VARIoT latest news about IoT security

New BIOS/UEFI Vulnerabilities Lets Hackers Hijack Your Firmware Trust: 5.0 Fetched: Jan. 10, 2025, 9:56 a.m., Published: Jan. 8, 2025, 11:26 a.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2023-1968

Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities Trust: 5.25 Fetched: Jan. 10, 2025, 9:56 a.m., Published: Jan. 8, 2025, 3:52 p.m.	Vulnerabilities: cross-site scripting

Affected products

External IDs

vendor:

cisco

model:

common services platform collector

Security Bulletins for HUAWEI Phones/Tablets, January 2025 Trust: 4.5 Fetched: Jan. 10, 2025, 9:55 a.m., Published: Dec. 31, 2024, 2:23 p.m.	Vulnerabilities: integer overflow, buffer overflow, improper access control...

Affected products

External IDs

vendor:	huawei	model:	huawei
vendor:	huawei	model:	emui

db:

NVD

ids:

CVE-2024-56455, CVE-2024-56452, CVE-2024-56434, CVE-2024-56444, CVE-2023-52953, CVE-2024-56449, CVE-2024-54121, CVE-2024-56454, CVE-2024-56438, CVE-2023-52954, CVE-2024-56435, CVE-2024-56442, CVE-2024-56445, CVE-2024-56439, CVE-2024-56446, CVE-2024-56456, CVE-2024-56448, CVE-2024-56443, CVE-2023-52955, CVE-2024-56450, CVE-2024-56451, CVE-2024-56447, CVE-2024-56436, CVE-2024-56437, CVE-2024-56440, CVE-2024-54120, CVE-2024-56453, CVE-2024-56441

Chinese-linked Hackers May Be Exploiting Latest Ivanti Vulnerability Trust: 3.0 Fetched: Jan. 10, 2025, 9:54 a.m., Published: May 10, 2025, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2025-0283, CVE-2025-0282

Critical Ivanti Connect Secure zero-day flaw under attack \| TechTarget Trust: 4.75 Fetched: Jan. 10, 2025, 9:53 a.m., Published: Jan. 8, 2025, midnight	Vulnerabilities: buffer overflow, code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2024-21887, CVE-2023-46805, CVE-2025-0283, CVE-2025-0282

DSA-2025-027: Security Update for Dell VxRail for Multiple Vulnerabilities \| Dell US Trust: 3.25 Fetched: Jan. 10, 2025, 9:53 a.m., Published: Jan. 7, 2025, midnight	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2024-47706, CVE-2022-48991, CVE-2024-49945, CVE-2024-49969, CVE-2024-21208, CVE-2024-49960, CVE-2024-49930, CVE-2023-50782, CVE-2024-28168, CVE-2024-49860, CVE-2022-48962, CVE-2024-45013, CVE-2024-39908, CVE-2024-9681, CVE-2022-48956, CVE-2024-10977, CVE-2022-48959, CVE-2024-49974, CVE-2024-45016, CVE-2024-21235, CVE-2024-9287, CVE-2024-50208, CVE-2024-46818, CVE-2024-47684, CVE-2024-43398, CVE-2024-41123, CVE-2024-49995, CVE-2024-43854, CVE-2024-35176, CVE-2024-46815, CVE-2024-21217, CVE-2024-41946, CVE-2024-46816, CVE-2024-46813, CVE-2024-46716, CVE-2024-46814, CVE-2024-47668, CVE-2024-21210, CVE-2024-47747, CVE-2024-47674, CVE-2024-49936, CVE-2024-46817, CVE-2024-47748, CVE-2024-45026, CVE-2024-46849, CVE-2024-49991, CVE-2022-48960, CVE-2024-10976, CVE-2022-49015, CVE-2024-52316, CVE-2024-49925, CVE-2024-50047, CVE-2024-10979, CVE-2024-52533, CVE-2024-10978, CVE-2022-48879

Ivanti Zero-Day Exploited in Connect Secure, SonicWall SSL VPN and SSH Vulnerabilities, KerioControl Flaw - SOCRadar® Cyber Intelligence Inc. Trust: 5.25 Fetched: Jan. 10, 2025, 9:52 a.m., Published: Jan. 9, 2025, 12:37 p.m.	Vulnerabilities: buffer overflow, privilege escalation, authentication vulnerability...

