Sign-up

VARIoT news about IoT security

CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign

Trust: 3.5

Fetched: Jan. 17, 2024, 9:57 a.m., Published: Jan. 12, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
vendor: trend model: antivirus
vendor: filezilla model: server
vendor: trend micro model: security
vendor: trend micro model: antivirus
db: NVD ids: CVE-2023-36025

Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591) - Help Net Security

Trust: 5.25

Fetched: Jan. 17, 2024, 9:56 a.m., Published: Jan. 15, 2024, 9:03 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-21591

CVE-2024-21591 - Out of bounds write vulnerability Juno OS SRX and EX Series

Trust: 4.0

Fetched: Jan. 17, 2024, 9:51 a.m., Published: Jan. 18, 2024, midnight
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-21591

Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches

Trust: 5.75

Fetched: Jan. 17, 2024, 9:50 a.m., Published: Jan. 13, 2024, 10:45 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: hewlett packard enterprise model: switches
vendor: hewlett packard model: switches
db: NVD ids: CVE-2024-21591, CVE-2024-21611

Millions of Samsung owners urged 'tap settings today' in 'critical' alert - Birmingham Live

Trust: 3.75

Fetched: Jan. 17, 2024, 9:49 a.m., Published: Jan. 16, 2024, 7:45 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: galaxy note
vendor: samsung model: galaxy
vendor: samsung model: note
vendor: samsung model: mobile
vendor: samsung model: notes
db: NVD ids: CVE-2022-40507

Ivanti Connect Secure (ICS) and Ivanti Policy Secure Gateway Vulnerabilities Exploited in the Wild (CVE-2023-46805 & CVE-2024-21887) - Qualys ThreatPROTECT

Trust: 5.0

Fetched: Jan. 17, 2024, 9:49 a.m., Published: -
 Vulnerabilities: authentication bypass, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2023-46805, CVE-2024-21887

178,000 SonicWall firewalls are vulnerable to old DoS bugs • The Register

Trust: 5.5

Fetched: Jan. 17, 2024, 9:48 a.m., Published: -
 Vulnerabilities: denial of service, code execution, buffer overflow
Affected productsExternal IDs
vendor: sonicwall model: sonicos
db: NVD ids: CVE-2022-22274, CVE-2023-0656

SonicWall API opens 178k firewalls to attack | SC Media

Trust: 4.75

Fetched: Jan. 17, 2024, 9:48 a.m., Published: Jan. 16, 2024, 1:43 p.m.
 Vulnerabilities: denial of service, code execution, buffer overflow
Affected productsExternal IDs
vendor: sonicwall model: sonicos
db: NVD ids: CVE-2022-22274, CVE-2023-0656

Beware, all Windows and Mac devices possibly at risk - dangerous Opera security flaw could have allowed hackers to run any file they want | TechRadar

Trust: 4.25

Fetched: Jan. 17, 2024, 9:48 a.m., Published: Jan. 16, 2024, 6:09 p.m.
 Vulnerabilities: code injection
Affected productsExternal IDs
vendor: trend model: security

Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores

Trust: 3.5

Fetched: Jan. 17, 2024, 9:41 a.m., Published: Oct. 20, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
vendor: cups model: cups
vendor: trend micro model: security
db: NVD ids: CVE-2022-43677

Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation Vulnerability - Cisco

Trust: 4.25

Fetched: Jan. 17, 2024, 9:34 a.m., Published: Jan. 10, 2024, 10:05 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs

Internet of Things (IoT) Security: Issues and Solutions - Auslogics Blog

Trust: 3.5

Fetched: Jan. 17, 2024, 9:16 a.m., Published: Oct. 29, 2023, 5:44 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo alto networks model: networks

Overview of F5 vulnerabilities (October 26, 2023)

Trust: 4.75

Fetched: Jan. 17, 2024, 9:15 a.m., Published: -
 Vulnerabilities: sql injection, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-467479, CVE-2023-467488

Bosch Smart Thermostat Feels the Heat From Firmware Bug

Trust: 3.0

Fetched: Jan. 17, 2024, 9:15 a.m., Published: Jan. 5, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-49722

WordPress Patches Multiple Vulnerabilities in POST SMTP Mailer Plugin (CVE-2023-6875 & CVE-2023-7027) - Qualys ThreatPROTECT

Trust: 3.0

Fetched: Jan. 17, 2024, 9:14 a.m., Published: -
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2023-6875, CVE-2023-7027

New Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello Login

Trust: 3.75

Fetched: Jan. 17, 2024, 9:14 a.m., Published: Nov. 22, 2023, 3:23 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: lenovo model: thinkpad
db: NVD ids: CVE-2021-34466

CVE-2024-20666 - Security Update Guide - Microsoft - BitLocker Security Feature Bypass Vulnerability

Trust: 3.75

Fetched: Jan. 17, 2024, 9:13 a.m., Published: -
 Vulnerabilities: security feature bypass, feature bypass
Affected productsExternal IDs
db: NVD ids: CVE-2024-20666

CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign

Trust: 3.5

Fetched: Jan. 16, 2024, 10:14 a.m., Published: Jan. 12, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: filezilla model: server
vendor: trend model: antivirus
vendor: trend model: security
vendor: trend micro model: antivirus
vendor: trend micro model: security
db: NVD ids: CVE-2023-36025

Industrial Cybersecurity Predictions for 2024 - Part 2 | Manufacturing.net

Trust: 3.75

Fetched: Jan. 16, 2024, 10:11 a.m., Published: Jan. 4, 2024, midnight
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: trend model: security

Bosch thermostats vulnerable to malware attacks | SC Media

Trust: 3.0

Fetched: Jan. 16, 2024, 10:05 a.m., Published: Jan. 15, 2024, 7:24 p.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs