Sign-up

VARIoT news about IoT security

Ivanti Zero-Day Exploited in Connect Secure, SonicWall SSL VPN and SSH Vulnerabilities, KerioControl Flaw - SOCRadar® Cyber Intelligence Inc.

Trust: 5.25

Fetched: Jan. 10, 2025, 9:52 a.m., Published: Jan. 9, 2025, 12:37 p.m.
 Vulnerabilities: buffer overflow, privilege escalation, authentication vulnerability...
Affected productsExternal IDs
vendor: sonicwall model: sonicos
vendor: sonicwall model: ssl vpn
db: NVD ids: CVE-2025-0283, CVE-2024-53706, CVE-2024-53704, CVE-2025-0282, CVE-2024-40762, CVE-2024-52875, CVE-2024-53705

LDAP Nightmare - Windows LDAP Denial of Service Vulnerability (CVE-2024-49113) - SafeBreach

Trust: 3.0

Fetched: Jan. 10, 2025, 9:51 a.m., Published: Jan. 8, 2025, 7:58 p.m.
 Vulnerabilities: denial of service, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-49113, CVE-2024-49112

ACSC Advisory Warns of Critical Ivanti Vulnerabilities - Australian Cyber Security Magazine

Trust: 3.75

Fetched: Jan. 10, 2025, 9:51 a.m., Published: Jan. 10, 2025, 12:56 a.m.
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-0283, CVE-2025-0282

Hacker Forums Reveal ICAO Leak, SonicWall Vulnerability, and Other New Exploit Sales - SOCRadar® Cyber Intelligence Inc.

Trust: 4.5

Fetched: Jan. 10, 2025, 9:50 a.m., Published: Jan. 6, 2025, 11:30 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: sonicwall model: remote access
vendor: cisco model: jabber
vendor: cisco model: series

Critical Google Security Warning-Update Android 12 To 15 Now

Trust: 3.75

Fetched: Jan. 10, 2025, 9:48 a.m., Published: Jan. 7, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: chrome
vendor: google model: android

Ivanti warns critical RCE flaw in Connect Secure exploited as zero-day | CSO Online

Trust: 4.0

Fetched: Jan. 10, 2025, 9:48 a.m., Published: Jan. 8, 2025, midnight
 Vulnerabilities: privilege escalation, buffer overflow, memory corruption...
Affected productsExternal IDs
db: NVD ids: CVE-2025-0283, CVE-2025-0282

Ivanti discloses critical VPN vulnerability being actively targeted by hackers - SiliconANGLE

Trust: 3.75

Fetched: Jan. 10, 2025, 9:47 a.m., Published: Jan. 9, 2025, 11:46 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: nexus
db: NVD ids: CVE-2024-21887, CVE-2023-46805, CVE-2025-0283, CVE-2025-0282

CVE-2025-0282: Ivanti Connect Secure zero-day exploited in the wild

Trust: 4.25

Fetched: Jan. 10, 2025, 9:47 a.m., Published: Jan. 9, 2025, 2:45 a.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2025-0283, CVE-2025-0282

RP2350 Security Flaw: Microcontroller Weaknesses Revealed

Trust: 3.75

Fetched: Jan. 10, 2025, 9:46 a.m., Published: Oct. 1, 2025, midnight
 Vulnerabilities: code injection
Affected productsExternal IDs

Google Issues Critical Security Warnings for Millions of Android Device Users | HotHardware

Trust: 4.75

Fetched: Jan. 10, 2025, 9:45 a.m., Published: Jan. 9, 2025, 1:50 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: home
vendor: google model: pixel
vendor: google model: android
db: NVD ids: CVE-2024-53842, CVE-2024-43096, CVE-2024-49748, CVE-2024-49747, CVE-2024-43771, CVE-2024-43770

Ongoing attacks on Ivanti VPNs install a ton of sneaky, well-written malware

Trust: 4.0

Fetched: Jan. 10, 2025, 9:44 a.m., Published: Jan. 9, 2025, 10:17 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: home
db: NVD ids: CVE-2025-0283

