Sign-up

VARIoT news about IoT security

Understanding CVE-2025-24150: Command Injection Vulnerability in Apple Products

Trust: 5.75

Fetched: Feb. 9, 2025, 9:24 a.m., Published: Jan. 9, 2025, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: apple model: software update
vendor: apple model: safari
vendor: apple model: macos
db: NVD ids: CVE-2025-24150

Update Canonical Ubuntu Server: USN-7259-1: GNU C Library vulnerability

Trust: 3.25

Fetched: Feb. 9, 2025, 9:24 a.m., Published: Jan. 9, 7259, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

CVE-2024-55591: 50,000 Internet-Facing Devices Affected by Fortinet Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-201803-1048, VAR-202501-3666, VAR-202004-2199

Trust: 4.25

Fetched: Feb. 9, 2025, 9:22 a.m., Published: Feb. 3, 2025, midnight
 Vulnerabilities: code execution, authentication bypass, privilege escalation...
Affected productsExternal IDs
vendor: sophos model: firewall
vendor: apple model: macos
vendor: apple model: tvos
vendor: apple model: installer
vendor: apple model: watch
vendor: apple model: watchos
vendor: apple model: safari
vendor: apple model: ipad
vendor: apple model: apple tv
vendor: node.js model: node.js
vendor: jquery model: jquery
vendor: huawei model: hg532
vendor: huawei model: huawei
db: NVD ids: CVE-2024-12356, CVE-2025-24128, CVE-2024-7029, CVE-2024-12686, CVE-2025-24107, CVE-2025-24145, CVE-2025-21334, CVE-2017-17215, CVE-2025-24085, CVE-2024-55591, CVE-2025-24159, CVE-2020-11023, CVE-2025-21335, CVE-2025-21333, CVE-2025-24137

Cisco patches critical flaws in Identity Services Engine | ITPro

Trust: 5.0

Fetched: Feb. 9, 2025, 9:22 a.m., Published: Feb. 6, 2025, 11:42 a.m.
 Vulnerabilities: improper validation
Affected productsExternal IDs
vendor: cisco model: identity services engine

Cisco Meeting Management REST API Privilege Escalation Vulnerability

Trust: 3.75

Fetched: Feb. 9, 2025, 9:21 a.m., Published: Jan. 22, 2025, 3:55 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: cisco model: meeting management
vendor: cisco model: cisco meeting
vendor: cisco model: meeting

OpenSSL vulnerability in icls driver version 1.71.99.0 - Intel Community

Trust: 3.0

Fetched: Feb. 9, 2025, 9:21 a.m., Published: May 13, 2024, 5:53 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: optiplex
vendor: dell model: bios

AXESS Auto Configuration Server - Denial of Service (CVE-2024-56316) - Y-Security GmbH

Trust: 3.0

Fetched: Feb. 9, 2025, 9:20 a.m., Published: Jan. 17, 2025, 5:12 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2024-56316

Hackers Leverage Undisclosed Zero-Day Flaw in cnPilot Routers to Propagate AIRASHI DDoS Botnet - Owlysec - Cyber Security News

Related entries in the VARIoT vulnerabilities database: VAR-202304-2073, VAR-202012-0495, VAR-202002-1447, VAR-201810-0977, VAR-201712-0218

Trust: 3.75

Fetched: Feb. 9, 2025, 9:19 a.m., Published: Jan. 22, 2025, 4:11 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
vendor: hikvision model: hikvision
vendor: hikvision model: ip cameras
vendor: mikrotik model: mikrotik
vendor: mikrotik model: routers
vendor: mikrotik model: mikrotik routers
db: NVD ids: CVE-2016-20016, CVE-2023-28771, CVE-2022-44149, CVE-2020-25499, CVE-2020-8515, CVE-2018-14558, CVE-2017-5259, CVE-2013-3307, CVE-2022-3573, CVE-2022-40005

Update Canonical Ubuntu Desktop: USN-7259-1: GNU C Library vulnerability

Trust: 3.25

Fetched: Feb. 9, 2025, 9:18 a.m., Published: Jan. 9, 7259, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

CVE-2024-56144 - Librenms Device Edit Stored Cross-Site Scripting Vulnerability

Trust: 5.25

Fetched: Feb. 9, 2025, 9:18 a.m., Published: Jan. 16, 2025, 11:15 p.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
db: NVD ids: CVE-2024-56144

