor: netatalk model: netatalk
db: NVD ids: CVE-2023-47560, CVE-2023-41287, CVE-2023-41288, CVE-2022-43634, CVE-2023-50916, CVE-2023-39296, CVE-2023-47559

India warns Apple users of major cyber attack. Here’s the list of devices at highest risk - India News News

Trust: 3.0

Fetched: Feb. 2, 2024, 10:28 a.m., Published: Feb. 1, 2024, 11:55 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: icloud
vendor: apple model: iphone
vendor: apple model: ipod touch
vendor: apple model: watchos
vendor: apple model: macos
vendor: apple model: ipad air
vendor: apple model: apple tv
vendor: apple model: ipad
vendor: apple model: watch
vendor: apple model: tvos

The Vital Role of Cybersecurity in Shaping Healthcare in 2024

Trust: 3.0

Fetched: Feb. 2, 2024, 10:21 a.m., Published: Jan. 23, 2024, 9:50 a.m.
 Vulnerabilities: -
Affected productsExternal IDs

Mastering IoT Device Security: Unveiling Hidden Risks - Sigma Cyber Security

Trust: 3.75

Fetched: Feb. 2, 2024, 10:18 a.m., Published: Jan. 25, 2024, 4:43 a.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs

Terrapin Vulnerability in the SSH Protocol - How to Stay Secure | SSH

Trust: 3.0

Fetched: Feb. 2, 2024, 10:07 a.m., Published: Feb. 2, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-48795

Writeup for CVE-2023-39143: PaperCut WebDAV Vulnerability - Horizon3.ai

Trust: 5.5

Fetched: Feb. 2, 2024, 10:06 a.m., Published: Jan. 12, 2024, 2:15 p.m.
 Vulnerabilities: file download vulnerability, path traversal, code execution
Affected productsExternal IDs
vendor: sharp model: printers
db: NVD ids: CVE-2023-23750, CVE-2022-21724, CVE-2023-39143

CompTIA Security+ SY0-701 Full Course and Labs - SoftArchive

Trust: 3.5

Fetched: Feb. 2, 2024, 10:05 a.m., Published: -
 Vulnerabilities: privilege escalation, request forgery, directory traversal
Affected productsExternal IDs
vendor: wireshark model: wireshark

Cisco Releases Security Advisory for Multiple Unified Communications and Contact Center Solutions Products | CISA

Trust: 3.25

Fetched: Feb. 2, 2024, 10:04 a.m., Published: Feb. 2, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: unified communications

Cisco Adaptive Security Device Manager Information Disclosure Vulnerability

Trust: 5.0

Fetched: Feb. 2, 2024, 10 a.m., Published: June 29, 2022, 9:50 p.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
vendor: cisco model: device manager
vendor: cisco model: adaptive security device manager
vendor: cisco model: security device manager

Common SNMP Vulnerability: 9-Step Guide to Protect Your Network

Related entries in the VARIoT vulnerabilities database: VAR-200202-0007, VAR-200202-0006

Trust: 4.5

Fetched: Feb. 2, 2024, 9:49 a.m., Published: Dec. 18, 2020, 10:47 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: symantec model: web gateway
vendor: symantec model: symantec web gateway
vendor: general electric model: industrial solutions ups snmp/web adapter
db: NVD ids: CVE-2002-0013, CVE-2002-0012

Vulnerability Audit Reports - Lansweeper Community

Trust: 4.5

Fetched: Feb. 2, 2024, 9:47 a.m., Published: Jan. 31, 2024, 3:43 p.m.
 Vulnerabilities: code execution, use after free
Affected productsExternal IDs
vendor: google model: chrome
vendor: apple model: safari
vendor: apple model: macos
vendor: apple model: tvos
vendor: cisco model: ios xe software
vendor: cisco model: ios xe
vendor: cisco model: series switches
vendor: cisco model: series
db: NVD ids: CVE-2024-0519, CVE-2023-6345, CVE-2024-23222

ERROR: The request could not be satisfied

Trust: 3.25

Fetched: Feb. 2, 2024, 9:46 a.m., Published: Nov. 2, 2023, midnight
 Vulnerabilities: configuration error
Affected productsExternal IDs

Google fixes Android bug that hackers can abuse without privileges - Techzine Europe

Trust: 5.75

Fetched: Feb. 2, 2024, 9:45 a.m., Published: Dec. 5, 2023, 10:23 a.m.
 Vulnerabilities: privilege escalation, code execution
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2023-45866, CVE-2023-40077, CVE-2022-40507, CVE-2023-40088, CVE-2023-40076

New Security Flaw in UEFI Affects Millions of PCs

Trust: 4.0

Fetched: Feb. 2, 2024, 9:44 a.m., Published: Dec. 6, 2023, 10:12 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs