VARIoT latest news about IoT security

CVE-2023-46805, CVE-2024-21887: Zero-Day Vulnerabilities Exploited in Ivanti Connect Secure and Policy Secure Gateways - Blog \| Tenable® Trust: 4.25 Fetched: Feb. 25, 2024, 9:34 a.m., Published: Jan. 11, 2024, 12:06 a.m.	Vulnerabilities: buffer overflow, command injection, code injection...

Affected products

External IDs

vendor:	palo alto networks	model:	networks
vendor:	palo	model:	networks

db:

NVD

ids:

CVE-2020-8260, CVE-2021-22893, CVE-2019-11510, CVE-2019-11539, CVE-2020-8243, CVE-2021-22899, CVE-2021-22900, CVE-2021-22894, CVE-2023-46805, CVE-2024-21887

Microsoft Patch Tuesday 2023 Year in Review - Blog \| Tenable® Related entries in the VARIoT vulnerabilities database: VAR-202310-0175 Trust: 5.5 Fetched: Feb. 25, 2024, 9:31 a.m., Published: Dec. 12, 2023, 8:07 p.m.	Vulnerabilities: security feature bypass, denial of service, feature bypass...

Affected products

External IDs

vendor:

trend

model:

security

db:

NVD

ids:

CVE-2023-44487, CVE-2023-36884, CVE-2023-23397, CVE-2023-28252, CVE-2023-24880, CVE-2023-24932

It’s 2024 and Over 178,000 SonicWall Firewalls are… \| Bishop Fox Trust: 5.25 Fetched: Feb. 25, 2024, 9:29 a.m., Published: Feb. 25, 2024, midnight	Vulnerabilities: integer overflow, buffer overflow, denial of service...

Affected products

External IDs

vendor:	canary	model:	canary
vendor:	sonicwall	model:	sonicos
vendor:	sonicwall	model:	ssl-vpn web server
vendor:	sonicwall	model:	sonicosv
vendor:	sonicwall	model:	sonicwall ssl-vpn
vendor:	sonicwall	model:	ssl-vpn

db:

NVD

ids:

CVE-2022-22274, CVE-2023-0656

Ivanti Zero-day Vulnerabilities: CVE-2023-46805 & CVE-2024-21887 \| Rapid7 Blog Trust: 3.5 Fetched: Feb. 25, 2024, 9:28 a.m., Published: Jan. 11, 2024, 1 p.m.	Vulnerabilities: privilege escalation, request forgery, command injection...

Affected products

External IDs

db:

NVD

ids:

CVE-2024-21888, CVE-2023-46895, CVE-2024-21893, CVE-2023-46805, CVE-2024-22024, CVE-2024-21887

Top 10 Most Exploited Vulnerabilities of 2023 Trust: 5.5 Fetched: Feb. 25, 2024, 9:28 a.m., Published: Dec. 28, 2023, 7:12 a.m.	Vulnerabilities: security feature bypass, injection attack, privilege escalation...

Affected products

External IDs

vendor:	citrix	model:	gateway
vendor:	citrix	model:	netscaler adc
vendor:	citrix	model:	netscaler
vendor:	barracuda	model:	barracuda
vendor:	barracuda networks	model:	barracuda

db:

NVD

ids:

CVE-2023-23397, CVE-2022-41328, CVE-2023-34362, CVE-2023-28252, CVE-2023-24880, CVE-2023-26360, CVE-2023-22952, CVE-2023-2868, CVE-2023-28858

MachineSense FeverWarn \| CISA Trust: 4.5 Fetched: Feb. 25, 2024, 9:27 a.m., Published: Feb. 25, 2023, midnight	Vulnerabilities: os command injection, command injection, improper access control

Affected products

External IDs

vendor:

raspberry pi

model:

3

db:

NVD

ids:

CVE-2023-49610, CVE-2023-47867, CVE-2023-49115, CVE-2023-49617, CVE-2023-46706, CVE-2023-6221

Vulnerability Summary for the Week of January 1, 2024 \| CISA Related entries in the VARIoT vulnerabilities database: VAR-202401-1198, VAR-202208-1719, VAR-202401-0433, VAR-202202-0165, VAR-202401-0564, VAR-202401-0144, VAR-202112-2477, VAR-202312-2498, VAR-202401-1179, VAR-202401-0254, VAR-202401-1212, VAR-202112-2476, VAR-202401-1234, VAR-202401-0655, VAR-202312-2529, VAR-202401-0701, VAR-202401-0651, VAR-202401-1328 Trust: 5.25 Fetched: Feb. 25, 2024, 9:23 a.m., Published: Jan. 1, 2024, midnight	Vulnerabilities: authorization vulnerability, input validation vulnerability, uncontrolled search path...

Affected products

External IDs

vendor:	siemens	model:	modbus tcp
vendor:	lenovo	model:	updates
vendor:	lenovo	model:	system
vendor:	lenovo	model:	desktop
vendor:	google	model:	wifi
vendor:	google	model:	chrome
vendor:	google	model:	google home
vendor:	google	model:	android
vendor:	google	model:	home
vendor:	essential	model:	phone
vendor:	qnap	model:	helpdesk
vendor:	zoom	model:	client
vendor:	wireshark	model:	wireshark

db:

NVD

ids:

