VARIoT latest news about IoT security

Warning: Threat actors getting around some Ivanti mitigations \| IT World Canada News Trust: 3.75 Fetched: Feb. 2, 2024, 10:30 a.m., Published: Jan. 31, 2024, 4:26 p.m.	Vulnerabilities: privilege escalation, command injection, authentication bypass...

Affected products

External IDs

db:

NVD

ids:

CVE-2024-21893, CVE-2023-46805, CVE-2024-21887, CVE-2024-21888

Alert: New Vulnerabilities Discovered in QNAP and Kyocera Device Manager Trust: 4.75 Fetched: Feb. 2, 2024, 10:29 a.m., Published: Jan. 9, 2024, 5:52 p.m.	Vulnerabilities: path traversal, code execution, command injection...

Affected products

External IDs

vendor:

netatalk

model:

netatalk

db:

NVD

ids:

CVE-2023-47560, CVE-2023-41287, CVE-2023-41288, CVE-2022-43634, CVE-2023-50916, CVE-2023-39296, CVE-2023-47559

India warns Apple users of major cyber attack. Here’s the list of devices at highest risk - India News News Trust: 3.0 Fetched: Feb. 2, 2024, 10:28 a.m., Published: Feb. 1, 2024, 11:55 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	safari
vendor:	apple	model:	icloud
vendor:	apple	model:	iphone
vendor:	apple	model:	ipod touch
vendor:	apple	model:	watchos
vendor:	apple	model:	macos
vendor:	apple	model:	ipad air
vendor:	apple	model:	apple tv
vendor:	apple	model:	ipad
vendor:	apple	model:	watch
vendor:	apple	model:	tvos

The Vital Role of Cybersecurity in Shaping Healthcare in 2024 Trust: 3.0 Fetched: Feb. 2, 2024, 10:21 a.m., Published: Jan. 23, 2024, 9:50 a.m.	Vulnerabilities: -

Affected products	External IDs

Mastering IoT Device Security: Unveiling Hidden Risks - Sigma Cyber Security Trust: 3.75 Fetched: Feb. 2, 2024, 10:18 a.m., Published: Jan. 25, 2024, 4:43 a.m.	Vulnerabilities: default credentials

Affected products	External IDs

Terrapin Vulnerability in the SSH Protocol - How to Stay Secure \| SSH Trust: 3.0 Fetched: Feb. 2, 2024, 10:07 a.m., Published: Feb. 2, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2023-48795

Writeup for CVE-2023-39143: PaperCut WebDAV Vulnerability - Horizon3.ai Trust: 5.5 Fetched: Feb. 2, 2024, 10:06 a.m., Published: Jan. 12, 2024, 2:15 p.m.	Vulnerabilities: file download vulnerability, path traversal, code execution

Affected products

External IDs

vendor:

sharp

model:

printers

db:

NVD

ids:

CVE-2023-23750, CVE-2022-21724, CVE-2023-39143

CompTIA Security+ SY0-701 Full Course and Labs - SoftArchive Trust: 3.5 Fetched: Feb. 2, 2024, 10:05 a.m., Published: -	Vulnerabilities: privilege escalation, request forgery, directory traversal

Affected products

External IDs

vendor:

wireshark

model:

wireshark

Cisco Releases Security Advisory for Multiple Unified Communications and Contact Center Solutions Products \| CISA Trust: 3.25 Fetched: Feb. 2, 2024, 10:04 a.m., Published: Feb. 2, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

cisco

model:

unified communications

Cisco Adaptive Security Device Manager Information Disclosure Vulnerability Trust: 5.0 Fetched: Feb. 2, 2024, 10 a.m., Published: June 29, 2022, 9:50 p.m.	Vulnerabilities: information disclosure

Affected products

External IDs

vendor:	cisco	model:	device manager
vendor:	cisco	model:	adaptive security device manager
vendor:	cisco	model:	security device manager

Common SNMP Vulnerability: 9-Step Guide to Protect Your Network Related entries in the VARIoT vulnerabilities database: VAR-200202-0007, VAR-200202-0006 Trust: 4.5 Fetched: Feb. 2, 2024, 9:49 a.m., Published: Dec. 18, 2020, 10:47 a.m.	Vulnerabilities: command injection

