Sign-up

VARIoT news about IoT security

New PoC Released For Ivanti Connect Secure RCE Vulnerability (CVE-2025-0282)

Trust: 3.75

Fetched: Feb. 9, 2025, 9:33 a.m., Published: Jan. 17, 2025, 8:13 a.m.
 Vulnerabilities: code execution, privilege escalation, buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2025-0282, CVE-2025-0283

Windows Common Log File System Zero-day Vulnerability (CVE-2024-49138) Exploited

Trust: 3.75

Fetched: Feb. 9, 2025, 9:28 a.m., Published: Jan. 20, 2025, 6:28 a.m.
 Vulnerabilities: privilege escalation, buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2024-49138

Update Canonical Ubuntu Server: USN-7258-1: CKEditor vulnerabilities

Trust: 4.0

Fetched: Feb. 9, 2025, 9:28 a.m., Published: Jan. 9, 7258, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2024-24815, CVE-2024-43411, CVE-2024-24816, CVE-2023-28439, CVE-2022-24728

Attention Android Users! Govt Issues High-Risk Warning for Android 12, 13, 14, and 15 Devices- Here's How To Stay Safe | Technology News | Zee News

Trust: 5.25

Fetched: Feb. 9, 2025, 9:27 a.m., Published: Dec. 13, 2014, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: google model: android

Critical AirPlay Vulnerabilities Discovered - Bastille

Trust: 5.75

Fetched: Feb. 9, 2025, 9:27 a.m., Published: Feb. 6, 2025, 4:41 p.m.
 Vulnerabilities: code execution, input validation flaw, memory corruption
Affected productsExternal IDs
vendor: apple model: watch
vendor: apple model: watchos
vendor: apple model: apple tv
vendor: apple model: macos
vendor: apple model: tvos
db: NVD ids: CVE-2025-24126, CVE-2025-24129, CVE-2025-24177, CVE-2025-24131, CVE-2025-24137

Emulators and Exploits: How QEMU Helped Researchers Uncover Critical Vulnerabilities in IoT Devices

Trust: 3.75

Fetched: Feb. 9, 2025, 9:26 a.m., Published: Jan. 17, 2025, 6:45 a.m.
 Vulnerabilities: integer overflow, command injection, os command injection...
Affected productsExternal IDs

Lexmark Printer Firmware Downgrade Prevention Vulnerability (CVE-2023-50738) - Vulnerability & Exploit Database

Trust: 3.75

Fetched: Feb. 9, 2025, 9:24 a.m., Published: Feb. 4, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: lexmark model: lexmark printer firmware
vendor: lexmark model: lexmark
vendor: lexmark model: printer
vendor: lexmark model: lexmark printer
db: NVD ids: CVE-2023-50738

Understanding CVE-2025-24150: Command Injection Vulnerability in Apple Products

Trust: 5.75

Fetched: Feb. 9, 2025, 9:24 a.m., Published: Jan. 9, 2025, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: apple model: software update
vendor: apple model: safari
vendor: apple model: macos
db: NVD ids: CVE-2025-24150

Update Canonical Ubuntu Server: USN-7259-1: GNU C Library vulnerability

Trust: 3.25

Fetched: Feb. 9, 2025, 9:24 a.m., Published: Jan. 9, 7259, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

CVE-2024-55591: 50,000 Internet-Facing Devices Affected by Fortinet Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201803-1048, VAR-202501-3666, VAR-202004-2199

Trust: 4.25

Fetched: Feb. 9, 2025, 9:22 a.m., Published: Feb. 3, 2025, midnight
 Vulnerabilities: code execution, authentication bypass, privilege escalation...
Affected productsExternal IDs
vendor: sophos model: firewall
vendor: apple model: macos
vendor: apple model: tvos
vendor: apple model: installer
vendor: apple model: watch
vendor: apple model: watchos
vendor: apple model: safari
vendor: apple model: ipad
vendor: apple model: apple tv
vendor: node.js model: node.js
vendor: jquery model: jquery
vendor: huawei model: hg532
vendor: huawei model: huawei
db: NVD ids: CVE-2024-12356, CVE-2025-24128, CVE-2024-7029, CVE-2024-12686, CVE-2025-24107, CVE-2025-24145, CVE-2025-21334, CVE-2017-17215, CVE-2025-24085, CVE-2024-55591, CVE-2025-24159, CVE-2020-11023, CVE-2025-21335, CVE-2025-21333, CVE-2025-24137

