Sign-up

VARIoT news about IoT security

Update Canonical Ubuntu Desktop: USN-7876-1: ImageMagick vulnerability

Trust: 5.75

Fetched: Nov. 23, 2025, 10:02 a.m., Published: Jan. 23, 7876, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
vendor: imagemagick model: imagemagick
db: NVD ids: CVE-2025-57803

Update Microsoft SQL Server 2019: KB5068404: This hotfix addresses a SQL injection vulnerability

Trust: 3.0

Fetched: Nov. 23, 2025, 10:02 a.m., Published: Nov. 23, 2019, midnight
 Vulnerabilities: sql injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-59499

CISA: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities - Cyber Security Review

Trust: 3.75

Fetched: Nov. 23, 2025, 10:01 a.m., Published: Nov. 12, 2025, 8:46 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: firepower
vendor: cisco model: router
vendor: cisco model: routers
vendor: cisco model: nexus
vendor: palo model: networks
db: NVD ids: CVE-2025-53770, CVE-2025-20333, CVE-2025-20362, CVE-2025-41244

How to Hack a MacBook Pro M3 with a USB Device | Luis Oria Seidel posted on the topic | LinkedIn

Trust: 4.5

Fetched: Nov. 23, 2025, 10:01 a.m., Published: -
 Vulnerabilities: code execution, privilege escalation
Affected productsExternal IDs
vendor: apple model: macbook
vendor: apple model: macos
vendor: apple model: macbook pro

CISA: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities - Cyber Security Review

Trust: 3.75

Fetched: Nov. 23, 2025, 10:01 a.m., Published: Nov. 12, 2025, 8:46 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: cisco model: firepower
db: NVD ids: CVE-2025-20333, CVE-2025-20362

Comet Browser Vulnerability: MCP API Flaw Exposed | Luis Oria Seidel posted on the topic | LinkedIn

Trust: 3.25

Fetched: Nov. 23, 2025, 10 a.m., Published: -
 Vulnerabilities: privilege escalation
Affected productsExternal IDs

CISA: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities - Cyber Security Review

Trust: 3.75

Fetched: Nov. 23, 2025, 9:59 a.m., Published: Nov. 12, 2025, 8:46 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: cisco model: firepower
db: NVD ids: CVE-2025-20333, CVE-2025-20362

CISA: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities - Cyber Security Review

Trust: 3.75

Fetched: Nov. 23, 2025, 9:59 a.m., Published: Nov. 12, 2025, 8:46 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: firepower
vendor: trend micro model: security
vendor: trend model: security
db: NVD ids: CVE-2025-20333, CVE-2025-20362

CISA: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities - Cyber Security Review

Trust: 4.75

Fetched: Nov. 23, 2025, 9:58 a.m., Published: Nov. 12, 2025, 8:46 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: firepower
db: NVD ids: CVE-2025-55241, CVE-2025-20333, CVE-2025-20362, CVE-2024-36401

CISA: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities - Cyber Security Review

Trust: 5.75

Fetched: Nov. 23, 2025, 9:58 a.m., Published: Nov. 12, 2025, 8:46 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: firepower
vendor: watchguard model: watchguard fireware
vendor: watchguard model: fireware
vendor: watchguard model: firebox
db: NVD ids: CVE-2025-10035, CVE-2025-20333, CVE-2025-20362, CVE-2023-0669

IT Asset Visibility: Reduce Breach Risk & Security Costs

Trust: 3.75

Fetched: Nov. 23, 2025, 9:56 a.m., Published: Nov. 21, 2025, midnight
 Vulnerabilities: audit failure
Affected productsExternal IDs

GHSA-mrw7-hf4f-83pf - Input Validation - SecAlerts

Trust: 4.75

Fetched: Nov. 21, 2025, 9:41 a.m., Published: -
 Vulnerabilities: memory corruption, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-62164

Update Canonical Ubuntu Desktop: USN-7877-1: libcupsfilters vulnerabilities

Trust: 6.25

Fetched: Nov. 21, 2025, 9:40 a.m., Published: Jan. 21, 7877, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2025-64503, CVE-2025-57812

WrtHug Abuse of ASUS WRT Vulnerabilities Exposes Thousands of EoL Routers - SecPod Blog

Related entries in the VARIoT vulnerabilities database: VAR-202504-1580

Trust: 4.75

Fetched: Nov. 21, 2025, 9:40 a.m., Published: Nov. 20, 2025, 9:06 a.m.
 Vulnerabilities: privilege escalation, command injection
Affected productsExternal IDs
vendor: asus model: router
vendor: asus model: rt-ac1300uhp
vendor: asus model: rt-ac1300gplus
vendor: asus model: gt-ac5300
vendor: asus model: gt-ax11000
vendor: asus model: 4g-ac55u
vendor: asus model: wrt firmware
vendor: asus model: routers
vendor: asus model: dsl-ac68u
vendor: asus model: asus
vendor: asus model: rt-ac1200hp
db: NVD ids: CVE-2024-12912, CVE-2023-41346, CVE-2025-2492, CVE-2023-41348, CVE-2023-41345, CVE-2023-41347

Lynx N4 IoT Gateway Vulnerability: Update Now | Luis Oria Seidel posted on the topic | LinkedIn

Trust: 5.25

Fetched: Nov. 21, 2025, 9:39 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-6324

Operation WrtHug hijacks 50,000+ ASUS routers to build a global botnet

Related entries in the VARIoT vulnerabilities database: VAR-202504-1580

Trust: 5.5

Fetched: Nov. 21, 2025, 9:36 a.m., Published: Nov. 19, 2025, 6:31 p.m.
 Vulnerabilities: command execution, os command injection, arbitrary command execution...
Affected productsExternal IDs
vendor: asus model: asus
vendor: asus model: router
vendor: asus model: routers
db: NVD ids: CVE-2023-41348, CVE-2023-41345, CVE-2024-12912, CVE-2025-2492

CVE-2025-62164 - VLLM deserialization vulnerability leading to DoS and potential RCE - SecAlerts

Trust: 4.75

Fetched: Nov. 21, 2025, 9:35 a.m., Published: -
 Vulnerabilities: memory corruption, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-62164

CVE-2025-64446 in Fortinet FortiWeb: Details, Next Steps

Trust: 4.0

Fetched: Nov. 21, 2025, 9:35 a.m., Published: May 21, 2025, midnight
 Vulnerabilities: authentication bypass, path traversal, privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2025-64446

Hackers exploiting critical vulnerability in Windows Server Update Service | Cybersecurity Dive

Trust: 3.75

Fetched: Nov. 21, 2025, 9:34 a.m., Published: Oct. 24, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: palo model: networks
vendor: palo alto networks model: networks
db: NVD ids: CVE-2025-59287

Active Exploitation of Fortinet FortiWeb Path Traversal Vulnerability

Trust: 3.75

Fetched: Nov. 21, 2025, 9:33 a.m., Published: Nov. 17, 2025, midnight
 Vulnerabilities: path traversal
Affected productsExternal IDs