Sign-up

VARIoT news about IoT security

CVE-2025-20638 : Local Information Disclosure Vulnerability in MediaTek Devices | SecurityVulnerability.io

Trust: 4.25

Fetched: Feb. 4, 2025, 9:15 a.m., Published: Feb. 3, 2025, 3:23 a.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2025-20638

Notable zero-day vulnerability trends in 2024: Insights and implications - ManageEngine Blog

Trust: 4.5

Fetched: Feb. 4, 2025, 9:14 a.m., Published: Jan. 8, 2025, 2:12 p.m.
 Vulnerabilities: denial of service, directory traversal, input validation error...
Affected productsExternal IDs
vendor: trend model: security
vendor: palo alto networks model: networks
vendor: palo model: networks
db: NVD ids: CVE-2024-30040, CVE-2024-35264, CVE-2024-8963, CVE-2024-7971, CVE-2024-29988, CVE-2024-8190, CVE-2024-47575, CVE-2024-5910, CVE-2024-49039, CVE-2024-5274, CVE-2024-9465

CVE-2025-20640 : Out of Bounds Read Vulnerability in MediaTek Devices | SecurityVulnerability.io

Trust: 3.25

Fetched: Feb. 4, 2025, 9:14 a.m., Published: Feb. 3, 2025, 3:24 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-20640

CVE-2025-20642 : Out of Bounds Write Vulnerability in MediaTek Device | SecurityVulnerability.io

Trust: 3.25

Fetched: Feb. 4, 2025, 9:14 a.m., Published: Feb. 3, 2025, 3:24 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-20642

CVE-2024-10497 - Apache Device Authorization Bypass Vulnerability

Trust: 3.0

Fetched: Feb. 4, 2025, 9:13 a.m., Published: Jan. 17, 2025, 11:15 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-10497

Critical MediaTek Processor RCE Vulnerability Impacts Millions of Devices - Security Aid

Related entries in the VARIoT vulnerabilities database: VAR-202501-0708

Trust: 5.5

Fetched: Feb. 4, 2025, 9:13 a.m., Published: Jan. 7, 2025, 9:21 a.m.
 Vulnerabilities: information disclosure, code execution
Affected productsExternal IDs
vendor: google model: android
vendor: google model: home
db: NVD ids: CVE-2024-20154, CVE-2024-20150, CVE-2024-20149, CVE-2024-20143, CVE-2024-20140

Cybersecurity Trends 2025: Zero-Day Vulnerabilities and Phishing Risks | B2Bdaily.com

Trust: 3.25

Fetched: Feb. 4, 2025, 9:12 a.m., Published: Jan. 31, 2025, 2:47 p.m.
 Vulnerabilities: command execution, privilege escalation
Affected productsExternal IDs
vendor: google model: android
vendor: yealink model: hardware
vendor: trend model: security
vendor: trend model: internet security

CVE-2024-38420 : Memory Corruption Vulnerability in Hypervisor-Configured Input Device by Qualcomm | SecurityVulnerability.io

Trust: 3.25

Fetched: Feb. 4, 2025, 9:11 a.m., Published: Feb. 3, 2025, 4:51 p.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
db: NVD ids: CVE-2024-38420

Multiple Network Appliance/Edge Device Vulnerabilities Disclosed

Trust: 5.5

Fetched: Feb. 4, 2025, 9:11 a.m., Published: Feb. 3, 2025, midnight
 Vulnerabilities: information disclosure, default credentials, authentication bypass...
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: node.js model: node.js
vendor: sonicwall model: secure mobile access
vendor: palo model: networks
vendor: palo model: firewall
db: NVD ids: CVE-2025-0282, CVE-2020-10713, CVE-2025-23006, CVE-2024-55591

Dahua Devices Path Traversal Vulnerability (Jan 2025) - Active Check (CVE-2024-13130) - Vulnerability & Exploit Database

Trust: 5.0

Fetched: Feb. 4, 2025, 9:11 a.m., Published: Jan. 4, 2025, midnight
 Vulnerabilities: path traversal
Affected productsExternal IDs
db: NVD ids: CVE-2024-13130

Dahua Devices Information Disclosure Vulnerability (Jan 2025) - Active Check (CVE-2019-9680) - Vulnerability & Exploit Database

