Sign-up

VARIoT news about IoT security

CVE-2025-27212: Command Injection Vulnerability in UniFi Access Devices - Cybersecurity Exploit Tracker by Ameeba

Trust: 5.0

Fetched: Aug. 10, 2025, 10:13 a.m., Published: Nov. 30, 0001, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-27212

Security alerts - Microsoft Defender for Identity | Microsoft Learn

Trust: 3.0

Fetched: Aug. 10, 2025, 10:13 a.m., Published: May 8, 2025, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs

CitrixBleed 2: When Memory Leaks Become Session Hijacks | Splunk

Trust: 4.25

Fetched: Aug. 10, 2025, 10:12 a.m., Published: Aug. 2, 2025, midnight
 Vulnerabilities: memory leak, session hijacking
Affected productsExternal IDs
vendor: citrix model: netscaler
vendor: citrix model: netscaler gateway
vendor: citrix model: netscaler adc
vendor: citrix model: gateway
vendor: cisco model: netscaler gateway
vendor: snort model: snort
db: NVD ids: CVE-2023-4966, CVE-2025-5777

CVE-2025-30124: Critical Vulnerability in Marbella KR8s Dashcam Devices Exposes Clear-text Passwords - Cybersecurity Exploit Tracker by Ameeba

Trust: 3.0

Fetched: Aug. 10, 2025, 10:11 a.m., Published: Aug. 3, 2025, 5:39 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-30124

Indian government warns of security issues affecting 2B Apple devices

Trust: 3.0

Fetched: Aug. 10, 2025, 10:11 a.m., Published: Dec. 1, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: watchos
vendor: apple model: watch
vendor: apple model: tvos
vendor: apple model: macos
vendor: apple model: apple tv

Google patches critical Android vulnerabilities in August 2025 security bulletin

Trust: 4.75

Fetched: Aug. 10, 2025, 10:09 a.m., Published: Aug. 10, 2025, midnight
 Vulnerabilities: code execution, authorization vulnerability
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2025-48530, CVE-2025-27038, CVE-2025-21479

Critical RCE Vulnerabilities Identified in Sophos Firewall and SMA 100 Devices: Urgent Patches Released by Sophos and SonicWall July 24, 2025 Network Security / Vulnerability Sophos and SonicWall have issued a warning regarding serious security flaws in Sophos Firewall and Secure Mobile Access (SMA) 100 Series appliances, which could be exploited for remote code execution. The two critical vulnerabilities affecting Sophos Firewall are as follows: CVE-2025-6704 (CVSS score: 9.8): An arbitrary file writing vulnerability within the Secure PDF eXchange (SPX) feature that can enable pre-auth remote code execution if specific SPX configurations are used alongside firewall operation in High Availability (HA) mode. CVE-2025-7624 (CVSS score: 9.8): An SQL injection vulnerability in the legacy (transparent) SMTP proxy that can result in remote code execution, contingent on an active quarantining policy for Email and if SFOS has been upgraded from a version prior to 21.0 GA. Sophos reports that CVE-2025-6704 affects approximately 0.05% of devices, while CVE-2025-7624 impacts up to 0.73% of devices. Both vulnerabilities have been addressed in a recent update, along with a high-severity command injection vulnerability. - Breach Spot

Trust: 5.5

Fetched: Aug. 10, 2025, 10:07 a.m., Published: Aug. 3, 2025, 1 p.m.
 Vulnerabilities: sql injection, code execution, privilege escalation...
Affected productsExternal IDs
vendor: sonicwall model: sma 100
vendor: sonicwall model: secure mobile access
vendor: sophos model: mobile
vendor: sophos model: firewall
db: NVD ids: CVE-2025-6704, CVE-2025-7624

Apple's Latest Security Patch Fixes a Zero-Day Vulnerability Targeting Chrome | Lifehacker

Trust: 3.75

Fetched: Aug. 10, 2025, 10:05 a.m., Published: Aug. 1, 2025, 10:30 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: google chrome
vendor: apple model: watchos
vendor: apple model: macos
vendor: apple model: iphone
vendor: apple model: safari
vendor: apple model: software update
vendor: apple model: tvos
db: NVD ids: CVE-2025-6558

Hackers Beware: Dell Laptop Firmware Vulnerabilities Put Credentials at Risk - SecPod Blog

