Sign-up

VARIoT news about IoT security

Update Canonical Ubuntu Server: USN-7833-4: Linux kernel (GCP) vulnerabilities

Trust: 4.0

Fetched: Nov. 4, 2025, 9:38 a.m., Published: April 4, 7833, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2024-36357, CVE-2024-36350

Cisco ASA/FTD 0-Day Vulnerability Exploited for Authentication Bypass - PoC Released

Related entries in the VARIoT vulnerabilities database: VAR-201806-1026

Trust: 5.75

Fetched: Nov. 4, 2025, 9:38 a.m., Published: Oct. 7, 2025, 11:43 a.m.
 Vulnerabilities: path traversal, code execution, authentication bypass...
Affected productsExternal IDs
vendor: cisco model: adaptive security appliance
db: NVD ids: CVE-2025-20333, CVE-2018-0296, CVE-2025-20362, CVE-2025-20363

ERROR: The request could not be satisfied

Trust: 3.25

Fetched: Nov. 4, 2025, 9:37 a.m., Published: -
 Vulnerabilities: configuration error
Affected productsExternal IDs

2025: Linux Kernel Vulnerabilities Overview and Exploits

Trust: 5.25

Fetched: Nov. 4, 2025, 9:36 a.m., Published: Nov. 4, 2025, midnight
 Vulnerabilities: memory leak, information leakage, privilege escalation...
Affected productsExternal IDs
vendor: google model: android
vendor: alsa model: alsa
db: NVD ids: CVE-2025-38352, CVE-2024-53150, CVE-2024-50302, CVE-2024-53197, CVE-2024-53104, CVE-2021-22555, CVE-2023-0386

CVE-2025-55677 - Windows Device Association Broker Service Elevation of Privilege Vulnerability - SecAlerts

Trust: 3.25

Fetched: Nov. 4, 2025, 9:36 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-55677

A major evolution of Apple Security Bounty, with the industry's top awards for the most advanced research - Apple Security Research

Trust: 4.5

Fetched: Nov. 4, 2025, 9:34 a.m., Published: Oct. 10, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: macos
vendor: apple model: safari
vendor: apple model: tvos
vendor: apple model: watchos
vendor: apple model: icloud
vendor: apple model: iphone

Patch Tuesday, October 2025 ‘End of 10’ Edition - Krebs on Security

Trust: 4.25

Fetched: Nov. 4, 2025, 9:32 a.m., Published: Oct. 7, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-59234, CVE-2025-59230, CVE-2025-59287, CVE-2025-59227, CVE-2025-24990

Update Canonical Ubuntu Server: USN-7841-1: strongSwan vulnerability

Trust: 4.25

Fetched: Nov. 4, 2025, 9:32 a.m., Published: Jan. 4, 7841, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu

Microsoft and Adobe Patch Tuesday, October 2025 Security Update Review | Qualys

Related entries in the VARIoT vulnerabilities database: VAR-202510-3116

Trust: 4.5

Fetched: Nov. 4, 2025, 9:30 a.m., Published: Oct. 14, 2025, 7:19 p.m.
 Vulnerabilities: privilege escalation, code execution, access control flaw...
Affected productsExternal IDs
db: NVD ids: CVE-2025-11208, CVE-2025-11207, CVE-2025-48004, CVE-2025-55676, CVE-2025-59502, CVE-2025-59189, CVE-2025-11212, CVE-2025-11209, CVE-2025-55690, CVE-2025-55684, CVE-2025-11210, CVE-2025-59199, CVE-2025-55315, CVE-2025-55247, CVE-2025-59210, CVE-2025-55328, CVE-2025-53717, CVE-2025-59249, CVE-2025-59206, CVE-2025-55700, CVE-2025-59284, CVE-2025-49708, CVE-2025-55688, CVE-2025-55694, CVE-2025-59248, CVE-2025-58717, CVE-2025-11213, CVE-2025-55326, CVE-2025-59282, CVE-2025-55335, CVE-2025-55687, CVE-2025-11216, CVE-2025-59209, CVE-2025-11219, CVE-2025-59191, CVE-2025-58722, CVE-2025-11458, CVE-2025-55689, CVE-2025-58718, CVE-2025-59261, CVE-2025-11211, CVE-2025-55680, CVE-2025-59198, CVE-2025-58714, CVE-2025-11206, CVE-2025-59254, CVE-2025-59255, CVE-2025-59190, CVE-2025-55331, CVE-2025-11215, CVE-2025-55691, CVE-2025-58727, CVE-2025-59211, CVE-2025-55693, CVE-2025-55692, CVE-2025-11460, CVE-2025-59195, CVE-2025-59253, CVE-2025-55685, CVE-2025-58719, CVE-2025-11205, CVE-2025-59205, CVE-2025-2884, CVE-2025-59287, CVE-2025-59295, CVE-2025-59194, CVE-2025-59242, CVE-2025-55681, CVE-2025-55686, CVE-2025-53782