CVE-2023-49625, CVE-2023-50752, CVE-2023-51354, CVE-2023-52309, CVE-2023-22677, CVE-2023-234273836, CVE-2023-52307, CVE-2023-46623, CVE-2023-7187, CVE-2023-52131, CVE-2023-52311, CVE-2023-234323836, CVE-2023-7147, CVE-2023-25054, CVE-2023-38678, CVE-2023-33118, CVE-2023-234303836, CVE-2023-49624, CVE-2023-6338, CVE-2023-52286, CVE-2023-51547, CVE-2023-51421, CVE-2023-51420, CVE-2023-50760, CVE-2023-49639, CVE-2023-234433836, CVE-2024-0193, CVE-2023-32890, CVE-2022-3010, CVE-2023-7104, CVE-2022-46839, CVE-2020-17163, CVE-2023-51475, CVE-2023-33094, CVE-2023-33108, CVE-2023-41542, CVE-2023-7185, CVE-2023-38677, CVE-2023-7130, CVE-2023-514273836, CVE-2023-7158, CVE-2023-6339, CVE-2022-2081, CVE-2023-33033, CVE-2023-43512, CVE-2024-21625, CVE-2023-7144, CVE-2023-52133, CVE-2021-45465, CVE-2023-7157, CVE-2023-38676, CVE-2023-52174, CVE-2023-52181, CVE-2023-51505, CVE-2023-51402, CVE-2023-49633, CVE-2023-50070, CVE-2023-51468, CVE-2023-50865, CVE-2023-7148, CVE-2023-7176, CVE-2023-48418, CVE-2023-7146, CVE-2023-50571, CVE-2023-52134, CVE-2024-21633, CVE-2023-45724, CVE-2023-33117, CVE-2023-51414, CVE-2023-7145, CVE-2023-7142, CVE-2023-52304, CVE-2023-33120, CVE-2022-46487, CVE-2023-32095, CVE-2023-7152, CVE-2023-52308, CVE-2023-52302, CVE-2023-51412, CVE-2023-50866, CVE-2023-41288, CVE-2021-42028, CVE-2023-234333836, CVE-2023-4674, CVE-2023-52137, CVE-2023-51473, CVE-2023-51135, CVE-2023-6998, CVE-2023-50864, CVE-2023-7191, CVE-2023-50110, CVE-2023-234423836, CVE-2023-32889, CVE-2024-0209, CVE-2023-32886, CVE-2024-21634, CVE-2023-52305, CVE-2023-52313, CVE-2023-7186, CVE-2023-51469, CVE-2023-50104, CVE-2023-7183, CVE-2023-51417, CVE-2023-50071, CVE-2023-7156, CVE-2023-7155, CVE-2023-47840, CVE-2023-33014, CVE-2023-7178, CVE-2024-21627, CVE-2023-4164, CVE-2023-33025, CVE-2023-33085, CVE-2023-6944, CVE-2023-50902, CVE-2023-51545, CVE-2023-38674, CVE-2023-43514, CVE-2023-50253, CVE-2023-4468, CVE-2023-51502, CVE-2023-33112, CVE-2023-51358, CVE-2023-45722, CVE-2023-7080, CVE-2023-23634, CVE-2023-32887, CVE-2023-50867, CVE-2023-52303, CVE-2023-7193, CVE-2023-4280, CVE-2024-21623, CVE-2023-33032, CVE-2023-4541, CVE-2023-52143, CVE-2023-50863, CVE-2023-52132, CVE-2023-22676, CVE-2023-50878, CVE-2024-21641, CVE-2023-33109, CVE-2023-7184, CVE-2023-33062, CVE-2023-7078, CVE-2024-21632, CVE-2023-33110, CVE-2021-40367, CVE-2023-45751, CVE-2023-33116, CVE-2023-47560, CVE-2023-50837, CVE-2023-52180, CVE-2023-234363836, CVE-2023-51688, CVE-2023-51503, CVE-2023-51378, CVE-2023-49299, CVE-2023-44088, CVE-2023-514353836, CVE-2024-0211, CVE-2023-52312, CVE-2023-40606, CVE-2023-51410, CVE-2023-33114, CVE-2023-234313836, CVE-2023-7177, CVE-2023-6436, CVE-2023-4675, CVE-2023-50343, CVE-2023-49666, CVE-2023-49665, CVE-2023-51423, CVE-2022-44589, CVE-2024-0207, CVE-2023-7188, CVE-2023-45723, CVE-2023-50862, CVE-2023-50589, CVE-2023-7159, CVE-2023-52252, CVE-2023-51687, CVE-2023-52182, CVE-2023-49622, CVE-2023-32888, CVE-2023-234283836, CVE-2023-234293836, CVE-2023-6600, CVE-2023-50342, CVE-2023-514283836, CVE-2023-6270, CVE-2023-7190, CVE-2023-39157, CVE-2023-7150, CVE-2023-41543, CVE-2023-7027, CVE-2023-52310, CVE-2024-0208, CVE-2023-47039, CVE-2023-50743, CVE-2023-49830, CVE-2023-49777, CVE-2023-33030, CVE-2023-7181, CVE-2023-50256, CVE-2023-234353836, CVE-2023-51133, CVE-2023-51422, CVE-2023-50753, CVE-2023-41544, CVE-2023-33036, CVE-2023-51470, CVE-2023-52139, CVE-2023-52150, CVE-2023-50651, CVE-2023-51136, CVE-2023-4463, CVE-2024-0247, CVE-2023-33040, CVE-2024-21642, CVE-2023-7179, CVE-2023-7141, CVE-2023-48419, CVE-2023-50341, CVE-2023-51419, CVE-2023-514263836, CVE-2023-50035, CVE-2023-51527, CVE-2023-7161, CVE-2023-52135, CVE-2023-52314, CVE-2023-49551, CVE-2023-4464, CVE-2023-33113, CVE-2023-38675, CVE-2023-42387, CVE-2023-234243836, CVE-2023-39296, CVE-2023-50351, CVE-2023-52185, CVE-2023-50350, CVE-2023-52173, CVE-2023-7114, CVE-2023-49658, CVE-2023-43511, CVE-2023-7172, CVE-2024-0182, CVE-2023-7189, CVE-2023-26159, CVE-2023-514343836, CVE-2023-33037, CVE-2023-32874, CVE-2024-0210, CVE-2023-52306, CVE-2023-51411, CVE-2023-49550

Cybersecurity Vulnerabilities: Types, Examples, and Beyond - Sprinto Trust: 3.5 Fetched: Feb. 25, 2024, 9:22 a.m., Published: Jan. 12, 2024, 11:32 a.m.	Vulnerabilities: sql injection, weak password

Affected products	External IDs

DICOM Demystified: Exploring the Underbelly of Medical Imaging \| Claroty Trust: 5.5 Fetched: Feb. 25, 2024, 9:21 a.m., Published: Nov. 29, 2023, midnight	Vulnerabilities: path traversal, pointer dereference vulnerability, memory corruption...

