Sign-up

VARIoT news about IoT security

Update Canonical Ubuntu Desktop: USN-7485-1: LibRaw vulnerabilities

Trust: 5.0

Fetched: June 1, 2025, 9:35 a.m., Published: Jan. 1, 7485, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2025-43964, CVE-2025-43961, CVE-2025-43962, CVE-2025-43963

CVE-2025-27524 - Hitachi JP1/IT Desktop Management 2 - Smart Device Manager Weak Encryption Vulnerability | Kenya Education Network

Trust: 6.0

Fetched: June 1, 2025, 9:35 a.m., Published: June 2, 2025, midnight
 Vulnerabilities: encryption vulnerability
Affected productsExternal IDs
vendor: hitachi model: device manager
vendor: hitachi model: jp1/it desktop management
db: NVD ids: CVE-2025-27524

CVE-2025-27524 - Hitachi JP1/IT Desktop Management 2 - Smart Device Manager Weak Encryption Vulnerability | Kenya Education Network

Trust: 6.0

Fetched: June 1, 2025, 9:34 a.m., Published: June 2, 2025, midnight
 Vulnerabilities: encryption vulnerability
Affected productsExternal IDs
vendor: hitachi model: device manager
vendor: hitachi model: jp1/it desktop management
db: NVD ids: CVE-2025-27524

Inside Trident Spyware | How iPhones Get Hacked via Zero-Click Attacks - Web Asha Technologies

Related entries in the VARIoT vulnerabilities database: VAR-201608-0186, VAR-201608-0188, VAR-201608-0187

Trust: 4.25

Fetched: June 1, 2025, 9:34 a.m., Published: June 1, 2025, midnight
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs
vendor: apple model: safari
vendor: apple model: webkit
vendor: apple model: iphone
db: NVD ids: CVE-2016-4655, CVE-2016-4657, CVE-2016-4656

Update Canonical Ubuntu Server: USN-7485-1: LibRaw vulnerabilities

Trust: 5.0

Fetched: June 1, 2025, 9:34 a.m., Published: Jan. 1, 7485, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2025-43964, CVE-2025-43961, CVE-2025-43962, CVE-2025-43963

Update Canonical Ubuntu Desktop: USN-7490-1: libsoup vulnerabilities

Trust: 5.0

Fetched: June 1, 2025, 9:33 a.m., Published: Jan. 1, 7490, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2025-32910, CVE-2025-32913, CVE-2025-32906, CVE-2025-46420, CVE-2025-32912, CVE-2025-46421, CVE-2025-32911, CVE-2025-32914, CVE-2025-32909

Update Canonical Ubuntu Server: USN-7480-1: OpenJDK 8 vulnerabilities

Trust: 6.0

Fetched: June 1, 2025, 9:33 a.m., Published: Jan. 1, 7480, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2025-30691, CVE-2025-21587, CVE-2025-30698

[Palo Alto Networks Security Advisories] CVE-2025-0136 PAN-OS: Unencrypted Data Transfer when using AES-128-CCM onIntel-based hardware devices - RedPacket Security

Trust: 3.75

Fetched: June 1, 2025, 9:32 a.m., Published: May 14, 2025, 5:02 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: paloaltonetworks model: firewall
vendor: paloaltonetworks model: networks
vendor: paloaltonetworks model: pan-os
vendor: palo model: firewall
vendor: palo model: networks
vendor: palo model: pan-os
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os
db: NVD ids: CVE-2025-0136

Update Canonical Ubuntu Desktop: USN-7480-1: OpenJDK 8 vulnerabilities

Trust: 6.0

Fetched: June 1, 2025, 9:26 a.m., Published: Jan. 1, 7480, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2025-30691, CVE-2025-21587, CVE-2025-30698

Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution

Related entries in the VARIoT vulnerabilities database: VAR-202505-0239

Trust: 5.75

Fetched: June 1, 2025, 9:21 a.m., Published: May 11, 2025, midnight
 Vulnerabilities: code execution, denial of service, information disclosure...
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2025-26423, CVE-2025-26424, CVE-2025-22425, CVE-2025-26429, CVE-2024-49842, CVE-2024-49841, CVE-2025-26422, CVE-2025-26427, CVE-2023-35657, CVE-2024-49846, CVE-2025-20666, CVE-2025-26430, CVE-2025-21453, CVE-2024-34739, CVE-2025-26442, CVE-2025-0072, CVE-2025-26425, CVE-2024-49835, CVE-2025-26440, CVE-2025-0087, CVE-2024-47896, CVE-2024-45580, CVE-2025-0427, CVE-2025-21467, CVE-2023-21342, CVE-2024-47891, CVE-2025-21459, CVE-2024-49847, CVE-2025-26436, CVE-2025-26444, CVE-2025-26426, CVE-2024-52939, CVE-2024-47900, CVE-2024-49845, CVE-2025-26435, CVE-2025-21468, CVE-2024-46975, CVE-2025-26438, CVE-2024-49739, CVE-2024-12577, CVE-2025-0077, CVE-2025-26420, CVE-2025-27363, CVE-2025-26421, CVE-2024-46974, CVE-2025-26428

UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware

Trust: 4.5

Fetched: June 1, 2025, 9:13 a.m., Published: May 22, 2025, 10 a.m.
 Vulnerabilities: file enumeration
Affected productsExternal IDs
vendor: snort.org model: snort
vendor: jquery model: jquery
vendor: cisco model: web security appliance
vendor: cisco model: adaptive security appliance
vendor: cisco model: umbrella
vendor: cisco model: firepower
vendor: cisco model: meraki mx
vendor: snort model: snort
db: NVD ids: CVE-2025-0994, CVE-2025-0944

Critical Rockwell PowerMonitor 1000 vulnerabilities risk device takeover, raising industrial cybersecurity threat - Industrial Cyber

Related entries in the VARIoT vulnerabilities database: VAR-202412-2454

Trust: 5.25

Fetched: June 1, 2025, 9:13 a.m., Published: May 30, 2025, 2:52 p.m.
 Vulnerabilities: denial of service, buffer overflow, memory corruption...
Affected productsExternal IDs
vendor: treck model: tcp/ip stack
vendor: rockwell model: powermonitor 1000
vendor: rockwell automation model: powermonitor 1000
db: NVD ids: CVE-2024-12373, CVE-2024-12371, CVE-2024-12372

Multiple Vulnerabilities in Ivanti Endpoint Manager Mobile Could Allow for Remote Code Execution

Trust: 3.0

Fetched: June 1, 2025, 9:12 a.m., Published: May 15, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

Your Asus router may be compromised - here's how to tell and what to do | ZDNET

Related entries in the VARIoT vulnerabilities database: VAR-202309-0729

Trust: 3.5

Fetched: June 1, 2025, 9:09 a.m., Published: May 1, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: home
vendor: asus model: router
vendor: asus model: routers
vendor: asus model: asus
db: NVD ids: CVE-2023-39780

Smart Home, Dumb Security: Device Vulnerability Unveiled - Save the Debate

Trust: 3.5

Fetched: June 1, 2025, 9:08 a.m., Published: May 21, 2025, 4 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: essential model: phone
vendor: ecobee model: smart thermostat

ASUS Router Hack: How to Tell If Your Device Is Compromised

Related entries in the VARIoT vulnerabilities database: VAR-202309-0729

Trust: 5.5

Fetched: June 1, 2025, 9:07 a.m., Published: May 30, 2025, 2:18 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: asus model: router
vendor: asus model: asus firmware
vendor: asus model: asus
vendor: asus model: routers
vendor: cisco model: router
vendor: cisco model: cisco routers
vendor: cisco model: routers
db: NVD ids: CVE-2023-39780

Assignment 3

Trust: 3.25

Fetched: June 1, 2025, 9:06 a.m., Published: Jan. 2, 2025, midnight
 Vulnerabilities: default password, denial of service, sql injection
Affected productsExternal IDs

Smart Home, Dumb Security: Device Vulnerability Explored - Khizri

Trust: 3.5

Fetched: June 1, 2025, 9:05 a.m., Published: May 12, 2025, 12:33 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: google home
vendor: google model: home

CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution - Blog | TenableĀ®

Trust: 3.0

Fetched: June 1, 2025, 9:04 a.m., Published: May 13, 2025, 9:40 p.m.
 Vulnerabilities: code execution, authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2025-4428, CVE-2025-4427

Cybersecurity Threat Advisory: ViciousTrap exploiting Cisco vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-202304-1067

Trust: 4.75

Fetched: May 30, 2025, 9:40 a.m., Published: May 28, 2025, 11:19 p.m.
 Vulnerabilities: traffic interception
Affected productsExternal IDs
vendor: cisco model: rv016
vendor: cisco model: routers
vendor: cisco model: rv325
vendor: cisco model: rv082
vendor: cisco model: series
vendor: cisco model: small business
vendor: cisco model: router
vendor: cisco model: cisco small business
vendor: cisco model: rv042
vendor: barracuda model: barracuda
db: NVD ids: CVE-2023-20118