Affected products

External IDs

vendor:	symantec	model:	web gateway
vendor:	symantec	model:	symantec web gateway
vendor:	general electric	model:	industrial solutions ups snmp/web adapter

db:

NVD

ids:

CVE-2002-0013, CVE-2002-0012

Vulnerability Audit Reports - Lansweeper Community Trust: 4.5 Fetched: Feb. 2, 2024, 9:47 a.m., Published: Jan. 31, 2024, 3:43 p.m.	Vulnerabilities: code execution, use after free

Affected products

External IDs

vendor:	google	model:	chrome
vendor:	apple	model:	safari
vendor:	apple	model:	macos
vendor:	apple	model:	tvos
vendor:	cisco	model:	ios xe software
vendor:	cisco	model:	ios xe
vendor:	cisco	model:	series switches
vendor:	cisco	model:	series

db:

NVD

ids:

CVE-2024-0519, CVE-2023-6345, CVE-2024-23222

ERROR: The request could not be satisfied Trust: 3.25 Fetched: Feb. 2, 2024, 9:46 a.m., Published: Nov. 2, 2023, midnight	Vulnerabilities: configuration error

Affected products	External IDs

Google fixes Android bug that hackers can abuse without privileges - Techzine Europe Trust: 5.75 Fetched: Feb. 2, 2024, 9:45 a.m., Published: Dec. 5, 2023, 10:23 a.m.	Vulnerabilities: privilege escalation, code execution

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2023-45866, CVE-2023-40077, CVE-2022-40507, CVE-2023-40088, CVE-2023-40076

New Security Flaw in UEFI Affects Millions of PCs Trust: 4.0 Fetched: Feb. 2, 2024, 9:44 a.m., Published: Dec. 6, 2023, 10:12 p.m.	Vulnerabilities: code execution

Affected products	External IDs

Security Vulnerability in KYOCERA Device Manager Trust: 3.25 Fetched: Feb. 2, 2024, 9:43 a.m., Published: Nov. 1, 2024, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2023-50916

Kyocera Device Manager Vulnerability Exposes Enterprise Credentials \| Hack Dojo Trust: 4.25 Fetched: Feb. 2, 2024, 9:43 a.m., Published: Jan. 10, 2024, midnight	Vulnerabilities: input validation flaw

Affected products

External IDs

db:

NVD

ids:

CVE-2023-50916

How Vulnerability Scanners Can Secure Your Network Trust: 3.0 Fetched: Feb. 2, 2024, 9:41 a.m., Published: Feb. 3, 2024, midnight	Vulnerabilities: sql injection, cross-site scripting

Affected products	External IDs

Citrix Bleed: CVE-2023-4966 Vulnerability Analysis and Exploitation \| by CYFIRMA \| Medium Trust: 3.5 Fetched: Feb. 2, 2024, 9:39 a.m., Published: Nov. 24, 2023, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	citrix	model:	netscaler adc
vendor:	citrix	model:	gateway
vendor:	citrix	model:	netscaler

db:

NVD

ids:

CVE-2023-4966

How to fix CVE-2024-20253 in Cisco products \| Vulcan Cyber Trust: 5.75 Fetched: Feb. 2, 2024, 9:38 a.m., Published: Jan. 28, 2024, 12:38 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	cisco	model:	hosted collaboration mediation fulfillment
vendor:	cisco	model:	prime collaboration deployment
vendor:	cisco	model:	prime license manager
vendor:	cisco	model:	prime collaboration
vendor:	cisco	model:	unity connection
vendor:	cisco	model:	unified contact center express
vendor:	cisco	model:	packaged contact center enterprise
vendor:	cisco	model:	virtualized voice browser
vendor:	cisco	model:	socialminer
vendor:	cisco	model:	unified communications manager
vendor:	cisco	model:	unity
vendor:	cisco	model:	unified communications manager im & presence service
vendor:	cisco	model:	unified intelligence center
vendor:	cisco	model:	cisco unified communications manager
vendor:	cisco	model:	finesse
vendor:	cisco	model:	unified communications
vendor:	cisco	model:	emergency responder
vendor:	cisco	model:	unified contact center enterprise
vendor:	cisco	model:	unified communications manager session management edition
vendor:	cisco	model:	customer voice portal

db:

NVD

ids:

CVE-2024-20253

VARIoT news about IoT security