Sign-up

VARIoT news about IoT security

CVE - CVE-2023-43115

Trust: 3.25

Fetched: Jan. 12, 2024, 9:51 a.m., Published: Jan. 3, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-43115

CVE-2024-20666 Vulnerability Creates Patch Failures for WinRE OS Update - NinjaOne

Trust: 3.25

Fetched: Jan. 12, 2024, 9:51 a.m., Published: Jan. 10, 2024, 5:21 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-20666

CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign

Trust: 3.5

Fetched: Jan. 12, 2024, 9:50 a.m., Published: Jan. 12, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
vendor: trend model: antivirus
vendor: trend micro model: security
vendor: trend micro model: antivirus
vendor: filezilla model: server
db: NVD ids: CVE-2023-36025

Kyocera Device Manager Vulnerability (CVE-2023-50916) and QNAP Systems Security Fixes - CyberSRC

Trust: 3.0

Fetched: Jan. 12, 2024, 9:49 a.m., Published: Jan. 10, 2024, 7:36 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-50916

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability - Cisco

Trust: 5.0

Fetched: Jan. 12, 2024, 9:38 a.m., Published: Jan. 10, 2024, 10:05 a.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: cisco model: identity services engine
vendor: cisco model: cisco identity services engine

Security Vulnerability in KYOCERA Device Manager | KYOCERA Document Solutions

Trust: 3.25

Fetched: Jan. 12, 2024, 9:33 a.m., Published: Jan. 11, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-50916

Cisco Fixes High-Risk Vulnerability Impacting Unity Connection Software

Trust: 5.75

Fetched: Jan. 12, 2024, 9:32 a.m., Published: Jan. 11, 2024, 4:55 a.m.
 Vulnerabilities: command injection, file upload bug, improper validation
Affected productsExternal IDs
vendor: cisco model: wap371
vendor: cisco model: cisco unity
vendor: cisco model: unity
vendor: cisco model: identity services engine
vendor: cisco model: cisco unity connection
vendor: cisco model: wireless access point
vendor: cisco model: telepresence
vendor: cisco model: telepresence management suite
vendor: cisco model: unity connection
db: NVD ids: CVE-2024-20287, CVE-2024-20272

Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887) - Help Net Security

Trust: 3.5

Fetched: Jan. 12, 2024, 9:32 a.m., Published: Jan. 11, 2024, 11:35 a.m.
 Vulnerabilities: command injection, command execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-21887, CVE-2023-46805

Security Vulnerability in KYOCERA Device Manager

Trust: 3.25

Fetched: Jan. 12, 2024, 9:27 a.m., Published: Jan. 24, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-50916

(Response) Splitting Up Reverse Proxies To Reach Internal Only Paths

Trust: 3.75

Fetched: Jan. 12, 2024, 9:26 a.m., Published: Jan. 24, 2024, midnight
 Vulnerabilities: response splitting vulnerability
Affected productsExternal IDs

.NET January 2024 Updates - .NET 8.0.1, 7.0.15, .NET 6.0.26 - .NET Blog

Trust: 5.0

Fetched: Jan. 12, 2024, 9:26 a.m., Published: Jan. 9, 2024, 6 p.m.
 Vulnerabilities: feature bypass, denial of service, security feature bypass...
Affected productsExternal IDs
db: NVD ids: CVE-2024-0057, CVE-2024-21319, CVE-2024-0056

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

Trust: 5.0

Fetched: Jan. 12, 2024, 9:20 a.m., Published: Jan. 10, 2024, 3:55 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: cisco model: identity services engine
vendor: cisco model: cisco identity services engine

Cisco WAP371 Wireless Access Point Command Injection Vulnerability - Cisco

Trust: 5.0

Fetched: Jan. 12, 2024, 9:20 a.m., Published: Jan. 10, 2024, 10:05 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: cisco model: wap371
vendor: cisco model: wireless access point

Actively exploited 0-days in Ivanti VPN are letting hackers backdoor networks | Ars Technica

Trust: 5.75

Fetched: Jan. 12, 2024, 9:20 a.m., Published: Jan. 10, 2024, 10:18 p.m.
 Vulnerabilities: command execution
Affected productsExternal IDs
vendor: pulse secure model: connect secure
vendor: citrix model: netscaler gateway
vendor: citrix model: gateway
vendor: citrix model: netscaler application delivery controller
vendor: citrix model: application delivery controller
vendor: citrix model: netscaler
db: NVD ids: CVE-2023-49103, CVE-2023-46805, CVE-2022-47966, CVE-2024-21887, CVE-2023-34362

Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation Vulnerability

Trust: 4.25

Fetched: Jan. 12, 2024, 9:19 a.m., Published: Jan. 10, 2024, 3:55 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs

Ivanti warns of critical vulnerability in its popular line of endpoint protection software | Ars Technica

Trust: 3.5

Fetched: Jan. 12, 2024, 9:19 a.m., Published: Jan. 5, 2024, 10:33 p.m.
 Vulnerabilities: sql injection, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-39336

Type Juggling Leads to Two Vulnerabilities in POST SMTP Mailer WordPress Plugin

Trust: 3.75

Fetched: Jan. 12, 2024, 9:13 a.m., Published: Jan. 10, 2024, 4:01 p.m.
 Vulnerabilities: cross-site scripting, code execution
Affected productsExternal IDs

Microsoft fixes 48 bugs in January Patch Tuesday, none of them zero-days | SC Media

Trust: 4.5

Fetched: Jan. 12, 2024, 9:13 a.m., Published: Jan. 10, 2024, 4:04 p.m.
 Vulnerabilities: code execution, information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2024-20674, CVE-2024-20700, CVE-2024-21318, CVE-2024-0056, CVE-2024-20677

Cisco WAP371 Wireless Access Point Command Injection Vulnerability

Trust: 5.0

Fetched: Jan. 12, 2024, 9:12 a.m., Published: Jan. 10, 2024, 3:55 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: cisco model: wap371
vendor: cisco model: wireless access point

Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN | Volexity

Trust: 5.25

Fetched: Jan. 12, 2024, 9:11 a.m., Published: Jan. 10, 2024, 7 p.m.
 Vulnerabilities: code execution, command execution
Affected productsExternal IDs
vendor: pulse secure model: connect secure
vendor: pulse secure model: pulse connect secure
vendor: pulsesecure model: connect secure
vendor: pulsesecure model: pulse connect secure
db: NVD ids: CVE-2024-21887, CVE-2023-46805