Sign-up

VARIoT news about IoT security

Salt Typhoon compromises telecom providers' Cisco devices | TechTarget

Trust: 5.5

Fetched: Feb. 14, 2025, 9:20 a.m., Published: Feb. 13, 2025, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: cisco model: cisco ios
vendor: cisco model: routers
vendor: cisco model: cisco ios xe
vendor: cisco model: ios xe software
vendor: cisco model: ios xe
db: NVD ids: CVE-2023-20198, CVE-2023-20273

RedMike Exploits Unpatched Cisco Devices in Global Telecommunications Campaign

Trust: 5.5

Fetched: Feb. 14, 2025, 9:20 a.m., Published: -
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: cisco model: cisco ios
vendor: cisco model: cisco ios xe
vendor: cisco model: ios xe software
vendor: cisco model: ios xe
db: NVD ids: CVE-2023-20198, CVE-2023-20273

NVIDIA GPU Display Driver Vulnerability Lets Attackers Steal Files Remotely - Update Now

Trust: 4.0

Fetched: Feb. 14, 2025, 9:13 a.m., Published: Feb. 3, 2025, 10:54 a.m.
 Vulnerabilities: memory corruption, code execution, denial of service...
Affected productsExternal IDs

January 2025 Patch Tuesday: Updates and Analysis | CrowdStrike

Trust: 4.5

Fetched: Feb. 12, 2025, 9:33 a.m., Published: Jan. 15, 2025, 5:19 p.m.
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2025-21298, CVE-2025-21307, CVE-2025-21186, CVE-2025-21311, CVE-2025-21297, CVE-2025-21354, CVE-2025-21296, CVE-2025-21366, CVE-2025-21309, CVE-2025-21333, CVE-2025-21308, CVE-2025-21334, CVE-2025-21294, CVE-2025-21362, CVE-2025-21295, CVE-2025-21335, CVE-2025-21395, CVE-2025-21275

CVE-2024-40890 - Zyxel DSL CPE OS Command Injection Vulnerability | ScyScan

Trust: 4.25

Fetched: Feb. 12, 2025, 9:29 a.m., Published: Feb. 4, 2025, midnight
 Vulnerabilities: os command injection, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-40890

CVE-2024-40891 - Zyxel DSL CPE OS Command Injection Vulnerability | ScyScan

Trust: 4.25

Fetched: Feb. 12, 2025, 9:29 a.m., Published: Feb. 4, 2025, midnight
 Vulnerabilities: os command injection, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-40891

Apple fixes vulnerability in USB restricted mode

Trust: 3.5

Fetched: Feb. 12, 2025, 9:28 a.m., Published: Feb. 11, 2025, 11:58 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: watch
vendor: apple model: macos
vendor: apple model: software update
vendor: apple model: ipad air
vendor: apple model: iphone
db: NVD ids: CVE-2025-24200

iOS 18.3.1 - update your iPhone right now to fix critical zero-day vulnerability | Tom's Guide

Trust: 4.75

Fetched: Feb. 12, 2025, 9:27 a.m., Published: Feb. 10, 2025, 9:18 p.m.
 Vulnerabilities: authorization issue
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: ipad air
vendor: apple model: iphone
db: NVD ids: CVE-2025-24200

Apple has issued a statement on an iPhone vulnerability: 12 February 2025, 11:42 - news on Tengrinews.kz

Trust: 3.0

Fetched: Feb. 12, 2025, 9:27 a.m., Published: Feb. 12, 2025, 6:42 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: iphone

Update Canonical Ubuntu Server: USN-7260-1: OpenRefine vulnerabilities

Trust: 5.0

Fetched: Feb. 12, 2025, 9:26 a.m., Published: Jan. 12, 7260, midnight
 Vulnerabilities: code injection
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2023-37476, CVE-2024-47880, CVE-2024-47878, CVE-2024-47882, CVE-2024-47879, CVE-2023-41887, CVE-2024-47881, CVE-2024-23833, CVE-2023-41886, CVE-2024-49760

