Sign-up

VARIoT news about IoT security

CVE-2025-0136 PAN-OS: Unencrypted Data Transfer when using AES-128-CCM on Intel-based hardware devices

Trust: 3.75

Fetched: May 28, 2025, 9:26 a.m., Published: May 14, 2025, 4 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: palo alto networks model: pan-os
vendor: palo alto networks model: networks
vendor: palo alto networks model: firewall
vendor: paloaltonetworks model: pan-os
vendor: paloaltonetworks model: networks
vendor: paloaltonetworks model: firewall
vendor: palo model: pan-os
vendor: palo model: networks
vendor: palo model: firewall
db: NVD ids: CVE-2025-0136

New Vulnerabilities Monday 26 May - CND News and Blog

Trust: 3.75

Fetched: May 28, 2025, 9:24 a.m., Published: May 26, 2025, midnight
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: mageia model: mageia
vendor: siemens model: sipass integrated

Cisco Secure Network Analytics Manager API Authorization Vulnerability - Cisco

Trust: 4.25

Fetched: May 28, 2025, 9:23 a.m., Published: May 21, 2025, 11:40 a.m.
 Vulnerabilities: authorization vulnerability
Affected productsExternal IDs

Cisco Secure Network Analytics Manager Privilege Escalation Vulnerability - Cisco

Trust: 4.25

Fetched: May 28, 2025, 9:22 a.m., Published: May 21, 2025, 11:40 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs

How to Perform Penetration Testing on IoT Devices: Top Tools & Techniques - DEVOPS DONE RIGHT.

Trust: 4.5

Fetched: May 28, 2025, 9:22 a.m., Published: May 26, 2025, 10:55 a.m.
 Vulnerabilities: code execution, default credentials
Affected productsExternal IDs
vendor: wireshark model: wireshark

cyberne.ws -- Relevant headlines in cybersecurity. No fluff.

Trust: 4.25

Fetched: May 28, 2025, 9:20 a.m., Published: May 28, 2025, midnight
 Vulnerabilities: denial of service, header injection, privilege escalation...
Affected productsExternal IDs
vendor: d-link model: router
vendor: cisco model: meeting
vendor: cisco model: routers
vendor: cisco model: cisco webex meetings
vendor: cisco model: cisco identity services engine
vendor: cisco model: webex
vendor: cisco model: sd-wan
vendor: cisco model: vpn client
vendor: cisco model: router
vendor: cisco model: cisco webex
vendor: cisco model: webex meetings
vendor: cisco model: identity services engine
vendor: apple model: macos
vendor: google model: chrome
vendor: nissan model: leaf
vendor: nissan model: nissan leaf
vendor: sonicwall model: web application firewall
vendor: sonicwall model: email security
vendor: netgear model: router
vendor: netgear model: netgear router

CVE-2025-4338 : XML External Entity Vulnerability in Lantronix Device Installer

Trust: 3.25

Fetched: May 28, 2025, 9:20 a.m., Published: May 22, 2025, 11:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-4338

AirBorne flaws can lead to fully hijack Apple devices

Trust: 5.5

Fetched: May 28, 2025, 9:19 a.m., Published: April 30, 2025, 5:36 a.m.
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: apple model: iphone
vendor: apple model: macos
vendor: apple model: ipad
db: NVD ids: CVE-2025-24206, CVE-2025-24252, CVE-2025-24132

D-Link Technical Support

Trust: 5.0

Fetched: May 28, 2025, 9:08 a.m., Published: May 28, 2610, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: d-link model: dap-2610

Are Ring Cameras Safe? A Comprehensive Examination - BlinksAndButtons

Trust: 3.75

Fetched: May 28, 2025, 9:07 a.m., Published: May 22, 2025, 6:22 p.m.
 Vulnerabilities: -

CVE-2025-31219 Race Condition Vulnerability in Appleā€™s XNU Kernel - TheCyberThrone

Related entries in the VARIoT vulnerabilities database: VAR-202108-1374

Trust: 5.5

Fetched: May 28, 2025, 9:05 a.m., Published: May 24, 2025, 1:01 p.m.
 Vulnerabilities: privilege escalation, code execution, memory corruption
Affected productsExternal IDs
vendor: cisco model: cisco ios
vendor: cisco model: ios xr
vendor: cisco model: cisco ios xr
vendor: apple model: macos
vendor: apple model: tvos
vendor: apple model: watchos
vendor: google model: android
db: NVD ids: CVE-2021-0920, CVE-2022-20821, CVE-2021-1048, CVE-2025-31219, CVE-2021-30869

CVE-2025-41651 - Cisco Device Remote Command Execution Vulnerability

Trust: 5.0

Fetched: May 28, 2025, 9:05 a.m., Published: May 27, 2025, 9:15 a.m.
 Vulnerabilities: command execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-41651

Arm Mali GPU Vulnerability Enables Bypass of MTE and Arbitrary Kernel Code Execution

Trust: 5.25

Fetched: May 28, 2025, 9:05 a.m., Published: May 27, 2025, 10:42 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-0072

Cisco security flaw exploited to build botnet of thousands of devices | TechRadar

Related entries in the VARIoT vulnerabilities database: VAR-202304-1067

Trust: 4.75

Fetched: May 28, 2025, 9:04 a.m., Published: May 27, 2025, 6:34 p.m.
 Vulnerabilities: improper validation
Affected productsExternal IDs
vendor: asus model: router
vendor: asus model: routers
vendor: asus model: asus
vendor: cisco model: router
vendor: cisco model: rv082
vendor: cisco model: rv325
vendor: cisco model: cisco routers
vendor: cisco model: routers
vendor: cisco model: rv042g
vendor: cisco model: small business
vendor: cisco model: cisco small business
vendor: cisco model: rv320
vendor: cisco model: rv016
vendor: cisco model: rv042
db: NVD ids: CVE-2023-20118

CVE-2025-3078 : Passback Vulnerability Affecting Production Printers and Office Multifunction Devices by Canon

Trust: 3.25

Fetched: May 27, 2025, 9:30 a.m., Published: May 20, 2025, 12:15 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-3078

Multiple Vulnerabilities in SonicWall Secure Mobile Access (SMA) 100 Series Management Interface Could Allow for Remote Code Execution

Trust: 5.0

Fetched: May 27, 2025, 9:30 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: sonicwall model: secure mobile access

Update Canonical Ubuntu Server: USN-7491-1: Linux kernel (OEM) vulnerabilities

Trust: 4.25

Fetched: May 27, 2025, 9:29 a.m., Published: Jan. 27, 7491, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2025-21813, CVE-2025-21902

CVE-2025-5145 : Command Injection Vulnerability in Netcore Networking Devices

Trust: 4.5

Fetched: May 27, 2025, 9:28 a.m., Published: May 25, 2025, 5:31 a.m.
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-5145

CVE-2025-20182: Critical Vulnerability in Cisco Device Software Allows DoS Attacks - Cybersecurity Exploit Tracker by Ameeba

Trust: 5.75

Fetched: May 27, 2025, 9:28 a.m., Published: May 17, 2025, 9:22 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: ios software
vendor: cisco model: cisco ios xe
vendor: cisco model: firepower threat defense
vendor: cisco model: firepower
vendor: cisco model: adaptive security appliance
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: cisco ios
vendor: cisco model: ios xe
vendor: cisco model: ios xe software
db: NVD ids: CVE-2025-20182

AutomationDirect MB-Gateway | CISA

Trust: 5.0

Fetched: May 27, 2025, 9:27 a.m., Published: May 1, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-36535