VARIoT latest news about IoT security

CVE-2024-23624 - vulnerability database \| Vulners.com Trust: 5.0 Fetched: Jan. 28, 2024, 10:05 a.m., Published: Jan. 26, 2024, 12:15 a.m.	Vulnerabilities: command execution, command injection

Affected products

External IDs

vendor:

d-link

model:

dap-1650

db:

NVD

ids:

CVE-2024-23624

About the security content of iOS 15.7.3 and iPadOS 15.7.3 - Apple Support Related entries in the VARIoT vulnerabilities database: VAR-202301-1707, VAR-202301-1717, VAR-202301-1713, VAR-202301-1710, VAR-202301-1706 Trust: 3.75 Fetched: Jan. 28, 2024, 10:05 a.m., Published: July 15, 2003, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	iphone
vendor:	apple	model:	ipad air
vendor:	apple	model:	ipod touch
vendor:	apple	model:	ipad

db:

NVD

ids:

CVE-2023-23498, CVE-2023-23503, CVE-2023-23505, CVE-2023-23504, CVE-2023-23500

CVE-2024-23630 - vulnerability database \| Vulners.com Trust: 6.25 Fetched: Jan. 28, 2024, 9:58 a.m., Published: Jan. 26, 2024, 12:15 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:

motorola

model:

motorola

db:

NVD

ids:

CVE-2024-23630

Zero-click attacks: everything you need to know \| TSC Trust: 3.25 Fetched: Jan. 28, 2024, 9:56 a.m., Published: Jan. 18, 2024, noon	Vulnerabilities: memory corruption, cross-site request forgery, request forgery...

Affected products

External IDs

vendor:	rapid	model:	scada
vendor:	apple	model:	iphone
vendor:	essential	model:	phone

CVE-2024-23625 - vulnerability database \| Vulners.com Trust: 5.0 Fetched: Jan. 28, 2024, 9:54 a.m., Published: Jan. 26, 2024, 12:15 a.m.	Vulnerabilities: command execution, command injection

Affected products

External IDs

vendor:

d-link

model:

dap-1650

db:

NVD

ids:

CVE-2024-23625

Vulnerability • InfoTech & InfoSec News Trust: 4.0 Fetched: Jan. 28, 2024, 9:53 a.m., Published: Jan. 26, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	webkit
vendor:	apple	model:	tvos
vendor:	apple	model:	safari
vendor:	apple	model:	macos

db:

NVD

ids:

CVE-2024-23222

SVR hackers breach Microsoft, steal emails from the security team Trust: 4.5 Fetched: Jan. 28, 2024, 9:53 a.m., Published: Jan. 22, 2024, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	palo	model:	networks
vendor:	trend	model:	security
vendor:	trend	model:	data loss prevention
vendor:	trend micro	model:	security
vendor:	trend micro	model:	data loss prevention
vendor:	google	model:	chrome
vendor:	google	model:	home
vendor:	google	model:	wifi
vendor:	palo alto networks	model:	networks
vendor:	apple	model:	macos

db:

NVD

ids:

CVE-2023-46805, CVE-2024-21887, CVE-2023-34048, CVE-2024-0517, CVE-2024-22195

AlmaLinux 9 : grub2 (ALSA-2024:0468) - vulnerability database \| Vulners.com Trust: 4.75 Fetched: Jan. 28, 2024, 9:42 a.m., Published: Jan. 26, 2024, midnight	Vulnerabilities: authentication bypass

Affected products

External IDs

vendor:

alsa

model:

alsa

db:

NVD

ids:

CVE-2023-4001

Cisco Unified Communications Products Remote Code Execution ... - vulnerability database \| Vulners.com Trust: 5.25 Fetched: Jan. 28, 2024, 9:42 a.m., Published: Jan. 24, 2024, 4 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:

cisco

model:

unified communications

8 BEST Web Vulnerability Scanning Tools Trust: 3.25 Fetched: Jan. 28, 2024, 9:34 a.m., Published: Jan. 8, 2024, midnight	Vulnerabilities: cross-site scripting, sql injection

Affected products

External IDs

vendor:	snort	model:	snort
vendor:	essential	model:	phone

Cisco Unified Communications Products Remote Code Execution Vulnerability Trust: 3.75 Fetched: Jan. 28, 2024, 9:34 a.m., Published: Jan. 26, 2024, 9:01 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	cisco	model:	unity
vendor:	cisco	model:	unified communications
vendor:	cisco	model:	unity connection

