Sign-up

VARIoT news about IoT security

Microsoft releases new firmware for several Surface devices to address security issues - Neowin

Trust: 4.0

Fetched: Feb. 21, 2025, 9:18 a.m., Published: Feb. 10, 2025, midnight
 Vulnerabilities: privilege escalation, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-44074

Cisco Video Phone 8875 and Desk Phone 9800 Series Information Disclosure Vulnerability

Trust: 5.0

Fetched: Feb. 21, 2025, 9:17 a.m., Published: Feb. 19, 2025, 3:54 p.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
vendor: cisco model: series

CISA Advisory: Critical Vulnerability in ABB ICS Devices and Its Security Implications | Windows Forum

Trust: 3.75

Fetched: Feb. 21, 2025, 9:16 a.m., Published: May 21, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-51547

CVE-2025-0112 : Vulnerability in Cortex XDR Agent Affects Windows Devices by Palo Alto Networks | SecurityVulnerability.io

Trust: 3.75

Fetched: Feb. 21, 2025, 9:16 a.m., Published: Feb. 20, 2025, 12:15 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo model: networks
db: NVD ids: CVE-2025-0112

Critical Vulnerabilities in ABB FLXEON Controllers: CISA Advisory Insights | Windows Forum

Trust: 3.25

Fetched: Feb. 21, 2025, 9:15 a.m., Published: May 21, 2025, midnight
 Vulnerabilities: information disclosure, code execution, default credentials...
Affected productsExternal IDs
vendor: parallels model: desktop
vendor: parallels model: tools
vendor: trend model: security

Edge device vulnerabilities fueled attack sprees in 2024 | CyberScoop

Trust: 3.75

Fetched: Feb. 21, 2025, 9:15 a.m., Published: Feb. 18, 2025, 10:56 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: pan-os
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo model: pan-os
db: NVD ids: CVE-2024-9474, CVE-2024-0012, CVE-2024-3400, CVE-2024-21887, CVE-2024-47575, CVE-2023-46805

ClamAV OLE2 File Format Decryption Denial of Service Vulnerability

Trust: 4.75

Fetched: Feb. 21, 2025, 9:07 a.m., Published: Jan. 22, 2025, 3:55 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: clamav
vendor: clamav model: clamav

Secure Boot Bypass: U-Boot Vulnerabilities Expose Embedded Devices

Trust: 4.75

Fetched: Feb. 21, 2025, 9:06 a.m., Published: Feb. 21, 2025, 1:34 a.m.
 Vulnerabilities: heap corruption, integer overflow, code execution...
Affected productsExternal IDs
db: NVD ids: CVE-2024-57254, CVE-2024-57258, CVE-2024-57257, CVE-2024-57255, CVE-2024-57259, CVE-2024-57256

CVE-2025-21589 impacts Juniper Networks Products

Trust: 3.75

Fetched: Feb. 19, 2025, 9:18 a.m., Published: Feb. 19, 2025, 2:29 a.m.
 Vulnerabilities: code execution, denial of service, memory leak...
Affected productsExternal IDs
db: NVD ids: CVE-2025-21589, CVE-2024-21611, CVE-2024-2973

Security Bulletin: NVIDIA GPU Display Driver - January 2025 | NVIDIA

Trust: 5.25

Fetched: Feb. 19, 2025, 9:17 a.m., Published: Jan. 19, 2025, midnight
 Vulnerabilities: denial of service, information disclosure, code execution...
Affected productsExternal IDs
vendor: citrix model: hypervisor
vendor: citrix model: licensing
db: NVD ids: CVE-2024-53881, CVE-2024-0150, CVE-2024-0147, CVE-2024-0146, CVE-2024-0149, CVE-2024-0131, CVE-2024-53869

MQTT Flaw Leads to Impersonation Attack Vulnerability in Meshtastic Firmware 2.5.18 and Lower - Hackster.io

Trust: 4.0

Fetched: Feb. 19, 2025, 9:15 a.m., Published: Feb. 5, 2018, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: mesh model: mesh
db: NVD ids: CVE-2025-21608

