VARIoT latest news about IoT security

7 Proactive Steps to Better IoT Security - Blue Goat Cyber Trust: 3.75 Fetched: April 30, 2025, 9:14 a.m., Published: Jan. 29, 2024, 11:31 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

home

Brocade Fabric OS flaw could allow code injection attacks \| CSO Online Trust: 6.0 Fetched: April 30, 2025, 9:13 a.m., Published: April 29, 2025, midnight	Vulnerabilities: code injection

Affected products

External IDs

vendor:	brocade	model:	brocade fabric os
vendor:	brocade	model:	fabric os

db:

NVD

ids:

CVE-2025-1976

IT Vulnerability Report: Fortinet Devices Vulnerable to Exploit Related entries in the VARIoT vulnerabilities database: VAR-202212-1132, VAR-202504-1837 Trust: 5.5 Fetched: April 30, 2025, 9:13 a.m., Published: April 21, 2025, 12:46 p.m.	Vulnerabilities: buffer overflow, authentication bypass, privilege escalation...

Affected products

External IDs

vendor:

alsa

model:

alsa

db:

NVD

ids:

CVE-2025-24071, CVE-2025-3102, CVE-2023-27997, CVE-2024-21762, CVE-2022-42475, CVE-2025-30065, CVE-2025-31334, CVE-2024-53197, CVE-2025-23120, CVE-2025-2005, CVE-2024-48887, CVE-2025-22457

WinZip MotW Bypass Vulnerability Let Hackers Execute Malicious Code Silently Trust: 4.25 Fetched: April 30, 2025, 9:12 a.m., Published: April 22, 2025, 2:37 a.m.	Vulnerabilities: privilege escalation, code execution

Affected products

External IDs

vendor:	trend	model:	antivirus
vendor:	trend	model:	security

db:

NVD

ids:

CVE-2025-0411, CVE-2024-8811, CVE-2025-31334, CVE-2025-33028

Critical Craft CMS RCE 0-Day Vulnerability Exploited in Attacks to Steal Data Trust: 4.75 Fetched: April 30, 2025, 9:11 a.m., Published: April 26, 2025, 4:07 a.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2024-58136, CVE-2025-32432, CVE-2025-23209

Hackers Attacking Network Edge Devices to Compromise SMB Organizations Trust: 3.5 Fetched: April 30, 2025, 9:11 a.m., Published: April 22, 2025, 1:20 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	citrix	model:	gateway
vendor:	citrix	model:	netscaler gateway
vendor:	citrix	model:	netscaler

db:

NVD

ids:

CVE-2024-40711

Critical ScreenConnect Vulnerability Let Attackers Inject Malicious Code Trust: 4.5 Fetched: April 30, 2025, 9:10 a.m., Published: April 26, 2025, 3:49 a.m.	Vulnerabilities: code injection, code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2024-1708, CVE-2025-3935, CVE-2024-1709

Linux USB Audio Driver Vulnerability Actively Exploited in the Wild Via Malicious USB Trust: 3.75 Fetched: April 30, 2025, 9:10 a.m., Published: April 9, 2025, 9:45 p.m.	Vulnerabilities: bounds access vulnerability, system crash

Affected products	External IDs

Wormable AirPlay Zero-Click RCE Flaw Allows Remote Device Hijack via Wi-Fi Trust: 5.5 Fetched: April 30, 2025, 9:09 a.m., Published: April 30, 2025, 5:42 a.m.	Vulnerabilities: buffer overflow, code execution

Affected products

External IDs

vendor:	apple	model:	tvos
vendor:	apple	model:	apple tv

db:

NVD

ids:

CVE-2025-24271, CVE-2025-24129, CVE-2025-24137, CVE-2025-24252, CVE-2025-24132, CVE-2025-24206

AirPlay Zero-Click RCE Vulnerability Enables Remote Device Takeover via Wi-Fi Trust: 5.75 Fetched: April 30, 2025, 9:08 a.m., Published: April 29, 2025, 2:14 p.m.	Vulnerabilities: code execution, authentication bypass, buffer overflow...

