Sign-up

VARIoT news about IoT security

January 2024: Key Threat Actors, Malware and Exploited Vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202401-1629, VAR-202110-1691, VAR-202401-2573

Trust: 5.25

Fetched: Feb. 27, 2024, 9:22 a.m., Published: Jan. 27, 2024, midnight
 Vulnerabilities: authentication bypass, code execution, path traversal...
Affected productsExternal IDs
vendor: trend micro model: security
vendor: citrix model: netscaler gateway
vendor: citrix model: netscaler adc
vendor: citrix model: application delivery controller
vendor: citrix model: netscaler application delivery controller
vendor: citrix model: netscaler
vendor: citrix model: gateway
vendor: cisco model: unified communications manager
vendor: cisco model: netscaler gateway
vendor: cisco model: unified communications
vendor: cisco model: unified contact center express
vendor: cisco model: unity
vendor: cisco model: unified communications manager session management edition
vendor: cisco model: h
vendor: cisco model: unified communications manager im & presence service
vendor: cisco model: cisco unified communications manager
vendor: cisco model: routers
vendor: cisco model: unity connection
vendor: cisco model: virtualized voice browser
vendor: trend model: security
vendor: trendmicro model: security
db: NVD ids: CVE-2023-6549, CVE-2023-36025, CVE-2017-9841, CVE-2018-15133, CVE-2024-20253, CVE-2024-21887, CVE-2023-20867, CVE-2021-41773, CVE-2023-34048, CVE-2023-46805, CVE-2023-22527, CVE-2023-4966, CVE-2023-6548

Microsoft’s February 2024 Patch Tuesday Addresses 73 CVEs (CVE-2024-21351, CVE-2024-21412) - Blog | Tenable®

Related entries in the VARIoT vulnerabilities database: VAR-202402-1774

Trust: 5.25

Fetched: Feb. 27, 2024, 9:21 a.m., Published: Feb. 13, 2024, 6:51 p.m.
 Vulnerabilities: security feature bypass, code execution, feature bypass...
Affected productsExternal IDs
vendor: trend micro model: security
vendor: trend model: security
vendor: check point model: check point
db: NVD ids: CVE-2021-34473, CVE-2021-34523, CVE-2021-26855, CVE-2024-21338, CVE-2024-21345, CVE-2024-21410, CVE-2024-21371, CVE-2024-21413, CVE-2024-21362, CVE-2021-31207, CVE-2024-21340, CVE-2024-21341, CVE-2024-21351, CVE-2022-41082, CVE-2024-21412, CVE-2024-21378, CVE-2022-41040

CISA Urges Router Makers To Improve Security

Trust: 3.75

Fetched: Feb. 27, 2024, 9:20 a.m., Published: Feb. 2, 2024, 2 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: home
db: NVD ids: CVE-2024-21893, CVE-2023-46805, CVE-2024-21888, CVE-2024-21887

Cisco Firepower Device Manager On-Box Software Remote Code Execution Vulnerability

Trust: 5.0

Fetched: Feb. 27, 2024, 9:17 a.m., Published: Sept. 2, 2021, 1:36 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: firepower
vendor: cisco model: device manager

How to Use Nessus To Scan a Network for Vulnerabilities | Lifehacker

Trust: 3.5

Fetched: Feb. 27, 2024, 9:15 a.m., Published: Oct. 27, 2016, 3 p.m.
 Vulnerabilities: default password
Affected productsExternal IDs
vendor: google model: home
vendor: apple model: apple tv
vendor: trend model: security

Tripwire IP360 - Vulnerability Management | Tripwire

Trust: 3.25

Fetched: Feb. 27, 2024, 9:09 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: tripwire model: ip360

IoT Firewall. Definition, Features, Advantages and Disadvantages - zenarmor.com

Trust: 4.5

Fetched: Feb. 25, 2024, 10:33 a.m., Published: Jan. 16, 2003, midnight
 Vulnerabilities: default password
Affected productsExternal IDs
vendor: check point software technologies model: check point
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: google model: home
vendor: check point model: check point
vendor: cisco model: meeting
vendor: cisco model: threat response
vendor: palo model: networks
vendor: palo model: firewall

Understanding IoT Security: Challenges, Standards & Best Practices | Sternum IoT

Trust: 4.25

Fetched: Feb. 25, 2024, 10:31 a.m., Published: Feb. 21, 2024, 12:59 p.m.
 Vulnerabilities: service disruption, denial of service
Affected productsExternal IDs
vendor: trend model: security

