VARIoT latest news about IoT security

10 Critical Web Injection Attacks in 2024 (Risks & Mitigation) Trust: 3.5 Fetched: Jan. 19, 2024, 9:48 a.m., Published: Jan. 1, 2024, 8:01 a.m.	Vulnerabilities: request forgery, code injection, arbitrary command execution...

Affected products	External IDs

A new vulnerability affecting Apple, AMD, and Qualcomm GPUs could expose AI data \| TechSpot Trust: 3.5 Fetched: Jan. 19, 2024, 9:42 a.m., Published: Jan. 19, 4070, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	macbook air
vendor:	apple	model:	iphone
vendor:	apple	model:	macbook

db:

NVD

ids:

CVE-2023-4969

A big potential security flaw was just spotted in Apple chips and it all has to do with AI development - “LeftoverLocals” vulnerability could give hackers data from GPU local memory \| iMore Trust: 3.0 Fetched: Jan. 19, 2024, 9:41 a.m., Published: Jan. 18, 2024, 10:56 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	macbook air
vendor:	apple	model:	ipad
vendor:	apple	model:	ipad air
vendor:	apple	model:	iphone
vendor:	apple	model:	macbook

System BIOS komputera Dell XPS 9305 \| Szczegóły sterownika \| Dell Polska Trust: 3.25 Fetched: Jan. 19, 2024, 9:41 a.m., Published: Jan. 19, 9305, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

dell

model:

bios

Cutting Edge: Suspected APT Targets Ivanti Connect Secure VPN in New Zero-Day Exploitation \| Mandiant Trust: 5.25 Fetched: Jan. 19, 2024, 9:40 a.m., Published: Jan. 22, 2024, midnight	Vulnerabilities: arbitrary command execution, command injection, authentication bypass...

Affected products

External IDs

vendor:	google	model:	home
vendor:	pulse secure	model:	policy secure
vendor:	pulse secure	model:	connect secure

db:

NVD

ids:

CVE-2024-21887, CVE-2023-46805

System BIOS komputerów Alienware x15/x17 R1 \| Szczegóły sterownika \| Dell Polska Trust: 3.25 Fetched: Jan. 19, 2024, 9:40 a.m., Published: Jan. 10, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

dell

model:

bios

System BIOS komputera Dell XPS 9305 \| Szczegóły sterownika \| Dell Polska Trust: 3.25 Fetched: Jan. 19, 2024, 9:29 a.m., Published: Jan. 19, 9305, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

dell

model:

bios

1,700 Ivanti VPN devices compromised. Are yours among them? - Help Net Security Trust: 3.5 Fetched: Jan. 19, 2024, 9:29 a.m., Published: Jan. 16, 2024, 3:07 p.m.	Vulnerabilities: command injection, authentication bypass

Affected products

External IDs

db:

NVD

ids:

CVE-2024-21887, CVE-2023-46805

Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation Vulnerability Trust: 4.25 Fetched: Jan. 19, 2024, 9:24 a.m., Published: Jan. 10, 2024, 3:55 p.m.	Vulnerabilities: privilege escalation

Affected products	External IDs

LeftoverLocals GPU Flaw Exposes AI Data in Devices Equipped with Apple, AMD, and Qualcomm Hardware \| Technology News Trust: 3.75 Fetched: Jan. 19, 2024, 9:23 a.m., Published: Jan. 18, 2024, 10:12 a.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	ipad
vendor:	apple	model:	macbook
vendor:	apple	model:	macbook air
vendor:	apple	model:	iphone

db:

NVD

ids:

CVE-2023-4969

CVE-2023-6548, CVE-2023-6549: Zero-Day Vulnerabilities Exploited in Citrix NetScaler ADC and NetScaler Gateway - Blog \| Tenable® Related entries in the VARIoT vulnerabilities database: VAR-202401-1629, VAR-202401-2573 Trust: 5.5 Fetched: Jan. 19, 2024, 9:22 a.m., Published: Jan. 16, 2024, 11:45 p.m.	Vulnerabilities: code execution, denial of service

Affected products

External IDs

vendor:	citrix	model:	netscaler gateway
vendor:	citrix	model:	gateway
vendor:	citrix	model:	netscaler
vendor:	citrix	model:	application delivery controller
vendor:	citrix	model:	netscaler application delivery controller
vendor:	citrix	model:	netscaler adc

db:

NVD

ids:

CVE-2023-6549, CVE-2023-4966, CVE-2023-6548, CVE-2024-6549

Cisco WAP371 Wireless Access Point Command Injection Vulnerability Trust: 5.0 Fetched: Jan. 19, 2024, 9:22 a.m., Published: Jan. 10, 2024, 3:55 p.m.	Vulnerabilities: command injection

Affected products

External IDs

vendor:	cisco	model:	wireless access point
vendor:	cisco	model:	wap371

Cisco Unity Connection Unauthenticated Arbitrary File Upload Vulnerability Trust: 3.75 Fetched: Jan. 19, 2024, 9:12 a.m., Published: Jan. 10, 2024, 3:55 p.m.	Vulnerabilities: file upload vulnerability

Affected products

External IDs

vendor:	cisco	model:	cisco unity
vendor:	cisco	model:	cisco unity connection
vendor:	cisco	model:	unity connection
vendor:	cisco	model:	unity

Identifying and Mitigating Exploitation of the IKEv1 Information Disclosure Vulnerability in Multiple Cisco Products Related entries in the VARIoT vulnerabilities database: VAR-201609-0325 Trust: 4.5 Fetched: Jan. 19, 2024, 9:10 a.m., Published: Jan. 4, 2024, midnight	Vulnerabilities: information disclosure

