VARIoT latest news about IoT security

Top five most common network vulnerabilities - Advania Trust: 3.5 Fetched: May 6, 2025, 9:05 a.m., Published: April 16, 2025, 2:49 p.m.	Vulnerabilities: default credentials, weak password

Affected products	External IDs

Airborne: Wormable Zero-Click RCE in Apple AirPlay Puts Billions of Devices at Risk \| Oligo Security \| Oligo Security Trust: 6.25 Fetched: May 6, 2025, 9:04 a.m., Published: April 29, 2025, midnight	Vulnerabilities: information disclosure, process crash, buffer overflow...

Affected products

External IDs

vendor:	apple	model:	ipad
vendor:	apple	model:	iphone
vendor:	apple	model:	apple tv
vendor:	apple	model:	macos

db:

NVD

ids:

CVE-2025-24206, CVE-2025-24271, CVE-2025-24129, CVE-2025-24252, CVE-2025-24132, CVE-2025-24137

Airplay-enabled devices open to attack via "AirBorne" vulnerabilities - Help Net Security Trust: 3.0 Fetched: May 4, 2025, 9:32 a.m., Published: April 30, 2025, 1:23 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	tvos
vendor:	apple	model:	macos
vendor:	apple	model:	ipad
vendor:	apple	model:	iphone
vendor:	apple	model:	watchos

Update Canonical Ubuntu Server: USN-7472-1: Micropython vulnerabilities Trust: 6.0 Fetched: May 4, 2025, 9:31 a.m., Published: Jan. 4, 7472, midnight	Vulnerabilities: denial of service, buffer overflow

Affected products

External IDs

vendor:

canonical

model:

ubuntu

db:

NVD

ids:

CVE-2024-8947, CVE-2021-42553, CVE-2024-8946

Critical Vulnerabilities in Planet Technology Network Devices: What You Need to Know \| Windows Forum Trust: 3.25 Fetched: May 4, 2025, 9:30 a.m., Published: May 4, 2025, midnight	Vulnerabilities: command injection, os command injection, default credentials

Affected products

External IDs

vendor:	google	model:	wifi
vendor:	trend	model:	security

Apple patches security vulnerabilities in iOS and iPadOS. Update now! \| Malwarebytes Trust: 5.5 Fetched: May 4, 2025, 9:29 a.m., Published: April 17, 2025, 3:59 p.m.	Vulnerabilities: memory corruption, code execution

Affected products

External IDs

vendor:	apple	model:	ipad air
vendor:	apple	model:	ipad
vendor:	apple	model:	iphone
vendor:	apple	model:	software update

db:

NVD

ids:

CVE-2025-31200, CVE-2025-31201

Critical Siemens Solid Edge Vulnerability: What You Need to Know \| Windows Forum Trust: 4.5 Fetched: May 4, 2025, 9:20 a.m., Published: May 4, 2025, midnight	Vulnerabilities: memory corruption, buffer overflow, code execution

Affected products

External IDs

vendor:

siemens

model:

solid edge

db:

NVD

ids:

CVE-2024-54091

Kubernetes Vulnerability Scanning: Best Practices and Tools Trust: 3.5 Fetched: May 4, 2025, 9:13 a.m., Published: April 18, 2025, 6:56 p.m.	Vulnerabilities: denial of service, privilege escalation

Affected products

External IDs

db:

NVD

ids:

CVE-2019-1002101

Top 14 Network Security Risks Impacting Businesses Today Trust: 3.5 Fetched: May 4, 2025, 9:12 a.m., Published: April 10, 2025, 7:50 a.m.	Vulnerabilities: cross-site scripting, sql injection, account lockout...

Affected products	External IDs

Seven Years Old Cisco Vulnerability Exposes Cisco Devices to Remote Code Execution Attacks Related entries in the VARIoT vulnerabilities database: VAR-201803-1387 Trust: 4.75 Fetched: May 4, 2025, 9:11 a.m., Published: April 12, 2025, 3:39 p.m.	Vulnerabilities: code execution, command execution

Affected products

External IDs

db:

NVD

ids:

CVE-2018-0171

Update Canonical Ubuntu Desktop: USN-7473-1: Ghostscript vulnerability Trust: 3.75 Fetched: May 4, 2025, 9:09 a.m., Published: Jan. 4, 7473, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	ghostscript	model:	ghostscript
vendor:	canonical	model:	ubuntu

Google fixes two actively exploited zero-day vulnerabilities in Android \| Malwarebytes Trust: 5.75 Fetched: May 4, 2025, 9:07 a.m., Published: April 8, 2025, 11:34 a.m.	Vulnerabilities: privilege escalation, information disclosure

