Sign-up

VARIoT news about IoT security

Windows SmartScreen Vulnerability Exploited to Spread Phemedrone Stealer - Gridinsoft Blog

Trust: 3.5

Fetched: Jan. 17, 2024, 10:06 a.m., Published: Jan. 12, 2024, 9:58 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2023-36025, CVE-2023-38831

Security Advisories | Trustwave

Trust: 5.5

Fetched: Jan. 17, 2024, 10:05 a.m., Published: Jan. 24, 2024, midnight
 Vulnerabilities: command injection, privilege elevation, denial of service...
Affected productsExternal IDs
vendor: sophos model: mobile
vendor: sophos model: firewall
vendor: elephone model: p9000
vendor: sun microsystems model: linux
vendor: sun microsystems model: java
vendor: sun microsystems model: solaris
vendor: huawei model: huawei
vendor: huawei model: mobile broadband hl service
vendor: qnap model: photo station
vendor: lenovo model: desktop
vendor: lenovo model: system
vendor: zyxel model: adsl router
vendor: zyxel model: zywall
vendor: schneider model: ecostruxure machine expert
vendor: schneider model: modicon m221
vendor: schneider model: monitor pro
vendor: schneider model: monitor
vendor: schneider model: tableau server
vendor: d-link model: router
vendor: d-link model: dsl-2740e
vendor: d-link model: dsl-2888a
vendor: icewarp model: icewarp mail server
vendor: icewarp model: mail server
vendor: schneider electric model: ecostruxure machine expert
vendor: schneider electric model: modicon m221
vendor: schneider electric model: monitor pro
vendor: schneider electric model: monitor
vendor: schneider electric model: tableau server
vendor: avast model: antivirus
vendor: dbltek model: dbltek
vendor: insteon model: insteon hub
vendor: asus model: rt-ac1900p
vendor: asus model: router
vendor: asus model: routers
vendor: asus model: asus
vendor: camtron model: cmnc-200
vendor: proxmox model: proxmox mail gateway
vendor: proxmox model: mail gateway
vendor: solarwinds model: serv-u
vendor: xiaomi model: redmi
vendor: xiaomi model: browser
vendor: opsview model: monitor
vendor: cisco model: cisco webex
vendor: cisco model: webex meetings
vendor: cisco model: router
vendor: cisco model: routers
vendor: cisco model: adaptive security appliance
vendor: cisco model: linksys routers
vendor: cisco model: linksys
vendor: cisco model: cisco connected streaming analytics
vendor: cisco model: webex
vendor: cisco model: series
vendor: cisco model: cisco webex meetings
vendor: cisco model: secure desktop
vendor: cisco model: session border controller
vendor: cisco model: connected streaming analytics
vendor: serv-u model: ftp server
vendor: netgear model: router
vendor: netgear model: r7800
vendor: netgear model: r8500
vendor: tableau model: server
vendor: tableau model: tableau server
vendor: comcast model: docsis
db: NVD ids: CVE-2018-8006, CVE-2018-16962, CVE-2018-2892

Another home thermostat found vulnerable to attack - CyberGuy

Trust: 3.5

Fetched: Jan. 17, 2024, 10:04 a.m., Published: Jan. 15, 2024, 10:11 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: wifi
vendor: google model: home
vendor: trane model: thermostat
vendor: trane model: comfortlink ii

CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign

Trust: 3.5

Fetched: Jan. 17, 2024, 9:57 a.m., Published: Jan. 12, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
vendor: trend model: antivirus
vendor: filezilla model: server
vendor: trend micro model: security
vendor: trend micro model: antivirus
db: NVD ids: CVE-2023-36025

Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591) - Help Net Security

Trust: 5.25

Fetched: Jan. 17, 2024, 9:56 a.m., Published: Jan. 15, 2024, 9:03 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-21591

CVE-2024-21591 - Out of bounds write vulnerability Juno OS SRX and EX Series

Trust: 4.0

Fetched: Jan. 17, 2024, 9:51 a.m., Published: Jan. 18, 2024, midnight
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-21591

Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches

Trust: 5.75

Fetched: Jan. 17, 2024, 9:50 a.m., Published: Jan. 13, 2024, 10:45 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: hewlett packard enterprise model: switches
vendor: hewlett packard model: switches
db: NVD ids: CVE-2024-21591, CVE-2024-21611

Millions of Samsung owners urged 'tap settings today' in 'critical' alert - Birmingham Live

Trust: 3.75

Fetched: Jan. 17, 2024, 9:49 a.m., Published: Jan. 16, 2024, 7:45 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: galaxy note
vendor: samsung model: galaxy
vendor: samsung model: note
vendor: samsung model: mobile
vendor: samsung model: notes
db: NVD ids: CVE-2022-40507

Ivanti Connect Secure (ICS) and Ivanti Policy Secure Gateway Vulnerabilities Exploited in the Wild (CVE-2023-46805 & CVE-2024-21887) - Qualys ThreatPROTECT

Trust: 5.0

Fetched: Jan. 17, 2024, 9:49 a.m., Published: -
 Vulnerabilities: authentication bypass, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2023-46805, CVE-2024-21887

178,000 SonicWall firewalls are vulnerable to old DoS bugs • The Register

Trust: 5.5

Fetched: Jan. 17, 2024, 9:48 a.m., Published: -
 Vulnerabilities: denial of service, code execution, buffer overflow
Affected productsExternal IDs
vendor: sonicwall model: sonicos
db: NVD ids: CVE-2022-22274, CVE-2023-0656

SonicWall API opens 178k firewalls to attack | SC Media

Trust: 4.75

Fetched: Jan. 17, 2024, 9:48 a.m., Published: Jan. 16, 2024, 1:43 p.m.
 Vulnerabilities: denial of service, code execution, buffer overflow
Affected productsExternal IDs
vendor: sonicwall model: sonicos
db: NVD ids: CVE-2022-22274, CVE-2023-0656

Beware, all Windows and Mac devices possibly at risk - dangerous Opera security flaw could have allowed hackers to run any file they want | TechRadar

Trust: 4.25

Fetched: Jan. 17, 2024, 9:48 a.m., Published: Jan. 16, 2024, 6:09 p.m.
 Vulnerabilities: code injection
Affected productsExternal IDs
vendor: trend model: security

Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores

Trust: 3.5

Fetched: Jan. 17, 2024, 9:41 a.m., Published: Oct. 20, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
vendor: cups model: cups
vendor: trend micro model: security
db: NVD ids: CVE-2022-43677

Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation Vulnerability - Cisco

Trust: 4.25

Fetched: Jan. 17, 2024, 9:34 a.m., Published: Jan. 10, 2024, 10:05 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs

Internet of Things (IoT) Security: Issues and Solutions - Auslogics Blog

Trust: 3.5

Fetched: Jan. 17, 2024, 9:16 a.m., Published: Oct. 29, 2023, 5:44 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo alto networks model: networks

Overview of F5 vulnerabilities (October 26, 2023)

Trust: 4.75

Fetched: Jan. 17, 2024, 9:15 a.m., Published: -
 Vulnerabilities: sql injection, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-467479, CVE-2023-467488

Bosch Smart Thermostat Feels the Heat From Firmware Bug

Trust: 3.0

Fetched: Jan. 17, 2024, 9:15 a.m., Published: Jan. 5, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-49722

WordPress Patches Multiple Vulnerabilities in POST SMTP Mailer Plugin (CVE-2023-6875 & CVE-2023-7027) - Qualys ThreatPROTECT

Trust: 3.0

Fetched: Jan. 17, 2024, 9:14 a.m., Published: -
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2023-6875, CVE-2023-7027

New Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello Login

Trust: 3.75

Fetched: Jan. 17, 2024, 9:14 a.m., Published: Nov. 22, 2023, 3:23 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: lenovo model: thinkpad
db: NVD ids: CVE-2021-34466

CVE-2024-20666 - Security Update Guide - Microsoft - BitLocker Security Feature Bypass Vulnerability

Trust: 3.75

Fetched: Jan. 17, 2024, 9:13 a.m., Published: -
 Vulnerabilities: security feature bypass, feature bypass
Affected productsExternal IDs
db: NVD ids: CVE-2024-20666