Sign-up

VARIoT news about IoT security

24-007 (February 6, 2024) - Threat Encyclopedia

Trust: 4.5

Fetched: Feb. 7, 2024, 9:38 a.m., Published: Feb. 6, 2024, midnight
 Vulnerabilities: directory traversal, cross-site scripting, information disclosure...
Affected productsExternal IDs
vendor: trend micro model: security
vendor: paessler model: prtg network monitor
vendor: trend model: security
db: NVD ids: CVE-2023-46265, CVE-2023-41178, CVE-2023-52324, CVE-2023-41176, CVE-2023-49070, CVE-2023-51630, CVE-2023-47211, CVE-2024-23897, CVE-2023-22527, CVE-2023-41177

Cisco Zero-Day Vulnerability Exploited to Implant Malicious Lua Backdoor on Thousands of Devices - DigVel - Cybersecurity

Related entries in the VARIoT vulnerabilities database: VAR-202103-0773

Trust: 5.75

Fetched: Feb. 7, 2024, 9:37 a.m., Published: -
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: cisco model: routers
vendor: cisco model: ios xe
vendor: cisco model: ios xe software
db: NVD ids: CVE-2023-20273, CVE-2023-20198, CVE-2021-1435

CVE-2024-22386 - vulnerability database | Vulners.com

Trust: 3.0

Fetched: Feb. 7, 2024, 9:36 a.m., Published: Feb. 5, 2024, midnight
 Vulnerabilities: denial of service, pointer dereference issue, kernel panic
Affected productsExternal IDs
db: NVD ids: CVE-2024-22386

Apple resolves 2024’s first zero-day exploited via WebKit

Trust: 4.5

Fetched: Feb. 7, 2024, 9:35 a.m., Published: Feb. 3, 2024, midnight
 Vulnerabilities: command injection, authentication bypass, resource exhaustion
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: watch
vendor: apple model: safari
vendor: apple model: webkit
vendor: apple model: tvos
db: NVD ids: CVE-2024-21887, CVE-2024-23222, CVE-2023-46805

Command injection - vulnerability database | Vulners.com

Trust: 4.0

Fetched: Feb. 7, 2024, 9:34 a.m., Published: Jan. 26, 2024, 12:15 a.m.
 Vulnerabilities: command injection, command execution
Affected productsExternal IDs
vendor: d-link model: dap-1650

Weekly Vulnerability Recap 1/29/24: Apple, Apache, & VMware

Trust: 5.25

Fetched: Feb. 7, 2024, 9:34 a.m., Published: Jan. 29, 2024, 10:06 p.m.
 Vulnerabilities: denial of service, code execution, authentication bypass...
Affected productsExternal IDs
vendor: cisco model: unified communications
vendor: sophos model: endpoint protection
vendor: apple model: webkit
db: NVD ids: CVE-2023-6330, CVE-2024-23222, CVE-2023-6332, CVE-2023-46604, CVE-2023-6331, CVE-2023-34048, CVE-2024-23897, CVE-2023-22527, CVE-2024-20253, CVE-2024-0204, CVE-2023-7028

Unveiling Atlassian Confluence Vulnerability CVE-2023-22527: Understanding and Mitigating Remote Code Execution Risks

Trust: 5.0

Fetched: Feb. 7, 2024, 9:33 a.m., Published: Feb. 7, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-22527

Wenrui Diao's Homepage (刁文瑞教授-山东大学-个人主页)

Trust: 3.75

Fetched: Feb. 7, 2024, 9:29 a.m., Published: Feb. 7, 2017, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2020-0418, CVE-2019-2225, CVE-2021-0306, CVE-2021-39695, CVE-2023-20971, CVE-2021-0307, CVE-2021-0317, CVE-2022-20392

Apple Devices Affected by High-Severity Flaw: U.S. CISA Adds Exploited Vulnerability to Catalog | B2Bdaily.com

Related entries in the VARIoT vulnerabilities database: VAR-202207-1484

Trust: 3.5

Fetched: Feb. 7, 2024, 9:29 a.m., Published: Feb. 2, 2024, 1:26 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: tvos
vendor: apple model: watchos
vendor: apple model: macos
db: NVD ids: CVE-2022-32844, CVE-2022-48618

Critical vulnerability affecting most Linux distros allows for bootkits [Ars Technica] - Up My Tech

Trust: 3.75

Fetched: Feb. 7, 2024, 9:26 a.m., Published: Feb. 7, 2024, 7:03 a.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2023-40547

Critical vulnerability affecting most Linux distros allows for bootkits - Security & Privacy News - Nsane Forums

Trust: 3.5

Fetched: Feb. 7, 2024, 9:25 a.m., Published: Feb. 7, 2024, 8:04 a.m.
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-40547