Affected products

External IDs

vendor:

google

model:

android

db:

NVD

ids:

CVE-2024-50302, CVE-2024-53104, CVE-2024-53150, CVE-2024-53197

Single Line of Code iPhone Exploit: Critical Vulnerability Could Brick Devices - CinchOps, Inc. Trust: 4.5 Fetched: May 4, 2025, 9:06 a.m., Published: April 29, 2025, 8 a.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	apple	model:	icloud
vendor:	apple	model:	iphone

db:

NVD

ids:

CVE-2025-24091

Critical "AirBorne" Vulnerabilities in Apple AirPlay - Billions of Devices at Risk Trust: 6.75 Fetched: May 4, 2025, 9:06 a.m., Published: May 3, 2025, 11:10 a.m.	Vulnerabilities: denial of service, information disclosure, code execution

Affected products

External IDs

vendor:

apple

model:

macos

db:

NVD

ids:

CVE-2025-24252, CVE-2025-24132

Multiple vulnerabilities disclosed on multiple Apple operating systems - Information Security at University of Toronto Trust: 3.0 Fetched: May 2, 2025, 9:23 a.m., Published: May 1, 2025, 5:34 p.m.	Vulnerabilities: denial of service, code execution

Affected products	External IDs

Update Canonical Ubuntu Desktop: USN-7396-1: OVN vulnerability Trust: 3.25 Fetched: May 2, 2025, 9:22 a.m., Published: Jan. 2, 7396, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

canonical

model:

ubuntu

AirPlay Security Flaws Impact Third-Party Devices and Unpatched Apple Products - MacRumors Trust: 3.75 Fetched: May 2, 2025, 9:21 a.m., Published: May 16, 2025, midnight	Vulnerabilities: denial of service, code execution

Affected products

External IDs

vendor:	apple	model:	tvos
vendor:	apple	model:	macos

Verizon 2025 DBIR: Tenable Research Collaboration Shines a Spotlight on CVE Remediation Trends - Blog \| Tenable® Related entries in the VARIoT vulnerabilities database: VAR-202401-1629, VAR-202403-2416, VAR-202401-2573 Trust: 4.25 Fetched: May 2, 2025, 9:19 a.m., Published: April 23, 2025, 4:05 a.m.	Vulnerabilities: improper access control, authentication vulnerability, access control vulnerability...

Affected products

External IDs

vendor:	palo	model:	networks globalprotect
vendor:	palo	model:	palo alto networks globalprotect
vendor:	palo	model:	networks
vendor:	palo	model:	pan-os
vendor:	citrix	model:	application delivery controller
vendor:	citrix	model:	netscaler gateway
vendor:	citrix	model:	netscaler application delivery controller
vendor:	citrix	model:	netscaler
vendor:	citrix	model:	gateway
vendor:	sonicwall	model:	sonicos
vendor:	trend	model:	security
vendor:	palo alto networks	model:	networks globalprotect
vendor:	palo alto networks	model:	palo alto networks globalprotect
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	pan-os
vendor:	cisco	model:	netscaler gateway

db:

NVD

ids:

CVE-2023-36845, CVE-2023-6549, CVE-2024-3400, CVE-2023-48788, CVE-2023-46805, CVE-2024-21762, CVE-2024-23113, CVE-2024-20359, CVE-2024-21887, CVE-2024-21893, CVE-2023-6548, CVE-2023-36851, CVE-2024-47575, CVE-2023-36846, CVE-2023-4966, CVE-2023-36847, CVE-2024-40766, CVE-2023-36844

Update Your Apple Devices Now to Keep Them Safe From New AirPlay Vulnerability \| Lifehacker Trust: 4.5 Fetched: May 2, 2025, 9:18 a.m., Published: April 30, 2025, 6:30 p.m.	Vulnerabilities: denial of service

Affected products

External IDs

vendor:	apple	model:	iphone
vendor:	apple	model:	ipad
vendor:	apple	model:	watch
vendor:	apple	model:	software update

Analyzing CVE-2025-31191: A macOS security-scoped bookmarks-based sandbox escape - ThreatsHub Cybersecurity News Related entries in the VARIoT vulnerabilities database: VAR-202208-1613, VAR-202205-1302, VAR-202108-2070 Trust: 4.75 Fetched: May 2, 2025, 9:18 a.m., Published: May 1, 2025, 5 p.m.	Vulnerabilities: script execution

Affected products

External IDs

vendor:

apple

model:

macos

db:

NVD

ids:

CVE-2022-26696, CVE-2022-26706, CVE-2021-30864, CVE-2025-31191

VARIoT news about IoT security