Sign-up

VARIoT news about IoT security

CVE-2025-27523: XXE Vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows - Cybersecurity Exploit Tracker by Ameeba

Trust: 3.75

Fetched: June 8, 2025, 10 a.m., Published: May 22, 2025, 4:04 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: hitachi model: jp1/it desktop management
vendor: hitachi model: device manager
db: NVD ids: CVE-2025-27523

Beware of BADBOX.

Trust: 5.25

Fetched: June 8, 2025, 9:46 a.m., Published: June 1, 2025, midnight
 Vulnerabilities: memory corruption, code execution, object injection
Affected productsExternal IDs
vendor: google model: home
vendor: google model: android
vendor: google model: chrome
vendor: google model: nexus
vendor: cisco model: series
vendor: cisco model: nexus
vendor: cisco model: identity services engine
db: NVD ids: CVE-2025-20286, CVE-2020-35198, CVE-2025-20261, CVE-2020-28895, CVE-2025-20163, CVE-2025-49113

CVE-2024-58101 - Samsung Galaxy Buds Audio Devices Bluetooth Pairing Remote Takeover Vulnerability

Trust: 3.75

Fetched: June 8, 2025, 9:46 a.m., Published: May 14, 2025, 8:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: note
vendor: samsung model: samsung galaxy
vendor: samsung model: samsung
vendor: samsung model: galaxy
db: NVD ids: CVE-2024-58101

Top 5 Raspberry Pi Security Practices

Trust: 3.25

Fetched: June 8, 2025, 9:39 a.m., Published: June 8, 2025, 5:49 a.m.
 Vulnerabilities: privilege escalation, default credentials
Affected productsExternal IDs
vendor: snort model: snort
vendor: zabbix model: zabbix
vendor: node.js model: node.js

New Qualcomm Chipset Flaws Added to CISA's Vulnerability Catalog: What You Need to Know - UNDERCODE NEWS

Trust: 4.5

Fetched: June 8, 2025, 9:37 a.m., Published: June 4, 2025, 2:08 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android
vendor: trend model: security
db: NVD ids: CVE-2025-21480, CVE-2025-21479, CVE-2025-27038

Critical Vulnerability in Lexmark Printers Enables Remote Code Execution | Cyware Alerts - Hacker News

Trust: 4.25

Fetched: June 8, 2025, 9:37 a.m., Published: May 21, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: lexmark model: lexmark

Siemens INTRALOG WMS Vulnerabilities: Critical Risks and Mitigation Strategies in 2025 | Windows Forum

Trust: 3.5

Fetched: June 8, 2025, 9:35 a.m., Published: June 8, 2025, midnight
 Vulnerabilities: use after free, privilege escalation, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-30105, CVE-2024-38095, CVE-2024-38081, CVE-2024-43485, CVE-2024-20672, CVE-2024-0056, CVE-2024-43483, CVE-2024-35264

About the security content of macOS Sequoia 15.5 - Apple Support

Trust: 5.25

Fetched: June 8, 2025, 9:34 a.m., Published: June 15, 2025, midnight
 Vulnerabilities: input validation issue, integer overflow, code execution...
Affected productsExternal IDs
vendor: apple model: icloud
vendor: apple model: safari
vendor: apple model: macos
vendor: google model: chrome
vendor: google model: google chrome
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2025-24222, CVE-2025-26466, CVE-2025-31219, CVE-2025-24142, CVE-2025-26465, CVE-2025-31258, CVE-2025-31223, CVE-2025-31215, CVE-2025-31221, CVE-2025-31213, CVE-2025-31239, CVE-2025-24223, CVE-2025-31209, CVE-2025-31204, CVE-2025-31246, CVE-2025-31245, CVE-2025-31251, CVE-2025-31208, CVE-2025-31257, CVE-2025-31234, CVE-2025-31205, CVE-2025-31233, CVE-2025-31237, CVE-2025-31250, CVE-2025-31249, CVE-2025-31238, CVE-2025-31256, CVE-2025-31212, CVE-2024-8176, CVE-2025-24274, CVE-2025-31218, CVE-2025-31232, CVE-2025-31222, CVE-2025-24213, CVE-2025-31242, CVE-2025-31220, CVE-2025-31260, CVE-2025-31240, CVE-2025-31259, CVE-2025-31244, CVE-2025-31224, CVE-2025-31236, CVE-2025-31247, CVE-2025-31241, CVE-2025-31217, CVE-2025-30440, CVE-2025-31235, CVE-2025-30443, CVE-2025-31226, CVE-2025-31206

