Sign-up

VARIoT news about IoT security

Update Canonical Ubuntu Server: USN-7237-1: Linux kernel (OEM) vulnerabilities

Trust: 4.25

Fetched: Feb. 2, 2025, 9:36 a.m., Published: Jan. 2, 7237, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2024-53141, CVE-2024-47715, CVE-2024-53103, CVE-2024-53164

CVE-2025-0626 - Hidden Functionality vulnerability in Contec Health CMS8000 Patient Monitor - SecAlerts

Trust: 3.0

Fetched: Feb. 2, 2025, 9:36 a.m., Published: Feb. 7, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-0626

Microsoft Fixes Long-Running Vulnerability, Boosts Windows Device Security

Trust: 3.0

Fetched: Feb. 2, 2025, 9:36 a.m., Published: Jan. 17, 2025, 3:01 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-7344

Update Canonical Ubuntu Desktop: USN-7230-2: FRR vulnerabilities

Trust: 6.25

Fetched: Feb. 2, 2025, 9:35 a.m., Published: Feb. 2, 7230, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2024-44070, CVE-2024-55553

Addressing the Buffer Overflow Vulnerability in D-... - Fortinet Community

Trust: 4.75

Fetched: Feb. 2, 2025, 9:34 a.m., Published: Jan. 31, 2025, 8:46 p.m.
 Vulnerabilities: code execution, buffer overflow, improper memory handling
Affected productsExternal IDs
db: NVD ids: CVE-2022-37055

CVE-2025-0680 - New Rock Technologies Cloud Connected Devices has a Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. - SecAlerts

Trust: 4.0

Fetched: Feb. 2, 2025, 9:34 a.m., Published: Feb. 9, 2025, midnight
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-0680

Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability - OSINT without borders

Trust: 3.25

Fetched: Feb. 2, 2025, 9:34 a.m., Published: Feb. 1, 2025, 1:24 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-40891

Security Report for 05:56 AM January 06, 2025 - socca.tech

Related entries in the VARIoT vulnerabilities database: VAR-202501-1053, VAR-202501-0453

Trust: 4.5

Fetched: Feb. 2, 2025, 9:33 a.m., Published: Jan. 6, 2025, 1:56 p.m.
 Vulnerabilities: service disruption, memory corruption, session hijacking...
Affected productsExternal IDs
db: NVD ids: CVE-2024-33055, CVE-2025-0233, CVE-2024-12302, CVE-2024-43063, CVE-2024-13142, CVE-2024-45548, CVE-2024-13143, CVE-2024-45547, CVE-2024-33067, CVE-2024-45559, CVE-2024-45553, CVE-2024-12970, CVE-2024-45541, CVE-2024-45555, CVE-2024-45558, CVE-2024-20105, CVE-2024-45550

Update Canonical Ubuntu Server: USN-7243-1: VLC vulnerability

Trust: 3.25

Fetched: Feb. 2, 2025, 9:32 a.m., Published: Jan. 2, 7243, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

Update Canonical Ubuntu Desktop: USN-7243-1: VLC vulnerability

Trust: 3.25

Fetched: Feb. 2, 2025, 9:32 a.m., Published: Jan. 2, 7243, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

TBK DVR devices OS Command Injection Vulnerability (Apr 2024) - Active Check (CVE-2024-3721) - Vulnerability & Exploit Database

Trust: 4.75

Fetched: Feb. 2, 2025, 9:31 a.m., Published: April 2, 2024, midnight
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-3721

Apple's iOS vulnerability exposes iPhones to stealthy hacker attacks - CyberGuy

Related entries in the VARIoT vulnerabilities database: VAR-202501-3666

Trust: 4.25

Fetched: Feb. 2, 2025, 9:31 a.m., Published: Feb. 1, 2025, 5 a.m.
 Vulnerabilities: use after free, memory corruption
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: tvos
vendor: apple model: ipad
vendor: apple model: watchos
vendor: apple model: software update
vendor: apple model: iphone
vendor: essential model: phone
db: NVD ids: CVE-2025-24085

Update Canonical Ubuntu Desktop: USN-7229-1: ClamAV vulnerability

Trust: 3.75

Fetched: Feb. 2, 2025, 9:25 a.m., Published: Jan. 2, 7229, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
vendor: clamav model: clamav

CVE-2024-57857 - Linux Kernel RDMA siw Net Device Use After Free Vulnerability

Trust: 5.25

Fetched: Feb. 2, 2025, 9:25 a.m., Published: Jan. 15, 2025, 1:15 p.m.
 Vulnerabilities: use after free
Affected productsExternal IDs
db: NVD ids: CVE-2024-57857

Appleā€™s iOS vulnerability exposes iPhones to stealthy hacker attacks - WFIN Local News

Related entries in the VARIoT vulnerabilities database: VAR-202501-3666

Trust: 4.25

Fetched: Feb. 2, 2025, 9:25 a.m., Published: Feb. 1, 2025, 3 p.m.
 Vulnerabilities: use after free, memory corruption
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: tvos
vendor: apple model: ipad
vendor: apple model: watchos
vendor: apple model: software update
vendor: apple model: iphone
db: NVD ids: CVE-2025-24085

Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) - Help Net Security

Trust: 5.0

Fetched: Feb. 2, 2025, 9:23 a.m., Published: Jan. 29, 2025, 4:23 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-40890, CVE-2024-40891

Understanding IoT Device Vulnerabilities and Their Implications - The Tech Artist

Trust: 4.5

Fetched: Feb. 2, 2025, 9:15 a.m., Published: May 30, 2024, 7:05 a.m.
 Vulnerabilities: default credentials, denial of service
Affected productsExternal IDs
vendor: trend model: security

How To Identify Security Vulnerabilities in Your System

Trust: 4.5

Fetched: Jan. 31, 2025, 9:52 a.m., Published: Jan. 14, 2025, 4:42 p.m.
 Vulnerabilities: session hijacking, injection attack, default credentials...
Affected productsExternal IDs
vendor: apple model: watch

Moxa Devices' Vulnerabilities: A Silent Threat to Industrial Networks - LavX News

Trust: 3.5

Fetched: Jan. 31, 2025, 9:51 a.m., Published: Jan. 8, 2025, midnight
 Vulnerabilities: command injection, os command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-9138, CVE-2024-9140

Cyber Security Vulnerabilities: Prevention & Mitigation

Trust: 4.25

Fetched: Jan. 31, 2025, 9:38 a.m., Published: Jan. 20, 2025, 12:44 p.m.
 Vulnerabilities: service disruption, request forgery, buffer overflow...
Affected productsExternal IDs
vendor: cisco model: ios xe software
vendor: cisco model: series
vendor: cisco model: routers
vendor: cisco model: ios xe
vendor: cisco model: cisco ios
vendor: cisco model: cisco ios xe
vendor: google model: chrome
vendor: google model: google chrome
db: NVD ids: CVE-2024-49040