Sign-up

VARIoT news about IoT security

Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways | CISA

Trust: 3.5

Fetched: March 6, 2024, 9:19 a.m., Published: March 6, 2023, midnight
 Vulnerabilities: authentication bypass, code execution, command injection...
Affected productsExternal IDs
db: NVD ids: CVE-2024-21888, CVE-2024-21887, CVE-2023-46805, CVE-2024-22024, CVE-2024-21893

NMAP Vulnerability Scan: How To Easily Run And Assess Risk

Trust: 3.75

Fetched: March 5, 2024, 9:18 a.m., Published: Feb. 26, 2024, 9 p.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: wireshark model: wireshark

Android Security Bulletin-March 2024 | Android Open Source Project

Related entries in the VARIoT vulnerabilities database: VAR-202312-2038, VAR-202312-1510, VAR-202403-0345

Trust: 4.25

Fetched: March 5, 2024, 9:17 a.m., Published: March 5, 2024, midnight
 Vulnerabilities: code execution, information disclosure, denial of service
Affected productsExternal IDs
vendor: samsung model: notes
vendor: samsung model: mobile
vendor: huawei model: huawei
vendor: google model: pixel
vendor: google model: android
vendor: motorola model: android
vendor: motorola model: motorola
db: NVD ids: CVE-2023-40081, CVE-2024-20020, CVE-2024-20026, CVE-2024-0053, CVE-2023-43548, CVE-2024-20005, CVE-2024-0050, CVE-2023-43549, CVE-2023-33042, CVE-2024-0049, CVE-2023-6241, CVE-2024-20023, CVE-2024-0047, CVE-2023-48425, CVE-2023-33105, CVE-2024-0045, CVE-2024-20022, CVE-2023-28578, CVE-2024-0052, CVE-2024-20025, CVE-2024-20027, CVE-2024-23717, CVE-2024-0048, CVE-2024-0044, CVE-2023-48424, CVE-2023-6143, CVE-2024-20028, CVE-2024-0051, CVE-2023-43539, CVE-2024-0046, CVE-2024-20024, CVE-2024-0039, CVE-2023-33066

Exploitation of Pulse Connect Secure Vulnerabilities | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202102-0809

Trust: 4.25

Fetched: March 5, 2024, 9:10 a.m., Published: March 5, 2023, midnight
 Vulnerabilities: factory default setting, authentication bypass
Affected productsExternal IDs
vendor: pulse secure model: connect secure
vendor: pulse secure model: pulse connect secure
db: NVD ids: CVE-2021-22900, CVE-2020-8243, CVE-2020-8260, CVE-2021-22893, CVE-2021-22894, CVE-2021-22984, CVE-2021-22899, CVE-2019-11510

CVE-2023-4966 (CitrixBleed): Invalidate Active or Persistent Sessions To Prevent Further Compromise - Blog | Tenable®

Trust: 4.75

Fetched: March 3, 2024, 9:22 a.m., Published: Dec. 6, 2023, 6:44 p.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
vendor: citrix model: application delivery controller
vendor: citrix model: netscaler application delivery controller
vendor: citrix model: gateway
vendor: citrix model: netscaler
vendor: citrix model: netscaler adc
vendor: citrix model: netscaler gateway
db: NVD ids: CVE-2023-4966

Cisco NX-OS Software External Border Gateway Protocol Denial of Service Vulnerability

Trust: 4.0

Fetched: March 3, 2024, 9:22 a.m., Published: Feb. 28, 2024, 3:57 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: nexus 9000
vendor: cisco model: nx-os
vendor: cisco model: 1000v
vendor: cisco model: nexus 7000
vendor: cisco model: cisco nexus 9000 series
vendor: cisco model: nx-os software
vendor: cisco model: series
vendor: cisco model: nexus 3000
vendor: cisco model: nexus 1000v
vendor: cisco model: nexus 9500
vendor: cisco model: nexus 9000 series
vendor: cisco model: series switches
vendor: cisco model: cisco nx-os
vendor: cisco model: nexus

Azure-connected IoT devices at risk of RCE due to critical vulnerability | SC Media

Trust: 5.0

Fetched: March 1, 2024, 9:17 a.m., Published: Feb. 29, 2024, 10:29 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-27099

Ivanti discloses fifth vulnerability • The Register

Trust: 5.0

Fetched: Feb. 28, 2024, 9:40 a.m., Published: -
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2024-22024

What is Network Penetration Testing And Best PenTest Tools?