Affected products

External IDs

vendor:

wireshark

model:

wireshark

db:

NVD

ids:

CVE-2022-2121, CVE-2022-2119, CVE-2023-40150, CVE-2022-2120

How to Test Web Application Security on Different Devices and Browsers Trust: 3.0 Fetched: Feb. 23, 2024, 10:13 a.m., Published: Feb. 3, 2024, midnight	Vulnerabilities: sql injection

Affected products	External IDs

How Do I Power Cycle My Neeo Remote? - ByRetreat Trust: 3.5 Fetched: Feb. 23, 2024, 10:12 a.m., Published: Jan. 28, 2024, 4:21 p.m.	Vulnerabilities: default credentials

Affected products	External IDs

What Is the Best Method of Lighting Control? - ByRetreat Trust: 3.5 Fetched: Feb. 23, 2024, 10:11 a.m., Published: Jan. 29, 2024, 6:18 a.m.	Vulnerabilities: default credentials

Affected products	External IDs

Do I Need an Electrician for a Smart Home? - ByRetreat Trust: 3.5 Fetched: Feb. 23, 2024, 10:10 a.m., Published: Jan. 26, 2024, 3:25 p.m.	Vulnerabilities: default credentials

Affected products	External IDs

What Is a Rako System? - ByRetreat Trust: 3.5 Fetched: Feb. 23, 2024, 10:08 a.m., Published: Jan. 26, 2024, 6:58 p.m.	Vulnerabilities: default credentials

Affected products	External IDs

CISA Adds One Known Exploited Vulnerability to Catalog \| CISA Trust: 4.25 Fetched: Feb. 23, 2024, 10:08 a.m., Published: Feb. 23, 2023, midnight	Vulnerabilities: authentication vulnerability

Affected products

External IDs

db:

NVD

ids:

CVE-2022-48618

How Much Does It Cost to Install Home Automation System? - ByRetreat Trust: 3.5 Fetched: Feb. 23, 2024, 10:06 a.m., Published: Jan. 27, 2024, 6:56 p.m.	Vulnerabilities: default credentials

Affected products	External IDs

What Are the Disadvantages of Motion Sensor Lights? - ByRetreat Trust: 3.5 Fetched: Feb. 23, 2024, 10:04 a.m., Published: Jan. 26, 2024, 4:01 p.m.	Vulnerabilities: default credentials

Affected products	External IDs

New Vulnerability in Fortinet FortiOS Exposes Devices to Remote Code Execution Related entries in the VARIoT vulnerabilities database: VAR-202212-1132 Trust: 5.0 Fetched: Feb. 23, 2024, 10:02 a.m., Published: Feb. 19, 2024, 6:28 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:

ansible

model:

ansible

db:

NVD

ids:

CVE-2023-34992, CVE-2022-42475, CVE-2024-21762, CVE-2024-23108, CVE-2023-27997, CVE-2024-23109

Security Advisory for Post-Authentication Command Injection on the R7000, PSV-2023-0154 - NETGEAR Support Trust: 4.0 Fetched: Feb. 23, 2024, 10:02 a.m., Published: -	Vulnerabilities: command injection

Affected products

External IDs

vendor:	netgear	model:	orbi
vendor:	netgear	model:	r7000

Go Vulnerability Database - Go Packages Trust: 4.0 Fetched: Feb. 23, 2024, 10:01 a.m., Published: Feb. 20, 2024, midnight	Vulnerabilities: cross-site scripting

Affected products	External IDs

VARIoT news about IoT security