Sign-up

VARIoT news about IoT security

Fortifying Medical Device Security with IEEE/UL 2933 Standard | HealthPoint

Trust: 3.75

Fetched: Feb. 11, 2025, 9:33 a.m., Published: Feb. 10, 2025, 9:24 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security

Critical PowerDNS Vulnerabilities Let Attackers Gain Access to the Server Remotely

Related entries in the VARIoT vulnerabilities database: VAR-202010-0408, VAR-201811-0292

Trust: 5.0

Fetched: Feb. 11, 2025, 9:33 a.m., Published: Jan. 14, 2025, 7:41 p.m.
 Vulnerabilities: code execution, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2018-10851, CVE-2018-14626, CVE-2018-1046, CVE-2020-17482, CVE-2022-27227, CVE-2018-14644

2025 January KB5050009 KB5050021 Windows 11 Patch 8 Zero-Day Vulnerabilies And 159 Flaws HTMD Blog

Trust: 4.5

Fetched: Feb. 11, 2025, 9:32 a.m., Published: Jan. 14, 2025, 6:58 p.m.
 Vulnerabilities: feature bypass, security feature bypass, denial of service...
Affected productsExternal IDs
vendor: asus model: asus
db: NVD ids: CVE-2025-21275, CVE-2025-21395, CVE-2025-21334, CVE-2025-21308, CVE-2025-21335, CVE-2025-21333, CVE-2025-21186, CVE-2025-21366

Shield Cloud Resources From Cryptojacking Threat Actors With AccuKnox

Related entries in the VARIoT vulnerabilities database: VAR-202206-0004

Trust: 4.75

Fetched: Feb. 11, 2025, 9:31 a.m., Published: Sept. 13, 2022, 1:19 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2022-26134

Weekly Cybersecurity Update: Recent Cyber Attacks, Vulnerabilities, and Data Breaches

Related entries in the VARIoT vulnerabilities database: VAR-202501-3666

Trust: 4.25

Fetched: Feb. 11, 2025, 9:29 a.m., Published: Feb. 2, 2025, 3:31 p.m.
 Vulnerabilities: session hijacking, path traversal, memory corruption...
Affected productsExternal IDs
vendor: tp-link model: routers
vendor: apple model: iphone
vendor: apple model: macos
vendor: google model: google chrome
vendor: google model: chrome
db: NVD ids: CVE-2025-0065, CVE-2025-0314, CVE-2025-22217, CVE-2024-52012, CVE-2024-50050, CVE-2025-24085

The Zyxel CPE device faces positive exploitation caused by the vulnerability of CVE-2024-40891 - Fyself News

Trust: 4.0

Fetched: Feb. 11, 2025, 9:28 a.m., Published: Jan. 29, 2025, 5:11 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-57728, CVE-2024-40890, CVE-2024-57726, CVE-2024-40891, CVE-2024-57727

The 6 Most Vulnerable Devices In Your Home-and How to Secure Them

Trust: 4.5

Fetched: Feb. 11, 2025, 9:27 a.m., Published: Feb. 4, 2025, 10 p.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: google model: home
vendor: google model: wi-fi router
vendor: sonos model: sonos

Apple patches first actively exploited zero-day of 2025 on its devices | SC Media

Related entries in the VARIoT vulnerabilities database: VAR-202501-3666

Trust: 5.5

Fetched: Feb. 11, 2025, 9:27 a.m., Published: June 11, 2024, 5 p.m.
 Vulnerabilities: code execution, use after free, memory corruption...
Affected productsExternal IDs
vendor: apple model: tvos
vendor: apple model: macos
vendor: apple model: watchos
db: NVD ids: CVE-2025-24085

Apple seeds critical update to guard iPhones from USB hacking tools | Digital Trends

Trust: 4.0

Fetched: Feb. 11, 2025, 9:26 a.m., Published: Feb. 11, 2025, 1:14 a.m.
 Vulnerabilities: authorization flaw
Affected productsExternal IDs
vendor: apple model: ipad air
vendor: apple model: ipad
vendor: apple model: iphone
vendor: apple model: software update

TrollStore on iOS 17.0.1 - 18.3: Can You Still Install It? - iDevice Central

Related entries in the VARIoT vulnerabilities database: VAR-202205-1290

Trust: 3.5

Fetched: Feb. 11, 2025, 9:20 a.m., Published: Feb. 10, 2025, 9:26 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: home
vendor: apple model: itunes
db: NVD ids: CVE-2022-26766, CVE-2023-41991

