VARIoT latest news about IoT security

Critical Vulnerability Present in Junos OS SRX and EX Series Devices \| Access Point Technology Trust: 4.0 Fetched: Jan. 28, 2024, 10:17 a.m., Published: Jan. 18, 2024, 9:42 p.m.	Vulnerabilities: denial of service, code execution, privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2024-21591

Cisco fixes Critical Vulnerability in Unified Communications- CVE-2024-20253 Related entries in the VARIoT vulnerabilities database: VAR-202203-0835, VAR-202203-0836, VAR-202201-1522 Trust: 4.0 Fetched: Jan. 28, 2024, 10:17 a.m., Published: Jan. 26, 2024, 2:42 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	cisco	model:	telepresence video communication server
vendor:	cisco	model:	unity connection
vendor:	cisco	model:	unified communications manager im & presence service
vendor:	cisco	model:	unified contact center express
vendor:	cisco	model:	telepresence
vendor:	cisco	model:	cisco unity
vendor:	cisco	model:	cisco expressway
vendor:	cisco	model:	cisco telepresence
vendor:	cisco	model:	virtualized voice browser
vendor:	cisco	model:	expressway series
vendor:	cisco	model:	unity
vendor:	cisco	model:	cisco unity connection
vendor:	cisco	model:	unified communications
vendor:	cisco	model:	unified communications manager session management edition
vendor:	cisco	model:	series
vendor:	cisco	model:	unified communications manager
vendor:	cisco	model:	expressway

db:

NVD

ids:

CVE-2022-20754, CVE-2022-20755, CVE-2022-20658, CVE-2024-20253

WARNING: NEW REMOTE CODE EXECUTION VULNERABILITY IN MULTIPLE CISCO PRODUCTS, PATCH IMMEDIATELY! \| Cert Trust: 5.25 Fetched: Jan. 28, 2024, 10:15 a.m., Published: Jan. 25, 2024, 7:24 p.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2024-20253

Juniper Junos OS: 2024-01 Security Bulletin: Junos OS and Junos OS Evolved: A specific BGP UPDATE message will cause a crash in the backup Routing Engine in NSR-enabled devices (JSA75735) (CVE-2024-21596) Trust: 4.0 Fetched: Jan. 28, 2024, 10:15 a.m., Published: Jan. 28, 2024, midnight	Vulnerabilities: denial of service, memory overwrite, buffer overflow

Affected products

External IDs

db:

NVD

ids:

CVE-2024-21596

5379 GitLab Servers are Vulnerable to Zero-Click Takeover Attacks Trust: 3.75 Fetched: Jan. 28, 2024, 10:14 a.m., Published: Jan. 25, 2024, 1:07 p.m.	Vulnerabilities: improper access control

Affected products

External IDs

db:

NVD

ids:

CVE-2023-7028, CVE-2023-4812, CVE-2023-6955, CVE-2023-2030, CVE-2023-5356

CVE - CVE-2017-5638 Related entries in the VARIoT vulnerabilities database: VAR-201703-0755 Trust: 3.25 Fetched: Jan. 28, 2024, 10:13 a.m., Published: Jan. 3, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2017-5638

WARNING: NEW REMOTE CODE EXECUTION VULNERABILITY IN MULTIPLE CISCO PRODUCTS, PATCH IMMEDIATELY! \| Cert Trust: 5.25 Fetched: Jan. 28, 2024, 10:13 a.m., Published: Jan. 25, 2024, 7:24 p.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2024-20253

System BIOS komputerów Alienware x15/x17 R2 \| Szczegóły sterownika \| Dell Polska Trust: 3.25 Fetched: Jan. 28, 2024, 10:12 a.m., Published: Jan. 16, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

dell

model:

bios

Two Zero-Day Vulnerabilities Impacting Ivanti Connect Secure and Policy Secure Gateways Trust: 4.75 Fetched: Jan. 28, 2024, 10:12 a.m., Published: Jan. 15, 2024, midnight	Vulnerabilities: code execution, authentication bypass, command injection

Affected products

External IDs

db:

NVD

ids:

CVE-2023-46805, CVE-2024-21887

WARNING: NEW REMOTE CODE EXECUTION VULNERABILITY IN MULTIPLE CISCO PRODUCTS, PATCH IMMEDIATELY! \| Cert Trust: 5.25 Fetched: Jan. 28, 2024, 10:11 a.m., Published: Jan. 25, 2024, 7:24 p.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2024-20253

