Sign-up

VARIoT news about IoT security

Critical Privilege Escalation Vulnerabilities Allow Attackers to Gain Full Root Access on Linux

Trust: 5.25

Fetched: June 20, 2025, 10:04 a.m., Published: June 18, 2025, 9:54 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2025-6019, CVE-2025-6018

Qualys TRU Uncovers Chained LPE: SUSE 15 PAM to Full Root via libblockdev/udisks | Qualys

Trust: 4.75

Fetched: June 20, 2025, 10:03 a.m., Published: June 17, 2025, 8:25 p.m.
 Vulnerabilities: privilege escalation, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-6019, CVE-2025-6018

Surface Go 4 recieves new (June 19, 2025) firmware updates

Trust: 4.75

Fetched: June 20, 2025, 10:02 a.m., Published: June 19, 2025, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2024-44074, CVE-2024-21864

CISA Warning: Critical Flaw (CVE-2025-5310) Exposes Fueling Station Devices

Trust: 4.25

Fetched: June 20, 2025, 10:01 a.m., Published: June 20, 2025, 12:08 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-5310

Cisco AnyConnect VPN Flaw Allows Attackers to Launch DoS Attacks

Trust: 4.75

Fetched: June 20, 2025, 9:55 a.m., Published: June 19, 2025, 7:44 a.m.
 Vulnerabilities: service crash
Affected productsExternal IDs
vendor: cisco model: meraki mx
vendor: cisco model: anyconnect vpn client
vendor: cisco model: sd-wan
vendor: cisco model: vpn client
vendor: cisco model: series
vendor: cisco model: meraki mx firmware
db: NVD ids: CVE-2025-20271

CVE-2025-20271: Cisco Meraki VPN Bug Exposes MX and Z Series Devices to Remote DoS Attacks

Trust: 5.75

Fetched: June 20, 2025, 9:55 a.m., Published: June 19, 2025, 1:48 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: meraki mx
vendor: cisco model: anyconnect vpn client
vendor: cisco model: sd-wan
vendor: cisco model: vpn client
vendor: cisco model: series
db: NVD ids: CVE-2025-20271

Fixes available for local privilege escalation vulnerability in libblockdev using udisks | Ubuntu

Trust: 4.0

Fetched: June 20, 2025, 9:55 a.m., Published: June 18, 2025, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2025-6019, CVE-2025-6018

Cisco Meraki MX And Z Series AnyConnect VPN Authentication Denial Of Service Vulnerability (CVE-2025-20271)

Trust: 5.0

Fetched: June 20, 2025, 9:54 a.m., Published: June 19, 2025, 7:30 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: series
vendor: cisco model: meraki mx
db: NVD ids: CVE-2025-20271

June 2025 Patch Tuesday Reveals Critical ICS Vulnerabilities | Security Curated

Trust: 5.5

Fetched: June 20, 2025, 9:48 a.m., Published: June 19, 2025, 5:41 a.m.
 Vulnerabilities: cross-site scripting, default credentials, privilege escalation...
Affected productsExternal IDs
vendor: siemens model: simatic s7-1500
vendor: siemens model: ruggedcom
vendor: siemens model: simatic
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: palo model: firewall
vendor: palo model: networks
db: NVD ids: CVE-2025-40585

Home

Trust: 3.25

Fetched: June 20, 2025, 9:35 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: home

Google AI Plans and Features - Google One

Trust: 3.0

Fetched: June 20, 2025, 9:24 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cups model: cups

Apple Devices, Safari Crash Vulnerability, CVE-2025-31217 (Critical) - DailyCVE

Trust: 5.75

Fetched: June 18, 2025, 9:33 a.m., Published: May 27, 2025, 11:42 p.m.
 Vulnerabilities: improper memory handling, input validation flaw, heap corruption...
Affected productsExternal IDs
vendor: apple model: mac os x
vendor: apple model: macos
vendor: apple model: mac os
vendor: apple model: safari
vendor: apple model: webkit
db: NVD ids: CVE-2025-31217

What is an Endpoint in Cybersecurity | Huntress

Trust: 3.75

Fetched: June 18, 2025, 9:33 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: sharp model: printers

Critical SAP Vulnerability Exposes Enterprises | Trend Micro (US)

Related entries in the VARIoT vulnerabilities database: VAR-202504-3437

Trust: 5.5

Fetched: June 18, 2025, 9:32 a.m., Published: June 12, 2025, midnight
 Vulnerabilities: improper validation, file upload vulnerability, command execution...
Affected productsExternal IDs
vendor: trend micro model: security
vendor: trend micro model: trend micro security
vendor: trend micro model: deep security
vendor: trend model: security
vendor: trend model: trend micro security
vendor: trend model: deep security
db: NVD ids: CVE-2025-31324

Multiple Fortinet Products Vulnerabilities - Rewterz

Trust: 4.5

Fetched: June 18, 2025, 9:29 a.m., Published: June 14, 2025, 12:02 p.m.
 Vulnerabilities: os command injection, command injection, certificate validation vulnerability...
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo alto networks model: networks
db: NVD ids: CVE-2024-45329, CVE-2025-31104, CVE-2025-22256, CVE-2024-32119, CVE-2024-50562, CVE-2025-24471

Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet | Trend Micro (US)

Trust: 4.75

Fetched: June 18, 2025, 9:28 a.m., Published: June 17, 2025, midnight
 Vulnerabilities: code injection
Affected productsExternal IDs
vendor: trend micro model: security
vendor: trend model: security
db: NVD ids: CVE-2025-3248

Cisco Nexus Dashboard の脆弱性 CVE-2025-20163 が FIX:SSH ホスト・キーに対する不十分な検証 - IoT OT Security News

Trust: 4.0

Fetched: June 18, 2025, 9:28 a.m., Published: June 5, 2025, 9:47 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: data center network manager
vendor: cisco model: cisco data center network manager
vendor: cisco model: nexus
db: NVD ids: CVE-2025-20163

WPA3 vs WPA2: Which Wi-Fi Security Protocol Reigns Supreme? - Elevate Your Test

Trust: 4.0

Fetched: June 18, 2025, 9:28 a.m., Published: June 13, 2025, 10:52 p.m.
 Vulnerabilities: password guessing
Affected productsExternal IDs

WAGO Device Manager Vulnerabilities Expose Critical Industrial Infrastructure to Remote Exploits

Trust: 4.25

Fetched: June 18, 2025, 9:16 a.m., Published: June 18, 2025, 12:08 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: wago model: wago
db: NVD ids: CVE-2025-25265, CVE-2025-25264

Android Help

Trust: 3.25

Fetched: June 18, 2025, 9:15 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android