Sign-up

VARIoT news about IoT security

Ivanti Under Siege: Investigating the Ivanti Endpoint Manager Mobile Vulnerabilities (CVE-2025-4427 & CVE-2025-4428)

Related entries in the VARIoT vulnerabilities database: VAR-202212-1132

Trust: 4.75

Fetched: Aug. 17, 2025, 11 a.m., Published: Aug. 15, 2025, 1:28 p.m.
 Vulnerabilities: code execution, memory corruption, privilege escalation...
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2025-4428, CVE-2022-42475, CVE-2024-21762, CVE-2025-4427, CVE-2023-27997

CVE-2025-38531 : Linux Kernel Vulnerability in ST Sensors: Use of Uninitialized Device Structures

Trust: 3.25

Fetched: Aug. 17, 2025, 10:59 a.m., Published: Aug. 16, 2025, 11:12 a.m.
 Vulnerabilities: kernel panic
Affected productsExternal IDs
db: NVD ids: CVE-2025-38531

Cyble Vulnerability Intelligence: Weekly Threat Insights

Related entries in the VARIoT vulnerabilities database: VAR-202404-3442, VAR-201805-0263, VAR-201805-0262

Trust: 5.5

Fetched: Aug. 17, 2025, 10:54 a.m., Published: Aug. 11, 2025, 11:48 a.m.
 Vulnerabilities: command injection, authentication bypass, cross-site scripting...
Affected productsExternal IDs
vendor: infoblox model: netmri
vendor: apple model: webkit
vendor: google model: chrome
vendor: google model: google chrome
vendor: dell model: kace k1000 systems management appliance
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: adaptive security appliance
vendor: cisco model: series
vendor: cisco model: linksys
vendor: cisco model: management appliance
vendor: cisco model: routers
vendor: qnap model: qnap qts
vendor: sonicwall model: sma 100
vendor: trend model: security
vendor: trend micro model: security
vendor: dasan model: gpon routers
db: NVD ids: CVE-2025-40599, CVE-2025-54987, CVE-2025-34031, CVE-2024-29269, CVE-2025-32814, CVE-2025-53770, CVE-2018-10562, CVE-2025-6558, CVE-2025-49132, CVE-2025-31161, CVE-2014-125113, CVE-2024-36401, CVE-2025-54948, CVE-2025-23266, CVE-2018-10561, CVE-2025-54253

CVE-2025-8824: Critical Stack-Based Buffer Overflow Vulnerability in Linksys Series - Cybersecurity Exploit Tracker by Ameeba

Trust: 5.75

Fetched: Aug. 17, 2025, 10:53 a.m., Published: Nov. 30, 0001, midnight
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: linksys model: re6500
vendor: linksys model: re6300
db: NVD ids: CVE-2025-8824

Cisco Secure Firewall Management Center Software Command Injection Vulnerability

Trust: 4.25

Fetched: Aug. 17, 2025, 10:53 a.m., Published: Aug. 14, 2025, 3:53 p.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: cisco model: asa software

CVE-2025-52970 - Fortinet FortiWeb Unauthenticated Privilege Escalation Vulnerability

Trust: 3.25

Fetched: Aug. 17, 2025, 10:53 a.m., Published: Aug. 12, 2025, 7:15 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2025-52970

CVE-2025-46414: Unlimited PIN Attempts Vulnerability in API - Cybersecurity Exploit Tracker by Ameeba

Trust: 3.0

Fetched: Aug. 17, 2025, 10:52 a.m., Published: Nov. 30, 0001, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-46414

CVE-2025-8822: Stack-based Buffer Overflow Vulnerability in Linksys Devices - Cybersecurity Exploit Tracker by Ameeba

Trust: 5.5

Fetched: Aug. 17, 2025, 10:52 a.m., Published: Nov. 30, 0001, midnight
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
vendor: linksys model: re6500
vendor: linksys model: re6300
db: NVD ids: CVE-2025-8822