CVE-2024-23624 - vulnerability database \| Vulners.com Trust: 5.0 Fetched: Jan. 28, 2024, 10:05 a.m., Published: Jan. 26, 2024, 12:15 a.m.	Vulnerabilities: command execution, command injection

Affected products

External IDs

vendor:

d-link

model:

dap-1650

db:

NVD

ids:

CVE-2024-23624

About the security content of iOS 15.7.3 and iPadOS 15.7.3 - Apple Support Related entries in the VARIoT vulnerabilities database: VAR-202301-1707, VAR-202301-1717, VAR-202301-1713, VAR-202301-1710, VAR-202301-1706 Trust: 3.75 Fetched: Jan. 28, 2024, 10:05 a.m., Published: July 15, 2003, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	iphone
vendor:	apple	model:	ipad air
vendor:	apple	model:	ipod touch
vendor:	apple	model:	ipad

db:

NVD

ids:

CVE-2023-23498, CVE-2023-23503, CVE-2023-23505, CVE-2023-23504, CVE-2023-23500

CVE-2024-23630 - vulnerability database \| Vulners.com Trust: 6.25 Fetched: Jan. 28, 2024, 9:58 a.m., Published: Jan. 26, 2024, 12:15 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:

motorola

model:

motorola

db:

NVD

ids:

CVE-2024-23630

Zero-click attacks: everything you need to know \| TSC Trust: 3.25 Fetched: Jan. 28, 2024, 9:56 a.m., Published: Jan. 18, 2024, noon	Vulnerabilities: memory corruption, cross-site request forgery, request forgery...

Affected products

External IDs

vendor:	rapid	model:	scada
vendor:	apple	model:	iphone
vendor:	essential	model:	phone

CVE-2024-23625 - vulnerability database \| Vulners.com Trust: 5.0 Fetched: Jan. 28, 2024, 9:54 a.m., Published: Jan. 26, 2024, 12:15 a.m.	Vulnerabilities: command execution, command injection

Affected products

External IDs

vendor:

d-link

model:

dap-1650

db:

NVD

ids:

CVE-2024-23625

Vulnerability • InfoTech & InfoSec News Trust: 4.0 Fetched: Jan. 28, 2024, 9:53 a.m., Published: Jan. 26, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	webkit
vendor:	apple	model:	tvos
vendor:	apple	model:	safari
vendor:	apple	model:	macos

db:

NVD

ids:

CVE-2024-23222

SVR hackers breach Microsoft, steal emails from the security team Trust: 4.5 Fetched: Jan. 28, 2024, 9:53 a.m., Published: Jan. 22, 2024, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	palo	model:	networks
vendor:	trend	model:	security
vendor:	trend	model:	data loss prevention
vendor:	trend micro	model:	security
vendor:	trend micro	model:	data loss prevention
vendor:	google	model:	chrome
vendor:	google	model:	home
vendor:	google	model:	wifi
vendor:	palo alto networks	model:	networks
vendor:	apple	model:	macos

db:

NVD

ids:

CVE-2023-46805, CVE-2024-21887, CVE-2023-34048, CVE-2024-0517, CVE-2024-22195

AlmaLinux 9 : grub2 (ALSA-2024:0468) - vulnerability database \| Vulners.com Trust: 4.75 Fetched: Jan. 28, 2024, 9:42 a.m., Published: Jan. 26, 2024, midnight	Vulnerabilities: authentication bypass

Affected products

External IDs

vendor:

alsa

model:

alsa

db:

NVD

ids:

CVE-2023-4001

Cisco Unified Communications Products Remote Code Execution ... - vulnerability database \| Vulners.com Trust: 5.25 Fetched: Jan. 28, 2024, 9:42 a.m., Published: Jan. 24, 2024, 4 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:

cisco

model:

unified communications

8 BEST Web Vulnerability Scanning Tools Trust: 3.25 Fetched: Jan. 28, 2024, 9:34 a.m., Published: Jan. 8, 2024, midnight	Vulnerabilities: cross-site scripting, sql injection

Affected products

External IDs

vendor:	snort	model:	snort
vendor:	essential	model:	phone

VARIoT news about IoT security