Netgear critical vulns come amid global netsec concern • The Register

Trust: 4.5

Fetched: Feb. 11, 2025, 9:19 a.m., Published: -
 Vulnerabilities: authentication bypass, code execution
Affected productsExternal IDs
vendor: netgear model: xr500
vendor: netgear model: multiple routers

Weekly Cybersecurity Digest: Latest in Cyber Attacks, Vulnerabilities, and Data Breaches

Trust: 5.25

Fetched: Feb. 11, 2025, 9:18 a.m., Published: Jan. 19, 2025, 1:57 p.m.
 Vulnerabilities: os command injection, command injection, buffer overflow...
Affected productsExternal IDs
vendor: google model: chrome
vendor: aviatrix model: gateway
vendor: aviatrix model: controller
vendor: apple model: macos
vendor: citrix model: gateway
vendor: mikrotik model: routers
vendor: mikrotik model: mikrotik routers
vendor: mikrotik model: mikrotik
db: NVD ids: CVE-2024-50603, CVE-2025-21225, CVE-2024-12084, CVE-2025-0282, CVE-2025-0500, CVE-2025-0501, CVE-2024-7344, CVE-2024-12686, CVE-2024-50623

Apple iOS 0-day Vulnerability Exploited Wild in Extremely Sophisticated Attack

Trust: 4.0

Fetched: Feb. 11, 2025, 9:17 a.m., Published: Feb. 11, 2025, 2:22 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: ipad air
vendor: apple model: iphone
vendor: apple model: ipad
db: NVD ids: CVE-2025-24200

Massive Brute Force Attack Targeting Networking Devices - Cyber and Fraud Centre - Scotland

Trust: 3.75

Fetched: Feb. 11, 2025, 9:17 a.m., Published: Feb. 10, 2025, 2:30 p.m.
 Vulnerabilities: brute force attack
Affected productsExternal IDs
vendor: sonicwall model: remote access
vendor: palo model: networks
vendor: palo alto networks model: networks

Cisco IOS, IOS XE, and IOS XR Software SNMP Denial of Service Vulnerabilities - Cisco

Trust: 3.75

Fetched: Feb. 11, 2025, 9:16 a.m., Published: Feb. 9, 2025, 10:12 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: cisco ios
vendor: cisco model: ios xr software
vendor: cisco model: ios xr
vendor: cisco model: ios xe
vendor: cisco model: ios xe software

CVE-2024-46436 : Unauthorized Root Access Vulnerability in Tenda W18E Devices | SecurityVulnerability.io

Related entries in the VARIoT vulnerabilities database: VAR-202502-1067

Trust: 4.0

Fetched: Feb. 11, 2025, 9:16 a.m., Published: Feb. 10, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: tenda model: w18e
vendor: tenda model: tenda w18e
db: NVD ids: CVE-2024-46436

Google warns Android users of a kernel flaw under attack • The Register

Trust: 5.5

Fetched: Feb. 11, 2025, 9:15 a.m., Published: -
 Vulnerabilities: authentication bypass, code execution
Affected productsExternal IDs
vendor: samsung model: note
vendor: samsung model: mobile
vendor: samsung model: notes
vendor: samsung model: samsung
vendor: google model: pixel
vendor: google model: android
vendor: netgear model: xr500
vendor: netgear model: orbi
db: NVD ids: CVE-2025-0088, CVE-2024-53104, CVE-2024-45569

Critical Netgear Vulnerabilities Let attackers Execute Remote Code

Trust: 6.0

Fetched: Feb. 9, 2025, 9:35 a.m., Published: Feb. 5, 2025, 11:38 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: netgear model: netgear router
vendor: netgear model: router
vendor: netgear model: xr500
db: NVD ids: CVE-2025-25246

15,000 Fortinet Device Configurations Exposed on Dark Web - VULNERA

Related entries in the VARIoT vulnerabilities database: VAR-202210-0198, VAR-201906-0815

Trust: 4.0

Fetched: Feb. 9, 2025, 9:35 a.m., Published: Jan. 17, 2025, 7:44 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2022-40684, CVE-2024-55591, CVE-2018-13379

Critical Zero-Day Vulnerability in Zyxel CPE Series Devices Actively Exploited - VULNERA

Trust: 4.25

Fetched: Feb. 9, 2025, 9:34 a.m., Published: Jan. 29, 2025, 10:17 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-40891, CVE-2024-40890