Trust: 5.0

Fetched: Feb. 4, 2025, 9:10 a.m., Published: Jan. 4, 2025, midnight
 Vulnerabilities: information disclosure
Affected productsExternal IDs
db: NVD ids: CVE-2019-9680

Cisco IOS XR Software Dedicated XML Agent TCP Denial of Service Vulnerability

Trust: 3.75

Fetched: Feb. 4, 2025, 9:09 a.m., Published: Sept. 11, 2024, 3:46 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: cisco ios
vendor: cisco model: ios xr
vendor: cisco model: ios xr software
vendor: cisco model: cisco ios xr

D-Link DAP-1650 EOL Device Directory Traversal Vulnerability (Jul 2024) (CVE-2024-40505) - Vulnerability & Exploit Database

Trust: 6.0

Fetched: Feb. 4, 2025, 9:09 a.m., Published: -
 Vulnerabilities: directory traversal
Affected productsExternal IDs
vendor: d-link model: dap-1650
db: NVD ids: CVE-2024-40505

CVE-2024-55591: 50,000 Internet-Facing Devices Affected by Fortinet Vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-202501-3666, VAR-202004-2199, VAR-201803-1048

Trust: 4.25

Fetched: Feb. 4, 2025, 9:08 a.m., Published: Feb. 4, 2024, midnight
 Vulnerabilities: authentication bypass, command injection, privilege escalation...
Affected productsExternal IDs
vendor: sophos model: firewall
vendor: apple model: installer
vendor: apple model: watch
vendor: apple model: ipad
vendor: apple model: tvos
vendor: apple model: apple tv
vendor: apple model: macos
vendor: apple model: safari
vendor: apple model: watchos
vendor: huawei model: hg532
vendor: huawei model: huawei
vendor: jquery model: jquery
vendor: node.js model: node.js
db: NVD ids: CVE-2025-24145, CVE-2025-21333, CVE-2025-21334, CVE-2024-12686, CVE-2025-24085, CVE-2020-11023, CVE-2024-12356, CVE-2025-24137, CVE-2017-17215, CVE-2025-24128, CVE-2025-24159, CVE-2025-24107, CVE-2024-55591, CVE-2024-7029, CVE-2025-21335

Fix Apple CVE-2025-24085 Privilege Escalation Flaw

Related entries in the VARIoT vulnerabilities database: VAR-202501-3666

Trust: 4.25

Fetched: Feb. 4, 2025, 9:07 a.m., Published: Jan. 31, 2025, midnight
 Vulnerabilities: memory corruption, improper memory management, privilege escalation
Affected productsExternal IDs
vendor: apple model: watch
vendor: apple model: software update
vendor: apple model: tvos
vendor: apple model: apple tv
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: watchos
db: NVD ids: CVE-2025-24085

Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability - Cybersecurity News Everyday

Trust: 5.25

Fetched: Feb. 2, 2025, 9:40 a.m., Published: Jan. 29, 2025, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-40891

Ivanti Releases Security Updates for Connect Secure, Policy Secure, and ZTA Gateways | CISA

Trust: 3.0

Fetched: Feb. 2, 2025, 9:39 a.m., Published: Feb. 2, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-0283, CVE-2025-0282

January 2025 Patch Tuesday: Microsoft Patches 159 Vulnerabilities in Hyper-V, OLE, and More - WinBuzzer