FortiOS Security Fabric Vulnerability Allows Escaltion to Super-admin

Trust: 4.0

Fetched: Feb. 12, 2025, 9:26 a.m., Published: Feb. 11, 2025, 5:38 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2024-55591

Microsoft Configuration Manager Vulnerability Allows Remote Code Execution

Trust: 3.75

Fetched: Feb. 12, 2025, 9:25 a.m., Published: Jan. 20, 2025, 3:47 a.m.
 Vulnerabilities: sql injection, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-43468

Update Canonical Ubuntu Desktop: USN-7260-1: OpenRefine vulnerabilities

Trust: 5.0

Fetched: Feb. 12, 2025, 9:25 a.m., Published: Jan. 12, 7260, midnight
 Vulnerabilities: code injection
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2023-37476, CVE-2024-47880, CVE-2024-47878, CVE-2024-47882, CVE-2024-47879, CVE-2023-41887, CVE-2024-47881, CVE-2024-23833, CVE-2023-41886, CVE-2024-49760

CVE-2025-26411 : Remote Code Execution Vulnerability in Wattsense Bridge Devices | SecurityVulnerability.io

Trust: 3.25

Fetched: Feb. 12, 2025, 9:25 a.m., Published: Feb. 11, 2025, 9:21 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-26411

Massive Brute Force Attack Targets VPN and Firewall Logins Using 2.8 Million IPs

Trust: 5.75

Fetched: Feb. 12, 2025, 9:24 a.m., Published: Feb. 10, 2025, 3:16 a.m.
 Vulnerabilities: brute force attack
Affected productsExternal IDs
vendor: check point model: check point
vendor: mikrotik model: routers
vendor: mikrotik model: mikrotik
vendor: cisco model: cisco routers
vendor: cisco model: routers
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: palo alto networks globalprotect
vendor: palo alto networks model: networks globalprotect
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo model: palo alto networks globalprotect
vendor: palo model: networks globalprotect
vendor: sonicwall model: remote access
vendor: sonicwall model: netextender
vendor: huawei model: huawei
db: NVD ids: CVE-2024-8190, CVE-2025-23006

Multiple Vulnerabilities in Fortinet Products Could Allow for Remote Code Execution

Trust: 3.0

Fetched: Feb. 12, 2025, 9:24 a.m., Published: Feb. 11, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

iPhone Security Alert: Apple releases emergency iOS update to fix data leak vulnerability - The Economic Times

Trust: 3.75

Fetched: Feb. 12, 2025, 9:23 a.m., Published: Feb. 11, 2025, 5:02 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: ipad air
vendor: apple model: iphone
db: NVD ids: CVE-2025-24200

U.S. CISA adds Microsoft Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog

Trust: 5.0

Fetched: Feb. 12, 2025, 9:23 a.m., Published: Feb. 12, 2025, 8:01 a.m.
 Vulnerabilities: privilege escalation, command injection, code execution...
Affected productsExternal IDs
db: NVD ids: CVE-2025-21418, CVE-2024-40891, CVE-2025-21391, CVE-2024-40890

CVE-2024-53651 : Data Exposure Vulnerability in SIPROTEC 5 Devices by Siemens | SecurityVulnerability.io

Related entries in the VARIoT vulnerabilities database: VAR-202502-0199

Trust: 4.0

Fetched: Feb. 12, 2025, 9:18 a.m., Published: Feb. 11, 2025, 10:28 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: siprotec
vendor: siemens model: siprotec 5
db: NVD ids: CVE-2024-53651

Windows 11 KB5051987 KB5051989 February 2025 Patch And 4 Zero Day Vulnerabilities And 55 Flaws HTMD Blog

Trust: 4.5

Fetched: Feb. 12, 2025, 9:15 a.m., Published: Feb. 11, 2025, 6:51 p.m.
 Vulnerabilities: security feature bypass, feature bypass
Affected productsExternal IDs
vendor: asus model: asus
db: NVD ids: CVE-2025-21194, CVE-2025-21377, CVE-2025-21391, CVE-2025-21418