Sign-up

VARIoT news about IoT security

Cisco Secure Network Analytics Manager API Authorization Vulnerability

Trust: 4.25

Fetched: May 21, 2025, 6:31 p.m., Published: May 21, 2025, 3:52 p.m.
 Vulnerabilities: authorization vulnerability
Affected productsExternal IDs

Cisco IOS Software Industrial Ethernet Switch Device Manager Privilege Escalation Vulnerability

Trust: 4.0

Fetched: May 21, 2025, 6:30 p.m., Published: May 7, 2025, 3:53 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: cisco model: ios xe software
vendor: cisco model: cisco ios
vendor: cisco model: industrial ethernet
vendor: cisco model: ios xe
vendor: cisco model: device manager
vendor: cisco model: ios software

Update Cisco Catalyst 1000 Series: Fixed: Cisco IOS Software and IOS XE Software IKEv2 Denial ofService Vulnerability

Trust: 3.5

Fetched: May 21, 2025, 6:30 p.m., Published: -
 Vulnerabilities: privilege escalation, denial of service
Affected productsExternal IDs
vendor: cisco model: ios xe software
vendor: cisco model: cisco ios
vendor: cisco model: series
vendor: cisco model: industrial ethernet
vendor: cisco model: ios xe
vendor: cisco model: device manager
vendor: cisco model: catalyst
vendor: cisco model: ios software
vendor: cisco model: ios xr
vendor: cisco model: ios xr software
vendor: cisco model: cisco ios xe

AirBorne Vulnerabilities Threaten AirPlay Users, Do These Security Tips Now!

Trust: 5.0

Fetched: May 21, 2025, 6:29 p.m., Published: May 22, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: macos

CVE-2025-37969 : Linux Kernel Vulnerability in ST LSM6DSX IMU Device

Trust: 3.25

Fetched: May 21, 2025, 6:27 p.m., Published: May 20, 2025, 4:47 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-37969

CVE-2025-37974 : Linux Kernel Vulnerability in s390/pci Affects Device Creation

Trust: 3.25

Fetched: May 21, 2025, 6:26 p.m., Published: May 20, 2025, 4:47 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-37974

Cisco IOS XE SD-WAN Software Packet Filtering Bypass Vulnerability - Cisco

Trust: 3.0

Fetched: May 21, 2025, 6:26 p.m., Published: May 7, 2025, 11:18 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: ios xe software
vendor: cisco model: router
vendor: cisco model: cisco ios
vendor: cisco model: nx-os
vendor: cisco model: ios xe
vendor: cisco model: catalyst
vendor: cisco model: routers
vendor: cisco model: nx-os software
vendor: cisco model: ios xe sd-wan software
vendor: cisco model: ios software
vendor: cisco model: sd-wan
vendor: cisco model: cisco sd-wan
vendor: cisco model: cisco ios xe

TP-Link AX21 Router Devices Multiple Vulnerabilities (Apr 2023) (CVE-2023-1389, CVE-2023-27359) - Vulnerability & Exploit Database

Related entries in the VARIoT vulnerabilities database: VAR-202303-1268, VAR-202304-1960

Trust: 3.0

Fetched: May 21, 2025, 6:25 p.m., Published: April 21, 2023, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-1389, CVE-2023-27359

Cisco IOS XE Software Privilege Escalation Vulnerabilities - Cisco

Trust: 4.0

Fetched: May 21, 2025, 6:25 p.m., Published: May 9, 2025, 6:18 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: cisco model: ios xe software
vendor: cisco model: cisco ios
vendor: cisco model: ios xe
vendor: cisco model: cisco ios xe

CVE-2025-37970 : Linux Kernel St_LSM6DSX IMU Device Lockup Vulnerability

Trust: 3.25

Fetched: May 21, 2025, 6:24 p.m., Published: May 20, 2025, 4:47 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-37970

CVE-2025-20164 - "Cisco Industrial Ethernet Switch Device Manager Privilege Elevation Vulnerability"