Affected products

External IDs

vendor:	sourcefire	model:	snort
vendor:	snort	model:	snort
vendor:	cisco systems	model:	series
vendor:	cisco systems	model:	catalyst
vendor:	cisco systems	model:	catalyst 6500
vendor:	cisco systems	model:	catalyst 6500 series
vendor:	cisco systems	model:	ips sensor
vendor:	cisco systems	model:	firewall services module
vendor:	cisco systems	model:	7600 series
vendor:	cisco systems	model:	cisco intrusion prevention system
vendor:	cisco systems	model:	fwsm
vendor:	cisco systems	model:	series routers
vendor:	cisco systems	model:	cisco catalyst 6500 series
vendor:	cisco systems	model:	cisco security manager
vendor:	cisco systems	model:	adaptive security appliance
vendor:	cisco systems	model:	cisco ios
vendor:	cisco systems	model:	asa 5500
vendor:	cisco systems	model:	sourcefire snort
vendor:	cisco systems	model:	routers
vendor:	cisco systems	model:	cisco adaptive security appliance
vendor:	cisco systems	model:	intrusion prevention system
vendor:	cisco systems	model:	cisco 7600 series
vendor:	cisco systems	model:	access points
vendor:	cisco systems	model:	ios software
vendor:	cisco systems	model:	security manager
vendor:	cisco systems	model:	series switches
vendor:	cisco systems	model:	ios-xe software
vendor:	cisco	model:	series
vendor:	cisco	model:	catalyst
vendor:	cisco	model:	catalyst 6500
vendor:	cisco	model:	catalyst 6500 series
vendor:	cisco	model:	ips sensor
vendor:	cisco	model:	firewall services module
vendor:	cisco	model:	7600 series
vendor:	cisco	model:	cisco intrusion prevention system
vendor:	cisco	model:	fwsm
vendor:	cisco	model:	series routers
vendor:	cisco	model:	cisco catalyst 6500 series
vendor:	cisco	model:	cisco security manager
vendor:	cisco	model:	adaptive security appliance
vendor:	cisco	model:	cisco ios
vendor:	cisco	model:	asa 5500
vendor:	cisco	model:	sourcefire snort
vendor:	cisco	model:	routers
vendor:	cisco	model:	cisco adaptive security appliance
vendor:	cisco	model:	intrusion prevention system
vendor:	cisco	model:	cisco 7600 series
vendor:	cisco	model:	access points
vendor:	cisco	model:	ios software
vendor:	cisco	model:	security manager
vendor:	cisco	model:	series switches
vendor:	cisco	model:	ios-xe software

db:	NVD	ids:	CVE-2016-6415
db:	CISCO	ids:	CISCO-SA-20160916-IKEV1

How to Know If Your Smart Home Is Vulnerable - Blog \| Tenable® Trust: 3.0 Fetched: Jan. 19, 2024, 9:09 a.m., Published: Jan. 23, 2020, 1 p.m.	Vulnerabilities: -

Affected products	External IDs

CVE - CVE-2017-11563 Related entries in the VARIoT vulnerabilities database: VAR-201808-0161 Trust: 4.75 Fetched: Jan. 17, 2024, 10:33 a.m., Published: Jan. 3, 2024, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	d-link	model:	dcs-825l
vendor:	d-link	model:	eyeon baby monitor

db:

NVD

ids:

CVE-2017-11563

IoT Security Statistics 2024 - Everything You Need to Know Trust: 4.0 Fetched: Jan. 17, 2024, 10:31 a.m., Published: Jan. 8, 2024, 7:53 p.m.	Vulnerabilities: memory corruption, sql injection, code execution

Affected products

External IDs

vendor:	palo	model:	networks
vendor:	samsung	model:	mobile
vendor:	samsung	model:	notes
vendor:	samsung	model:	mobile devices
vendor:	symantec	model:	antivirus
vendor:	palo alto networks	model:	networks
vendor:	sonicwall	model:	remote access
vendor:	cisco	model:	router
vendor:	cisco	model:	routers
vendor:	cisco	model:	small business

24-003 (January 16, 2024) - Threat Encyclopedia Trust: 4.5 Fetched: Jan. 17, 2024, 10:30 a.m., Published: Jan. 16, 2024, midnight	Vulnerabilities: sql injection, path traversal, cross-site scripting...

Affected products

External IDs

vendor:	trend	model:	security
vendor:	squid	model:	squid
vendor:	zoho	model:	manageengine applications manager
vendor:	trend micro	model:	security

db:

NVD

ids:

CVE-2023-38333, CVE-2020-11978, CVE-2023-44466, CVE-2023-52326, CVE-2023-52325, CVE-2023-46847, CVE-2023-30258, CVE-2023-32707, CVE-2023-22273, CVE-2023-49085

OODA Loop - Kyocera Device Manager Vulnerability Exposes Enterprise Credentials Trust: 5.0 Fetched: Jan. 17, 2024, 10:30 a.m., Published: Jan. 10, 2024, 2:45 p.m.	Vulnerabilities: input validation flaw

Affected products

External IDs

db:

NVD

ids:

CVE-2023-50916

Distributed Energy Generation Gateway (In)Security - Security News - Trend Micro VN Trust: 4.75 Fetched: Jan. 17, 2024, 10:24 a.m., Published: -	Vulnerabilities: default password

Affected products

External IDs

vendor:	trend	model:	security
vendor:	enphase	model:	envoy
vendor:	trend micro	model:	security

VARIoT news about IoT security