Trust: 3.5

Fetched: Feb. 28, 2024, 9:38 a.m., Published: Feb. 26, 2024, midnight
 Vulnerabilities: command execution, privilege escalation
Affected productsExternal IDs
vendor: wireshark model: wireshark

Bitsight Discovers Critical Vulnerabilities in GPS Tracker

Trust: 3.5

Fetched: Feb. 28, 2024, 9:38 a.m., Published: July 19, 2022, midnight
 Vulnerabilities: cross-site scripting, authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2022-2141, CVE-2022-34150, CVE-2022-2107, CVE-2022-33944, CVE-2022-2199

SSH Protocol Flaw CVE-2023-48795 Terrapin Attack: All You Need To Know

Trust: 3.5

Fetched: Feb. 28, 2024, 9:30 a.m., Published: Dec. 25, 2023, 7:48 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: filezilla model: server
vendor: wireshark model: wireshark
db: NVD ids: CVE-2023-48795

Maximize Your Vulnerability Scan Value with Authenticated Scanning - Blog | Tenable®

Trust: 3.5

Fetched: Feb. 28, 2024, 9:27 a.m., Published: Nov. 30, 2023, 1:55 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: barracuda model: barracuda
vendor: trend model: security
vendor: trend model: internet security
db: NVD ids: CVE-2023-2868

November 2023 Web Application Vulnerabilities Released | Qualys Notifications

Trust: 5.25

Fetched: Feb. 28, 2024, 9:26 a.m., Published: Nov. 30, 2023, 3:53 p.m.
 Vulnerabilities: request forgery, command execution, directory traversal...
Affected productsExternal IDs
vendor: cisco systems model: ios xe
vendor: cisco systems model: information server
vendor: cisco systems model: series
vendor: cisco systems model: cisco ios xe
vendor: cisco systems model: cisco ios
vendor: barracuda model: barracuda
vendor: ipswitch model: ws_ftp
vendor: ipswitch model: ws_ftp server
vendor: cisco model: ios xe
vendor: cisco model: information server
vendor: cisco model: series
vendor: cisco model: cisco ios xe
vendor: cisco model: cisco ios
db: NVD ids: CVE-2023-44352, CVE-2023-41339, CVE-2023-20198, CVE-2023-4822, CVE-2023-44351, CVE-2023-43795, CVE-2023-22518, CVE-2023-26347, CVE-2023-40044, CVE-2023-3042, CVE-2023-44353, CVE-2023-44355, CVE-2023-6063, CVE-2023-44350, CVE-2023-46214, CVE-2023-40045, CVE-2023-42657, CVE-2023-22515, CVE-2023-46819, CVE-2023-2868, CVE-2023-36845

Microsoft’s December 2023 Patch Tuesday Addresses 33 CVEs (CVE-2023-36019) - Blog | Tenable®

Trust: 4.75

Fetched: Feb. 28, 2024, 9:26 a.m., Published: Dec. 12, 2023, 7:02 p.m.
 Vulnerabilities: cross-site scripting, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-36036, CVE-2023-35630, CVE-2023-35628, CVE-2023-36019, CVE-2023-36696, CVE-2023-20588, CVE-2023-35641

Be Careful with Audio on Your Device: A Vulnerability in Audio Could Allow Hackers Access

Trust: 3.25

Fetched: Feb. 28, 2024, 9:25 a.m., Published: Dec. 27, 2023, 4:01 a.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
db: NVD ids: CVE-2023-21672

Microsoft’s January 2024 Patch Tuesday Addresses 48 CVEs (CVE-2024-20674) - Blog | Tenable®

