Sign-up

VARIoT news about IoT security

nodejs - Security Vulnerabilities in 2024

Related entries in the VARIoT vulnerabilities database: VAR-202310-0175

Trust: 5.25

Fetched: Feb. 25, 2024, 10:22 a.m., Published: Feb. 25, 2024, midnight
 Vulnerabilities: directory traversal, resource exhaustion, path traversal...
Affected productsExternal IDs
vendor: node.js model: node.js
vendor: nodejs model: node.js
db: NVD ids: CVE-2023-30581, CVE-2023-32004, CVE-2023-32559, CVE-2023-39332, CVE-2023-32006, CVE-2023-44487, CVE-2023-30585, CVE-2023-32002, CVE-2023-30584, CVE-2023-45143, CVE-2023-23918, CVE-2023-38552, CVE-2023-23920, CVE-2023-32003, CVE-2023-30590, CVE-2023-30588, CVE-2023-32558, CVE-2023-30586, CVE-2023-30589, CVE-2023-32005, CVE-2023-39331

Press Trust of India: Apple's reply on device vulnerability not totally clear: MoS IT on iPhone alert to MPs

Trust: 3.0

Fetched: Feb. 25, 2024, 10:20 a.m., Published: March 9, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone

ClamAV OLE2 File Format Parsing Denial of Service Vulnerability

Trust: 4.75

Fetched: Feb. 25, 2024, 10:08 a.m., Published: Feb. 13, 2024, 5:57 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: clamav
vendor: clamav model: clamav

New Wi-Fi Vulnerabilities Expose Android and Linux Devices t... - vulnerability database | Vulners.com

Trust: 4.25

Fetched: Feb. 25, 2024, 10:07 a.m., Published: Feb. 21, 2024, 4:16 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2023-52160, CVE-2023-52161

Vulnerabilities in HP Laser printers (Feb. 2024) | Born's Tech and Windows World

Trust: 5.75

Fetched: Feb. 25, 2024, 9:58 a.m., Published: Feb. 24, 2024, 9:06 a.m.
 Vulnerabilities: buffer overflow, information disclosure, code execution
Affected productsExternal IDs
vendor: hewlett packard model: hp laserjet
vendor: hewlett packard model: laserjet printers
vendor: hewlett packard model: laserjet
db: NVD ids: CVE-2024-0794, CVE-2024-0407

CVE-2023-40111: Understanding the Vulnerability in MediaSessionRecord.java and Escalating Privileges on Android Devices

Trust: 3.0

Fetched: Feb. 25, 2024, 9:58 a.m., Published: Feb. 15, 2024, 11:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-401112, CVE-2023-40111

Critical Remote Code Execution Vulnerability Patched in Android - Xynik

Trust: 5.75

Fetched: Feb. 25, 2024, 9:56 a.m., Published: Feb. 6, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
vendor: samsung model: notes
db: NVD ids: CVE-2024-0031

CVE-2024-0016: Out of Bounds Read Vulnerability Leads to Paired Device Information Disclosure without User Interaction

Trust: 5.0

Fetched: Feb. 25, 2024, 9:55 a.m., Published: Feb. 16, 2024, 8:15 p.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2024-0016

CVE-2024-26586 - vulnerability database | Vulners.com

Trust: 3.75

Fetched: Feb. 25, 2024, 9:55 a.m., Published: Feb. 22, 2024, midnight
 Vulnerabilities: machine crash, kernel panic
Affected productsExternal IDs
db: NVD ids: CVE-2024-26586

SMS - Less Secure Than You Might Think

Trust: 5.5

Fetched: Feb. 25, 2024, 9:54 a.m., Published: Feb. 3, 2024, midnight
 Vulnerabilities: integer overflow, code execution
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2022-27492, CVE-2022-36934

Kandji - Product updates | Automated Device Enrollment: New Language

Trust: 3.25

Fetched: Feb. 25, 2024, 9:53 a.m., Published: Feb. 21, 2024, 6:59 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: apple tv

Hackers find a ‘Shortcut’ to data stored on iPhones, iPads, and Macs | CSO Online

Trust: 4.0

Fetched: Feb. 25, 2024, 9:53 a.m., Published: Feb. 23, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2023-23204

