Sign-up

VARIoT news about IoT security

MediaTek Bluetooth Vulnerability Exposes Millions of Devices to Silent Attacks - UNDERCODE NEWS

Related entries in the VARIoT vulnerabilities database: VAR-202506-0169

Trust: 4.75

Fetched: June 3, 2025, 9:15 a.m., Published: June 2, 2025, 1:40 p.m.
 Vulnerabilities: denial of service, code execution, improper bounds checking
Affected productsExternal IDs
db: NVD ids: CVE-2025-20674, CVE-2025-20673, CVE-2025-20677, CVE-2025-20678, CVE-2025-20672

Cisco IOS XE Software Web-Based Management Interface Vulnerabilities

Trust: 5.5

Fetched: June 3, 2025, 9:15 a.m., Published: May 7, 2025, 3:53 p.m.
 Vulnerabilities: information disclosure, command injection, injection attack
Affected productsExternal IDs
vendor: cisco model: ios xe software
vendor: cisco model: ios xe
vendor: cisco model: cisco ios xe
vendor: cisco model: cisco ios
db: NVD ids: CVE-2025-20194, CVE-2025-20193, CVE-2025-20195

MediaTek Vulnerabilities Let Attackers Escalate Privileges Without User Interaction

Related entries in the VARIoT vulnerabilities database: VAR-202506-0169

Trust: 4.75

Fetched: June 3, 2025, 9:14 a.m., Published: June 2, 2025, 3:30 p.m.
 Vulnerabilities: pointer dereference issue, denial of service, privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2025-20674, CVE-2025-20673, CVE-2025-20675, CVE-2025-20676, CVE-2025-20677, CVE-2025-20678, CVE-2025-20672

Critical Vulnerability in Instantel Micromate Threatens Critical Infrastructure Security | Windows Forum

Trust: 3.75

Fetched: June 3, 2025, 9:12 a.m., Published: May 3, 2025, midnight
 Vulnerabilities: command execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-1907

Critical vulnerability in Cisco IOS XE - Exploit has become a public application on 02 June 2025, 15:00 | Gadgetonus

Trust: 4.75

Fetched: June 3, 2025, 9:12 a.m., Published: June 2, 2025, noon
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: ios xr
vendor: cisco model: ios xe
vendor: cisco model: cisco ios xe
vendor: cisco model: cisco ios
vendor: cisco model: access points

Cybersecurity Hardware and Firmware Vulnerability Landscape (2025 - 2030)

Trust: 4.5

Fetched: June 3, 2025, 9:04 a.m., Published: June 2, 2025, 11:04 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: dell model: bios
vendor: broadcom model: linux
vendor: huawei model: huawei
vendor: infineon model: trusted platform
vendor: google model: home
vendor: cisco model: series
vendor: cisco model: guard
vendor: dram model: dram

GeoVision Devices OS Command Injection Vulnerability - vulnerability database | Vulners.com

Trust: 3.0

Fetched: June 1, 2025, 9:36 a.m., Published: May 7, 2025, midnight
 Vulnerabilities: os command injection, command injection
Affected productsExternal IDs

The Future Of IoT Software Development In 2025 | Digital One Agency

Trust: 3.5

Fetched: June 1, 2025, 9:35 a.m., Published: May 30, 2025, 12:31 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: google model: android
vendor: google model: home

Update Canonical Ubuntu Desktop: USN-7491-1: Linux kernel (OEM) vulnerabilities

Trust: 4.25

Fetched: June 1, 2025, 9:35 a.m., Published: Jan. 1, 7491, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2025-21902, CVE-2025-21813

Update Canonical Ubuntu Desktop: USN-7485-1: LibRaw vulnerabilities

Trust: 5.0

Fetched: June 1, 2025, 9:35 a.m., Published: Jan. 1, 7485, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2025-43964, CVE-2025-43961, CVE-2025-43962, CVE-2025-43963

CVE-2025-27524 - Hitachi JP1/IT Desktop Management 2 - Smart Device Manager Weak Encryption Vulnerability | Kenya Education Network

Trust: 6.0

Fetched: June 1, 2025, 9:35 a.m., Published: June 2, 2025, midnight
 Vulnerabilities: encryption vulnerability
Affected productsExternal IDs
vendor: hitachi model: device manager
vendor: hitachi model: jp1/it desktop management
db: NVD ids: CVE-2025-27524

CVE-2025-27524 - Hitachi JP1/IT Desktop Management 2 - Smart Device Manager Weak Encryption Vulnerability | Kenya Education Network

Trust: 6.0

Fetched: June 1, 2025, 9:34 a.m., Published: June 2, 2025, midnight
 Vulnerabilities: encryption vulnerability
Affected productsExternal IDs
vendor: hitachi model: device manager
vendor: hitachi model: jp1/it desktop management
db: NVD ids: CVE-2025-27524

Inside Trident Spyware | How iPhones Get Hacked via Zero-Click Attacks - Web Asha Technologies

Related entries in the VARIoT vulnerabilities database: VAR-201608-0186, VAR-201608-0188, VAR-201608-0187

Trust: 4.25

Fetched: June 1, 2025, 9:34 a.m., Published: June 1, 2025, midnight
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: webkit
vendor: apple model: iphone
db: NVD ids: CVE-2016-4655, CVE-2016-4657, CVE-2016-4656

Update Canonical Ubuntu Server: USN-7485-1: LibRaw vulnerabilities

Trust: 5.0

Fetched: June 1, 2025, 9:34 a.m., Published: Jan. 1, 7485, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2025-43964, CVE-2025-43961, CVE-2025-43962, CVE-2025-43963

Update Canonical Ubuntu Desktop: USN-7490-1: libsoup vulnerabilities

Trust: 5.0

Fetched: June 1, 2025, 9:33 a.m., Published: Jan. 1, 7490, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2025-32910, CVE-2025-32913, CVE-2025-32906, CVE-2025-46420, CVE-2025-32912, CVE-2025-46421, CVE-2025-32911, CVE-2025-32914, CVE-2025-32909

Update Canonical Ubuntu Server: USN-7480-1: OpenJDK 8 vulnerabilities

Trust: 6.0

Fetched: June 1, 2025, 9:33 a.m., Published: Jan. 1, 7480, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2025-30691, CVE-2025-21587, CVE-2025-30698

[Palo Alto Networks Security Advisories] CVE-2025-0136 PAN-OS: Unencrypted Data Transfer when using AES-128-CCM onIntel-based hardware devices - RedPacket Security

Trust: 3.75

Fetched: June 1, 2025, 9:32 a.m., Published: May 14, 2025, 5:02 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: paloaltonetworks model: firewall
vendor: paloaltonetworks model: networks
vendor: paloaltonetworks model: pan-os
vendor: palo model: firewall
vendor: palo model: networks
vendor: palo model: pan-os
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os
db: NVD ids: CVE-2025-0136

Update Canonical Ubuntu Desktop: USN-7480-1: OpenJDK 8 vulnerabilities

Trust: 6.0

Fetched: June 1, 2025, 9:26 a.m., Published: Jan. 1, 7480, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2025-30691, CVE-2025-21587, CVE-2025-30698

Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution

Related entries in the VARIoT vulnerabilities database: VAR-202505-0239

Trust: 5.75

Fetched: June 1, 2025, 9:21 a.m., Published: May 11, 2025, midnight
 Vulnerabilities: code execution, denial of service, information disclosure...
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2025-26423, CVE-2025-26424, CVE-2025-22425, CVE-2025-26429, CVE-2024-49842, CVE-2024-49841, CVE-2025-26422, CVE-2025-26427, CVE-2023-35657, CVE-2024-49846, CVE-2025-20666, CVE-2025-26430, CVE-2025-21453, CVE-2024-34739, CVE-2025-26442, CVE-2025-0072, CVE-2025-26425, CVE-2024-49835, CVE-2025-26440, CVE-2025-0087, CVE-2024-47896, CVE-2024-45580, CVE-2025-0427, CVE-2025-21467, CVE-2023-21342, CVE-2024-47891, CVE-2025-21459, CVE-2024-49847, CVE-2025-26436, CVE-2025-26444, CVE-2025-26426, CVE-2024-52939, CVE-2024-47900, CVE-2024-49845, CVE-2025-26435, CVE-2025-21468, CVE-2024-46975, CVE-2025-26438, CVE-2024-49739, CVE-2024-12577, CVE-2025-0077, CVE-2025-26420, CVE-2025-27363, CVE-2025-26421, CVE-2024-46974, CVE-2025-26428

UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware

Trust: 4.5

Fetched: June 1, 2025, 9:13 a.m., Published: May 22, 2025, 10 a.m.
 Vulnerabilities: file enumeration
Affected productsExternal IDs
vendor: snort.org model: snort
vendor: jquery model: jquery
vendor: cisco model: web security appliance
vendor: cisco model: adaptive security appliance
vendor: cisco model: umbrella
vendor: cisco model: firepower
vendor: cisco model: meraki mx
vendor: snort model: snort
db: NVD ids: CVE-2025-0994, CVE-2025-0944