Sign-up

VARIoT news about IoT security

P3: MS Defender for Endpoint - Threat and Vulnerability Management (TVM) | Ammar Hasayen

Related entries in the VARIoT vulnerabilities database: VAR-201607-0116

Trust: 4.5

Fetched: March 8, 2024, 9:21 a.m., Published: Nov. 24, 2021, 9:33 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: trend model: security
vendor: trend model: antivirus
db: NVD ids: CVE-2016-4201

Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise | Microsoft Security Blog

Trust: 4.25

Fetched: March 8, 2024, 9:20 a.m., Published: June 30, 2021, midnight
 Vulnerabilities: request forgery, memory corruption, authentication bypass...
Affected productsExternal IDs
vendor: netgear model: router
vendor: netgear model: dgn2200v1

ERROR: The request could not be satisfied

Trust: 3.25

Fetched: March 8, 2024, 9:20 a.m., Published: March 8, 2023, midnight
 Vulnerabilities: configuration error
Affected productsExternal IDs

Security Vulnerabilities fixed in Firefox 123 - Mozilla

Trust: 3.0

Fetched: March 6, 2024, 9:23 a.m., Published: -
 Vulnerabilities: memory corruption
Affected productsExternal IDs

Samsung Publishes Full March 2024 Security Update Details and Device List

Related entries in the VARIoT vulnerabilities database: VAR-202312-0146, VAR-202312-0152, VAR-202312-0020, VAR-202402-0244

Trust: 5.5

Fetched: March 6, 2024, 9:23 a.m., Published: March 5, 2024, 5:52 a.m.
 Vulnerabilities: use after free, access control vulnerability, incorrect default permission...
Affected productsExternal IDs
vendor: google model: android
vendor: samsung model: note20
vendor: samsung model: galaxy
vendor: samsung model: samsung firmware
vendor: samsung model: samsung galaxy
db: NVD ids: CVE-2024-20833, CVE-2024-0049, CVE-2024-20007, CVE-2024-0047, CVE-2024-20011, CVE-2024-20832, CVE-2023-43536, CVE-2024-20834, CVE-2023-40081, CVE-2024-0048, CVE-2023-21135, CVE-2023-33058, CVE-2023-49667, CVE-2023-32842, CVE-2023-33076, CVE-2024-20009, CVE-2023-43534, CVE-2024-20836, CVE-2023-5091, CVE-2024-0046, CVE-2024-0052, CVE-2024-20010, CVE-2023-33046, CVE-2023-32841, CVE-2024-20835, CVE-2023-43522, CVE-2023-43520, CVE-2023-43513, CVE-2023-33060, CVE-2024-23717, CVE-2023-5643, CVE-2024-0053, CVE-2024-0051, CVE-2024-20831, CVE-2024-0050, CVE-2024-20006, CVE-2024-0039, CVE-2023-33072, CVE-2023-32843, CVE-2023-43516, CVE-2023-43518, CVE-2024-0044, CVE-2023-5249, CVE-2024-20003, CVE-2024-20830, CVE-2023-43523, CVE-2023-21234, CVE-2023-43533, CVE-2023-43519, CVE-2023-49668, CVE-2023-33049, CVE-2024-0045, CVE-2023-33057

Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways | CISA

Trust: 3.5

Fetched: March 6, 2024, 9:19 a.m., Published: March 6, 2023, midnight
 Vulnerabilities: authentication bypass, code execution, command injection...
Affected productsExternal IDs
db: NVD ids: CVE-2024-21888, CVE-2024-21887, CVE-2023-46805, CVE-2024-22024, CVE-2024-21893

NMAP Vulnerability Scan: How To Easily Run And Assess Risk

Trust: 3.75

Fetched: March 5, 2024, 9:18 a.m., Published: Feb. 26, 2024, 9 p.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: wireshark model: wireshark

Android Security Bulletin-March 2024 | Android Open Source Project

Related entries in the VARIoT vulnerabilities database: VAR-202312-2038, VAR-202312-1510, VAR-202403-0345

Trust: 4.25

Fetched: March 5, 2024, 9:17 a.m., Published: March 5, 2024, midnight
 Vulnerabilities: code execution, information disclosure, denial of service
Affected productsExternal IDs
vendor: samsung model: notes
vendor: samsung model: mobile
vendor: huawei model: huawei
vendor: google model: pixel
vendor: google model: android
vendor: motorola model: android
vendor: motorola model: motorola
db: NVD ids: CVE-2023-40081, CVE-2024-20020, CVE-2024-20026, CVE-2024-0053, CVE-2023-43548, CVE-2024-20005, CVE-2024-0050, CVE-2023-43549, CVE-2023-33042, CVE-2024-0049, CVE-2023-6241, CVE-2024-20023, CVE-2024-0047, CVE-2023-48425, CVE-2023-33105, CVE-2024-0045, CVE-2024-20022, CVE-2023-28578, CVE-2024-0052, CVE-2024-20025, CVE-2024-20027, CVE-2024-23717, CVE-2024-0048, CVE-2024-0044, CVE-2023-48424, CVE-2023-6143, CVE-2024-20028, CVE-2024-0051, CVE-2023-43539, CVE-2024-0046, CVE-2024-20024, CVE-2024-0039, CVE-2023-33066

Exploitation of Pulse Connect Secure Vulnerabilities | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202102-0809