Cisco patches critical flaws in Identity Services Engine | ITPro

Trust: 5.0

Fetched: Feb. 9, 2025, 9:22 a.m., Published: Feb. 6, 2025, 11:42 a.m.
 Vulnerabilities: improper validation
Affected productsExternal IDs
vendor: cisco model: identity services engine

Cisco Meeting Management REST API Privilege Escalation Vulnerability

Trust: 3.75

Fetched: Feb. 9, 2025, 9:21 a.m., Published: Jan. 22, 2025, 3:55 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: cisco model: meeting management
vendor: cisco model: cisco meeting
vendor: cisco model: meeting

OpenSSL vulnerability in icls driver version 1.71.99.0 - Intel Community

Trust: 3.0

Fetched: Feb. 9, 2025, 9:21 a.m., Published: May 13, 2024, 5:53 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: optiplex
vendor: dell model: bios

AXESS Auto Configuration Server - Denial of Service (CVE-2024-56316) - Y-Security GmbH

Trust: 3.0

Fetched: Feb. 9, 2025, 9:20 a.m., Published: Jan. 17, 2025, 5:12 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2024-56316

Hackers Leverage Undisclosed Zero-Day Flaw in cnPilot Routers to Propagate AIRASHI DDoS Botnet - Owlysec - Cyber Security News

Related entries in the VARIoT vulnerabilities database: VAR-202304-2073, VAR-202012-0495, VAR-202002-1447, VAR-201810-0977, VAR-201712-0218

Trust: 3.75

Fetched: Feb. 9, 2025, 9:19 a.m., Published: Jan. 22, 2025, 4:11 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
vendor: hikvision model: hikvision
vendor: hikvision model: ip cameras
vendor: mikrotik model: mikrotik
vendor: mikrotik model: routers
vendor: mikrotik model: mikrotik routers
db: NVD ids: CVE-2016-20016, CVE-2023-28771, CVE-2022-44149, CVE-2020-25499, CVE-2020-8515, CVE-2018-14558, CVE-2017-5259, CVE-2013-3307, CVE-2022-3573, CVE-2022-40005

Update Canonical Ubuntu Desktop: USN-7259-1: GNU C Library vulnerability

Trust: 3.25

Fetched: Feb. 9, 2025, 9:18 a.m., Published: Jan. 9, 7259, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

CVE-2024-56144 - Librenms Device Edit Stored Cross-Site Scripting Vulnerability

Trust: 5.25

Fetched: Feb. 9, 2025, 9:18 a.m., Published: Jan. 16, 2025, 11:15 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2024-56144

NETGEAR Patches Critical Security Vulnerabilities in WiFi Routers (CVE-2025-25246) and Access Points

Trust: 5.75

Fetched: Feb. 9, 2025, 9:16 a.m., Published: Feb. 7, 2025, 2:10 a.m.
 Vulnerabilities: code execution, authentication bypass
Affected productsExternal IDs
vendor: netgear model: xr500
vendor: netgear model: router
db: NVD ids: CVE-2025-25246

Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet

Related entries in the VARIoT vulnerabilities database: VAR-202304-2073, VAR-202012-0495, VAR-202002-1447, VAR-201810-0977, VAR-201712-0218

Trust: 3.5

Fetched: Feb. 9, 2025, 9:16 a.m., Published: Jan. 22, 2025, 4:01 p.m.
 Vulnerabilities: arbitrary command execution, command execution
Affected productsExternal IDs
db: NVD ids: CVE-2016-20016, CVE-2023-28771, CVE-2022-44149, CVE-2020-25499, CVE-2020-8515, CVE-2018-14558, CVE-2017-5259, CVE-2013-3307, CVE-2022-3573, CVE-2022-40005

Cisco IOS: CVE-2025-20173: Cisco IOS, IOS XE, and IOS XR Software SNMP Denial of Service Vulnerabilities

Trust: 6.0

Fetched: Feb. 9, 2025, 9:15 a.m., Published: Feb. 9, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: cisco ios
vendor: cisco model: ios xr software
vendor: cisco model: ios xe software
vendor: cisco model: cisco ios xe
vendor: cisco model: ios xr
vendor: cisco model: ios software
vendor: cisco model: ios xe
db: NVD ids: CVE-2025-20173