Sign-up

VARIoT news about IoT security

BIG-IP iControl REST API vulnerability CVE-2024-22389

Trust: 3.5

Fetched: Feb. 16, 2024, 9:37 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-22389

CISA adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog

Trust: 5.5

Fetched: Feb. 16, 2024, 9:36 a.m., Published: Feb. 7, 2024, 7:30 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android
vendor: google model: chrome
vendor: google model: google chrome
db: NVD ids: CVE-2023-41992, CVE-2023-4762, CVE-2023-41993, CVE-2023-41991

What is Vulnerability Testing: CyberScope Explains

Trust: 3.0

Fetched: Feb. 16, 2024, 9:29 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs

Attackers injected novel DSLog backdoor into 670 vulnerable Ivanti devices (CVE-2024-21893) - Help Net Security

Trust: 4.75

Fetched: Feb. 16, 2024, 9:29 a.m., Published: Feb. 13, 2024, 10:58 a.m.
 Vulnerabilities: request forgery, privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2024-21888, CVE-2024-21887, CVE-2023-46805, CVE-2024-21893

Siemens CP343-1 Devices - vulnerability database | Vulners.com

Related entries in the VARIoT vulnerabilities database: VAR-202402-1248

Trust: 3.5

Fetched: Feb. 16, 2024, 9:27 a.m., Published: Feb. 15, 2024, noon
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: simatic cp
vendor: siemens model: simatic cp 343-1 lean
vendor: siemens model: simatic
vendor: siemens model: simatic cp 343-1
db: NVD ids: CVE-2023-51440

Siemens CP343-1 Devices | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202402-1248

Trust: 3.5

Fetched: Feb. 16, 2024, 9:27 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: simatic cp
vendor: siemens model: simatic cp 343-1 lean
vendor: siemens model: simatic
vendor: siemens model: simatic cp 343-1
db: NVD ids: CVE-2023-51440

Adobe Patch Tuesday fixed critical vulnerabilities in Magento, Acrobat and Reader

Trust: 3.75

Fetched: Feb. 16, 2024, 9:26 a.m., Published: Feb. 14, 2024, 9:25 a.m.
 Vulnerabilities: cross-site scripting, command injection, request forgery...
Affected productsExternal IDs
db: NVD ids: CVE-2024-20733, CVE-2024-20731, CVE-2024-20736, CVE-2024-20748, CVE-2024-20716, CVE-2024-20749, CVE-2024-20747, CVE-2024-20730, CVE-2024-20726, CVE-2024-20719, CVE-2024-20734, CVE-2024-20735, CVE-2024-20717, CVE-2024-20720, CVE-2024-20727, CVE-2024-20718, CVE-2024-20729, CVE-2024-20728

Hacking Android, Linux, macOS, iOS, Windows Devices via Bluetooth using a single vulnerability - Cybernoz

Trust: 4.0

Fetched: Feb. 16, 2024, 9:26 a.m., Published: Jan. 23, 2024, 7:25 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: oneplus model: 7 pro
db: NVD ids: CVE-2023-45866, CVE-2024-21306

Outlook's decades-old vulnerability allowed for catastrophic attacks without any user interaction

Trust: 3.0

Fetched: Feb. 16, 2024, 9:25 a.m., Published: Feb. 15, 2024, 11:08 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-21413

Urgent patches available for QNAP vulnerabilities, one 0-day • The Register

Trust: 5.25

Fetched: Feb. 16, 2024, 9:19 a.m., Published: -
 Vulnerabilities: command execution, arbitrary command execution, command injection...
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo model: networks
db: NVD ids: CVE-2023-50358, CVE-2023-47218

Cisco Secure Endpoint DoS (cisco-sa-clamav-dos-FTkhqMWZ) - vulnerability database | Vulners.com

Trust: 4.75

Fetched: Feb. 16, 2024, 9:19 a.m., Published: Feb. 14, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: clamav
vendor: clamav model: clamav

The Top 10 IoT Security Tools | Expert Insights

Trust: 3.25

Fetched: Feb. 16, 2024, 9:18 a.m., Published: Aug. 14, 2023, 9:33 a.m.
 Vulnerabilities: -
Affected productsExternal IDs

Vulnerable Fortinet Devices: Low-hanging Fruit for Threat Actors - Cyble

Related entries in the VARIoT vulnerabilities database: VAR-202210-0198, VAR-202212-1132

Trust: 3.5

Fetched: Feb. 16, 2024, 9:17 a.m., Published: Feb. 16, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
vendor: fortigate model: fortios
db: NVD ids: CVE-2023-27997, CVE-2022-40684, CVE-2022-42475, CVE-2024-21762

QNAP fixes OS command injection flaws affecting its NAS devices (CVE-2023-47218, CVE-2023-50358) - Help Net Security

Trust: 5.5

Fetched: Feb. 16, 2024, 9:10 a.m., Published: Feb. 14, 2024, 10:38 a.m.
 Vulnerabilities: command injection, command execution, os command injection...
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo model: networks
db: NVD ids: CVE-2023-47565, CVE-2023-50358, CVE-2023-47218

New Vulnerability in QNAP QTS Firmware: CVE-2023-50358

Trust: 4.25

Fetched: Feb. 16, 2024, 9:09 a.m., Published: Feb. 13, 2024, 3 a.m.
 Vulnerabilities: command execution, arbitrary command execution, command injection...
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo model: networks
vendor: palo model: firewall
vendor: qnap model: qnap qts
vendor: qnap model: systems nas devices
db: NVD ids: CVE-2023-50358

List of Advisories

Trust: 4.25

Fetched: Feb. 14, 2024, 10:15 a.m., Published: Feb. 1, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

How Long Does a Smart Home Installation Take? - ByRetreat

Trust: 3.5

Fetched: Feb. 14, 2024, 10:14 a.m., Published: Jan. 27, 2024, 11:43 a.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs

What Is the Job Description of a Home Automation Person? - ByRetreat

Trust: 3.5

Fetched: Feb. 14, 2024, 10:13 a.m., Published: Jan. 31, 2024, 8:15 a.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs

Apple’s new Stolen Device Protection has a big vulnerability. Here’s how to fix it - BackBox.org News

Trust: 3.25

Fetched: Feb. 14, 2024, 10:12 a.m., Published: Jan. 29, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone

New Fortinet RCE vulnerability potentially under exploitation | SC Media

Related entries in the VARIoT vulnerabilities database: VAR-202212-1132

Trust: 5.5

Fetched: Feb. 14, 2024, 10:11 a.m., Published: March 15, 2023, 6 p.m.
 Vulnerabilities: os command injection, command injection, code execution
Affected productsExternal IDs
vendor: fortigate model: fortios
vendor: citrix model: gateway
db: NVD ids: CVE-2022-42475, CVE-2024-23108, CVE-2024-21762, CVE-2024-23113, CVE-2023-34992, CVE-2023-27997, CVE-2024-23109