Sign-up

VARIoT news about IoT security

02/05/25: Critical 0-Day and Other Vulnerabilities in Android Devices | UCSF IT

Trust: 3.25

Fetched: Feb. 21, 2025, 9:35 a.m., Published: Feb. 5, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

Cybersecurity Threat Advisory: Critical Juniper vulnerability

Trust: 6.25

Fetched: Feb. 21, 2025, 9:32 a.m., Published: Feb. 19, 2025, 4:55 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: barracuda model: barracuda
db: NVD ids: CVE-2025-21589

Chrome Extension Vulnerability Exposes Critical ‘Syncjacking’ Threat: Your Device at Risk - ClickControl IT & Cybersecurity

Trust: 3.0

Fetched: Feb. 21, 2025, 9:32 a.m., Published: Feb. 11, 2025, 8:16 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: chrome

Dell Precision 5530 System BIOS | Szczegóły sterownika | Dell Polska

Trust: 3.0

Fetched: Feb. 21, 2025, 9:32 a.m., Published: Feb. 21, 5530, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: precision 5530
vendor: dell model: bios

Palo Alto warns firewalls flaws are under active attack • The Register

Trust: 5.5

Fetched: Feb. 21, 2025, 9:31 a.m., Published: -
 Vulnerabilities: authentication bypass, privilege escalation, access control issue
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: pan-os
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo model: pan-os
db: NVD ids: CVE-2025-0111, CVE-2024-9474, CVE-2025-0108

Update Canonical Ubuntu Server: USN-7270-1: OpenSSH vulnerabilities

Trust: 5.0

Fetched: Feb. 21, 2025, 9:31 a.m., Published: Jan. 21, 7270, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2025-26466, CVE-2025-26465

Essential Insights into Mobile Device Vulnerabilities for Businesses | MoldStud

Trust: 3.75

Fetched: Feb. 21, 2025, 9:30 a.m., Published: Feb. 12, 2025, midnight
 Vulnerabilities: code injection
Affected productsExternal IDs
vendor: trend model: security

Update Canonical Ubuntu Server: USN-7272-1: Symfony vulnerabilities

Trust: 4.75

Fetched: Feb. 21, 2025, 9:30 a.m., Published: Jan. 21, 7272, midnight
 Vulnerabilities: request forgery, cross-site request forgery
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2024-50340, CVE-2024-50342, CVE-2024-50345, CVE-2024-51996, CVE-2024-50343, CVE-2024-50341, CVE-2023-46734, CVE-2022-24894, CVE-2022-24895

Microsoft launches firmware update for Surface devices to fix security vulnerabilities

Trust: 4.0

Fetched: Feb. 21, 2025, 9:24 a.m., Published: Feb. 20, 2025, 4:23 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2024-44074

Juniper Networks Releases Patch for Session Smart Router Vulnerability - Thailand Computer Emergency Response Team (ThaiCERT)

Trust: 3.25

Fetched: Feb. 21, 2025, 9:23 a.m., Published: Feb. 20, 2025, 8:19 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-2973, CVE-2025-21589

NVIDIA CUDA Toolkit Vulnerabilities Expose Systems to Potential DoS Attacks

Trust: 4.5

Fetched: Feb. 21, 2025, 9:22 a.m., Published: Feb. 20, 2025, 12:52 p.m.
 Vulnerabilities: integer overflow, information disclosure
Affected productsExternal IDs
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: palo model: firewall
vendor: palo model: networks
db: NVD ids: CVE-2024-53878, CVE-2024-53870

SANS Stormcast Friday Feb 21st: Kibana Queries; Mongoose Injection; U-Boot Flaws; Unifi Protect Camera Vulnerabilities; Protecting Network Devices as Endpoint (Austin Clark @sans_edu) - SANS Internet Storm Center

Trust: 3.5

Fetched: Feb. 21, 2025, 9:21 a.m., Published: Feb. 21, 2025, midnight
 Vulnerabilities: sql injection
Affected productsExternal IDs
vendor: palo model: networks
vendor: huawei model: nice
vendor: huawei model: huawei
vendor: cisco model: wireless lan controllers
vendor: cisco model: routers

Printer vulnerabilities expose security weaknesses in HP, Xerox, and Lexmark devices - The Recycler - 19/02/2025

Trust: 4.5

Fetched: Feb. 21, 2025, 9:20 a.m., Published: Feb. 19, 2025, 9:10 a.m.
 Vulnerabilities: request forgery, privilege escalation, code execution
Affected productsExternal IDs
vendor: xerox model: phaser
vendor: xerox model: workcentre
vendor: lexmark model: lexmark
vendor: lexmark model: printer
db: NVD ids: CVE-2022-23968, CVE-2023-23560

Hackers Exploiting Ivanti Connect Secure RCE Vulnerability to Install SPAWNCHIMERA Malware

Trust: 5.0

Fetched: Feb. 21, 2025, 9:19 a.m., Published: Feb. 12, 2025, 9:31 a.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: google model: home
db: NVD ids: CVE-2025-0282

2024 Vulnerability Scanning Surges 91% | F5 Labs

Related entries in the VARIoT vulnerabilities database: VAR-202303-1268, VAR-201805-0262, VAR-202203-0233

Trust: 6.25

Fetched: Feb. 21, 2025, 9:19 a.m., Published: Feb. 18, 2025, 11:34 a.m.
 Vulnerabilities: code injection, authentication bypass, code execution...
Affected productsExternal IDs
vendor: tp-link model: gateway
vendor: tp-link model: routers
vendor: trend model: security
db: NVD ids: CVE-2023-1389, CVE-2020-8958, CVE-2022-24847, CVE-2020-11625, CVE-2017-9841, CVE-2018-10561, CVE-2024-3721, CVE-2023-23752, CVE-2022-22947, CVE-2022-42457, CVE-2018-1056

Microsoft releases new firmware for several Surface devices to address security issues - Neowin

Trust: 4.0

Fetched: Feb. 21, 2025, 9:18 a.m., Published: Feb. 10, 2025, midnight
 Vulnerabilities: privilege escalation, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-44074

Cisco Video Phone 8875 and Desk Phone 9800 Series Information Disclosure Vulnerability

Trust: 5.0

Fetched: Feb. 21, 2025, 9:17 a.m., Published: Feb. 19, 2025, 3:54 p.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
vendor: cisco model: series

CISA Advisory: Critical Vulnerability in ABB ICS Devices and Its Security Implications | Windows Forum

Trust: 3.75

Fetched: Feb. 21, 2025, 9:16 a.m., Published: May 21, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-51547

CVE-2025-0112 : Vulnerability in Cortex XDR Agent Affects Windows Devices by Palo Alto Networks | SecurityVulnerability.io

Trust: 3.75

Fetched: Feb. 21, 2025, 9:16 a.m., Published: Feb. 20, 2025, 12:15 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo model: networks
db: NVD ids: CVE-2025-0112

Critical Vulnerabilities in ABB FLXEON Controllers: CISA Advisory Insights | Windows Forum

Trust: 3.25

Fetched: Feb. 21, 2025, 9:15 a.m., Published: May 21, 2025, midnight
 Vulnerabilities: information disclosure, code execution, default credentials...
Affected productsExternal IDs
vendor: parallels model: desktop
vendor: parallels model: tools
vendor: trend model: security