Sign-up

VARIoT news about IoT security

Video: How to identify and manage device security vulnerabilities with Samsung Knox | Knox Asset Intelligence | Samsung Knox Documentation

Trust: 3.0

Fetched: Aug. 24, 2025, 9:58 a.m., Published: July 29, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: knox
vendor: samsung model: samsung

9 Vulnerability Management Vendors​ in 2025 | SentinelOne

Trust: 3.5

Fetched: Aug. 24, 2025, 9:57 a.m., Published: Aug. 19, 2025, 7:42 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: threat response
vendor: cisco model: routers
vendor: check point model: check point
vendor: palo model: networks
vendor: trend model: security
vendor: palo alto networks model: networks

Update Canonical Ubuntu Desktop: USN-7699-1: Linux kernel vulnerabilities*

Trust: 3.0

Fetched: Aug. 24, 2025, 9:57 a.m., Published: Jan. 24, 7699, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

Update Canonical Ubuntu Desktop: USN-7703-2: Linux kernel vulnerabilities

Trust: 3.0

Fetched: Aug. 24, 2025, 9:57 a.m., Published: Feb. 24, 7703, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

CVE-2025-38666 - net: appletalk: Fix use-after-free in AARP proxy probe - SecAlerts

Trust: 3.75

Fetched: Aug. 24, 2025, 9:56 a.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-38666

Rockwell Automation 1756-ENT2R, 1756-EN4TR, 1756-EN4TRXT | CISA

Related entries in the VARIoT vulnerabilities database: VAR-202509-0459, VAR-202509-1087

Trust: 3.75

Fetched: Aug. 24, 2025, 9:56 a.m., Published: -
 Vulnerabilities: denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2025-8008, CVE-2025-8007

CVE-2025-38649 - arm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight - SecAlerts

Trust: 4.5

Fetched: Aug. 24, 2025, 9:55 a.m., Published: -
 Vulnerabilities: infinite loop issue, denial of service, system crash
Affected productsExternal IDs
db: NVD ids: CVE-2025-38649

Apple Fixes Critical Vulnerability That Put Your Crypto in Danger | MEXC News

Trust: 3.75

Fetched: Aug. 24, 2025, 9:54 a.m., Published: Aug. 22, 2025, 11:44 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: macos
vendor: apple model: iphone
db: NVD ids: CVE-2025-43300

CVE-2025-38625 - vfio/pds: Fix missing detach_ioas op - SecAlerts

Trust: 3.25

Fetched: Aug. 24, 2025, 9:54 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-38625

CVE-2025-38649 : Infinite Loop Vulnerability in QCS615 Coresight Devices by Qualcomm

Trust: 5.0

Fetched: Aug. 24, 2025, 9:53 a.m., Published: Aug. 22, 2025, 4 p.m.
 Vulnerabilities: infinite loop vulnerability, system crash
Affected productsExternal IDs
db: NVD ids: CVE-2025-38649

Update Canonical Ubuntu Desktop: USN-7709-1: WEBrick vulnerability

Trust: 4.25

Fetched: Aug. 24, 2025, 9:53 a.m., Published: Jan. 24, 7709, midnight
 Vulnerabilities: request smuggling attack
Affected productsExternal IDs
vendor: canonical model: ubuntu

CVE-2025-38645 : Linux Kernel Memory Access Vulnerability in Mellanox Device Drivers

Trust: 4.25

Fetched: Aug. 24, 2025, 9:53 a.m., Published: Aug. 22, 2025, 4 p.m.
 Vulnerabilities: memory access vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2025-38645

Stop API Attacks on Devices | Arkose Labs

Trust: 3.75

Fetched: Aug. 24, 2025, 9:52 a.m., Published: July 30, 2025, 1:02 p.m.
 Vulnerabilities: spoofing and impersonation
Affected productsExternal IDs
vendor: trend model: security

CVE-2025-38620 - zloop: fix KASAN use-after-free of tag set - SecAlerts

Trust: 3.0

Fetched: Aug. 24, 2025, 9:52 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-38620

Apple just dropped a security update for all its platforms

Trust: 4.0

Fetched: Aug. 24, 2025, 9:51 a.m., Published: Aug. 20, 2025, 7:45 p.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: software update

Cloaked - Could Your Network Be at Risk from a 7-Year-Old Cisco Vulnerability?

Related entries in the VARIoT vulnerabilities database: VAR-201803-1387

Trust: 4.5

Fetched: Aug. 24, 2025, 9:51 a.m., Published: Aug. 7, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: guard
vendor: cisco model: routers
vendor: cisco model: ios xe
vendor: cisco model: cisco ios
db: NVD ids: CVE-2018-0171

Serious Security Vulnerabilities in Dahua Cameras Enable Remote Takeover via ONVIF and File Upload Exploits July 30, 2025 Firmware Security / Vulnerability Cybersecurity researchers have revealed critical security vulnerabilities within the firmware of Dahua smart cameras, which have since been patched. If left unaddressed, these flaws could allow attackers to take control of affected devices. According to a report from Bitdefender shared with The Hacker News, the vulnerabilities-related to the device's ONVIF protocol and file upload handlers-enable unauthorized attackers to execute arbitrary commands remotely, effectively seizing control of the device. Tracked as CVE-2025-31700 and CVE-2025-31701 (CVSS scores: 8.1), the vulnerabilities impact the following device series running firmware versions with build timestamps prior to April 16, 2025: IPC-1XXX Series IPC-2XXX Series IPC-WX Series IPC-ECXX Series SD3A Series SD2A Series SD3D Series SDT2A Series SD2C Series Users can check their device's build time by logging into the web interface and navigating to Settings → System Information → Version. Both vulnerabilities are classified as... - Breach Spot

Trust: 4.75

Fetched: Aug. 24, 2025, 9:51 a.m., Published: Aug. 1, 2025, 5 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: dahua model: dahua camera
vendor: dahua model: camera
db: NVD ids: CVE-2025-31701, CVE-2025-31700

CVE-2025-20133: Remote Access SSL VPN Vulnerability in Cisco Secure Firewall ASA Software and Secure FTD Software - Cybersecurity Exploit Tracker by Ameeba

Trust: 5.0

Fetched: Aug. 24, 2025, 9:50 a.m., Published: Nov. 30, 0001, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: asa software
db: NVD ids: CVE-2025-20133

Apple fixes zero-day vulnerability exploited in "extremely sophisticated attack" (CVE-2025-43300) - Help Net Security

Trust: 6.0

Fetched: Aug. 24, 2025, 9:48 a.m., Published: Aug. 20, 2025, 7:23 p.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2025-43300

Apple Addresses Zero-Day Vulnerability Threatening Crypto Wallets | MEXC News

Trust: 4.0

Fetched: Aug. 24, 2025, 9:47 a.m., Published: Aug. 23, 2025, 3:02 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2025-43300