Sign-up

VARIoT news about IoT security

Software Vulnerability - What You Need to Know: HeartBleed, Log4Shell, ProxyNotShell

Related entries in the VARIoT vulnerabilities database: VAR-201404-0592, VAR-202112-0566

Trust: 4.5

Fetched: Feb. 14, 2024, 10:11 a.m., Published: Feb. 8, 2024, midnight
 Vulnerabilities: cross-site scripting, code execution, authentication bypass...
Affected productsExternal IDs
db: NVD ids: CVE-2017-0144, CVE-2014-0160, CVE-2021-44228, CVE-2022-41040, CVE-2022-41082

Multiple malware used in attacks exploiting Ivanti VPN flaws

Trust: 4.0

Fetched: Feb. 14, 2024, 10:07 a.m., Published: Feb. 1, 2024, 10:53 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2024-21888, CVE-2024-21887, CVE-2023-46805, CVE-2024-21893

CVE-2024-20253: Cisco vulnerability allows arbitrary code execution on call center devices | Carding Forum for Professional Carders

Trust: 6.0

Fetched: Feb. 14, 2024, 10:06 a.m., Published: May 14, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: unified communications manager im & presence service
vendor: cisco model: virtualized voice browser
vendor: cisco model: unity
vendor: cisco model: unity connection
vendor: cisco model: unified contact center express
vendor: cisco model: unified communications manager
vendor: cisco model: unified communications manager session management edition
vendor: cisco model: unified communications
db: NVD ids: CVE-2024-20253

Unveiling Atlassian Confluence Vulnerability CVE-2023-22527: Understanding and Mitigating Remote Code Execution Risks

Trust: 5.0

Fetched: Feb. 14, 2024, 10:04 a.m., Published: Feb. 7, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-22527

vulnerability management Tender News | Latest vulnerability management Tender Notice

Trust: 3.0

Fetched: Feb. 14, 2024, 10:04 a.m., Published: Jan. 2, 2024, midnight
 Vulnerabilities: configuration vulnerability
Affected productsExternal IDs

Apple neglects to patch multiple critical vulnerabilities in macOS - The Mac Security Blog

Related entries in the VARIoT vulnerabilities database: VAR-202208-0404, VAR-202310-0175

Trust: 4.5

Fetched: Feb. 14, 2024, 10:03 a.m., Published: Jan. 22, 2024, 8:01 a.m.
 Vulnerabilities: authentication bypass, use after free, authentication vulnerability
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2022-37434, CVE-2023-44487, CVE-2021-41581, CVE-2022-48437, CVE-2023-38545, CVE-2023-35784, CVE-2021-46880

24-008 (February 13, 2024) - Threat Encyclopedia

Trust: 3.75

Fetched: Feb. 14, 2024, 10:02 a.m., Published: Feb. 13, 2024, midnight
 Vulnerabilities: request forgery, security feature bypass, code execution...
Affected productsExternal IDs
db: NVD ids: CVE-2023-31102, CVE-2023-46262, CVE-2024-21412, CVE-2023-42000, CVE-2023-41998, CVE-2023-48646

System BIOS komputerów Dell Precision 3540 i Latitude 5400/5500 | Szczegóły sterownika | Dell Polska

Trust: 3.0

Fetched: Feb. 14, 2024, 10:02 a.m., Published: Feb. 14, 3540, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: latitude
vendor: dell model: bios

A Complete Guide to Zero-Day Vulnerability | Indusface Blog

Trust: 4.5

Fetched: Feb. 14, 2024, 10:01 a.m., Published: Feb. 5, 2024, 9:43 a.m.
 Vulnerabilities: privilege escalation, code execution, authentication bypass...
Affected productsExternal IDs
db: NVD ids: CVE-2023-42793

Exploiting Ivanti vulnerability to install “DSLog” backdoor on more than 670 IT infrastructures - Paxton Willson

Trust: 4.0

Fetched: Feb. 14, 2024, 10 a.m., Published: Feb. 13, 2024, 9:04 a.m.
 Vulnerabilities: request forgery
Affected productsExternal IDs
db: NVD ids: CVE-2024-21888, CVE-2024-21893

System BIOS komputerów Dell Vostro 3405 i Inspiron 3505 | Szczegóły sterownika | Dell Polska

Trust: 3.25

Fetched: Feb. 14, 2024, 9:57 a.m., Published: Feb. 14, 3405, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: bios

A look at Fortinet's week to forget • The Register

Trust: 4.75

Fetched: Feb. 14, 2024, 9:56 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2024-23108, CVE-2023-34992, CVE-2024-23113, CVE-2024-23109

Apple resolves 2024’s first zero-day exploited via WebKit

Trust: 4.5

Fetched: Feb. 14, 2024, 9:56 a.m., Published: Feb. 3, 2024, midnight
 Vulnerabilities: resource exhaustion, command injection, authentication bypass
Affected productsExternal IDs
vendor: apple model: watch
vendor: apple model: webkit
vendor: apple model: macos
vendor: apple model: safari
vendor: apple model: tvos
db: NVD ids: CVE-2024-23222, CVE-2024-21887, CVE-2023-46805

How Much Does It Cost to Install a Smart Home Panel? - ByRetreat

Trust: 3.5

Fetched: Feb. 14, 2024, 9:55 a.m., Published: Jan. 31, 2024, 2:56 a.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs

WyreStorm Apollo VX20 - Information Disclosure - vulnerability database | Vulners.com

Trust: 3.25

Fetched: Feb. 14, 2024, 9:54 a.m., Published: Feb. 12, 2024, 10:32 p.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs

Ivanti Discloses High-Severity Authentication Bypass Vulnerability in Gateway Devices

Trust: 3.25

Fetched: Feb. 14, 2024, 9:49 a.m., Published: Feb. 9, 2024, 3:52 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2024-22024, CVE-2024-21888, CVE-2023-46805, CVE-2024-21887, CVE-2024-21893

Ivanti Discloses Fifth Major VPN Vulnerability In A Month

Trust: 4.5

Fetched: Feb. 14, 2024, 9:49 a.m., Published: Feb. 8, 2024, 4:51 p.m.
 Vulnerabilities: request forgery, command injection, authentication bypass
Affected productsExternal IDs
vendor: pulse secure model: policy secure
vendor: pulse secure model: connect secure
vendor: google model: nexus
db: NVD ids: CVE-2024-22024, CVE-2024-21887, CVE-2023-46805, CVE-2024-21893

Ivanti Vulnerability Exploited to Install 'DSLog' Backdoor on 670+ IT Infrastructures | MrHacker

Trust: 4.0

Fetched: Feb. 14, 2024, 9:43 a.m., Published: Feb. 13, 2024, midnight
 Vulnerabilities: request forgery
Affected productsExternal IDs
db: NVD ids: CVE-2024-21888, CVE-2024-21893

Ivanti Finds Another High Severity Vulnerability | MSSP Alert

Trust: 3.0

Fetched: Feb. 14, 2024, 9:40 a.m., Published: Feb. 13, 2024, 6:29 p.m.
 Vulnerabilities: request forgery
Affected productsExternal IDs
db: NVD ids: CVE-2024-22024, CVE-2024-21888, CVE-2023-46805, CVE-2024-21887, CVE-2024-21893

Hackers Exploit Ivanti Vulnerability to Deploy DSLog Backdoor | Black Hat Ethical Hacking

Trust: 3.25

Fetched: Feb. 14, 2024, 9:40 a.m., Published: Feb. 13, 2024, 10:08 a.m.
 Vulnerabilities: request forgery
Affected productsExternal IDs
db: NVD ids: CVE-2024-21893