Sign-up

VARIoT news about IoT security

Meltdown/Spectre vulnerability status for Chrome OS devices

Related entries in the VARIoT vulnerabilities database: VAR-201801-0826, VAR-201801-1712, VAR-201801-1711, VAR-201805-0963

Trust: 3.5

Fetched: March 19, 2025, 9:13 a.m., Published: March 2, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: chrome os
vendor: google model: chrome
vendor: lenovo model: flex
vendor: lenovo model: thinkpad yoga 11e
vendor: lenovo model: thinkpad 13
vendor: lenovo model: yoga 11e
vendor: lenovo model: thinkpad
vendor: lenovo model: thinkpad yoga
vendor: lenovo model: thinkpad x131e
vendor: lenovo model: system
vendor: lenovo model: updates
vendor: lenovo model: thinkpad 11e
vendor: lenovo model: yoga
vendor: asus model: asus
vendor: samsung model: samsung
vendor: samsung model: note
db: NVD ids: CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3639

Schneider Electric's ASCO Annunciators: Vulnerabilities that Could Make Your Devices Go 'Announce-ya Later!' - The Nimble Nerd

Trust: 3.75

Fetched: March 19, 2025, 9:13 a.m., Published: March 19, 5310, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs

Cisco IOS, IOS XE, and IOS XR Software Link Layer Discovery Protocol Buffer Overflow Vulnerabilities

Trust: 3.75

Fetched: March 19, 2025, 9:12 a.m., Published: Dec. 15, 2022, 10:19 p.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: cisco systems model: link layer discovery protocol
vendor: cisco systems model: ios software
vendor: cisco systems model: nx-os
vendor: cisco systems model: cisco ios
vendor: cisco systems model: ios xr
vendor: cisco systems model: catalyst
vendor: cisco systems model: ios xr software
vendor: cisco systems model: cisco ios xe
vendor: cisco systems model: ios xr software releases
vendor: cisco systems model: nx-os software
vendor: cisco systems model: technical support
vendor: cisco systems model: ios xe
vendor: cisco systems model: router
vendor: cisco systems model: cisco nx-os
vendor: cisco systems model: ios xe software
vendor: cisco systems model: cisco ios xr
vendor: cisco systems model: series
vendor: cisco model: link layer discovery protocol
vendor: cisco model: ios software
vendor: cisco model: nx-os
vendor: cisco model: cisco ios
vendor: cisco model: ios xr
vendor: cisco model: catalyst
vendor: cisco model: ios xr software
vendor: cisco model: cisco ios xe
vendor: cisco model: ios xr software releases
vendor: cisco model: nx-os software
vendor: cisco model: technical support
vendor: cisco model: ios xe
vendor: cisco model: router
vendor: cisco model: cisco nx-os
vendor: cisco model: ios xe software
vendor: cisco model: cisco ios xr
vendor: cisco model: series

Top Vulnerabilities in Connected Devices in your Home

Trust: 3.75

Fetched: March 19, 2025, 9:12 a.m., Published: March 2, 2025, midnight
 Vulnerabilities: command injection, cross-site scripting
Affected productsExternal IDs
vendor: google model: home

Android zero-day vulnerabilities actively abused. Update as soon as you can | Malwarebytes

Trust: 4.0

Fetched: March 19, 2025, 9:05 a.m., Published: March 5, 2025, 12:03 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2024-43093, CVE-2024-50302

Fix CVE-2025-24201: Apple Web Sandbox Vulnerability

Trust: 4.5

Fetched: March 19, 2025, 9:04 a.m., Published: March 13, 2025, midnight
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: apple model: software update
vendor: apple model: safari
vendor: apple model: macos
db: NVD ids: CVE-2025-24201

Update Canonical Ubuntu Server: USN-7281-1: GnuTLS vulnerability

Trust: 4.25

Fetched: March 18, 2025, 9:21 a.m., Published: Jan. 18, 7281, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu

Apple just released an emergency security update for a flaw used in an ‘extremely sophisticated attack’ - update your devices right now | Tom's Guide

Trust: 3.75

Fetched: March 18, 2025, 9:21 a.m., Published: March 12, 2025, 3:12 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: apple model: webkit
vendor: apple model: ipad
vendor: apple model: macos
vendor: apple model: iphone
vendor: apple model: safari
db: NVD ids: CVE-2025-24201

Multiple vulnerabilities found in ICONICS industrial SCADA software | CyberScoop

Trust: 4.5

Fetched: March 18, 2025, 9:19 a.m., Published: March 10, 2025, 8:13 p.m.
 Vulnerabilities: privilege escalation, denial of service
Affected productsExternal IDs
vendor: iconics model: genesis64
vendor: palo model: networks
vendor: palo alto networks model: networks
db: NVD ids: CVE-2024-1182, CVE-2024-7587