New Bitdefender and NETGEAR Report Reveals Rising Threats Across the Connected Home Landscape

Trust: 4.25

Fetched: Nov. 4, 2025, 9:30 a.m., Published: Oct. 29, 2025, midnight
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs
vendor: netgear model: router
vendor: netgear model: orbi
vendor: mesh model: mesh

Google's AI 'Big Sleep' Finds 5 New Vulnerabilities in Apple's Safari WebKit

Trust: 4.5

Fetched: Nov. 4, 2025, 9:30 a.m., Published: Nov. 4, 2025, 8:10 a.m.
 Vulnerabilities: memory corruption, process crash, buffer overflow
Affected productsExternal IDs
vendor: apple model: webkit
vendor: apple model: macos
vendor: apple model: safari
vendor: apple model: ipad
vendor: apple model: tvos
vendor: apple model: watchos
vendor: apple model: ipad air
vendor: apple model: watch
vendor: apple model: apple tv
vendor: apple model: iphone
db: NVD ids: CVE-2025-43433, CVE-2025-43430, CVE-2025-43434, CVE-2025-43429, CVE-2025-43431, CVE-2025-6965

Should you ditch your TP-Link router? Here's how to secure your Wi-Fi today | ZDNET

Trust: 4.25

Fetched: Nov. 4, 2025, 9:29 a.m., Published: Nov. 7, 2025, midnight
 Vulnerabilities: default credentials, denial of service
Affected productsExternal IDs
vendor: mesh model: mesh
vendor: tp-link model: routers
vendor: google model: home
vendor: tp link model: routers

Apple Patches Multiple Critical Vulnerabilities in iOS 26.1 and iPadOS 26.1

Trust: 3.75

Fetched: Nov. 4, 2025, 9:29 a.m., Published: Nov. 4, 2025, midnight
 Vulnerabilities: information disclosure
Affected productsExternal IDs
vendor: apple model: software update
vendor: apple model: ipad
vendor: apple model: ipad air
vendor: apple model: iphone

IoT Device Privacy Vulnerabilities: Corporate Networks Under Siege - Remova Blog - Remova.org

Trust: 4.25

Fetched: Nov. 4, 2025, 9:27 a.m., Published: Oct. 13, 2025, midnight
 Vulnerabilities: default credentials
Affected productsExternal IDs
vendor: google model: wifi
vendor: google model: home

Android Security Bulletin-November 2025 | Android Open Source Project

Trust: 4.25

Fetched: Nov. 4, 2025, 9:25 a.m., Published: Nov. 4, 2025, midnight
 Vulnerabilities: information disclosure, denial of service, code execution
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: samsung model: notes
vendor: samsung model: mobile
vendor: huawei model: huawei
vendor: motorola model: android
vendor: motorola model: motorola
vendor: google model: pixel
vendor: google model: android
db: NVD ids: CVE-2025-48593, CVE-2025-48581

Google Wear OS Message App Vulnerability Let Any Installed App To Send SMS Behalf Of User

Trust: 4.0

Fetched: Nov. 2, 2025, 9:29 a.m., Published: Oct. 29, 2025, 8:58 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2025-12080

What are Common Vulnerabilities & Exposures (CVEs)?

Related entries in the VARIoT vulnerabilities database: VAR-202112-0566

Trust: 3.0

Fetched: Nov. 2, 2025, 9:29 a.m., Published: May 2, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2021-44228, CVE-2017-0144, CVE-2024-1234

ChatGPT Atlas Browser Vulnerability Could Let Hackers Take Control, Study Reveals

Trust: 3.0

Fetched: Nov. 2, 2025, 9:29 a.m., Published: Oct. 28, 2025, 1:33 p.m.
 Vulnerabilities: cross-site request forgery, request forgery
Affected productsExternal IDs

Rockwell Automation Lifecycle Services with Cisco | CISA

Trust: 5.25

Fetched: Nov. 2, 2025, 9:28 a.m., Published: Nov. 1, 2025, midnight
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
vendor: cisco model: ios xe
vendor: cisco model: cisco ios xe
vendor: cisco model: ios xe software
vendor: cisco model: ios software
vendor: cisco model: cisco ios
db: NVD ids: CVE-2025-20352

Decoding the World of Penetration Testing: A Vital Security Measure - TechResources.net

Trust: 3.75

Fetched: Nov. 2, 2025, 9:27 a.m., Published: Oct. 7, 2025, 6:34 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: wireshark model: wireshark