U.S. CISA adds SonicWall SonicOS and Palo Alto PAN-OS flaws to its Known Exploited Vulnerabilities catalog

Trust: 5.25

Fetched: Feb. 19, 2025, 9:15 a.m., Published: Feb. 19, 2025, 6:24 a.m.
 Vulnerabilities: code execution, authentication vulnerability, directory traversal...
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo model: ssl vpn
vendor: palo model: pan-os
vendor: sonicwall model: sonicos
vendor: sonicwall model: ssl vpn
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: ssl vpn
vendor: palo alto networks model: pan-os
db: NVD ids: CVE-2025-0108, CVE-2024-53704

Critical API Authentication Bypass in Juniper Session Smart Devices: Understanding CVE-2025-21589 - Cybercory

Trust: 5.5

Fetched: Feb. 19, 2025, 9:13 a.m., Published: Feb. 18, 2025, 2:48 p.m.
 Vulnerabilities: code execution, authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2025-21589

U.S. CISA adds Microsoft .NET Framework, Apache OFBiz, and Paessler PRTG Network Monitor flaws to its Known Exploited Vulnerabilities catalog

Related entries in the VARIoT vulnerabilities database: VAR-201807-1874

Trust: 6.0

Fetched: Feb. 19, 2025, 9:11 a.m., Published: Feb. 5, 2025, 3:02 p.m.
 Vulnerabilities: code execution, information disclosure, os command injection...
Affected productsExternal IDs
vendor: paessler model: prtg network monitor
db: NVD ids: CVE-2018-9276, CVE-2024-29059, CVE-2024-45195, CVE-2018-19410

OpenSSH Vulnerabilities CVE-2025-26465 and CVE-2025-26466 Enable Man-in-the-Middle and DoS Attacks - Upwind

Trust: 4.0

Fetched: Feb. 19, 2025, 9:10 a.m., Published: Feb. 18, 2025, 9:44 p.m.
 Vulnerabilities: memory consumption attack
Affected productsExternal IDs
db: NVD ids: CVE-2025-26466, CVE-2025-26465

CISA Warns of Palo Alto PAN-OS Vulnerability Actively Exploited in the Wild

Trust: 5.5

Fetched: Feb. 19, 2025, 9:09 a.m., Published: Feb. 19, 2025, 3:13 a.m.
 Vulnerabilities: code execution, command execution, privilege escalation...
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: pan-os
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo model: pan-os
db: NVD ids: CVE-2025-0108, CVE-2025-010814, CVE-2024-9474, CVE-2024-0012

Xerox VersaLink Printer Vulnerabilities: A Threat to Your Windows Network | Windows Forum

Trust: 3.75

Fetched: Feb. 19, 2025, 9:08 a.m., Published: May 19, 2025, midnight
 Vulnerabilities: clear text authentication
Affected productsExternal IDs
db: NVD ids: CVE-2024-12511, CVE-2024-12510

Critical Zimbra Vulnerabilities Let Attackers Unauthorized Access to Internal Resources

Trust: 3.0

Fetched: Feb. 19, 2025, 9:08 a.m., Published: Feb. 10, 2025, 7:47 a.m.
 Vulnerabilities: code execution, cross-site scripting, request forgery...
Affected productsExternal IDs
db: NVD ids: CVE-2023-37580, CVE-2013-7217, CVE-2025-25064, CVE-2019-9641, CVE-2024-45519, CVE-2025-25065

Apple fixes zero-day vulnerability used in "extremely sophisticated attack" | Malwarebytes

Trust: 3.75

Fetched: Feb. 19, 2025, 9:07 a.m., Published: Feb. 11, 2025, 2:55 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: ipad air
vendor: apple model: ipod touch
vendor: apple model: software update
vendor: apple model: ipad
vendor: apple model: iphone
db: NVD ids: CVE-2025-24200

Dell Precision 3540 and Latitude 5400/5500 System BIOS | Szczegóły sterownika | Dell Polska

Trust: 3.0

Fetched: Feb. 18, 2025, 9:26 a.m., Published: Feb. 18, 3540, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: bios
vendor: dell model: latitude