Revisiting UNC3886 Tactics to Defend Against Present Risk

Related entries in the VARIoT vulnerabilities database: VAR-202212-1132

Trust: 4.75

Fetched: Aug. 17, 2025, 10:52 a.m., Published: July 29, 2025, 12:56 a.m.
 Vulnerabilities: privilege escalation, code execution, session hijacking...
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2022-42475, CVE-2023-20867, CVE-2022-22948, CVE-2022-41328, CVE-2023-34048

Netscaler vulnerability was exploited as zero-day for nearly two months (CVE-2025-6543) - Help Net Security

Trust: 4.75

Fetched: Aug. 17, 2025, 10:51 a.m., Published: Aug. 12, 2025, 2:38 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: citrix systems model: application delivery controller
vendor: citrix systems model: netscaler gateway
vendor: citrix systems model: netscaler adc
vendor: citrix systems model: netscaler
vendor: citrix systems model: gateway
vendor: citrix model: application delivery controller
vendor: citrix model: netscaler gateway
vendor: citrix model: netscaler adc
vendor: citrix model: netscaler
vendor: citrix model: gateway
db: NVD ids: CVE-2025-5777, CVE-2025-6543

Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Access Control Rules Bypass Vulnerability

Trust: 3.0

Fetched: Aug. 17, 2025, 10:51 a.m., Published: Aug. 14, 2025, 3:53 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: asa software
vendor: cisco model: adaptive security appliance

Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software VPN Web Server Denial of Service Vulnerability

Trust: 3.75

Fetched: Aug. 17, 2025, 10:50 a.m., Published: Aug. 14, 2025, 3:53 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: adaptive security appliance
vendor: cisco model: asa software

Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software for Firepower 2100 Series IPv6 over IPsec Denial of Service Vulnerability

Trust: 4.75

Fetched: Aug. 17, 2025, 10:50 a.m., Published: Aug. 14, 2025, 3:53 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: firepower
vendor: cisco model: firepower 2100
vendor: cisco model: asa software
vendor: cisco model: adaptive security appliance
vendor: cisco model: series

CVE-2025-38542 - net: appletalk: Fix device refcount leak in atrtr_create() - SecAlerts

Trust: 3.25

Fetched: Aug. 17, 2025, 10:50 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-38542

#StopRansomware: Interlock | CISA

Trust: 3.5

Fetched: Aug. 17, 2025, 10:48 a.m., Published: June 17, 2025, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: google chrome
vendor: cisco model: series
vendor: cisco model: meeting
vendor: cisco model: webex
vendor: winscp model: winscp
vendor: putty model: putty

Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Remote Access SSL VPN Denial of Service Vulnerabilities

Trust: 3.75

Fetched: Aug. 17, 2025, 10:48 a.m., Published: Aug. 14, 2025, 3:53 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: adaptive security appliance
vendor: cisco model: asa software

Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software for Firepower 3100 and 4200 Series TLS 1.3 Cipher Denial of Service Vulnerability

Trust: 3.75

Fetched: Aug. 17, 2025, 10:47 a.m., Published: Aug. 14, 2025, 3:53 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: adaptive security appliance
vendor: cisco model: series
vendor: cisco model: firepower
vendor: cisco model: asa software

Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Network Address Translation DNS Inspection Denial of Service Vulnerability

Trust: 3.75

Fetched: Aug. 17, 2025, 10:47 a.m., Published: Aug. 14, 2025, 3:53 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: asa software
vendor: cisco model: adaptive security appliance

Cisco Secure Firewall Management Center Software HTML Injection Vulnerability

Trust: 3.0

Fetched: Aug. 17, 2025, 10:46 a.m., Published: Aug. 14, 2025, 3:53 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: asa software

Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software DHCP Denial of Service Vulnerability

Trust: 3.75

Fetched: Aug. 17, 2025, 10:46 a.m., Published: Aug. 14, 2025, 3:53 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: asa software
vendor: cisco model: adaptive security appliance
vendor: cisco model: device manager