Sign-up

VARIoT news about IoT security

Critical vulnerability in Cisco IOS XE - Exploit has become a public application on 02 June 2025, 15:00 | Gadgetonus

Trust: 4.75

Fetched: June 3, 2025, 9:12 a.m., Published: June 2, 2025, noon
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: ios xr
vendor: cisco model: ios xe
vendor: cisco model: cisco ios xe
vendor: cisco model: cisco ios
vendor: cisco model: access points

Cybersecurity Hardware and Firmware Vulnerability Landscape (2025 - 2030)

Trust: 4.5

Fetched: June 3, 2025, 9:04 a.m., Published: June 2, 2025, 11:04 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: dell model: bios
vendor: broadcom model: linux
vendor: huawei model: huawei
vendor: infineon model: trusted platform
vendor: google model: home
vendor: cisco model: series
vendor: cisco model: guard
vendor: dram model: dram

GeoVision Devices OS Command Injection Vulnerability - vulnerability database | Vulners.com

Trust: 3.0

Fetched: June 1, 2025, 9:36 a.m., Published: May 7, 2025, midnight
 Vulnerabilities: os command injection, command injection
Affected productsExternal IDs

The Future Of IoT Software Development In 2025 | Digital One Agency

Trust: 3.5

Fetched: June 1, 2025, 9:35 a.m., Published: May 30, 2025, 12:31 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: google model: android
vendor: google model: home

Update Canonical Ubuntu Desktop: USN-7491-1: Linux kernel (OEM) vulnerabilities

Trust: 4.25

Fetched: June 1, 2025, 9:35 a.m., Published: Jan. 1, 7491, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2025-21902, CVE-2025-21813

Update Canonical Ubuntu Desktop: USN-7485-1: LibRaw vulnerabilities

Trust: 5.0

Fetched: June 1, 2025, 9:35 a.m., Published: Jan. 1, 7485, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2025-43964, CVE-2025-43961, CVE-2025-43962, CVE-2025-43963

CVE-2025-27524 - Hitachi JP1/IT Desktop Management 2 - Smart Device Manager Weak Encryption Vulnerability | Kenya Education Network

Trust: 6.0

Fetched: June 1, 2025, 9:35 a.m., Published: June 2, 2025, midnight
 Vulnerabilities: encryption vulnerability
Affected productsExternal IDs
vendor: hitachi model: device manager
vendor: hitachi model: jp1/it desktop management
db: NVD ids: CVE-2025-27524

CVE-2025-27524 - Hitachi JP1/IT Desktop Management 2 - Smart Device Manager Weak Encryption Vulnerability | Kenya Education Network

Trust: 6.0

Fetched: June 1, 2025, 9:34 a.m., Published: June 2, 2025, midnight
 Vulnerabilities: encryption vulnerability
Affected productsExternal IDs
vendor: hitachi model: device manager
vendor: hitachi model: jp1/it desktop management
db: NVD ids: CVE-2025-27524

Inside Trident Spyware | How iPhones Get Hacked via Zero-Click Attacks - Web Asha Technologies

Related entries in the VARIoT vulnerabilities database: VAR-201608-0186, VAR-201608-0188, VAR-201608-0187

Trust: 4.25

Fetched: June 1, 2025, 9:34 a.m., Published: June 1, 2025, midnight
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: webkit
vendor: apple model: iphone
db: NVD ids: CVE-2016-4655, CVE-2016-4657, CVE-2016-4656

Update Canonical Ubuntu Server: USN-7485-1: LibRaw vulnerabilities

Trust: 5.0

Fetched: June 1, 2025, 9:34 a.m., Published: Jan. 1, 7485, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2025-43964, CVE-2025-43961, CVE-2025-43962, CVE-2025-43963

Update Canonical Ubuntu Desktop: USN-7490-1: libsoup vulnerabilities

Trust: 5.0

Fetched: June 1, 2025, 9:33 a.m., Published: Jan. 1, 7490, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2025-32910, CVE-2025-32913, CVE-2025-32906, CVE-2025-46420, CVE-2025-32912, CVE-2025-46421, CVE-2025-32911, CVE-2025-32914, CVE-2025-32909

Update Canonical Ubuntu Server: USN-7480-1: OpenJDK 8 vulnerabilities

Trust: 6.0

Fetched: June 1, 2025, 9:33 a.m., Published: Jan. 1, 7480, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2025-30691, CVE-2025-21587, CVE-2025-30698

