Sign-up

VARIoT news about IoT security

Linux Grub Read Command Buffer Overflow Vulnerability Enabling Potential Secure Boot Bypass

Trust: 4.75

Fetched: March 2, 2025, 9:27 a.m., Published: Feb. 25, 2025, 12:07 p.m.
 Vulnerabilities: buffer overflow, memory corruption, privilege escalation...
Affected productsExternal IDs
db: NVD ids: CVE-2025-0690

Update Canonical Ubuntu Desktop: USN-7287-1: libcap2 vulnerability

Trust: 3.25

Fetched: March 2, 2025, 9:22 a.m., Published: Jan. 2, 7287, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

Securing Smart Homes: Protecting Multi-Device Architectures from Cyber Threats - IBTimes India

Trust: 3.5

Fetched: March 2, 2025, 9:21 a.m., Published: March 2, 2025, 7:18 a.m.
 Vulnerabilities: authentication bypass, cross-site scripting
Affected productsExternal IDs

Cisco Video Phone 8875 and Desk Phone 9800 Series Information Disclosure Vulnerability - Cisco

Trust: 5.0

Fetched: March 2, 2025, 9:21 a.m., Published: Feb. 19, 2025, 10:18 a.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
vendor: cisco model: series

VU#726882 - Paragon Partition Manager contains five memory vulnerabilities within its BioNTdrv.sys driver that allow for privilege escalation and denial-of-service (DoS) attacks

Trust: 3.75

Fetched: March 2, 2025, 9:20 a.m., Published: Feb. 28, 2025, midnight
 Vulnerabilities: resource access vulnerability, improper validation, privilege escalation...
Affected productsExternal IDs
db: NVD ids: CVE-2025-0285, CVE-2025-0289, CVE-2025-0286, CVE-2025-0287, CVE-2025-0288

Google quietly fixed USB flaw that left over a billion Android devices exposed | Digital Trends

Trust: 3.75

Fetched: March 2, 2025, 9:19 a.m., Published: Feb. 28, 2025, 11:20 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: samsung model: note
vendor: samsung model: samsung
vendor: samsung model: galaxy
vendor: samsung model: samsung galaxy
db: NVD ids: CVE-2024-50302, CVE-2024-53104, CVE-2024-53197

Android 11 Security Release Notes | Android Open Source Project

Related entries in the VARIoT vulnerabilities database: VAR-202010-1328

Trust: 4.75

Fetched: March 2, 2025, 9:13 a.m., Published: March 11, 2025, midnight
 Vulnerabilities: code execution, information disclosure, denial of service
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2020-0300, CVE-2020-0323, CVE-2020-0307, CVE-2020-0289, CVE-2020-0288, CVE-2020-0332, CVE-2020-0337, CVE-2019-5094, CVE-2020-0348, CVE-2020-0349, CVE-2020-0326, CVE-2020-0330, CVE-2020-0360, CVE-2020-0290, CVE-2020-0366, CVE-2020-0405, CVE-2020-0357, CVE-2019-13752, CVE-2020-0277, CVE-2020-0365, CVE-2020-0270, CVE-2020-0340, CVE-2020-0425, CVE-2020-0303, CVE-2020-0356, CVE-2020-0298, CVE-2020-0353, CVE-2020-0262, CVE-2020-0274, CVE-2020-0271, CVE-2020-0130, CVE-2019-13753, CVE-2020-0350, CVE-2020-0426, CVE-2020-0343, CVE-2019-13751, CVE-2020-0275, CVE-2020-0304, CVE-2020-0369, CVE-2020-0372, CVE-2020-0308, CVE-2020-0333, CVE-2020-0272, CVE-2020-0286, CVE-2020-0334, CVE-2020-0292, CVE-2020-0370, CVE-2020-0306, CVE-2020-0276, CVE-2020-0352, CVE-2020-0355, CVE-2020-0268, CVE-2020-0346, CVE-2020-0329, CVE-2020-0320, CVE-2020-0317, CVE-2020-0089, CVE-2020-0354, CVE-2020-0311, CVE-2019-8842, CVE-2020-0314, CVE-2020-0373, CVE-2020-0266, CVE-2020-0282, CVE-2020-0359, CVE-2020-0322, CVE-2020-0295, CVE-2020-0309, CVE-2020-0263, CVE-2020-0287, CVE-2020-0313, CVE-2020-0281, CVE-2020-0285, CVE-2020-0336, CVE-2020-0297, CVE-2020-0310, CVE-2020-0331, CVE-2020-0324, CVE-2020-0358, CVE-2020-0316, CVE-2020-0335, CVE-2020-0312, CVE-2020-0318, CVE-2020-3898, CVE-2020-0299, CVE-2020-27098, CVE-2020-0296, CVE-2020-0362, CVE-2020-0264, CVE-2020-27097, CVE-2020-0361, CVE-2020-0319, CVE-2020-0406, CVE-2020-0364, CVE-2020-0321, CVE-2020-0328, CVE-2020-0341, CVE-2020-0284, CVE-2020-0265, CVE-2021-0846, CVE-2020-0291, CVE-2020-0125, CVE-2020-0345, CVE-2020-0315, CVE-2020-0374, CVE-2020-0325, CVE-2020-0375, CVE-2020-0351, CVE-2020-0302, CVE-2020-0273, CVE-2020-0279, CVE-2020-0363, CVE-2020-0301, CVE-2019-13734, CVE-2020-0269, CVE-2020-0267, CVE-2020-0293, CVE-2020-0347, CVE-2020-0344, CVE-2020-0327

Apple's Find My Vulnerability Allows Hackers To Monitor Any Bluetooth Device - CloudBrain