NETGEAR Patches Critical Security Vulnerabilities in WiFi Routers (CVE-2025-25246) and Access Points

Trust: 5.75

Fetched: Feb. 9, 2025, 9:16 a.m., Published: Feb. 7, 2025, 2:10 a.m.
 Vulnerabilities: code execution, authentication bypass
Affected productsExternal IDs
vendor: netgear model: xr500
vendor: netgear model: router
db: NVD ids: CVE-2025-25246

Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet

Related entries in the VARIoT vulnerabilities database: VAR-202304-2073, VAR-202012-0495, VAR-202002-1447, VAR-201810-0977, VAR-201712-0218

Trust: 3.5

Fetched: Feb. 9, 2025, 9:16 a.m., Published: Jan. 22, 2025, 4:01 p.m.
 Vulnerabilities: arbitrary command execution, command execution
Affected productsExternal IDs
db: NVD ids: CVE-2016-20016, CVE-2023-28771, CVE-2022-44149, CVE-2020-25499, CVE-2020-8515, CVE-2018-14558, CVE-2017-5259, CVE-2013-3307, CVE-2022-3573, CVE-2022-40005

Cisco IOS: CVE-2025-20173: Cisco IOS, IOS XE, and IOS XR Software SNMP Denial of Service Vulnerabilities

Trust: 6.0

Fetched: Feb. 9, 2025, 9:15 a.m., Published: Feb. 9, 2024, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: cisco ios
vendor: cisco model: ios xr software
vendor: cisco model: ios xe software
vendor: cisco model: cisco ios xe
vendor: cisco model: ios xr
vendor: cisco model: ios software
vendor: cisco model: ios xe
db: NVD ids: CVE-2025-20173

Cisco IOS, IOS XE, and IOS XR Software SNMP Denial of Service Vulnerabilities

Trust: 3.75

Fetched: Feb. 9, 2025, 9:14 a.m., Published: Feb. 5, 2025, 6:17 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: cisco ios
vendor: cisco model: ios xr software
vendor: cisco model: ios xe software
vendor: cisco model: ios xr
vendor: cisco model: ios xe

Netgear critical vulns come amid global netsec concern • The Register - Archyde

Trust: 4.5

Fetched: Feb. 9, 2025, 9:12 a.m., Published: Feb. 5, 2025, 4:52 p.m.
 Vulnerabilities: code execution, authentication bypass
Affected productsExternal IDs
vendor: netgear model: router

Hardware & Firmware Assessment to identify devices with AMD processors | Microsoft Community Hub

Trust: 3.0

Fetched: Feb. 9, 2025, 9:07 a.m., Published: Sept. 8, 2023, 5:19 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2023-20593

Windows RD Gateway Vulnerability Exposes Systems to Denial-of-Service Attacks

Trust: 4.25

Fetched: Feb. 7, 2025, 9:20 a.m., Published: Jan. 15, 2025, 12:25 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-21225

CISA Adds Actively Exploited Linux Kernel Vulnerability to Known Exploited Vuln Catalog

Trust: 6.0

Fetched: Feb. 7, 2025, 9:19 a.m., Published: Feb. 5, 2025, 6:41 p.m.
 Vulnerabilities: privilege escalation, memory corruption, code execution
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2024-53104

CVE-2017-13318 : Out of Bounds Read Vulnerability in HeifDecoder Implementation Affecting Google Pixel Devices | SecurityVulnerability.io

Trust: 4.25

Fetched: Feb. 7, 2025, 9:19 a.m., Published: Jan. 28, 2025, 4:51 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: pixel
db: NVD ids: CVE-2017-13318

Vulnerabilities exploited with HitatusRAT | BASE4 Security

Related entries in the VARIoT vulnerabilities database: VAR-201804-1666, VAR-201705-3762

Trust: 4.25

Fetched: Feb. 7, 2025, 9:18 a.m., Published: Jan. 14, 2025, 10:14 p.m.
 Vulnerabilities: default credentials, authentication bypass, code execution
Affected productsExternal IDs
vendor: hikvision model: hikvision
vendor: draytek model: vigor
vendor: draytek model: routers
db: NVD ids: CVE-2018-9995, CVE-2021-36260, CVE-2017-7921