[Palo Alto Networks Security Advisories] CVE-2025-0136 PAN-OS: Unencrypted Data Transfer when using AES-128-CCM onIntel-based hardware devices - RedPacket Security

Trust: 3.75

Fetched: June 1, 2025, 9:32 a.m., Published: May 14, 2025, 5:02 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: paloaltonetworks model: firewall
vendor: paloaltonetworks model: networks
vendor: paloaltonetworks model: pan-os
vendor: palo model: firewall
vendor: palo model: networks
vendor: palo model: pan-os
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os
db: NVD ids: CVE-2025-0136

Update Canonical Ubuntu Desktop: USN-7480-1: OpenJDK 8 vulnerabilities

Trust: 6.0

Fetched: June 1, 2025, 9:26 a.m., Published: Jan. 1, 7480, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2025-30691, CVE-2025-21587, CVE-2025-30698

Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution

Related entries in the VARIoT vulnerabilities database: VAR-202505-0239

Trust: 5.75

Fetched: June 1, 2025, 9:21 a.m., Published: May 11, 2025, midnight
 Vulnerabilities: code execution, denial of service, information disclosure...
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2025-26423, CVE-2025-26424, CVE-2025-22425, CVE-2025-26429, CVE-2024-49842, CVE-2024-49841, CVE-2025-26422, CVE-2025-26427, CVE-2023-35657, CVE-2024-49846, CVE-2025-20666, CVE-2025-26430, CVE-2025-21453, CVE-2024-34739, CVE-2025-26442, CVE-2025-0072, CVE-2025-26425, CVE-2024-49835, CVE-2025-26440, CVE-2025-0087, CVE-2024-47896, CVE-2024-45580, CVE-2025-0427, CVE-2025-21467, CVE-2023-21342, CVE-2024-47891, CVE-2025-21459, CVE-2024-49847, CVE-2025-26436, CVE-2025-26444, CVE-2025-26426, CVE-2024-52939, CVE-2024-47900, CVE-2024-49845, CVE-2025-26435, CVE-2025-21468, CVE-2024-46975, CVE-2025-26438, CVE-2024-49739, CVE-2024-12577, CVE-2025-0077, CVE-2025-26420, CVE-2025-27363, CVE-2025-26421, CVE-2024-46974, CVE-2025-26428

UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware

Trust: 4.5

Fetched: June 1, 2025, 9:13 a.m., Published: May 22, 2025, 10 a.m.
 Vulnerabilities: file enumeration
Affected productsExternal IDs
vendor: snort.org model: snort
vendor: jquery model: jquery
vendor: cisco model: web security appliance
vendor: cisco model: adaptive security appliance
vendor: cisco model: umbrella
vendor: cisco model: firepower
vendor: cisco model: meraki mx
vendor: snort model: snort
db: NVD ids: CVE-2025-0994, CVE-2025-0944

Critical Rockwell PowerMonitor 1000 vulnerabilities risk device takeover, raising industrial cybersecurity threat - Industrial Cyber

Related entries in the VARIoT vulnerabilities database: VAR-202412-2454

Trust: 5.25

Fetched: June 1, 2025, 9:13 a.m., Published: May 30, 2025, 2:52 p.m.
 Vulnerabilities: denial of service, buffer overflow, memory corruption...
Affected productsExternal IDs
vendor: treck model: tcp/ip stack
vendor: rockwell model: powermonitor 1000
vendor: rockwell automation model: powermonitor 1000
db: NVD ids: CVE-2024-12373, CVE-2024-12371, CVE-2024-12372

Multiple Vulnerabilities in Ivanti Endpoint Manager Mobile Could Allow for Remote Code Execution

Trust: 3.0

Fetched: June 1, 2025, 9:12 a.m., Published: May 15, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

Your Asus router may be compromised - here's how to tell and what to do | ZDNET

Related entries in the VARIoT vulnerabilities database: VAR-202309-0729

Trust: 3.5

Fetched: June 1, 2025, 9:09 a.m., Published: May 1, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: home
vendor: asus model: router
vendor: asus model: routers
vendor: asus model: asus
db: NVD ids: CVE-2023-39780

Smart Home, Dumb Security: Device Vulnerability Unveiled - Save the Debate

Trust: 3.5

Fetched: June 1, 2025, 9:08 a.m., Published: May 21, 2025, 4 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: essential model: phone
vendor: ecobee model: smart thermostat