Trust: 4.75

Fetched: Feb. 28, 2024, 9:25 a.m., Published: Jan. 9, 2024, 7:04 p.m.
 Vulnerabilities: information disclosure, code execution, security feature bypass...
Affected productsExternal IDs
db: NVD ids: CVE-2024-20698, CVE-2023-29336, CVE-2023-36036, CVE-2024-20653, CVE-2024-21310, CVE-2024-20683, CVE-2022-35737, CVE-2024-20686, CVE-2023-24955, CVE-2024-21318, CVE-2023-29357, CVE-2024-20674

Millions of Routers at Risk: CVE-2024-21833 Threatens TP-Link Devices

Related entries in the VARIoT vulnerabilities database: VAR-202309-2445

Trust: 4.5

Fetched: Feb. 27, 2024, 9:23 a.m., Published: Feb. 1, 2024, 9:43 a.m.
 Vulnerabilities: os command injection, command injection
Affected productsExternal IDs
vendor: d-link model: dir-806
vendor: d-link model: router
vendor: cisco model: ios xe
vendor: cisco model: cisco ios xe
vendor: cisco model: router
vendor: cisco model: routers
vendor: cisco model: cisco ios
vendor: trend model: security
vendor: tp-link model: routers
db: NVD ids: CVE-2023-20198, CVE-2021-27860, CVE-2023-43128, CVE-2024-21833

January 2024: Key Threat Actors, Malware and Exploited Vulnerabilities

Related entries in the VARIoT vulnerabilities database: VAR-202401-1629, VAR-202110-1691, VAR-202401-2573

Trust: 5.25

Fetched: Feb. 27, 2024, 9:22 a.m., Published: Jan. 27, 2024, midnight
 Vulnerabilities: authentication bypass, code execution, path traversal...
Affected productsExternal IDs
vendor: trend micro model: security
vendor: citrix model: netscaler gateway
vendor: citrix model: netscaler adc
vendor: citrix model: application delivery controller
vendor: citrix model: netscaler application delivery controller
vendor: citrix model: netscaler
vendor: citrix model: gateway
vendor: cisco model: unified communications manager
vendor: cisco model: netscaler gateway
vendor: cisco model: unified communications
vendor: cisco model: unified contact center express
vendor: cisco model: unity
vendor: cisco model: unified communications manager session management edition
vendor: cisco model: h
vendor: cisco model: unified communications manager im & presence service
vendor: cisco model: cisco unified communications manager
vendor: cisco model: routers
vendor: cisco model: unity connection
vendor: cisco model: virtualized voice browser
vendor: trend model: security
vendor: trendmicro model: security
db: NVD ids: CVE-2023-6549, CVE-2023-36025, CVE-2017-9841, CVE-2018-15133, CVE-2024-20253, CVE-2024-21887, CVE-2023-20867, CVE-2021-41773, CVE-2023-34048, CVE-2023-46805, CVE-2023-22527, CVE-2023-4966, CVE-2023-6548

Microsoft’s February 2024 Patch Tuesday Addresses 73 CVEs (CVE-2024-21351, CVE-2024-21412) - Blog | Tenable®

Related entries in the VARIoT vulnerabilities database: VAR-202402-1774

Trust: 5.25

Fetched: Feb. 27, 2024, 9:21 a.m., Published: Feb. 13, 2024, 6:51 p.m.
 Vulnerabilities: security feature bypass, code execution, feature bypass...
Affected productsExternal IDs
vendor: trend micro model: security
vendor: trend model: security
vendor: check point model: check point
db: NVD ids: CVE-2021-34473, CVE-2021-34523, CVE-2021-26855, CVE-2024-21338, CVE-2024-21345, CVE-2024-21410, CVE-2024-21371, CVE-2024-21413, CVE-2024-21362, CVE-2021-31207, CVE-2024-21340, CVE-2024-21341, CVE-2024-21351, CVE-2022-41082, CVE-2024-21412, CVE-2024-21378, CVE-2022-41040

CISA Urges Router Makers To Improve Security

Trust: 3.75

Fetched: Feb. 27, 2024, 9:20 a.m., Published: Feb. 2, 2024, 2 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: home
db: NVD ids: CVE-2024-21893, CVE-2023-46805, CVE-2024-21888, CVE-2024-21887