China-linked APT UNC3886 exploits VMware zero-day since 2021 Trust: 4.0 Fetched: Jan. 28, 2024, 9:33 a.m., Published: Jan. 19, 2024, 7:32 p.m.	Vulnerabilities: command execution

Affected products

External IDs

db:

NVD

ids:

CVE-2023-20867, CVE-2023-34048

Apple TV < 17.3 Multiple Vulnerabilities (HT214055) - vulnerability database \| Vulners.com Trust: 3.5 Fetched: Jan. 28, 2024, 9:31 a.m., Published: Jan. 25, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	apple tv
vendor:	apple	model:	apple_tv

db:

NVD

ids:

CVE-2024-23213, CVE-2024-23210, CVE-2024-23223, CVE-2024-23215, CVE-2024-23218, CVE-2024-23206, CVE-2024-23212, CVE-2024-23222, CVE-2024-23208

Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202110-1691, VAR-202206-0004, VAR-202104-0768, VAR-202007-1393, VAR-202205-0394, VAR-202112-0566, VAR-202110-1690, VAR-202202-0171 Trust: 5.25 Fetched: Jan. 28, 2024, 9:29 a.m., Published: Jan. 28, 2023, midnight	Vulnerabilities: directory traversal, command execution, path traversal...

Affected products

External IDs

vendor:	buffalo	model:	buffalo wsr-2533dhp3
vendor:	buffalo	model:	wsr-2533dhp3
vendor:	buffalo	model:	wsr-2533dhpl2-bk
vendor:	buffalo	model:	buffalo wsr-2533dhpl2
vendor:	buffalo	model:	wsr-2533dhp3-bk
vendor:	buffalo	model:	wsr-2533dhpl2
vendor:	pulse	model:	secure pulse connect secure
vendor:	pulse secure	model:	pulse connect secure
vendor:	pulse secure	model:	connect secure
vendor:	citrix	model:	sd-wan
vendor:	citrix	model:	gateway
vendor:	citrix	model:	sd-wan wanop
vendor:	citrix	model:	application delivery controller
vendor:	netapp	model:	cloud backup
vendor:	netapp	model:	netapp cloud backup
vendor:	zoho	model:	manageengine adselfservice plus
vendor:	cisco	model:	sd-wan
vendor:	cisco	model:	hyperflex hx data platform
vendor:	cisco	model:	hyperflex
vendor:	cisco	model:	technical support
vendor:	cisco	model:	cisco hyperflex

db:

NVD

ids:

CVE-2021-42237, CVE-2021-26084, CVE-2021-26854, CVE-2019-19781, CVE-2021-41773, CVE-2019-11510, CVE-2021-27078, CVE-2021-27065, CVE-2021-22205, CVE-2021-1497, CVE-2021-26412, CVE-2021-26857, CVE-2022-26134, CVE-2021-40539, CVE-2021-26858, CVE-2021-20090, CVE-2021-26855, CVE-2021-36260, CVE-2020-5902, CVE-2022-1388, CVE-2021-22005, CVE-2021-44228, CVE-2021-42013, CVE-2022-24112

Mirai Botnet Attack IoT Devices via CVE-2020-5902 Related entries in the VARIoT vulnerabilities database: VAR-202007-1393 Trust: 3.5 Fetched: Jan. 28, 2024, 9:29 a.m., Published: July 28, 2020, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	trend	model:	security
vendor:	trend	model:	home network security
vendor:	trend micro	model:	security
vendor:	trend micro	model:	home network security

db:

NVD

ids:

CVE-2020-5902

2023 Apple & iOS Vulnerabilities from CISA (Quick Reference) Related entries in the VARIoT vulnerabilities database: VAR-202210-1624, VAR-202302-1097, VAR-202209-0759, VAR-202108-1164, VAR-202203-1579, VAR-201504-0081, VAR-201608-0186, VAR-201608-0188, VAR-201912-0546, VAR-202002-1163, VAR-202108-2057, VAR-202010-1228, VAR-201904-1459, VAR-202104-0612, VAR-201608-0187, VAR-201912-0480, VAR-201912-0613, VAR-202108-1137, VAR-201912-0473, VAR-202006-1646, VAR-202208-1294, VAR-202202-0109, VAR-201409-0487, VAR-201912-0474, VAR-202201-0561, VAR-202208-1345, VAR-202203-1580, VAR-202212-1751, VAR-202108-2051 Trust: 5.5 Fetched: Jan. 28, 2024, 9:28 a.m., Published: Jan. 28, 2023, midnight	Vulnerabilities: memory corruption, input validation vulnerability, information disclosure...