Affected products

External IDs

vendor:	sonicwall	model:	sonicos
vendor:	sonicwall	model:	ssl vpn

db:

NVD

ids:

CVE-2025-0283, CVE-2024-53706, CVE-2024-53704, CVE-2025-0282, CVE-2024-40762, CVE-2024-52875, CVE-2024-53705

LDAP Nightmare - Windows LDAP Denial of Service Vulnerability (CVE-2024-49113) - SafeBreach Trust: 3.0 Fetched: Jan. 10, 2025, 9:51 a.m., Published: Jan. 8, 2025, 7:58 p.m.	Vulnerabilities: denial of service, code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2024-49113, CVE-2024-49112

ACSC Advisory Warns of Critical Ivanti Vulnerabilities - Australian Cyber Security Magazine Trust: 3.75 Fetched: Jan. 10, 2025, 9:51 a.m., Published: Jan. 10, 2025, 12:56 a.m.	Vulnerabilities: buffer overflow, code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2025-0283, CVE-2025-0282

Hacker Forums Reveal ICAO Leak, SonicWall Vulnerability, and Other New Exploit Sales - SOCRadar® Cyber Intelligence Inc. Trust: 4.5 Fetched: Jan. 10, 2025, 9:50 a.m., Published: Jan. 6, 2025, 11:30 a.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	sonicwall	model:	remote access
vendor:	cisco	model:	jabber
vendor:	cisco	model:	series

Critical Google Security Warning-Update Android 12 To 15 Now Trust: 3.75 Fetched: Jan. 10, 2025, 9:48 a.m., Published: Jan. 7, 2025, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	google	model:	google chrome
vendor:	google	model:	chrome
vendor:	google	model:	android

Ivanti warns critical RCE flaw in Connect Secure exploited as zero-day \| CSO Online Trust: 4.0 Fetched: Jan. 10, 2025, 9:48 a.m., Published: Jan. 8, 2025, midnight	Vulnerabilities: privilege escalation, buffer overflow, memory corruption...

Affected products

External IDs

db:

NVD

ids:

CVE-2025-0283, CVE-2025-0282

Ivanti discloses critical VPN vulnerability being actively targeted by hackers - SiliconANGLE Trust: 3.75 Fetched: Jan. 10, 2025, 9:47 a.m., Published: Jan. 9, 2025, 11:46 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

nexus

db:

NVD

ids:

CVE-2024-21887, CVE-2023-46805, CVE-2025-0283, CVE-2025-0282

CVE-2025-0282: Ivanti Connect Secure zero-day exploited in the wild Trust: 4.25 Fetched: Jan. 10, 2025, 9:47 a.m., Published: Jan. 9, 2025, 2:45 a.m.	Vulnerabilities: buffer overflow

Affected products

External IDs

db:

NVD

ids:

CVE-2025-0283, CVE-2025-0282

RP2350 Security Flaw: Microcontroller Weaknesses Revealed Trust: 3.75 Fetched: Jan. 10, 2025, 9:46 a.m., Published: Oct. 1, 2025, midnight	Vulnerabilities: code injection

Affected products	External IDs

Google Issues Critical Security Warnings for Millions of Android Device Users \| HotHardware Trust: 4.75 Fetched: Jan. 10, 2025, 9:45 a.m., Published: Jan. 9, 2025, 1:50 p.m.	Vulnerabilities: code execution

Affected products

External IDs

vendor:	google	model:	home
vendor:	google	model:	pixel
vendor:	google	model:	android

db:

NVD

ids:

CVE-2024-53842, CVE-2024-43096, CVE-2024-49748, CVE-2024-49747, CVE-2024-43771, CVE-2024-43770

Ongoing attacks on Ivanti VPNs install a ton of sneaky, well-written malware Trust: 4.0 Fetched: Jan. 10, 2025, 9:44 a.m., Published: Jan. 9, 2025, 10:17 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

home

db:

NVD

ids:

CVE-2025-0283

Ivanti Discloses Exploitation Of ‘Critical’ VPN Vulnerability Trust: 3.5 Fetched: Jan. 10, 2025, 9:44 a.m., Published: Jan. 8, 2025, 3:53 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	pulse secure	model:	connect secure
vendor:	pulse secure	model:	policy secure

db:

NVD

ids:

CVE-2025-0283, CVE-2025-0282

Androxgh0st botnet integrates Mozi payloads to target IoT devices \| CSO Online Related entries in the VARIoT vulnerabilities database: VAR-202303-1268 Trust: 5.75 Fetched: Jan. 10, 2025, 9:43 a.m., Published: Nov. 8, 2024, midnight	Vulnerabilities: code execution, command injection, command execution...

Affected products

External IDs

vendor:

tp-link

model:

routers

db:

NVD

ids:

CVE-2023-1389

White House launches consumer smart device security label • The Register Trust: 3.0 Fetched: Jan. 10, 2025, 9:41 a.m., Published: -	Vulnerabilities: -

Affected products	External IDs

VARIoT news about IoT security