Sign-up

VARIoT news about IoT security

U.S. CISA adds Microsoft .NET Framework, Apache OFBiz, and Paessler PRTG Network Monitor flaws to its Known Exploited Vulnerabilities catalog

Related entries in the VARIoT vulnerabilities database: VAR-201807-1874

Trust: 6.0

Fetched: Feb. 19, 2025, 9:11 a.m., Published: Feb. 5, 2025, 3:02 p.m.
 Vulnerabilities: code execution, information disclosure, os command injection...
Affected productsExternal IDs
vendor: paessler model: prtg network monitor
db: NVD ids: CVE-2018-9276, CVE-2024-29059, CVE-2024-45195, CVE-2018-19410

OpenSSH Vulnerabilities CVE-2025-26465 and CVE-2025-26466 Enable Man-in-the-Middle and DoS Attacks - Upwind

Trust: 4.0

Fetched: Feb. 19, 2025, 9:10 a.m., Published: Feb. 18, 2025, 9:44 p.m.
 Vulnerabilities: memory consumption attack
Affected productsExternal IDs
db: NVD ids: CVE-2025-26466, CVE-2025-26465

CISA Warns of Palo Alto PAN-OS Vulnerability Actively Exploited in the Wild

Trust: 5.5

Fetched: Feb. 19, 2025, 9:09 a.m., Published: Feb. 19, 2025, 3:13 a.m.
 Vulnerabilities: code execution, command execution, privilege escalation...
Affected productsExternal IDs
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: palo alto networks model: pan-os
vendor: palo model: networks
vendor: palo model: firewall
vendor: palo model: pan-os
db: NVD ids: CVE-2025-0108, CVE-2025-010814, CVE-2024-9474, CVE-2024-0012

Xerox VersaLink Printer Vulnerabilities: A Threat to Your Windows Network | Windows Forum

Trust: 3.75

Fetched: Feb. 19, 2025, 9:08 a.m., Published: May 19, 2025, midnight
 Vulnerabilities: clear text authentication
Affected productsExternal IDs
db: NVD ids: CVE-2024-12511, CVE-2024-12510

Critical Zimbra Vulnerabilities Let Attackers Unauthorized Access to Internal Resources

Trust: 3.0

Fetched: Feb. 19, 2025, 9:08 a.m., Published: Feb. 10, 2025, 7:47 a.m.
 Vulnerabilities: code execution, cross-site scripting, request forgery...
Affected productsExternal IDs
db: NVD ids: CVE-2023-37580, CVE-2013-7217, CVE-2025-25064, CVE-2019-9641, CVE-2024-45519, CVE-2025-25065

Apple fixes zero-day vulnerability used in "extremely sophisticated attack" | Malwarebytes

Trust: 3.75

Fetched: Feb. 19, 2025, 9:07 a.m., Published: Feb. 11, 2025, 2:55 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: ipad air
vendor: apple model: ipod touch
vendor: apple model: software update
vendor: apple model: ipad
vendor: apple model: iphone
db: NVD ids: CVE-2025-24200

Dell Precision 3540 and Latitude 5400/5500 System BIOS | Szczegóły sterownika | Dell Polska

Trust: 3.0

Fetched: Feb. 18, 2025, 9:26 a.m., Published: Feb. 18, 3540, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: bios
vendor: dell model: latitude

Dell Precision 7865 System BIOS | Szczegóły sterownika | Dell Polska

Trust: 3.25

Fetched: Feb. 18, 2025, 9:25 a.m., Published: Feb. 18, 7865, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: bios

System BIOS komputerów Dell Vostro 3890 i 3690 | Szczegóły sterownika | Dell Polska

Trust: 3.25

Fetched: Feb. 18, 2025, 9:25 a.m., Published: Feb. 18, 3890, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: bios

Dell Precision 7865 System BIOS | Szczegóły sterownika | Dell Polska

Trust: 3.25

Fetched: Feb. 18, 2025, 9:25 a.m., Published: Feb. 18, 7865, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: bios

A Comprehensive Survey on the Requirements, Applications, and Future Challenges for Access Control Models in IoT: The State of the Art

Trust: 4.0

Fetched: Feb. 18, 2025, 9:21 a.m., Published: Jan. 24, 2025, midnight
 Vulnerabilities: information exposure, denial of service, access control problem
Affected productsExternal IDs
vendor: trend model: security
vendor: delegate model: delegate
vendor: google model: home