Trust: 5.75

Fetched: May 21, 2025, 6:22 p.m., Published: May 7, 2025, 6:15 p.m.
 Vulnerabilities: privilege elevation
Affected productsExternal IDs
vendor: cisco model: ios software
vendor: cisco model: device manager
vendor: cisco model: cisco ios
vendor: cisco model: industrial ethernet
db: NVD ids: CVE-2025-20164

Cisco Unified Communications Products Privilege Escalation Vulnerability

Trust: 5.0

Fetched: May 21, 2025, 6:22 p.m., Published: May 21, 2025, 3:52 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: cisco model: emergency responder
vendor: cisco model: unity connection
vendor: cisco model: virtualized voice browser
vendor: cisco model: prime collaboration deployment
vendor: cisco model: finesse
vendor: cisco model: unified intelligence center
vendor: cisco model: unified communications
vendor: cisco model: prime collaboration
vendor: cisco model: unified ccx
vendor: cisco model: unity

Critical Device Mismanagement Vulnerability in Linux Kernel Packages

Trust: 3.0

Fetched: May 21, 2025, 6:16 p.m., Published: May 11, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2022-49818

Urgent Android update: hackers are exploiting this security flaw - Talk Android

Trust: 4.75

Fetched: May 21, 2025, 6:16 p.m., Published: May 21, 2025, 6:30 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: samsung model: note
vendor: freetype model: freetype
db: NVD ids: CVE-2025-27363

AirBorne: Attacks on Apple devices through vulnerabilities in AirPlay - Kaspersky official blog

Trust: 4.25

Fetched: May 21, 2025, 6:15 p.m., Published: Jan. 21, 2050, midnight
 Vulnerabilities: authentication bypass, code execution
Affected productsExternal IDs
vendor: apple model: tvos
vendor: apple model: ipad
vendor: apple model: airport express
vendor: apple model: apple tv
vendor: apple model: itunes
vendor: apple model: iphone
vendor: apple model: macos
db: NVD ids: CVE-2025-30422, CVE-2025-24132, CVE-2025-31203, CVE-2025-24251, CVE-2025-24206, CVE-2025-24179, CVE-2025-24131, CVE-2025-31202, CVE-2025-24252, CVE-2025-24270, CVE-2025-31197, CVE-2025-24126, CVE-2025-24177, CVE-2025-24271, CVE-2025-24137, CVE-2025-30445, CVE-2025-24129

How to keep your Apple devices safe from AirPlay attacks | Digital Trends

Trust: 3.25

Fetched: May 21, 2025, 6:15 p.m., Published: May 21, 2025, 4 p.m.
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
vendor: apple model: tvos
vendor: apple model: ipad
vendor: apple model: software update
vendor: apple model: iphone
vendor: apple model: macos

Cisco Identity Services Engine RADIUS Denial of Service Vulnerability

Trust: 4.75

Fetched: May 21, 2025, 6:15 p.m., Published: May 21, 2025, 3:52 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: identity services engine
vendor: cisco model: cisco identity services engine

Samsung MagicINFO and GeoVision IoT Vulnerabilities Exploited by Hackers to Launch Mirai Botnet - cloudindustryreview.com

Trust: 4.25

Fetched: May 21, 2025, 6:13 p.m., Published: May 6, 2025, 3:44 p.m.
 Vulnerabilities: denial of service, default credentials
Affected productsExternal IDs
vendor: trend model: security
vendor: samsung model: samsung

Cybersecurity Weekly Newsletter: Key Attacks and Vulnerabilities From Last Week

Related entries in the VARIoT vulnerabilities database: VAR-202504-3437

Trust: 4.25

Fetched: May 21, 2025, 6:13 p.m., Published: May 4, 2025, 3:55 p.m.
 Vulnerabilities: privilege escalation, command injection, code execution
Affected productsExternal IDs
vendor: google model: chrome
vendor: avast model: antivirus
vendor: apple model: watch
vendor: apple model: macos
db: NVD ids: CVE-2025-43865, CVE-2025-31650, CVE-2025-31191, CVE-2025-43864, CVE-2025-3500, CVE-2025-31324

Surface Laptop Studio 2 recieves new (May 15, 2025) firmware updates

Trust: 5.0

Fetched: May 21, 2025, 6:12 p.m., Published: May 15, 2025, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2024-44074, CVE-2024-21864