Affected products

External IDs

vendor:

apple

model:

macos

db:

NVD

ids:

CVE-2025-24271, CVE-2025-24132, CVE-2025-24252, CVE-2025-24206

AirBorne Exploits: Zero-Click Wormable RCE Hits Apple & IoT Devices Trust: 5.75 Fetched: April 30, 2025, 9:08 a.m., Published: April 29, 2025, 3:46 p.m.	Vulnerabilities: information disclosure, code execution

Affected products

External IDs

vendor:	apple	model:	tvos
vendor:	apple	model:	macos

db:

NVD

ids:

CVE-2025-24270, CVE-2025-24132, CVE-2025-24252

'AirBorne' Flaws Expose Apple Devices to Zero-Click RCE Attacks Trust: 5.5 Fetched: April 30, 2025, 9:07 a.m., Published: April 29, 2025, 3:54 p.m.	Vulnerabilities: buffer overflow, denial of service, information disclosure...

Affected products

External IDs

vendor:	apple	model:	tvos
vendor:	apple	model:	watchos
vendor:	apple	model:	macbook
vendor:	apple	model:	macos

db:

NVD

ids:

CVE-2025-24270, CVE-2025-24132, CVE-2025-24252

Volume of attacks on network devices shows need to replace end of life devices quickly - Source: www.csoonline.com - CISO2CISO.COM & CYBER SECURITY GROUP Related entries in the VARIoT vulnerabilities database: VAR-202404-0070, VAR-202404-0069 Trust: 4.5 Fetched: April 29, 2025, 9:53 a.m., Published: April 1, 2025, 6:03 p.m.	Vulnerabilities: default credentials, command injection

Affected products

External IDs

vendor:	check point	model:	check point
vendor:	cisco	model:	routers
vendor:	cisco systems	model:	routers

db:

NVD

ids:

CVE-2024-3273, CVE-2023-26801, CVE-2022-30023, CVE-2024-3272, CVE-2023-38035, CVE-2024-24919

Update Canonical Ubuntu Server: USN-7261-2: Vim vulnerability Trust: 5.25 Fetched: April 29, 2025, 9:51 a.m., Published: Feb. 28, 7261, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

canonical

model:

ubuntu

Kaspersky Threats Trust: 3.0 Fetched: April 29, 2025, 9:51 a.m., Published: -	Vulnerabilities: -

Affected products

External IDs

vendor:

google

model:

pixel

Update Canonical Ubuntu Server: USN-7414-1: XZ Utils vulnerability Trust: 4.25 Fetched: April 29, 2025, 9:50 a.m., Published: Jan. 29, 7414, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

canonical

model:

ubuntu

CISA Releases 9 ICS Advisories Covering Vulnerabilities & Exploits Related entries in the VARIoT vulnerabilities database: VAR-202504-1046 Trust: 4.5 Fetched: April 29, 2025, 9:49 a.m., Published: April 16, 2025, 11:05 a.m.	Vulnerabilities: code execution, use after free, integer overflow...

Affected products

External IDs

vendor:	delta electronics	model:	commgr
vendor:	delta	model:	commgr
vendor:	mitsubishi	model:	smartrtu
vendor:	siemens	model:	simocode
vendor:	siemens	model:	simatic
vendor:	national instruments	model:	labview
vendor:	national instruments	model:	national
vendor:	mitsubishi electric	model:	smartrtu

db:

NVD

ids:

CVE-2025-30280, CVE-2025-2567, CVE-2024-23814, CVE-2025-2632, CVE-2025-3128, CVE-2025-2631, CVE-2025-3232, CVE-2025-3495, CVE-2024-54092

Update Canonical Ubuntu Desktop: USN-7457-1: OpenSSH vulnerability Trust: 3.25 Fetched: April 29, 2025, 9:48 a.m., Published: Jan. 29, 7457, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

canonical

model:

ubuntu

SonicWall VPN Exploited, 16,000 Fortinet Devices Compromised \| OpenVPN Related entries in the VARIoT vulnerabilities database: VAR-202109-0375, VAR-202212-1132 Trust: 5.25 Fetched: April 29, 2025, 9:47 a.m., Published: April 29, 2025, midnight	Vulnerabilities: code execution, authentication bypass

Affected products

External IDs

vendor:	fortigate	model:	fortios
vendor:	sonicwall	model:	ssl-vpn
vendor:	sonicwall	model:	sma100
vendor:	sonicwall	model:	remote access
vendor:	sonicwall	model:	sma1000

db:

NVD

ids:

CVE-2023-27997, CVE-2024-21762, CVE-2021-20035, CVE-2022-42475

What is a Network Mapper? - GreenCloud - Affordable KVM and Windows VPS Trust: 3.0 Fetched: April 29, 2025, 9:47 a.m., Published: April 13, 2025, 2:08 a.m.	Vulnerabilities: -

Affected products	External IDs

VARIoT news about IoT security