Sign-up

VARIoT news about IoT security

Update Canonical Ubuntu Desktop: USN-7399-1: RabbitMQ Server vulnerability

Trust: 4.25

Fetched: April 6, 2025, 9:05 a.m., Published: Jan. 6, 7399, midnight
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: canonical model: ubuntu

Millions of IoT Medical Devices Impacted by Ripple20 Vulnerabilities | TechTarget

Trust: 3.5

Fetched: April 6, 2025, 9:04 a.m., Published: June 17, 2020, midnight
 Vulnerabilities: information leak, code execution
Affected productsExternal IDs

BrakTooth Bluetooth vulnerabilities, crash all the devices!

Trust: 5.0

Fetched: April 6, 2025, 9:03 a.m., Published: Sept. 1, 2021, 5 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2021-28139

Cisco Addresses High Severity Vulnerabilities in Enterprise Chat and Email, and Meraki MX/Z Series Devices

Trust: 5.0

Fetched: April 4, 2025, 9:20 a.m., Published: April 4, 2025, 12:05 a.m.
 Vulnerabilities: improper validation
Affected productsExternal IDs
vendor: cisco model: meraki mx
vendor: cisco model: series
db: NVD ids: CVE-2025-20139, CVE-2025-20212

CISA Advisory: Vulnerabilities in Hitachi Energy's RTU500 Series Exposed | Windows Forum

Trust: 4.5

Fetched: April 4, 2025, 9:19 a.m., Published: May 4, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: hitachi model: web server
vendor: trend model: antivirus
vendor: trend model: security
db: NVD ids: CVE-2024-12169, CVE-2024-10037, CVE-2025-1445, CVE-2024-11499

Cisco Meraki MX and Z Series AnyConnect VPN Denial of Service Vulnerability

Trust: 5.0

Fetched: April 4, 2025, 9:19 a.m., Published: April 2, 2025, 3:57 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: meraki mx
vendor: cisco model: series
vendor: cisco model: meraki mx firmware

Shield Cloud Resources From Cryptojacking Threat Actors With AccuKnox

Related entries in the VARIoT vulnerabilities database: VAR-202206-0004

Trust: 4.75

Fetched: April 4, 2025, 9:18 a.m., Published: Sept. 13, 2022, 1:19 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2022-26134

CVE-2025-20212 : Denial of Service Vulnerability in Cisco AnyConnect on Meraki Devices | SecurityVulnerability.io

Trust: 4.25

Fetched: April 4, 2025, 9:17 a.m., Published: April 2, 2025, 4:15 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2025-20212

How To Secure IoT Devices From Hackers?

Trust: 3.5

Fetched: April 4, 2025, 9:16 a.m., Published: April 2, 2025, 11:07 a.m.
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: essential model: phone
vendor: palo model: networks
vendor: palo model: firewall

The Ultimate Guide to Vulnerability Assessment: Strobes

Trust: 3.5

Fetched: April 4, 2025, 9:15 a.m., Published: April 4, 2025, 7:05 a.m.
 Vulnerabilities: cross-site scripting, default credentials, improper access control...
Affected productsExternal IDs

What are common vulnerabilities in endpoint devices? - Validato

Trust: 4.5

Fetched: April 4, 2025, 9:14 a.m., Published: March 31, 2025, 12:27 p.m.
 Vulnerabilities: privilege escalation, default credentials
Affected productsExternal IDs

Google quietly patches USB vulnerability, billions of Android devices narrowly escape! - TipsMake.com

Trust: 4.0

Fetched: April 4, 2025, 9:09 a.m., Published: April 10, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2024-53104

VU#726882 - Paragon Partition Manager contains five memory vulnerabilities within its BioNTdrv.sys driver that allow for privilege escalation and denial-of-service (DoS) attacks

Trust: 3.75

Fetched: April 4, 2025, 9:06 a.m., Published: March 27, 2025, midnight
 Vulnerabilities: pointer dereference vulnerability, improper validation, privilege escalation...
Affected productsExternal IDs
db: NVD ids: CVE-2025-0288, CVE-2025-0287, CVE-2025-0286, CVE-2025-0285, CVE-2025-0289

CVE-2025-0415 (CVSSv4 9.2): Critical Vulnerability Discovered in Moxa Network Devices

Trust: 3.25

Fetched: April 4, 2025, 9:05 a.m., Published: April 3, 2025, 1:11 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-0415

CVE-2025-0676: High-Severity Vulnerability Threatens Moxa Network Devices

Trust: 5.0

Fetched: April 4, 2025, 9:04 a.m., Published: April 2, 2025, 10:10 a.m.
 Vulnerabilities: privilege escalation, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-0676

Cisco AnyConnect VPN Server Vulnerability Let Attacker Trigger DoS Condition

Trust: 5.75

Fetched: April 4, 2025, 9:04 a.m., Published: April 3, 2025, 2:12 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: sd-wan
vendor: cisco model: meraki mx
vendor: cisco model: series
db: NVD ids: CVE-2025-20212

Dangerous: Find My Loophole Turns Any Bluetooth Device Into a Tracker - iPhone Islam

Trust: 3.25

Fetched: April 2, 2025, 9:27 a.m., Published: March 10, 2025, 7:40 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: iphone

Hackers Scanning From 24,000 IP’s to Gain Access to Palo Alto Networks

Trust: 4.5

Fetched: April 2, 2025, 9:26 a.m., Published: April 1, 2025, 5:39 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os
vendor: palo model: networks
vendor: palo model: pan-os
db: NVD ids: CVE-2024-3400

CISA Warns of Cisco Smart Licensing Utility Credential Vulnerability Exploited in Attacks

Trust: 3.75

Fetched: April 2, 2025, 9:25 a.m., Published: April 1, 2025, 7:28 a.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2024-20440, CVE-2024-20439, CVE-2024-0305

Don't wait to update: iOS 18.4 introduces key security fixes

Trust: 3.25

Fetched: April 2, 2025, 9:25 a.m., Published: April 18, 2025, midnight
 Vulnerabilities: cross-site scripting, symlink issue, process crash
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: iphone
vendor: apple model: safari
vendor: apple model: software update