Ivanti Discloses Exploitation Of ‘Critical’ VPN Vulnerability

Trust: 3.5

Fetched: Jan. 10, 2025, 9:44 a.m., Published: Jan. 8, 2025, 3:53 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: pulse secure model: connect secure
vendor: pulse secure model: policy secure
db: NVD ids: CVE-2025-0283, CVE-2025-0282

Androxgh0st botnet integrates Mozi payloads to target IoT devices | CSO Online

Related entries in the VARIoT vulnerabilities database: VAR-202303-1268

Trust: 5.75

Fetched: Jan. 10, 2025, 9:43 a.m., Published: Nov. 8, 2024, midnight
 Vulnerabilities: code execution, command injection, command execution...
Affected productsExternal IDs
vendor: tp-link model: routers
db: NVD ids: CVE-2023-1389

White House launches consumer smart device security label • The Register

Trust: 3.0

Fetched: Jan. 10, 2025, 9:41 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs

Security Update: Ivanti Connect Secure, Policy Secure and Neurons for ZTA Gateways | Ivanti

Trust: 3.0

Fetched: Jan. 10, 2025, 9:39 a.m., Published: Jan. 8, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-0283, CVE-2025-0282

Vulnerabilities in Wago PLCs: Understanding the Risks

Trust: 4.25

Fetched: Jan. 10, 2025, 9:39 a.m., Published: Dec. 3, 2024, midnight
 Vulnerabilities: code execution, access control vulnerability, path traversal
Affected productsExternal IDs
vendor: codesys model: control
vendor: codesys model: codesys
vendor: wago model: 750-8216
vendor: wago model: wago
db: NVD ids: CVE-2024-41972, CVE-2024-41967, CVE-2024-41968, CVE-2024-41974, CVE-2024-41970, CVE-2024-41971, CVE-2024-41973, CVE-2024-41969

Netis routers vulnerable to chained authentication bypass, RCE flaws | SC Media

Trust: 6.75

Fetched: Jan. 10, 2025, 9:37 a.m., Published: Feb. 13, 2024, 7 p.m.
 Vulnerabilities: information disclosure, code execution, authentication bypass
Affected productsExternal IDs
vendor: d-link model: router
db: NVD ids: CVE-2024-48457, CVE-2024-48455, CVE-2024-48456

Android Security Bulletin January 2025 | Android Open Source Project

Related entries in the VARIoT vulnerabilities database: VAR-202501-0596

Trust: 4.25

Fetched: Jan. 10, 2025, 9:36 a.m., Published: Jan. 10, 2025, midnight
 Vulnerabilities: information disclosure, code execution, denial of service
Affected productsExternal IDs
vendor: motorola model: android
vendor: motorola model: motorola
vendor: huawei model: huawei
vendor: samsung model: notes
vendor: samsung model: samsung
vendor: samsung model: mobile
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2024-49733, CVE-2024-20148, CVE-2024-43096, CVE-2024-49736, CVE-2024-43095, CVE-2024-20143, CVE-2024-43765, CVE-2024-20140, CVE-2023-40108, CVE-2024-49732, CVE-2024-43770, CVE-2024-20154, CVE-2024-20146, CVE-2024-43704, CVE-2024-20145, CVE-2024-49744, CVE-2023-40132, CVE-2024-49735, CVE-2024-49737, CVE-2024-34722, CVE-2024-49745, CVE-2024-43763, CVE-2024-49724, CVE-2024-49742, CVE-2024-49749, CVE-2024-49748, CVE-2024-49747, CVE-2024-34730, CVE-2024-20105, CVE-2024-49738, CVE-2024-20144, CVE-2024-49734, CVE-2024-43771

Access Denied

Trust: 3.25

Fetched: Jan. 10, 2025, 9:35 a.m., Published: Jan. 14, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung

Cybersecurity Threat Advisory: Zero-click flaw in Synology NAS devices

Trust: 4.75

Fetched: Jan. 10, 2025, 9:34 a.m., Published: Nov. 6, 2024, 4:26 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: barracuda model: barracuda
vendor: synology model: diskstation
db: NVD ids: CVE-2024-10443