Affected products

External IDs

vendor:	apple	model:	apple tv
vendor:	apple	model:	watchos
vendor:	apple	model:	webkit
vendor:	apple	model:	safari
vendor:	apple	model:	tvos
vendor:	apple	model:	macos

db:

NVD

ids:

CVE-2022-42827, CVE-2023-23529, CVE-2022-32917, CVE-2023-32409, CVE-2021-31010, CVE-2023-41064, CVE-2022-22674, CVE-2015-1130, CVE-2016-4655, CVE-2016-4657, CVE-2023-41991, CVE-2019-8526, CVE-2023-42824, CVE-2023-32434, CVE-2023-32435, CVE-2023-28205, CVE-2020-3837, CVE-2021-30883, CVE-2020-9907, CVE-2018-4344, CVE-2023-28206, CVE-2021-1789, CVE-2023-37450, CVE-2023-32439, CVE-2016-4656, CVE-2023-41061, CVE-2019-8506, CVE-2023-28204, CVE-2023-38606, CVE-2019-8605, CVE-2021-30983, CVE-2023-41992, CVE-2019-7286, CVE-2023-41993, CVE-2020-9859, CVE-2022-32894, CVE-2022-22620, CVE-2014-4404, CVE-2023-32373, CVE-2019-7287, CVE-2022-22587, CVE-2022-32893, CVE-2022-22675, CVE-2022-42856, CVE-2021-30900

The increase in vulnerabilities is the reason why device vulnerability management is important Trust: 3.75 Fetched: Jan. 28, 2024, 9:27 a.m., Published: Dec. 11, 2022, 11:30 p.m.	Vulnerabilities: denial of service, code execution

Affected products	External IDs

Kaspersky unknown hardware 'feature' used in iPhone attacks • The Register Trust: 4.75 Fetched: Jan. 28, 2024, 9:17 a.m., Published: -	Vulnerabilities: feature bypass

Affected products

External IDs

vendor:

apple

model:

iphone

db:

NVD

ids:

CVE-2023-38606

CVE - Search Results Related entries in the VARIoT vulnerabilities database: VAR-201703-0607, VAR-201903-0591, VAR-201708-0554, VAR-202208-0759, VAR-201311-0297 Trust: 5.25 Fetched: Jan. 28, 2024, 9:15 a.m., Published: Jan. 3, 2024, midnight	Vulnerabilities: memory corruption, directory traversal, address corruption...

Affected products

External IDs

vendor:	lenovo	model:	system
vendor:	lenovo	model:	bios
vendor:	lenovo	model:	desktop
vendor:	hewlett packard enterprise	model:	moonshot
vendor:	hewlett packard enterprise	model:	switches
vendor:	hewlett packard enterprise	model:	integrity
vendor:	hewlett packard	model:	moonshot
vendor:	hewlett packard	model:	switches
vendor:	hewlett packard	model:	integrity
vendor:	cisco	model:	nx-os software
vendor:	cisco	model:	guard
vendor:	cisco	model:	nexus 9500
vendor:	cisco	model:	series switches
vendor:	cisco	model:	nexus
vendor:	cisco	model:	1000v
vendor:	cisco	model:	nexus 7000
vendor:	cisco	model:	cisco nexus 1000v switch
vendor:	cisco	model:	cisco nx-os
vendor:	cisco	model:	nexus 1000v switch
vendor:	cisco	model:	nexus 3000
vendor:	cisco	model:	nexus 1000v
vendor:	cisco	model:	virtual security gateway
vendor:	cisco	model:	nx-os
vendor:	cisco	model:	series

db:

NVD

ids:

CVE-2017-8707, CVE-2022-34696, CVE-2022-22713, CVE-2021-26416, CVE-2020-1040, CVE-2019-0715, CVE-2019-1310, CVE-2010-3960, CVE-2018-8439, CVE-2022-22712, CVE-2019-0712, CVE-2015-2534, CVE-2019-0714, CVE-2017-0179, CVE-2022-22008, CVE-2021-40461, CVE-2022-24490, CVE-2018-0888, CVE-2017-0180, CVE-2019-0550, CVE-2019-0928, CVE-2019-0721, CVE-2023-36908, CVE-2019-1309, CVE-2018-0965, CVE-2022-44682, CVE-2017-0097, CVE-2021-25140, CVE-2020-0751, CVE-2020-0617, CVE-2017-8714, CVE-2019-0551, CVE-2017-0109, CVE-2020-1243, CVE-2014-0148, CVE-2019-1398, CVE-2023-36407, CVE-2021-26867, CVE-2022-29106, CVE-2019-1254, CVE-2019-0723, CVE-2017-0095, CVE-2017-0184, CVE-2017-0178, CVE-2019-1599, CVE-2021-42274, CVE-2018-8437, CVE-2017-8712, CVE-2018-8219, CVE-2016-0090, CVE-2019-1470, CVE-2017-8704, CVE-2017-0182, CVE-2017-0051, CVE-2020-0909, CVE-2017-8664, CVE-2017-8706, CVE-2020-1032, CVE-2019-0710, CVE-2022-41094, CVE-2017-0099, CVE-2011-1872, CVE-2022-21847, CVE-2020-1043, CVE-2018-8490, CVE-2022-21900, CVE-2018-0957, CVE-2017-0212, CVE-2020-17040, CVE-2017-0096, CVE-2021-33758, CVE-2022-23257, CVE-2019-0720, CVE-2021-25139, CVE-2020-16891, CVE-2019-1471, CVE-2017-0162, CVE-2018-8434, CVE-2021-28476, CVE-2024-20700, CVE-2021-37841, CVE-2021-28314, CVE-2017-0163, CVE-2016-0089, CVE-2019-0709, CVE-2017-0169, CVE-2017-0098, CVE-2021-28444, CVE-2019-0695, CVE-2018-0959, CVE-2017-3753, CVE-2021-1692, CVE-2018-0961, CVE-2010-0026, CVE-2018-8218, CVE-2017-0074, CVE-2017-0075, CVE-2012-5532, CVE-2019-1397, CVE-2019-1230, CVE-2019-0711, CVE-2017-8713, CVE-2019-0722, CVE-2016-4440, CVE-2016-0088, CVE-2020-1036, CVE-2020-1080, CVE-2018-0885, CVE-2017-0183, CVE-2020-17095, CVE-2019-0886, CVE-2021-28441, CVE-2020-1041, CVE-2019-0718, CVE-2019-1399, CVE-2022-23268, CVE-2022-21975, CVE-2024-20699, CVE-2019-0635, CVE-2021-31977, CVE-2017-8711, CVE-2017-0021, CVE-2022-21901, CVE-2022-24537, CVE-2020-1042, CVE-2022-30223, CVE-2021-38672, CVE-2023-36427, CVE-2022-24539, CVE-2021-42284, CVE-2019-0966, CVE-2017-0185, CVE-2022-35751, CVE-2019-0965, CVE-2022-30163, CVE-2022-37979, CVE-2021-30178, CVE-2023-36406, CVE-2018-0964, CVE-2015-2361, CVE-2022-21905, CVE-2018-8435, CVE-2021-1691, CVE-2020-6102, CVE-2017-0168, CVE-2022-22042, CVE-2019-0713, CVE-2017-0076, CVE-2013-5556, CVE-2020-6100, CVE-2022-26783, CVE-2023-23411, CVE-2019-0719, CVE-2017-0193, CVE-2017-8623, CVE-2020-24623, CVE-2017-0181, CVE-2012-2669, CVE-2022-38015, CVE-2015-2362, CVE-2022-26785, CVE-2020-1047, CVE-2013-3898, CVE-2020-0904, CVE-2018-8489, CVE-2021-33755, CVE-2022-21995, CVE-2019-0690, CVE-2020-0917, CVE-2020-0918, CVE-2020-0910, CVE-2019-0620, CVE-2018-8438, CVE-2019-1389, CVE-2023-32013, CVE-2020-0661, CVE-2019-0717, CVE-2021-1704, CVE-2020-0890, CVE-2022-24466, CVE-2021-43246, CVE-2020-6101, CVE-2017-0186, CVE-2023-36408, CVE-2019-0701, CVE-2022-22009, CVE-2015-1647, CVE-2020-6103, CVE-2018-8436, CVE-2021-34450

High-Severity Flaws Uncovered in Bosch Thermostats and Smart Nutrunners Trust: 4.75 Fetched: Jan. 28, 2024, 9:14 a.m., Published: Jan. 15, 2024, 8:16 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	bosch	model:	nexo
vendor:	bosch	model:	iot gateway

db:

NVD

ids:

CVE-2023-49722

VARIoT news about IoT security