Ivanti Connect Secure Vulnerabilities Let Attackers Execute Code Remotely

Trust: 3.75

Fetched: Feb. 18, 2025, 9:20 a.m., Published: Feb. 12, 2025, 8:43 a.m.
 Vulnerabilities: code injection, buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2024-12058, CVE-2024-10644, CVE-2025-22467

Windows File Explorer Elevation Of Privilege Vulnerability(CVE-2024-38100) Exploited

Trust: 4.25

Fetched: Feb. 18, 2025, 9:17 a.m., Published: Jan. 22, 2025, 2:13 p.m.
 Vulnerabilities: improper access control
Affected productsExternal IDs
db: NVD ids: CVE-2024-38100

Hyperconnectivity, Hypervulnerability: How IoT Creates More Security Risks Than Value

Trust: 5.0

Fetched: Feb. 18, 2025, 9:15 a.m., Published: Feb. 3, 2025, midnight
 Vulnerabilities: denial of service, weak password, cross-site scripting...
Affected productsExternal IDs
vendor: cherokee model: cherokee
vendor: cisco model: h
vendor: cisco model: threat response
vendor: cisco model: network access control
vendor: cisco model: routers
vendor: hewlett packard enterprise model: integrity
vendor: hewlett packard model: integrity
vendor: cisco systems model: h
vendor: cisco systems model: threat response
vendor: cisco systems model: network access control
vendor: cisco systems model: routers
vendor: google model: home
vendor: tesla model: model

Active Exploitation Targets Zyxel CPE Devices Due to Unpatched CVE-2024-40891 - Rewterz

Trust: 4.0

Fetched: Feb. 18, 2025, 9:14 a.m., Published: Jan. 29, 2025, 6:50 a.m.
 Vulnerabilities: privilege escalation, command injection
Affected productsExternal IDs
db: NVD ids: CVE-2024-57728, CVE-2024-40891, CVE-2024-57727, CVE-2024-40890, CVE-2024-57726

MDR Intelligence | 2025-02-14

Trust: 4.5

Fetched: Feb. 18, 2025, 9:12 a.m., Published: Feb. 14, 2025, midnight
 Vulnerabilities: request forgery, cross-site request forgery, symbolic link attack...
Affected productsExternal IDs
db: NVD ids: CVE-2025-1247, CVE-2025-26550, CVE-2025-26547, CVE-2025-26582, CVE-2025-26569, CVE-2025-26580, CVE-2024-10763, CVE-2025-1270, CVE-2025-1094, CVE-2024-13770, CVE-2025-26572, CVE-2025-26571, CVE-2025-26577, CVE-2025-26562, CVE-2025-26552, CVE-2025-26570, CVE-2025-24903, CVE-2025-26511, CVE-2024-13606, CVE-2025-26543, CVE-2024-13346, CVE-2025-0327, CVE-2024-12011, CVE-2025-26545, CVE-2025-1070, CVE-2025-26568, CVE-2025-26549, CVE-2024-13345, CVE-2024-12013, CVE-2025-24904, CVE-2025-26578, CVE-2025-21700, CVE-2025-1058, CVE-2025-26551, CVE-2024-13182, CVE-2025-1059, CVE-2025-22480, CVE-2025-1060

PoC Exploit Released for AnyDesk Vulnerability Exploited to Gain Admin Access Via Wallpapers

Trust: 4.0

Fetched: Feb. 18, 2025, 9:11 a.m., Published: Feb. 10, 2025, 7:36 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2024-12754

China-backed hackers continue cyberattacks on telecom companies | Cybersecurity Dive

Trust: 4.5

Fetched: Feb. 18, 2025, 9:10 a.m., Published: Feb. 13, 2025, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: cisco model: ios xe software
vendor: cisco model: cisco ios
vendor: cisco model: ios xe
vendor: cisco model: cisco ios xe
db: NVD ids: CVE-2023-20198, CVE-2023-20273

FortiOS Auth Bypass Vulnerability Exploited to Gain Super-Admin Access

Trust: 4.5

Fetched: Feb. 18, 2025, 9:10 a.m., Published: Jan. 28, 2025, 4:38 a.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: fortigate model: fortios
vendor: node.js model: node.js
db: NVD ids: CVE-2024-55591

Siemens SIPROTEC 5 Vulnerability: Implications for Industrial Control Security | Windows Forum

Trust: 3.75

Fetched: Feb. 18, 2025, 9:09 a.m., Published: Feb. 5, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: siprotec
vendor: siemens model: siprotec 5
db: NVD ids: CVE-2024-53648