Forescout reveals 56 flaws in OT devices from 10 companies - Earn Charter - Earn Charter

Trust: 3.75

Fetched: Feb. 25, 2024, 10:31 a.m., Published: Feb. 25, 2056, midnight
 Vulnerabilities: authentication bypass, denial of service, code execution
Affected productsExternal IDs
vendor: motorola model: motorola

NAS Security Guide 2024: Easy Steps to Secure Your Device

Trust: 3.5

Fetched: Feb. 25, 2024, 10:30 a.m., Published: June 14, 2017, 1:32 p.m.
 Vulnerabilities: default password
Affected productsExternal IDs
vendor: google model: home
vendor: synology model: diskstation
vendor: synology model: diskstation manager

What Is the Difference Between Lutron and Savant? - ByRetreat

Trust: 3.5

Fetched: Feb. 25, 2024, 10:29 a.m., Published: Jan. 30, 2024, 5:57 p.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs

nodejs - Security Vulnerabilities in 2024

Related entries in the VARIoT vulnerabilities database: VAR-202310-0175

Trust: 5.25

Fetched: Feb. 25, 2024, 10:22 a.m., Published: Feb. 25, 2024, midnight
 Vulnerabilities: directory traversal, resource exhaustion, path traversal...
Affected productsExternal IDs
vendor: node.js model: node.js
vendor: nodejs model: node.js
db: NVD ids: CVE-2023-30581, CVE-2023-32004, CVE-2023-32559, CVE-2023-39332, CVE-2023-32006, CVE-2023-44487, CVE-2023-30585, CVE-2023-32002, CVE-2023-30584, CVE-2023-45143, CVE-2023-23918, CVE-2023-38552, CVE-2023-23920, CVE-2023-32003, CVE-2023-30590, CVE-2023-30588, CVE-2023-32558, CVE-2023-30586, CVE-2023-30589, CVE-2023-32005, CVE-2023-39331

Press Trust of India: Apple's reply on device vulnerability not totally clear: MoS IT on iPhone alert to MPs

Trust: 3.0

Fetched: Feb. 25, 2024, 10:20 a.m., Published: March 9, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone

ClamAV OLE2 File Format Parsing Denial of Service Vulnerability

Trust: 4.75

Fetched: Feb. 25, 2024, 10:08 a.m., Published: Feb. 13, 2024, 5:57 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: clamav
vendor: clamav model: clamav

New Wi-Fi Vulnerabilities Expose Android and Linux Devices t... - vulnerability database | Vulners.com

Trust: 4.25

Fetched: Feb. 25, 2024, 10:07 a.m., Published: Feb. 21, 2024, 4:16 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2023-52160, CVE-2023-52161

Vulnerabilities in HP Laser printers (Feb. 2024) | Born's Tech and Windows World

Trust: 5.75

Fetched: Feb. 25, 2024, 9:58 a.m., Published: Feb. 24, 2024, 9:06 a.m.
 Vulnerabilities: buffer overflow, information disclosure, code execution
Affected productsExternal IDs
vendor: hewlett packard model: hp laserjet
vendor: hewlett packard model: laserjet printers
vendor: hewlett packard model: laserjet
db: NVD ids: CVE-2024-0794, CVE-2024-0407

CVE-2023-40111: Understanding the Vulnerability in MediaSessionRecord.java and Escalating Privileges on Android Devices

Trust: 3.0

Fetched: Feb. 25, 2024, 9:58 a.m., Published: Feb. 15, 2024, 11:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-401112, CVE-2023-40111

Critical Remote Code Execution Vulnerability Patched in Android - Xynik

Trust: 5.75

Fetched: Feb. 25, 2024, 9:56 a.m., Published: Feb. 6, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
vendor: samsung model: notes
db: NVD ids: CVE-2024-0031

CVE-2024-0016: Out of Bounds Read Vulnerability Leads to Paired Device Information Disclosure without User Interaction

Trust: 5.0

Fetched: Feb. 25, 2024, 9:55 a.m., Published: Feb. 16, 2024, 8:15 p.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2024-0016

CVE-2024-26586 - vulnerability database | Vulners.com

Trust: 3.75

Fetched: Feb. 25, 2024, 9:55 a.m., Published: Feb. 22, 2024, midnight
 Vulnerabilities: machine crash, kernel panic
Affected productsExternal IDs
db: NVD ids: CVE-2024-26586