Trust: 3.75

Fetched: Feb. 2, 2025, 9:38 a.m., Published: Jan. 15, 2025, 10:52 a.m.
 Vulnerabilities: security feature bypass, code execution, information disclosure...
Affected productsExternal IDs
db: NVD ids: CVE-2025-21217, CVE-2025-21243, CVE-2025-21338, CVE-2025-21268, CVE-2025-21403, CVE-2025-21286, CVE-2024-7344, CVE-2025-21292, CVE-2025-21265, CVE-2025-21250, CVE-2025-21346, CVE-2025-21171, CVE-2025-21345, CVE-2025-21290, CVE-2025-21340, CVE-2025-21230, CVE-2025-21261, CVE-2025-21272, CVE-2025-21187, CVE-2025-21312, CVE-2025-21213, CVE-2025-21218, CVE-2025-21223, CVE-2025-21236, CVE-2025-21285, CVE-2025-21385, CVE-2025-21331, CVE-2025-21248, CVE-2025-21314, CVE-2025-21306, CVE-2025-21308, CVE-2025-21320, CVE-2025-21329, CVE-2025-21229, CVE-2025-21294, CVE-2025-21354, CVE-2025-21280, CVE-2025-21341, CVE-2025-21211, CVE-2025-21282, CVE-2025-21225, CVE-2025-21186, CVE-2025-21215, CVE-2025-21172, CVE-2025-21361, CVE-2025-21382, CVE-2025-21251, CVE-2025-21274, CVE-2025-21313, CVE-2025-21328, CVE-2025-21335, CVE-2025-21307, CVE-2025-21344, CVE-2025-21336, CVE-2025-21289, CVE-2025-21260, CVE-2025-21237, CVE-2025-21303, CVE-2025-21405, CVE-2025-21239, CVE-2025-21364, CVE-2025-21235, CVE-2025-21378, CVE-2025-21242, CVE-2025-21240, CVE-2025-21395, CVE-2025-21228, CVE-2025-21295, CVE-2025-21255, CVE-2025-21356, CVE-2025-21330, CVE-2025-21284, CVE-2025-21173, CVE-2025-21302, CVE-2025-21411, CVE-2025-21413, CVE-2025-21257, CVE-2025-21269, CVE-2025-21402, CVE-2025-21348, CVE-2025-21258, CVE-2025-21366, CVE-2025-21271, CVE-2025-21249, CVE-2025-21220, CVE-2025-21299, CVE-2025-21409, CVE-2025-21193, CVE-2025-21202, CVE-2025-21417, CVE-2025-21178, CVE-2025-21245, CVE-2025-21324, CVE-2025-21333, CVE-2025-21363, CVE-2025-21176, CVE-2025-21291, CVE-2025-21263, CVE-2025-21288, CVE-2025-21296, CVE-2025-21226, CVE-2025-21393, CVE-2025-21234, CVE-2025-21372, CVE-2025-21275, CVE-2025-21233, CVE-2025-21293, CVE-2025-21244, CVE-2025-21277, CVE-2025-21266, CVE-2025-21301, CVE-2025-21210, CVE-2025-21310, CVE-2025-21321, CVE-2025-21389, CVE-2025-21339, CVE-2025-21273, CVE-2025-21374, CVE-2025-21214, CVE-2025-21241, CVE-2025-21380, CVE-2025-21357, CVE-2025-21311, CVE-2025-21317, CVE-2025-21365, CVE-2025-21343, CVE-2025-21189, CVE-2025-21252, CVE-2025-21327, CVE-2025-21323, CVE-2025-21362, CVE-2025-21318, CVE-2025-21316, CVE-2025-21297, CVE-2025-21224, CVE-2025-21305, CVE-2025-21370, CVE-2025-21360, CVE-2024-50338, CVE-2025-21238, CVE-2025-21256, CVE-2025-21232, CVE-2025-21276, CVE-2025-21315, CVE-2025-21246, CVE-2025-21319, CVE-2025-21207, CVE-2025-21332, CVE-2025-21326, CVE-2025-21309, CVE-2025-21281, CVE-2025-21304, CVE-2025-21334, CVE-2025-21278, CVE-2025-21231, CVE-2025-21287, CVE-2025-21227, CVE-2025-21270, CVE-2025-21298, CVE-2025-21300, CVE-2025-21219

CERT-EU - Multiple Vulnerabilities in Microsoft Products

Trust: 5.0

Fetched: Feb. 2, 2025, 9:37 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-21308, CVE-2025-21334, CVE-2025-21311, CVE-2025-21395, CVE-2025-21366, CVE-2025-21294, CVE-2025-21354, CVE-2025-21298, CVE-2025-21186, CVE-2025-21307, CVE-2025-21335, CVE-2025-21362, CVE-2025-21297, CVE-2025-21333, CVE-2025-21275, CVE-2025-21309

Update Canonical Ubuntu Server: USN-7236-1: Linux kernel vulnerabilities

Trust: 4.0

Fetched: Feb. 2, 2025, 9:37 a.m., Published: Jan. 2, 7236, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2024-53141, CVE-2024-53103, CVE-2024-53164