Sign-up

VARIoT news about IoT security

Cisco IOS, IOS XE, and IOS XR Software SNMP Denial of Service Vulnerabilities

Trust: 3.75

Fetched: Feb. 9, 2025, 9:14 a.m., Published: Feb. 5, 2025, 6:17 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: cisco ios
vendor: cisco model: ios xr software
vendor: cisco model: ios xe software
vendor: cisco model: ios xr
vendor: cisco model: ios xe

Netgear critical vulns come amid global netsec concern • The Register - Archyde

Trust: 4.5

Fetched: Feb. 9, 2025, 9:12 a.m., Published: Feb. 5, 2025, 4:52 p.m.
 Vulnerabilities: code execution, authentication bypass
Affected productsExternal IDs
vendor: netgear model: router

Hardware & Firmware Assessment to identify devices with AMD processors | Microsoft Community Hub

Trust: 3.0

Fetched: Feb. 9, 2025, 9:07 a.m., Published: Sept. 8, 2023, 5:19 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-20593

Windows RD Gateway Vulnerability Exposes Systems to Denial-of-Service Attacks

Trust: 4.25

Fetched: Feb. 7, 2025, 9:20 a.m., Published: Jan. 15, 2025, 12:25 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-21225

CISA Adds Actively Exploited Linux Kernel Vulnerability to Known Exploited Vuln Catalog

Trust: 6.0

Fetched: Feb. 7, 2025, 9:19 a.m., Published: Feb. 5, 2025, 6:41 p.m.
 Vulnerabilities: privilege escalation, memory corruption, code execution
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2024-53104

CVE-2017-13318 : Out of Bounds Read Vulnerability in HeifDecoder Implementation Affecting Google Pixel Devices | SecurityVulnerability.io

Trust: 4.25

Fetched: Feb. 7, 2025, 9:19 a.m., Published: Jan. 28, 2025, 4:51 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: pixel
db: NVD ids: CVE-2017-13318

Vulnerabilities exploited with HitatusRAT | BASE4 Security

Related entries in the VARIoT vulnerabilities database: VAR-201804-1666, VAR-201705-3762

Trust: 4.25

Fetched: Feb. 7, 2025, 9:18 a.m., Published: Jan. 14, 2025, 10:14 p.m.
 Vulnerabilities: default credentials, authentication bypass, code execution
Affected productsExternal IDs
vendor: hikvision model: hikvision
vendor: draytek model: vigor
vendor: draytek model: routers
db: NVD ids: CVE-2018-9995, CVE-2021-36260, CVE-2017-7921

Zyxel says it won’t patch security flaws in its old routers | TechRadar

Trust: 4.75

Fetched: Feb. 7, 2025, 9:18 a.m., Published: Feb. 6, 2025, 3:10 p.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: zyxel model: vmg8924-b10a
vendor: zyxel model: vmg8324-b10a
vendor: zyxel model: vmg4380-b10a
vendor: zyxel model: vmg1312-b10a
db: NVD ids: CVE-2024-40890, CVE-2024-40891, CVE-2025-0890

CISA Adds Apache, Microsoft Bugs to Know Exploited Vulnerabilities Database

Related entries in the VARIoT vulnerabilities database: VAR-201807-1874

Trust: 4.75

Fetched: Feb. 7, 2025, 9:17 a.m., Published: Feb. 5, 2025, 5:54 a.m.
 Vulnerabilities: file inclusion, command injection, local file inclusion...
Affected productsExternal IDs
vendor: paessler model: prtg network monitor
db: NVD ids: CVE-2018-9276, CVE-2024-29059, CVE-2018-19410, CVE-2024-45195

Google warns Android users of a zero-day vulnerability

Trust: 3.75

Fetched: Feb. 7, 2025, 9:15 a.m., Published: Feb. 5, 2025, 3:40 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: samsung model: galaxy
vendor: samsung model: samsung
db: NVD ids: CVE-2024-53104, CVE-2024-45569

Cisco IOS SNMP Vulnerabilities Allow Attackers to Launch DoS Attacks"

Trust: 3.75

Fetched: Feb. 7, 2025, 9:14 a.m., Published: Feb. 6, 2025, 9:11 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: ios xr
vendor: cisco model: cisco ios xr
vendor: cisco model: ios xe
vendor: cisco model: cisco ios
vendor: cisco model: ios xr software
db: NVD ids: CVE-2025-20170, CVE-2025-20171, CVE-2025-20169

Update Canonical Ubuntu Server: USN-7254-1: OpenJDK 21 vulnerability

Trust: 3.25

Fetched: Feb. 7, 2025, 9:14 a.m., Published: Jan. 7, 7254, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

Update Canonical Ubuntu Server: USN-7252-1: OpenJDK 11 vulnerability

Trust: 3.25

Fetched: Feb. 7, 2025, 9:14 a.m., Published: Jan. 7, 7252, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

Update Canonical Ubuntu Server: USN-7253-1: OpenJDK 17 vulnerability

Trust: 3.25

Fetched: Feb. 7, 2025, 9:13 a.m., Published: Jan. 7, 7253, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

Medical monitoring machines spotted stealing patient data • The Register

Trust: 5.5

Fetched: Feb. 7, 2025, 9:13 a.m., Published: -
 Vulnerabilities: authentication bypass, command injection, code execution
Affected productsExternal IDs
vendor: cisco model: routers
vendor: cisco model: series
db: NVD ids: CVE-2025-0683, CVE-2024-40891, CVE-2024-12248, CVE-2025-22604, CVE-2025-0626, CVE-2025-21415

Re: OpenSSL vulnerability in icls driver version 1.71.99.0 - Intel Community

Trust: 3.0

Fetched: Feb. 7, 2025, 9:13 a.m., Published: May 13, 2024, 5:53 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: optiplex
vendor: dell model: bios

Update Canonical Ubuntu Server: USN-7257-1: Kerberos vulnerability

Trust: 3.25

Fetched: Feb. 7, 2025, 9:12 a.m., Published: Jan. 7, 7257, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

Cisco IOS, IOS XE, and IOS XR Software SNMP Denial of Service Vulnerabilities

Trust: 3.75

Fetched: Feb. 7, 2025, 9:11 a.m., Published: Feb. 5, 2025, 6:17 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: ios xe
vendor: cisco model: ios xr
vendor: cisco model: ios xe software
vendor: cisco model: ios xr software
vendor: cisco model: cisco ios

Apache Cassandra Vulnerability Let Attackers Gain Access to the Data Centers

Trust: 4.25

Fetched: Feb. 7, 2025, 9:11 a.m., Published: Feb. 4, 2025, 1:07 p.m.
 Vulnerabilities: authorization vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2025-24860

Cisco Expressway Series Cross-Site Scripting Vulnerability

Trust: 5.0

Fetched: Feb. 7, 2025, 9:10 a.m., Published: Feb. 5, 2025, 3:57 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: cisco model: cisco expressway
vendor: cisco model: expressway series
vendor: cisco model: expressway
vendor: cisco model: series