Sign-up

VARIoT news about IoT security

Update Canonical Ubuntu Server: USN-7504-1: LibreOffice vulnerability

Trust: 3.25

Fetched: June 4, 2025, 9:23 a.m., Published: Jan. 4, 7504, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

Android Security Patch Level Warning from Qualcomm Chips - Inside Telecom

Trust: 4.75

Fetched: June 4, 2025, 9:22 a.m., Published: June 3, 2025, 6:45 p.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: android
vendor: essential model: phone
db: NVD ids: CVE-2025-21480, CVE-2025-27038, CVE-2025-21479

Cisco fixes max severity IOS XE flaw letting attackers hijack devices

Trust: 3.25

Fetched: June 4, 2025, 9:22 a.m., Published: June 10, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: ios xe

Android Security Patch Level Warning from Qualcomm Chips - Inside Telecom

Trust: 4.75

Fetched: June 4, 2025, 9:21 a.m., Published: June 3, 2025, 6:45 p.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: android
vendor: essential model: phone
db: NVD ids: CVE-2025-21480, CVE-2025-27038, CVE-2025-21479

CVE-2025-24220 - Apple iPadOS and iOS Persistent Device Identifier Read Permissions Vulnerability

Trust: 3.75

Fetched: June 4, 2025, 9:21 a.m., Published: May 12, 2025, 10:15 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: iphone_os
db: NVD ids: CVE-2025-24220

Critical Cisco IOS XE Vulnerability Exposes Devices to Remote Attacks - This Week Health

Trust: 3.0

Fetched: June 4, 2025, 9:20 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco ios xe
vendor: cisco model: cisco ios
vendor: cisco model: ios xe

Update Microsoft SharePoint Server 2019: KB5002708: Resolves a Microsoft SharePoint Server remote code execution vulnerability

Trust: 3.25

Fetched: June 4, 2025, 9:19 a.m., Published: June 4, 2019, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-30384, CVE-2025-30382, CVE-2025-30378, CVE-2025-29976

U.S. CISA adds ASUS RT-AX55 devices, Craft CMS, and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog

Related entries in the VARIoT vulnerabilities database: VAR-202309-0729, VAR-202105-1346

Trust: 5.75

Fetched: June 4, 2025, 9:19 a.m., Published: June 3, 2025, 7:34 p.m.
 Vulnerabilities: code injection, os command injection, command injection...
Affected productsExternal IDs
vendor: asus model: routers
vendor: asus model: asus
db: NVD ids: CVE-2023-39780, CVE-2025-3935, CVE-2024-56145, CVE-2025-35939, CVE-2021-32030

Increased Exploitation Risk for Critical Cisco Vulnerability: What You Need to Know - UNDERCODE NEWS

Trust: 4.5

Fetched: June 4, 2025, 9:18 a.m., Published: June 4, 2025, 1:43 a.m.
 Vulnerabilities: file upload vulnerability, path traversal
Affected productsExternal IDs
vendor: cisco model: wireless controller
vendor: cisco model: cisco ios xe
vendor: cisco model: ios xe
vendor: cisco model: cisco ios
vendor: cisco model: ios xe software
vendor: cisco systems model: wireless controller
vendor: cisco systems model: cisco ios xe
vendor: cisco systems model: ios xe
vendor: cisco systems model: cisco ios
vendor: cisco systems model: ios xe software
db: NVD ids: CVE-2025-20188

Android Security Update - Patch for Vulnerabilities that Allows Privilege Escalation

Trust: 4.5

Fetched: June 4, 2025, 9:16 a.m., Published: June 3, 2025, 3:42 p.m.
 Vulnerabilities: privilege escalation, code execution
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2024-53026, CVE-2025-0835, CVE-2025-0073, CVE-2024-53010, CVE-2025-0819, CVE-2024-53021, CVE-2024-53020, CVE-2024-53019, CVE-2025-27029, CVE-2024-47893, CVE-2024-12837, CVE-2024-12576, CVE-2025-21486, CVE-2025-21485, CVE-2025-0478, CVE-2025-25178, CVE-2025-21424, CVE-2025-0468