Cisco Unified Contact Center Express Vulnerabilities

Trust: 5.5

Fetched: June 8, 2025, 9:31 a.m., Published: June 4, 2025, 3:54 p.m.
 Vulnerabilities: path traversal, code execution
Affected productsExternal IDs
vendor: cisco model: unified ccx
vendor: cisco model: cisco unified contact center express
vendor: cisco model: unified contact center express
db: NVD ids: CVE-2025-20276, CVE-2025-20279, CVE-2025-20277

Smart Home Fatigue: Why IoT Devices Are Getting Dumber

Trust: 3.25

Fetched: June 8, 2025, 9:30 a.m., Published: June 1, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: wifi
vendor: google model: home
vendor: samsung smartthings model: samsung
vendor: trend model: security
vendor: samsung model: samsung

Cisco Nexus Dashboard Fabric Controller SSH Host Key Validation Vulnerability - Cisco

Trust: 3.0

Fetched: June 8, 2025, 9:23 a.m., Published: June 4, 2025, noon
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: nexus

Penetration Testing vs Vulnerability Scanning | A Comparison

Trust: 3.5

Fetched: June 8, 2025, 9:21 a.m., Published: June 2, 2025, 4:26 p.m.
 Vulnerabilities: traffic interception, cross-site scripting, privilege escalation...
Affected productsExternal IDs

About the security content of iOS 18.5 and iPadOS 18.5 - Apple Support

Trust: 4.25

Fetched: June 8, 2025, 9:20 a.m., Published: June 18, 2025, midnight
 Vulnerabilities: memory corruption, integer overflow, code execution...
Affected productsExternal IDs
vendor: apple model: icloud
vendor: apple model: safari
vendor: apple model: ipad
vendor: apple model: iphone
vendor: apple model: ipad air
vendor: google model: chrome
vendor: google model: google chrome
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2025-31219, CVE-2025-31228, CVE-2025-31223, CVE-2025-31215, CVE-2025-31221, CVE-2025-24223, CVE-2025-31239, CVE-2025-31209, CVE-2025-31204, CVE-2025-31245, CVE-2025-31208, CVE-2025-31251, CVE-2025-31257, CVE-2025-31234, CVE-2025-31205, CVE-2025-31233, CVE-2025-24225, CVE-2025-31238, CVE-2025-30448, CVE-2025-31212, CVE-2024-8176, CVE-2025-31227, CVE-2025-24213, CVE-2025-31214, CVE-2025-31222, CVE-2025-31217, CVE-2025-31241, CVE-2025-31225, CVE-2025-31226, CVE-2025-31206, CVE-2025-31253, CVE-2025-31210, CVE-2025-31207

Google Android Security Update For June 2025 Addresses 34 Vulnerabilities

Trust: 3.25

Fetched: June 8, 2025, 9:07 a.m., Published: June 4, 2025, 8:32 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android

Cisco Identity Services Engine Arbitrary File Upload Vulnerability

Trust: 5.0

Fetched: June 8, 2025, 9:07 a.m., Published: June 4, 2025, 3:54 p.m.
 Vulnerabilities: file upload vulnerability
Affected productsExternal IDs
vendor: cisco model: identity services engine
vendor: cisco model: cisco identity services engine

Is your Asus router part of a botnet? How to check - and what you can do | ZDNET

Related entries in the VARIoT vulnerabilities database: VAR-202309-0729

Trust: 3.5

Fetched: June 8, 2025, 9:07 a.m., Published: June 2, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: home
vendor: asus model: routers
vendor: asus model: asus
vendor: asus model: router
db: NVD ids: CVE-2023-41348, CVE-2023-39780, CVE-2023-41346, CVE-2023-41345, CVE-2023-41347

Cisco Unified Communications Products Command Injection Vulnerability

Trust: 5.25

Fetched: June 8, 2025, 9:06 a.m., Published: June 4, 2025, 3:54 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: cisco model: unified communications

IoT Scanner: Check DoS Vulnerability of Your Devices

Trust: 3.75

Fetched: June 8, 2025, 9:06 a.m., Published: June 8, 2025, 5:04 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: home

Top 10 Types of Cybersecurity Vulnerabilities | Accountable

Trust: 4.25

Fetched: June 8, 2025, 9:03 a.m., Published: June 10, 2025, midnight
 Vulnerabilities: session hijacking, denial of service, service disruption...
Affected productsExternal IDs
vendor: essential model: phone

Unveiling AI Agent Vulnerabilities Part V: Securing LLM Services | Trend Micro (GB)

Trust: 4.25

Fetched: June 6, 2025, 9:45 a.m., Published: -
 Vulnerabilities: code execution, sql injection
Affected productsExternal IDs
vendor: trend micro model: security
vendor: trend model: security