About the security content of iOS 17.1 and iPadOS 17.1 - Apple Support

Trust: 6.25

Fetched: Feb. 25, 2024, 9:50 a.m., Published: Feb. 17, 2024, midnight
 Vulnerabilities: authentication issue, heap corruption, user interface issue...
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: ipad
vendor: apple model: safari
vendor: apple model: ipad air
vendor: apple model: mdnsresponder
vendor: apple model: webkit
db: NVD ids: CVE-2023-42852, CVE-2023-40449, CVE-2023-42843, CVE-2023-41988, CVE-2023-40423, CVE-2023-40446, CVE-2023-42951, CVE-2023-42841, CVE-2023-42848, CVE-2023-42845, CVE-2023-42878, CVE-2023-41976, CVE-2023-42834, CVE-2023-40447, CVE-2023-42836, CVE-2023-42942, CVE-2023-41983, CVE-2023-42953, CVE-2023-40416, CVE-2023-42847, CVE-2023-42952, CVE-2023-42928, CVE-2023-42857, CVE-2023-41254, CVE-2023-42939, CVE-2023-42946, CVE-2023-40413, CVE-2023-40408, CVE-2023-42873, CVE-2023-41997, CVE-2023-40445, CVE-2023-42849, CVE-2023-42839, CVE-2023-41982, CVE-2023-42823, CVE-2023-42855, CVE-2023-42846, CVE-2023-41072

Frequently Asked Questions about ScreenConnect Vulnerabilities - Blog | Tenable®

Trust: 3.75

Fetched: Feb. 25, 2024, 9:49 a.m., Published: Feb. 20, 2024, 11:08 p.m.
 Vulnerabilities: path traversal, authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2024-27215, CVE-2024-1708, CVE-2024-1709

WD My Cloud Users Should Update to Avoid a Dangerous Vulnerability

Trust: 4.0

Fetched: Feb. 25, 2024, 9:47 a.m., Published: March 25, 2022, 7:48 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: netatalk model: netatalk
db: NVD ids: CVE-2022-23121

CVE-2023-46805, CVE-2024-21887: Zero-Day Vulnerabilities Exploited in Ivanti Connect Secure and Policy Secure Gateways - Blog | Tenable®

Trust: 4.25

Fetched: Feb. 25, 2024, 9:34 a.m., Published: Jan. 11, 2024, 12:06 a.m.
 Vulnerabilities: buffer overflow, command injection, code injection...
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo model: networks
db: NVD ids: CVE-2020-8260, CVE-2021-22893, CVE-2019-11510, CVE-2019-11539, CVE-2020-8243, CVE-2021-22899, CVE-2021-22900, CVE-2021-22894, CVE-2023-46805, CVE-2024-21887

Microsoft Patch Tuesday 2023 Year in Review - Blog | Tenable®

Related entries in the VARIoT vulnerabilities database: VAR-202310-0175

Trust: 5.5

Fetched: Feb. 25, 2024, 9:31 a.m., Published: Dec. 12, 2023, 8:07 p.m.
 Vulnerabilities: security feature bypass, denial of service, feature bypass...
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2023-44487, CVE-2023-36884, CVE-2023-23397, CVE-2023-28252, CVE-2023-24880, CVE-2023-24932

It’s 2024 and Over 178,000 SonicWall Firewalls are… | Bishop Fox

Trust: 5.25

Fetched: Feb. 25, 2024, 9:29 a.m., Published: Feb. 25, 2024, midnight
 Vulnerabilities: integer overflow, buffer overflow, denial of service...
Affected productsExternal IDs
vendor: canary model: canary
vendor: sonicwall model: sonicos
vendor: sonicwall model: ssl-vpn web server
vendor: sonicwall model: sonicosv
vendor: sonicwall model: sonicwall ssl-vpn
vendor: sonicwall model: ssl-vpn
db: NVD ids: CVE-2022-22274, CVE-2023-0656

Ivanti Zero-day Vulnerabilities: CVE-2023-46805 & CVE-2024-21887 | Rapid7 Blog

Trust: 3.5

Fetched: Feb. 25, 2024, 9:28 a.m., Published: Jan. 11, 2024, 1 p.m.
 Vulnerabilities: privilege escalation, request forgery, command injection...
Affected productsExternal IDs
db: NVD ids: CVE-2024-21888, CVE-2023-46895, CVE-2024-21893, CVE-2023-46805, CVE-2024-22024, CVE-2024-21887

Top 10 Most Exploited Vulnerabilities of 2023

Trust: 5.5

Fetched: Feb. 25, 2024, 9:28 a.m., Published: Dec. 28, 2023, 7:12 a.m.
 Vulnerabilities: security feature bypass, injection attack, privilege escalation...
Affected productsExternal IDs
vendor: citrix model: gateway
vendor: citrix model: netscaler adc
vendor: citrix model: netscaler
vendor: barracuda model: barracuda
vendor: barracuda networks model: barracuda
db: NVD ids: CVE-2023-23397, CVE-2022-41328, CVE-2023-34362, CVE-2023-28252, CVE-2023-24880, CVE-2023-26360, CVE-2023-22952, CVE-2023-2868, CVE-2023-28858