Sign-up

VARIoT news about IoT security

CVE-2024-57857 - Linux Kernel RDMA siw Net Device Use After Free Vulnerability

Trust: 5.25

Fetched: Feb. 2, 2025, 9:25 a.m., Published: Jan. 15, 2025, 1:15 p.m.
 Vulnerabilities: use after free
Affected productsExternal IDs
db: NVD ids: CVE-2024-57857

Apple’s iOS vulnerability exposes iPhones to stealthy hacker attacks - WFIN Local News

Related entries in the VARIoT vulnerabilities database: VAR-202501-3666

Trust: 4.25

Fetched: Feb. 2, 2025, 9:25 a.m., Published: Feb. 1, 2025, 3 p.m.
 Vulnerabilities: use after free, memory corruption
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: tvos
vendor: apple model: ipad
vendor: apple model: watchos
vendor: apple model: software update
vendor: apple model: iphone
db: NVD ids: CVE-2025-24085

Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) - Help Net Security

Trust: 5.0

Fetched: Feb. 2, 2025, 9:23 a.m., Published: Jan. 29, 2025, 4:23 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-40890, CVE-2024-40891

Understanding IoT Device Vulnerabilities and Their Implications - The Tech Artist

Trust: 4.5

Fetched: Feb. 2, 2025, 9:15 a.m., Published: May 30, 2024, 7:05 a.m.
 Vulnerabilities: default credentials, denial of service
Affected productsExternal IDs
vendor: trend model: security

How To Identify Security Vulnerabilities in Your System

Trust: 4.5

Fetched: Jan. 31, 2025, 9:52 a.m., Published: Jan. 14, 2025, 4:42 p.m.
 Vulnerabilities: session hijacking, injection attack, default credentials...
Affected productsExternal IDs
vendor: apple model: watch

Moxa Devices' Vulnerabilities: A Silent Threat to Industrial Networks - LavX News

Trust: 3.5

Fetched: Jan. 31, 2025, 9:51 a.m., Published: Jan. 8, 2025, midnight
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-9138, CVE-2024-9140

Cyber Security Vulnerabilities: Prevention & Mitigation

Trust: 4.25

Fetched: Jan. 31, 2025, 9:38 a.m., Published: Jan. 20, 2025, 12:44 p.m.
 Vulnerabilities: service disruption, request forgery, buffer overflow...
Affected productsExternal IDs
vendor: cisco model: ios xe software
vendor: cisco model: series
vendor: cisco model: routers
vendor: cisco model: ios xe
vendor: cisco model: cisco ios
vendor: cisco model: cisco ios xe
vendor: google model: chrome
vendor: google model: google chrome
db: NVD ids: CVE-2024-49040

The 10 Best PDA Devices of 2025 (Reviews) - FindThisBest

Trust: 3.0

Fetched: Jan. 31, 2025, 9:36 a.m., Published: Jan. 4, 2025, 2:40 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: motorola model: motorola

Apple Quickly Fixes Major iPhone and Mac Bug to Stop Hackers - Update Your Devices Now! - Gadget Insiders

Related entries in the VARIoT vulnerabilities database: VAR-202501-3666

Trust: 3.75

Fetched: Jan. 31, 2025, 9:35 a.m., Published: Jan. 30, 2025, 3:56 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: watchos
vendor: apple model: macos
vendor: apple model: apple tv
vendor: apple model: ipad
vendor: apple model: iphone
vendor: apple model: ipad air
vendor: apple model: tvos
vendor: apple model: watch
db: NVD ids: CVE-2025-24085

Zyxel Warns of Active Exploitation of Unpatched Vulnerability in CPE Devices - Humari Baat - The Daily News of North Western Region India

Trust: 4.25

Fetched: Jan. 31, 2025, 9:35 a.m., Published: Jan. 30, 2025, 5:21 a.m.
 Vulnerabilities: improper validation
Affected productsExternal IDs
db: NVD ids: CVE-2024-40891

Cred Vaults, Cheap AI, and Hacking Devices - PSW #859 | SC Media

Trust: 3.25

Fetched: Jan. 31, 2025, 9:35 a.m., Published: Dec. 18, 2024, 5 p.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs

SquareX Discloses “Browser Syncjacking”, A Stealthy New Attack That Hijacks Devices via Malicious Browser Extensions - TechBullion

Trust: 3.5

Fetched: Jan. 31, 2025, 9:34 a.m., Published: Jan. 30, 2025, 3:37 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: google model: chrome
vendor: zoom model: client

Apple patches first actively exploited zero-day of 2025 on its devices | SC Media

Related entries in the VARIoT vulnerabilities database: VAR-202501-3666

Trust: 5.5

Fetched: Jan. 31, 2025, 9:31 a.m., Published: June 11, 2024, 5 p.m.
 Vulnerabilities: memory corruption, privilege escalation, code execution...
Affected productsExternal IDs
vendor: apple model: watchos
vendor: apple model: macos
vendor: apple model: tvos
db: NVD ids: CVE-2025-24085

Understanding and Mitigating CVE-2025-22787: WordPress Button Block Plugin Vulnerability

Trust: 3.75

Fetched: Jan. 31, 2025, 9:30 a.m., Published: Jan. 1, 2005, midnight
 Vulnerabilities: access control vulnerability, access control issue
Affected productsExternal IDs
db: NVD ids: CVE-2025-22787

What is Cyber Security? Types, Attacks and Importance - GeeksforGeeks

Trust: 4.25

Fetched: Jan. 31, 2025, 9:28 a.m., Published: March 1, 2021, 5:54 p.m.
 Vulnerabilities: sql injection, denial of service, privilege escalation...
Affected productsExternal IDs
vendor: essential model: phone
vendor: rising model: antivirus
vendor: google model: android
vendor: google model: home

Update Canonical Ubuntu Server: USN-7228-1: LibreOffice vulnerabilities

Trust: 4.25

Fetched: Jan. 31, 2025, 9:28 a.m., Published: Jan. 31, 7228, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2024-12425, CVE-2024-12426

SLAP And FLOP Security Vulnerabilities Impact All Current Apple Devices | Digital Market News

Trust: 3.0

Fetched: Jan. 31, 2025, 9:26 a.m., Published: Jan. 29, 2025, 12:30 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: macbook air
vendor: apple model: macbook
vendor: apple model: imac
vendor: apple model: macbook pro
vendor: apple model: iphone
vendor: apple model: ipad
vendor: apple model: ipad air

Export software vulnerabilities assessment per device - Microsoft Defender for Endpoint | Microsoft Learn

Trust: 3.5

Fetched: Jan. 31, 2025, 9:25 a.m., Published: Jan. 23, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: google chrome
db: NVD ids: CVE-2020-16011, CVE-2020-26971, CVE-2020-15992

Helldown Ransomware Exploits Vulnerability in Zyxel Devices - Advisories

Trust: 5.0

Fetched: Jan. 31, 2025, 9:24 a.m., Published: Jan. 29, 2025, 9:15 a.m.
 Vulnerabilities: privilege escalation, default administrator account
Affected productsExternal IDs
db: NVD ids: CVE-2024-11667

Active Exploitation of Zero-day Zyxel CPE Vulnerability (CVE-2024-40891) | GreyNoise Blog

Trust: 5.25

Fetched: Jan. 31, 2025, 9:24 a.m., Published: -
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-40890, CVE-2024-40891