Trust: 4.25

Fetched: March 5, 2024, 9:10 a.m., Published: March 5, 2023, midnight
 Vulnerabilities: factory default setting, authentication bypass
Affected productsExternal IDs
vendor: pulse secure model: connect secure
vendor: pulse secure model: pulse connect secure
db: NVD ids: CVE-2021-22900, CVE-2020-8243, CVE-2020-8260, CVE-2021-22893, CVE-2021-22894, CVE-2021-22984, CVE-2021-22899, CVE-2019-11510

CVE-2023-4966 (CitrixBleed): Invalidate Active or Persistent Sessions To Prevent Further Compromise - Blog | Tenable®

Trust: 4.75

Fetched: March 3, 2024, 9:22 a.m., Published: Dec. 6, 2023, 6:44 p.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
vendor: citrix model: application delivery controller
vendor: citrix model: netscaler application delivery controller
vendor: citrix model: gateway
vendor: citrix model: netscaler
vendor: citrix model: netscaler adc
vendor: citrix model: netscaler gateway
db: NVD ids: CVE-2023-4966

Cisco NX-OS Software External Border Gateway Protocol Denial of Service Vulnerability

Trust: 4.0

Fetched: March 3, 2024, 9:22 a.m., Published: Feb. 28, 2024, 3:57 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: nexus 9000
vendor: cisco model: nx-os
vendor: cisco model: 1000v
vendor: cisco model: nexus 7000
vendor: cisco model: cisco nexus 9000 series
vendor: cisco model: nx-os software
vendor: cisco model: series
vendor: cisco model: nexus 3000
vendor: cisco model: nexus 1000v
vendor: cisco model: nexus 9500
vendor: cisco model: nexus 9000 series
vendor: cisco model: series switches
vendor: cisco model: cisco nx-os
vendor: cisco model: nexus

Azure-connected IoT devices at risk of RCE due to critical vulnerability | SC Media

Trust: 5.0

Fetched: March 1, 2024, 9:17 a.m., Published: Feb. 29, 2024, 10:29 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-27099

Ivanti discloses fifth vulnerability • The Register

Trust: 5.0

Fetched: Feb. 28, 2024, 9:40 a.m., Published: -
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2024-22024

What is Network Penetration Testing And Best PenTest Tools?

Trust: 3.5

Fetched: Feb. 28, 2024, 9:38 a.m., Published: Feb. 26, 2024, midnight
 Vulnerabilities: command execution, privilege escalation
Affected productsExternal IDs
vendor: wireshark model: wireshark

Bitsight Discovers Critical Vulnerabilities in GPS Tracker

Trust: 3.5

Fetched: Feb. 28, 2024, 9:38 a.m., Published: July 19, 2022, midnight
 Vulnerabilities: cross-site scripting, authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2022-2141, CVE-2022-34150, CVE-2022-2107, CVE-2022-33944, CVE-2022-2199

SSH Protocol Flaw CVE-2023-48795 Terrapin Attack: All You Need To Know

Trust: 3.5

Fetched: Feb. 28, 2024, 9:30 a.m., Published: Dec. 25, 2023, 7:48 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: filezilla model: server
vendor: wireshark model: wireshark
db: NVD ids: CVE-2023-48795

Maximize Your Vulnerability Scan Value with Authenticated Scanning - Blog | Tenable®

Trust: 3.5

Fetched: Feb. 28, 2024, 9:27 a.m., Published: Nov. 30, 2023, 1:55 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: barracuda model: barracuda
vendor: trend model: security
vendor: trend model: internet security
db: NVD ids: CVE-2023-2868

November 2023 Web Application Vulnerabilities Released | Qualys Notifications

Trust: 5.25

Fetched: Feb. 28, 2024, 9:26 a.m., Published: Nov. 30, 2023, 3:53 p.m.
 Vulnerabilities: request forgery, command execution, directory traversal...
Affected productsExternal IDs
vendor: cisco systems model: ios xe
vendor: cisco systems model: information server
vendor: cisco systems model: series
vendor: cisco systems model: cisco ios xe
vendor: cisco systems model: cisco ios
vendor: barracuda model: barracuda
vendor: ipswitch model: ws_ftp
vendor: ipswitch model: ws_ftp server
vendor: cisco model: ios xe
vendor: cisco model: information server
vendor: cisco model: series
vendor: cisco model: cisco ios xe
vendor: cisco model: cisco ios
db: NVD ids: CVE-2023-44352, CVE-2023-41339, CVE-2023-20198, CVE-2023-4822, CVE-2023-44351, CVE-2023-43795, CVE-2023-22518, CVE-2023-26347, CVE-2023-40044, CVE-2023-3042, CVE-2023-44353, CVE-2023-44355, CVE-2023-6063, CVE-2023-44350, CVE-2023-46214, CVE-2023-40045, CVE-2023-42657, CVE-2023-22515, CVE-2023-46819, CVE-2023-2868, CVE-2023-36845

Microsoft’s December 2023 Patch Tuesday Addresses 33 CVEs (CVE-2023-36019) - Blog | Tenable®

Trust: 4.75

Fetched: Feb. 28, 2024, 9:26 a.m., Published: Dec. 12, 2023, 7:02 p.m.
 Vulnerabilities: cross-site scripting, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-36036, CVE-2023-35630, CVE-2023-35628, CVE-2023-36019, CVE-2023-36696, CVE-2023-20588, CVE-2023-35641

Be Careful with Audio on Your Device: A Vulnerability in Audio Could Allow Hackers Access

Trust: 3.25

Fetched: Feb. 28, 2024, 9:25 a.m., Published: Dec. 27, 2023, 4:01 a.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
db: NVD ids: CVE-2023-21672