Update Your iPhone Now to Fix Safari Security Flaw

Trust: 3.75

Fetched: March 18, 2025, 9:18 a.m., Published: March 14, 2025, 10:07 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: chrome
vendor: apple model: safari
vendor: apple model: ipad air
vendor: apple model: webkit
vendor: apple model: ipad
vendor: apple model: macos
vendor: apple model: software update
vendor: apple model: iphone
db: NVD ids: CVE-2025-24201

SSA-787280

Trust: 3.0

Fetched: March 18, 2025, 9:17 a.m., Published: March 1, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-56336

CVE-2025-27595 - Cisco Device Weak Password Hash Vulnerability

Trust: 5.0

Fetched: March 18, 2025, 9:17 a.m., Published: March 14, 2025, 1:15 p.m.
 Vulnerabilities: weak password
Affected productsExternal IDs
db: NVD ids: CVE-2025-27595

Cisco IOS XR Software for ASR 9000 Series Routers IPv4 Unicast Packets Denial of Service Vulnerability

Trust: 4.75

Fetched: March 18, 2025, 9:16 a.m., Published: March 12, 2025, 3:54 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: ios xr software
vendor: cisco model: ios xr
vendor: cisco model: series routers
vendor: cisco model: cisco ios
vendor: cisco model: series
vendor: cisco model: cisco ios xr
vendor: cisco model: routers

Hackers Exploiting TP-Link Vulnerability to Gain Root Access

Trust: 4.5

Fetched: March 18, 2025, 9:16 a.m., Published: March 17, 2025, 6:29 a.m.
 Vulnerabilities: authentication bypass, brute force attack
Affected productsExternal IDs
vendor: tp-link model: wr840n
vendor: tp-link model: tl-wr841n
vendor: tp-link model: wr841n
vendor: tp-link model: routers
vendor: tp-link model: tl-wr840n
db: NVD ids: CVE-2024-57040

CISA KEV Catalog Update: Five High-Risk Vulnerabilities to Watch | Windows Forum

Related entries in the VARIoT vulnerabilities database: VAR-202304-1067

Trust: 4.5

Fetched: March 18, 2025, 9:15 a.m., Published: May 18, 2025, midnight
 Vulnerabilities: arbitrary command execution, command injection, privilege escalation...
Affected productsExternal IDs
vendor: hitachi vantara model: pentaho
vendor: hitachi vantara model: pentaho business analytics
vendor: cisco model: small business rv
vendor: cisco model: series routers
vendor: cisco model: rv016
vendor: cisco model: rv042
vendor: cisco model: rv320
vendor: cisco model: router
vendor: cisco model: small business
vendor: cisco model: cisco routers
vendor: cisco model: small business rv series routers
vendor: cisco model: series
vendor: cisco model: rv082
vendor: cisco model: rv042g
vendor: cisco model: routers
vendor: cisco model: rv325
vendor: cisco model: cisco small business
vendor: hitachi model: vantara pentaho
db: NVD ids: CVE-2022-43939, CVE-2023-20118, CVE-2018-8639, CVE-2024-4885, CVE-2022-43769

CVE-2025-2369 : Stack-Based Buffer Overflow Vulnerability in TOTOLINK EX1800T Devices | SecurityVulnerability.io

Trust: 4.25

Fetched: March 18, 2025, 9:15 a.m., Published: March 17, 2025, 9:15 a.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2025-2369

CVE-2024-53032 - VMware ESXi Keyboard Virtual Device Memory Corruption Vulnerability

Trust: 3.0

Fetched: March 18, 2025, 9:14 a.m., Published: March 3, 2025, 11:15 a.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
db: NVD ids: CVE-2024-53032

If you're using an Apple device, update it right now to avoid a zero-day vulnerability - MSPoweruser

Trust: 4.0

Fetched: March 18, 2025, 9:14 a.m., Published: March 12, 2025, 11:51 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: ipad air
vendor: apple model: iphone
vendor: apple model: webkit
vendor: apple model: ipad
vendor: apple model: safari
db: NVD ids: CVE-2025-24201

How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932 - Microsoft Support

Trust: 4.5

Fetched: March 18, 2025, 9:11 a.m., Published: May 9, 2023, midnight
 Vulnerabilities: security feature bypass, feature bypass
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2023-24932

Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution

Trust: 5.0

Fetched: March 18, 2025, 9:08 a.m., Published: March 12, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android