Input validation - vulnerability database | Vulners.com

Trust: 3.25

Fetched: Feb. 7, 2024, 9:24 a.m., Published: Jan. 26, 2024, 6:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: unified communications

Critical vulnerability affecting most Linux distros allows for bootkits - Blog - Creative Collaboration

Trust: 4.0

Fetched: Feb. 7, 2024, 9:18 a.m., Published: Feb. 7, 2024, 2:30 a.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2023-40547

Authentication Coercion Vulnerability in Kyocera Device Manager | Cyber Incident Response Team - Government of Jamaica

Trust: 3.0

Fetched: Feb. 7, 2024, 9:18 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-50916, CVE-2023-50196

CVE-2023-46805, CVE-2024-21887, CVE-2024-21888 and CVE-2024-21893: Frequently Asked Questions for Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways - Blog | Tenable®

Trust: 4.5

Fetched: Feb. 7, 2024, 9:17 a.m., Published: Jan. 31, 2024, 5:57 p.m.
 Vulnerabilities: privilege escalation, authentication bypass, command injection...
Affected productsExternal IDs
db: NVD ids: CVE-2024-21887, CVE-2024-21888, CVE-2023-46805, CVE-2024-21893

Android Security Bulletin-February 2024 | Android Open Source Project

Related entries in the VARIoT vulnerabilities database: VAR-202402-0244, VAR-202312-0020, VAR-202312-0146, VAR-202312-0152

Trust: 4.25

Fetched: Feb. 7, 2024, 9:11 a.m., Published: Feb. 7, 2024, midnight
 Vulnerabilities: denial of service, information disclosure, code execution
Affected productsExternal IDs
vendor: motorola model: android
vendor: motorola model: motorola
vendor: samsung model: mobile
vendor: samsung model: notes
vendor: huawei model: huawei
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2023-43522, CVE-2024-0041, CVE-2023-43533, CVE-2023-40093, CVE-2024-0031, CVE-2024-20003, CVE-2023-40122, CVE-2023-32843, CVE-2023-33058, CVE-2023-5091, CVE-2024-20010, CVE-2023-32842, CVE-2024-20011, CVE-2024-20007, CVE-2023-33060, CVE-2023-5643, CVE-2023-33072, CVE-2023-33076, CVE-2024-0032, CVE-2024-0034, CVE-2024-0038, CVE-2023-43519, CVE-2024-20006, CVE-2023-49667, CVE-2023-43518, CVE-2023-43536, CVE-2024-0037, CVE-2023-33057, CVE-2024-0035, CVE-2024-0029, CVE-2024-0036, CVE-2023-49668, CVE-2023-33046, CVE-2024-20009, CVE-2024-0040, CVE-2023-33049, CVE-2024-0014, CVE-2024-0033, CVE-2024-0030, CVE-2023-43523, CVE-2023-5249, CVE-2023-32841

Critical vulnerability affecting most Linux distros allows for bootkits | Ars Technica

Trust: 4.0

Fetched: Feb. 7, 2024, 9:05 a.m., Published: Feb. 7, 2024, 1:37 a.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2023-40547

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-6548 and CVE-2023-6549

Related entries in the VARIoT vulnerabilities database: VAR-202401-1629, VAR-202401-2573

Trust: 4.0

Fetched: Feb. 6, 2024, 10:21 a.m., Published: Jan. 19, 2024, 3:37 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: citrix model: netscaler
vendor: citrix model: gateway
vendor: citrix model: netscaler gateway
vendor: citrix model: netscaler adc
db: NVD ids: CVE-2023-6549, CVE-2023-6548

Critical Jenkins CLI File Read Vulnerability Could Lead to RCE Attacks (CVE-2024-23897) - SOCRadar® Cyber Intelligence Inc.

Trust: 3.75

Fetched: Feb. 6, 2024, 10:20 a.m., Published: Jan. 24, 2024, 6:18 p.m.
 Vulnerabilities: code execution, cross-site request forgery, cross-site scripting...
Affected productsExternal IDs
db: NVD ids: CVE-2024-23897, CVE-2023-6148, CVE-2023-6147, CVE-2024-23899, CVE-2024-23904, CVE-2023-23897, CVE-2024-23898, CVE-2024-23905

Alert: New Vulnerabilities Discovered in QNAP and Kyocera Device Manager - Cyber Social Hub

Trust: 4.75

Fetched: Feb. 6, 2024, 10:19 a.m., Published: Feb. 6, 2023, midnight
 Vulnerabilities: code execution, path traversal, sql injection...
Affected productsExternal IDs
vendor: netatalk model: netatalk
db: NVD ids: CVE-2022-43634, CVE-2023-41288, CVE-2023-39296, CVE-2023-47560, CVE-2023-41287, CVE-2023-47559, CVE-2023-50916