Update Microsoft SharePoint Server 2016: KB5002722: resolves a Microsoft SharePoint Server remote code execution vulnerability

Trust: 4.25

Fetched: June 4, 2025, 9:15 a.m., Published: June 4, 2016, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-30384, CVE-2025-30382, CVE-2025-30378, CVE-2025-29976

ASUS router backdoors affect 9K devices, persist after firmware updates | SC Media

Related entries in the VARIoT vulnerabilities database: VAR-202105-1346, VAR-202309-0729

Trust: 4.75

Fetched: June 4, 2025, 9:15 a.m., Published: Oct. 15, 2024, 6 p.m.
 Vulnerabilities: authentication bypass, command injection
Affected productsExternal IDs
vendor: asus model: routers
vendor: asus model: router
vendor: asus model: rt-ac3200
vendor: asus model: rt-ac3100
vendor: asus model: rt-ac3100 firmware
vendor: asus model: asus
vendor: asus model: gt-ac2900
db: NVD ids: CVE-2021-32030, CVE-2023-39780

Cisco Clears VPN Vulnerabilities - ISSSource

Trust: 4.5

Fetched: June 4, 2025, 9:14 a.m., Published: June 3, 2025, 7:14 p.m.
 Vulnerabilities: resource management vulnerability
Affected productsExternal IDs
vendor: cisco model: meraki mx
vendor: cisco model: series
vendor: cisco model: meraki mx firmware
db: NVD ids: CVE-2024-20502, CVE-2024-20501, CVE-2024-20500, CVE-2024-20513, CVE-2024-20498, CVE-2024-20499

ABB M2M Gateway Improper Privilege Management in embedded De... - vulnerability database | Vulners.com

Trust: 4.25

Fetched: June 4, 2025, 9:13 a.m., Published: May 27, 2025, midnight
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2022-41973, CVE-2022-41974

Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN Denial of Service Vulnerabilities

Trust: 4.75

Fetched: June 4, 2025, 9:13 a.m., Published: June 2, 2025, 2:22 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: meraki mx
vendor: cisco model: series
db: NVD ids: CVE-2024-20502, CVE-2024-20501, CVE-2024-20500, CVE-2024-20513, CVE-2024-20498, CVE-2024-20499

Asus Router Vulnerability: Thousands of Devices Hacked in Stealthy Cyberattack - What You Need to Know- Fing

Related entries in the VARIoT vulnerabilities database: VAR-202309-0729

Trust: 3.75

Fetched: June 4, 2025, 9:11 a.m., Published: June 3, 2025, 1:42 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: asus model: routers
vendor: asus model: router
vendor: asus model: asus
db: NVD ids: CVE-2023-39780

Schneider Electric IoT Devices Vulnerable to High-Severity Buffer Overflow Attack | Windows Forum

Trust: 6.0

Fetched: June 4, 2025, 9:10 a.m., Published: May 4, 2025, midnight
 Vulnerabilities: code injection, buffer overflow, authentication bypass...
Affected productsExternal IDs
vendor: schneider electric model: monitor
vendor: schneider model: monitor
db: NVD ids: CVE-2023-4041

device vulnerability | Windows Forum

Trust: 3.25

Fetched: June 4, 2025, 9:10 a.m., Published: May 4, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs

Qualcomm Adreno GPU 0-Day Vulnerabilities Exploited to Attack Android Users

Trust: 5.5

Fetched: June 4, 2025, 9:09 a.m., Published: June 2, 2025, 4:24 p.m.
 Vulnerabilities: memory corruption, command execution
Affected productsExternal IDs
vendor: google model: chrome
vendor: google model: android
vendor: oneplus model: oneplus
vendor: samsung model: samsung
vendor: samsung model: note
vendor: samsung model: mobile
vendor: xiaomi model: browser
db: NVD ids: CVE-2025-21480, CVE-2025-27038, CVE-2025-21479

Phone chipmaker Qualcomm fixes three zero-days exploited by hackers | TechCrunch

Trust: 3.75

Fetched: June 4, 2025, 9:04 a.m., Published: June 3, 2025, 6:59 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: google model: pixel
db: NVD ids: CVE-2025-21480, CVE-2025-27038, CVE-2025-21479