Trust: 4.25

Fetched: Aug. 10, 2025, 10:05 a.m., Published: Aug. 6, 2025, 12:53 p.m.
 Vulnerabilities: code execution, buffer overflow, privilege escalation...
Affected productsExternal IDs
vendor: dell model: latitude
vendor: broadcom model: linux
vendor: cisco model: series
db: NVD ids: CVE-2025-25215, CVE-2025-24919, CVE-2025-24922, CVE-2025-24311, CVE-2025-25050

CVE-2020-25078 - D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability | ScyScan

Related entries in the VARIoT vulnerabilities database: VAR-202009-0782

Trust: 5.75

Fetched: Aug. 10, 2025, 10:05 a.m., Published: Aug. 5, 2025, midnight
 Vulnerabilities: password disclosure
Affected productsExternal IDs
vendor: d-link model: dcs-2670l
vendor: d-link model: dcs-2530l
vendor: dlink model: dcs-2670l
vendor: dlink model: dcs-2530l
db: NVD ids: CVE-2020-25078

Update Canonical Ubuntu Server: USN-7681-1: Linux kernel vulnerability

Trust: 3.0

Fetched: Aug. 10, 2025, 10:04 a.m., Published: Jan. 10, 7681, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

D-Link cameras under attack! Hackers are still exploiting vulnerabilities from 2020. CISA warns.

Related entries in the VARIoT vulnerabilities database: VAR-202009-0782, VAR-202009-0783

Trust: 3.75

Fetched: Aug. 10, 2025, 10:04 a.m., Published: Aug. 6, 2025, 12:04 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: d-link model: dcs-2670l
vendor: d-link model: dnr-322l
vendor: d-link model: dcs-2530l
db: NVD ids: CVE-2020-40799, CVE-2020-25078, CVE-2020-25079

Vulnerability Management Lifecycle: An Easy Guide | SentinelOne

Trust: 3.75

Fetched: Aug. 10, 2025, 10:02 a.m., Published: July 25, 2025, 6:25 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: rapid model: scada

Google Addresses Fifth Zero-day Vulnerability impacting Chrome Browser (CVE-2025-6558) - Qualys ThreatPROTECT

Trust: 5.75

Fetched: Aug. 10, 2025, 10:02 a.m., Published: -
 Vulnerabilities: integer overflow
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: google chrome
db: NVD ids: CVE-2025-6558, CVE-2025-7657, CVE-2025-7656

CVE-2025-20332 - Cisco Identity Services Engine Authorization Bypass Vulnerability - SecAlerts

Trust: 3.75

Fetched: Aug. 10, 2025, 10:02 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco identity services engine
vendor: cisco model: identity services engine
db: NVD ids: CVE-2025-20332

Joint Statement on SharePoint vulnerabilities - Assessment and advice on recovery and mitigating actions | ENISA

Trust: 3.0

Fetched: Aug. 10, 2025, 9:56 a.m., Published: July 22, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-53770, CVE-2025-49706, CVE-2025-53771, CVE-2025-49704

Watch out, another max-severity Cisco bug on the loose • The Register

Trust: 3.5

Fetched: Aug. 10, 2025, 9:55 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend micro model: security
vendor: trend model: security
vendor: cisco model: unified communications manager session management edition
vendor: cisco model: identity services engine
vendor: cisco model: unified communications
vendor: cisco model: unified communications manager
vendor: cisco model: network access control
db: NVD ids: CVE-2025-20337, CVE-2025-20282, CVE-2025-20281

MediaTek Chip Vulnerabilities Allow Attackers to Gain Elevated Access

Trust: 6.0

Fetched: Aug. 10, 2025, 9:55 a.m., Published: Aug. 5, 2025, 10:40 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2025-20698, CVE-2025-20697, CVE-2025-20696

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities - Cisco

Trust: 5.0

Fetched: Aug. 10, 2025, 9:54 a.m., Published: Aug. 6, 2025, 11:57 a.m.
 Vulnerabilities: cross-site scripting
Affected productsExternal IDs
vendor: cisco model: identity services engine
vendor: cisco model: cisco identity services engine

Cisco Unified Intelligence Center Arbitrary File Upload Vulnerability

Trust: 3.75

Fetched: Aug. 10, 2025, 9:54 a.m., Published: July 16, 2025, 3:57 p.m.
 Vulnerabilities: file upload vulnerability
Affected productsExternal IDs
vendor: cisco model: unified intelligence center
vendor: cisco model: cisco unified intelligence center