Trust: 4.0

Fetched: Feb. 28, 2025, 9:33 a.m., Published: Feb. 27, 2025, 10:14 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: software update

How to find Rockwell Automation devices - Version 2

Related entries in the VARIoT vulnerabilities database: VAR-202410-2617, VAR-202403-2157, VAR-202403-2344, VAR-202403-2949, VAR-202408-1824, VAR-202410-3402

Trust: 3.5

Fetched: Feb. 28, 2025, 9:32 a.m., Published: Feb. 27, 2025, 7:46 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: rockwell automation model: guardlogix
vendor: rockwell automation model: controllogix 5580
vendor: rockwell automation model: controllogix
vendor: rockwell automation model: 1756-enbt
vendor: rockwell automation model: compactlogix
vendor: rockwell automation model: factorytalk
vendor: rockwell automation model: automation powerflex
vendor: rockwell model: guardlogix
vendor: rockwell model: controllogix 5580
vendor: rockwell model: controllogix
vendor: rockwell model: 1756-enbt
vendor: rockwell model: compactlogix
vendor: rockwell model: factorytalk
vendor: rockwell model: automation powerflex
db: NVD ids: CVE-2024-10387, CVE-2024-2426, CVE-2024-2427, CVE-2024-6242, CVE-2024-3493, CVE-2024-6077, CVE-2024-7507, CVE-2025-24478, CVE-2024-2425, CVE-2024-40619, CVE-2024-10386, CVE-2024-7515

How to find Rockwell Automation devices - Version 2 Limited

Related entries in the VARIoT vulnerabilities database: VAR-202410-2617, VAR-202403-2157, VAR-202403-2344, VAR-202403-2949, VAR-202408-1824, VAR-202410-3402

Trust: 3.5

Fetched: Feb. 28, 2025, 9:30 a.m., Published: Feb. 27, 2025, 7:46 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: rockwell automation model: guardlogix
vendor: rockwell automation model: controllogix 5580
vendor: rockwell automation model: controllogix
vendor: rockwell automation model: 1756-enbt
vendor: rockwell automation model: compactlogix
vendor: rockwell automation model: factorytalk
vendor: rockwell automation model: automation powerflex
vendor: rockwell model: guardlogix
vendor: rockwell model: controllogix 5580
vendor: rockwell model: controllogix
vendor: rockwell model: 1756-enbt
vendor: rockwell model: compactlogix
vendor: rockwell model: factorytalk
vendor: rockwell model: automation powerflex
db: NVD ids: CVE-2024-10387, CVE-2024-2426, CVE-2024-2427, CVE-2024-6242, CVE-2024-3493, CVE-2024-6077, CVE-2024-7507, CVE-2025-24478, CVE-2024-2425, CVE-2024-40619, CVE-2024-10386, CVE-2024-7515

Report a vulnerability on a Home Office system - GOV.UK

Trust: 3.0

Fetched: Feb. 28, 2025, 9:29 a.m., Published: Feb. 24, 2025, 9:49 a.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs

CVE-2025-20111 - Cisco Nexus 3000 and 9000 Series Switches Layer 2 Ethernet Denial of Service Vulnerability - SecAlerts

Trust: 5.75

Fetched: Feb. 28, 2025, 9:29 a.m., Published: Feb. 28, 3000, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: google model: nexus
vendor: cisco model: series switches
vendor: cisco model: series
vendor: cisco model: nexus
vendor: cisco model: nexus 3000
db: NVD ids: CVE-2025-20111

Update Canonical Ubuntu Desktop: USN-7284-1: Netty vulnerabilities

Trust: 6.0

Fetched: Feb. 28, 2025, 9:29 a.m., Published: Jan. 28, 7284, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2024-29025, CVE-2022-24823

Safety vulnerability was detected in Apple's Find Network - TechnoPixel

Trust: 3.0

Fetched: Feb. 28, 2025, 9:29 a.m., Published: Feb. 27, 2025, 7:42 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: software update
vendor: apple model: watch

Privacy Roundup: Week 8 of Year 2025 | Avoid the Hack (avoidthehack!)

Trust: 4.5

Fetched: Feb. 28, 2025, 9:28 a.m., Published: Feb. 23, 2025, 7:23 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: installer
vendor: google model: google chrome
vendor: google model: chrome
db: NVD ids: CVE-2025-26465, CVE-2025-26466

From Vulnerability to Security: AI’s Role in Protecting IoT Ecosystems

Trust: 3.5

Fetched: Feb. 28, 2025, 9:27 a.m., Published: Feb. 3, 2025, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs

Apple's Find My Network Exploit Lets Hackers Silently Track Any Bluetooth Device - Slashdot

Trust: 5.0

Fetched: Feb. 28, 2025, 9:27 a.m., Published: Feb. 5, 2025, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs

Nagios XI Vulnerability Allows Unauthenticated Users to View Other User Details & Email

Trust: 5.75

Fetched: Feb. 28, 2025, 9:26 a.m., Published: Feb. 24, 2025, 7:18 a.m.
 Vulnerabilities: privilege escalation, information disclosure
Affected productsExternal IDs
vendor: nagios model: nagios xi
db: NVD ids: CVE-2024-54961, CVE-2021-25296, CVE-2018-15708

New Hack Turns Any Device into a Secret Tracker via Apple's Find My Network - The Mac Observer

Trust: 3.0

Fetched: Feb. 28, 2025, 9:26 a.m., Published: Feb. 27, 2025, 6:14 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone

Cisco Expressway Series Cross-Site Scripting Vulnerability

Trust: 5.0

Fetched: Feb. 28, 2025, 9:24 a.m., Published: Feb. 5, 2025, 3:57 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: cisco model: cisco expressway
vendor: cisco model: expressway series
vendor: cisco model: expressway
vendor: cisco model: series