Sign-up

VARIoT news about IoT security

Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591) - Help Net Security

Trust: 5.25

Fetched: Jan. 17, 2024, 9:56 a.m., Published: Jan. 15, 2024, 9:03 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-21591

CVE-2024-21591 - Out of bounds write vulnerability Juno OS SRX and EX Series

Trust: 4.0

Fetched: Jan. 17, 2024, 9:51 a.m., Published: Jan. 18, 2024, midnight
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-21591

Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches

Trust: 5.75

Fetched: Jan. 17, 2024, 9:50 a.m., Published: Jan. 13, 2024, 10:45 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: hewlett packard enterprise model: switches
vendor: hewlett packard model: switches
db: NVD ids: CVE-2024-21591, CVE-2024-21611

Millions of Samsung owners urged 'tap settings today' in 'critical' alert - Birmingham Live

Trust: 3.75

Fetched: Jan. 17, 2024, 9:49 a.m., Published: Jan. 16, 2024, 7:45 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: galaxy note
vendor: samsung model: galaxy
vendor: samsung model: note
vendor: samsung model: mobile
vendor: samsung model: notes
db: NVD ids: CVE-2022-40507

Ivanti Connect Secure (ICS) and Ivanti Policy Secure Gateway Vulnerabilities Exploited in the Wild (CVE-2023-46805 & CVE-2024-21887) - Qualys ThreatPROTECT

Trust: 5.0

Fetched: Jan. 17, 2024, 9:49 a.m., Published: -
 Vulnerabilities: authentication bypass, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2023-46805, CVE-2024-21887

178,000 SonicWall firewalls are vulnerable to old DoS bugs • The Register

Trust: 5.5

Fetched: Jan. 17, 2024, 9:48 a.m., Published: -
 Vulnerabilities: denial of service, code execution, buffer overflow
Affected productsExternal IDs
vendor: sonicwall model: sonicos
db: NVD ids: CVE-2022-22274, CVE-2023-0656

SonicWall API opens 178k firewalls to attack | SC Media

Trust: 4.75

Fetched: Jan. 17, 2024, 9:48 a.m., Published: Jan. 16, 2024, 1:43 p.m.
 Vulnerabilities: denial of service, code execution, buffer overflow
Affected productsExternal IDs
vendor: sonicwall model: sonicos
db: NVD ids: CVE-2022-22274, CVE-2023-0656

Beware, all Windows and Mac devices possibly at risk - dangerous Opera security flaw could have allowed hackers to run any file they want | TechRadar

Trust: 4.25

Fetched: Jan. 17, 2024, 9:48 a.m., Published: Jan. 16, 2024, 6:09 p.m.
 Vulnerabilities: code injection
Affected productsExternal IDs
vendor: trend model: security

Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores

Trust: 3.5

Fetched: Jan. 17, 2024, 9:41 a.m., Published: Oct. 20, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
vendor: cups model: cups
vendor: trend micro model: security
db: NVD ids: CVE-2022-43677

Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation Vulnerability - Cisco

Trust: 4.25

Fetched: Jan. 17, 2024, 9:34 a.m., Published: Jan. 10, 2024, 10:05 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs

Internet of Things (IoT) Security: Issues and Solutions - Auslogics Blog

Trust: 3.5

Fetched: Jan. 17, 2024, 9:16 a.m., Published: Oct. 29, 2023, 5:44 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo alto networks model: networks

Overview of F5 vulnerabilities (October 26, 2023)

Trust: 4.75

Fetched: Jan. 17, 2024, 9:15 a.m., Published: -
 Vulnerabilities: sql injection, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-467479, CVE-2023-467488

Bosch Smart Thermostat Feels the Heat From Firmware Bug

Trust: 3.0

Fetched: Jan. 17, 2024, 9:15 a.m., Published: Jan. 5, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-49722

WordPress Patches Multiple Vulnerabilities in POST SMTP Mailer Plugin (CVE-2023-6875 & CVE-2023-7027) - Qualys ThreatPROTECT

Trust: 3.0

Fetched: Jan. 17, 2024, 9:14 a.m., Published: -
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2023-6875, CVE-2023-7027

New Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello Login

Trust: 3.75

Fetched: Jan. 17, 2024, 9:14 a.m., Published: Nov. 22, 2023, 3:23 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: lenovo model: thinkpad
db: NVD ids: CVE-2021-34466

CVE-2024-20666 - Security Update Guide - Microsoft - BitLocker Security Feature Bypass Vulnerability

Trust: 3.75

Fetched: Jan. 17, 2024, 9:13 a.m., Published: -
 Vulnerabilities: security feature bypass, feature bypass
Affected productsExternal IDs
db: NVD ids: CVE-2024-20666

CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign

Trust: 3.5

Fetched: Jan. 16, 2024, 10:14 a.m., Published: Jan. 12, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: filezilla model: server
vendor: trend model: antivirus
vendor: trend model: security
vendor: trend micro model: antivirus
vendor: trend micro model: security
db: NVD ids: CVE-2023-36025

Industrial Cybersecurity Predictions for 2024 - Part 2 | Manufacturing.net

Trust: 3.75

Fetched: Jan. 16, 2024, 10:11 a.m., Published: Jan. 4, 2024, midnight
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: trend model: security

Bosch thermostats vulnerable to malware attacks | SC Media

Trust: 3.0

Fetched: Jan. 16, 2024, 10:05 a.m., Published: Jan. 15, 2024, 7:24 p.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs

CVE - Search Results

Related entries in the VARIoT vulnerabilities database: VAR-201809-0386, VAR-202302-1400, VAR-201809-0391, VAR-201905-0935, VAR-201901-0832, VAR-201905-0936, VAR-201901-0831, VAR-202003-0929, VAR-201809-0385, VAR-201809-0818, VAR-201908-0931, VAR-202001-0764, VAR-202003-0926, VAR-201809-0392, VAR-201809-0390, VAR-201809-0389, VAR-201901-0833, VAR-201908-0932, VAR-201901-0830, VAR-202202-1057, VAR-202001-0765, VAR-202003-0927, VAR-202003-0928, VAR-201901-0834, VAR-202001-0767, VAR-201908-0936, VAR-201908-0933, VAR-201809-0817, VAR-201910-0880, VAR-201808-0273, VAR-201809-0387, VAR-201809-0388, VAR-202001-0522, VAR-202001-0768

Trust: 4.5

Fetched: Jan. 16, 2024, 10:04 a.m., Published: Jan. 3, 2024, midnight
 Vulnerabilities: privilege escalation, file inclusion, directory traversal...
Affected productsExternal IDs
vendor: google model: android
vendor: ricoh model: d2200
vendor: ricoh model: sp_c250dn_firmware
vendor: ricoh model: sp 221sf
vendor: ricoh model: d7500
vendor: ricoh model: sp 220snw
vendor: ricoh model: ricoh sp c250dn
vendor: ricoh model: mp c406z
vendor: ricoh model: mp c4504ex
vendor: ricoh model: sp 220sfnw
vendor: ricoh model: sp 4510sf printer
vendor: ricoh model: rpcs raster driver
vendor: ricoh model: postscript3 driver
vendor: ricoh model: sp_c250sf_firmware
vendor: ricoh model: d5500
vendor: ricoh model: sp 330sn
vendor: ricoh model: rpcs driver
vendor: ricoh model: sp 4510dn
vendor: ricoh model: aficio mp
vendor: ricoh model: sp 221s
vendor: ricoh model: d6500
vendor: ricoh model: d5520
vendor: ricoh model: mp c6503
vendor: ricoh model: mp c307
vendor: ricoh model: sp 221sfnw
vendor: ricoh model: ricoh sp 4510sf printer
vendor: ricoh model: mp c6503 plus
vendor: ricoh model: generic pcl5 driver
vendor: ricoh model: d6510
vendor: ricoh model: d8400
vendor: ricoh model: mp c1803 jpn
vendor: ricoh model: sp c250dn
vendor: ricoh model: pcl6 driver
vendor: ricoh model: ricoh mp c1803 jpn
vendor: ricoh model: pc fax generic driver
vendor: ricoh model: mp 501
vendor: ricoh model: ricoh interactive whiteboard d2200
vendor: ricoh model: sp 221snw
vendor: ricoh model: sp 4510sf
vendor: ricoh model: mp c6003
vendor: ricoh model: sp 4520dn
vendor: ricoh model: mp c2003
vendor: ricoh model: interactive whiteboard d2200
vendor: ricoh model: d5510
db: NVD ids: CVE-2018-17310, CVE-2022-43969, CVE-2018-17315, CVE-2019-11844, CVE-2018-16186, CVE-2019-11845, CVE-2018-16185, CVE-2019-14303, CVE-2018-17309, CVE-2018-17002, CVE-2019-14305, CVE-2019-14304, CVE-2019-14309, CVE-2018-17316, CVE-2018-17314, CVE-2018-17313, CVE-2018-16187, CVE-2019-14307, CVE-2018-18006, CVE-2018-16184, CVE-2010-5325, CVE-2021-33945, CVE-2019-14306, CVE-2015-6750, CVE-2019-14310, CVE-2019-14299, CVE-2018-16188, CVE-2019-14301, CVE-2019-14300, CVE-2019-14308, CVE-2019-20001, CVE-2018-17001, CVE-2012-5002, CVE-2019-18203, CVE-2018-15884, CVE-2018-17311, CVE-2018-17312, CVE-2019-19363, CVE-2019-7751, CVE-2019-14302