Sign-up

VARIoT news about IoT security

CVE-2025-38625 - vfio/pds: Fix missing detach_ioas op - SecAlerts

Trust: 3.25

Fetched: Aug. 24, 2025, 9:54 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-38625

CVE-2025-38649 : Infinite Loop Vulnerability in QCS615 Coresight Devices by Qualcomm

Trust: 5.0

Fetched: Aug. 24, 2025, 9:53 a.m., Published: Aug. 22, 2025, 4 p.m.
 Vulnerabilities: infinite loop vulnerability, system crash
Affected productsExternal IDs
db: NVD ids: CVE-2025-38649

Update Canonical Ubuntu Desktop: USN-7709-1: WEBrick vulnerability

Trust: 4.25

Fetched: Aug. 24, 2025, 9:53 a.m., Published: Jan. 24, 7709, midnight
 Vulnerabilities: request smuggling attack
Affected productsExternal IDs
vendor: canonical model: ubuntu

CVE-2025-38645 : Linux Kernel Memory Access Vulnerability in Mellanox Device Drivers

Trust: 4.25

Fetched: Aug. 24, 2025, 9:53 a.m., Published: Aug. 22, 2025, 4 p.m.
 Vulnerabilities: memory access vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2025-38645

Stop API Attacks on Devices | Arkose Labs

Trust: 3.75

Fetched: Aug. 24, 2025, 9:52 a.m., Published: July 30, 2025, 1:02 p.m.
 Vulnerabilities: spoofing and impersonation
Affected productsExternal IDs
vendor: trend model: security

CVE-2025-38620 - zloop: fix KASAN use-after-free of tag set - SecAlerts

Trust: 3.0

Fetched: Aug. 24, 2025, 9:52 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-38620

Apple just dropped a security update for all its platforms

Trust: 4.0

Fetched: Aug. 24, 2025, 9:51 a.m., Published: Aug. 20, 2025, 7:45 p.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: software update

Cloaked - Could Your Network Be at Risk from a 7-Year-Old Cisco Vulnerability?

Related entries in the VARIoT vulnerabilities database: VAR-201803-1387

Trust: 4.5

Fetched: Aug. 24, 2025, 9:51 a.m., Published: Aug. 7, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: cisco model: guard
vendor: cisco model: routers
vendor: cisco model: ios xe
vendor: cisco model: cisco ios
db: NVD ids: CVE-2018-0171

Serious Security Vulnerabilities in Dahua Cameras Enable Remote Takeover via ONVIF and File Upload Exploits July 30, 2025 Firmware Security / Vulnerability Cybersecurity researchers have revealed critical security vulnerabilities within the firmware of Dahua smart cameras, which have since been patched. If left unaddressed, these flaws could allow attackers to take control of affected devices. According to a report from Bitdefender shared with The Hacker News, the vulnerabilities-related to the device's ONVIF protocol and file upload handlers-enable unauthorized attackers to execute arbitrary commands remotely, effectively seizing control of the device. Tracked as CVE-2025-31700 and CVE-2025-31701 (CVSS scores: 8.1), the vulnerabilities impact the following device series running firmware versions with build timestamps prior to April 16, 2025: IPC-1XXX Series IPC-2XXX Series IPC-WX Series IPC-ECXX Series SD3A Series SD2A Series SD3D Series SDT2A Series SD2C Series Users can check their device's build time by logging into the web interface and navigating to Settings → System Information → Version. Both vulnerabilities are classified as... - Breach Spot

Trust: 4.75

Fetched: Aug. 24, 2025, 9:51 a.m., Published: Aug. 1, 2025, 5 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: dahua model: dahua camera
vendor: dahua model: camera
db: NVD ids: CVE-2025-31701, CVE-2025-31700

CVE-2025-20133: Remote Access SSL VPN Vulnerability in Cisco Secure Firewall ASA Software and Secure FTD Software - Cybersecurity Exploit Tracker by Ameeba

Trust: 5.0

Fetched: Aug. 24, 2025, 9:50 a.m., Published: Nov. 30, 0001, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: asa software
db: NVD ids: CVE-2025-20133

Apple fixes zero-day vulnerability exploited in "extremely sophisticated attack" (CVE-2025-43300) - Help Net Security

Trust: 6.0

Fetched: Aug. 24, 2025, 9:48 a.m., Published: Aug. 20, 2025, 7:23 p.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2025-43300

Apple Addresses Zero-Day Vulnerability Threatening Crypto Wallets | MEXC News

Trust: 4.0

Fetched: Aug. 24, 2025, 9:47 a.m., Published: Aug. 23, 2025, 3:02 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2025-43300

Apple Releases Patch for Likely Exploited Zero-Day Vulnerability - Infosecurity Magazine

Trust: 4.75

Fetched: Aug. 24, 2025, 9:46 a.m., Published: Aug. 22, 2025, 10:30 a.m.
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: apple model: macos
vendor: apple model: webkit
db: NVD ids: CVE-2025-43300

Apple Patches Zero-Click Vulnerability That Posed Risks For Crypto Users - FinanceFeeds

Trust: 3.0

Fetched: Aug. 24, 2025, 9:46 a.m., Published: Aug. 22, 2025, 6:59 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos

Update Canonical Ubuntu Desktop: USN-7708-1: poppler vulnerability

Trust: 4.25

Fetched: Aug. 24, 2025, 9:46 a.m., Published: Jan. 24, 7708, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu

Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Sensitive Information Disclosure Vulnerability

Trust: 5.0

Fetched: Aug. 24, 2025, 9:45 a.m., Published: Aug. 20, 2025, 3:53 p.m.
 Vulnerabilities: information disclosure
Affected productsExternal IDs
vendor: cisco model: cisco evolved programmable network manager
vendor: cisco model: cisco prime infrastructure
vendor: cisco model: prime infrastructure
vendor: cisco model: evolved programmable network manager

Latest apple news today: Is Apple failing to protect users? Zero-Click vulnerability puts iPhones, iPads, Macs and Crypto wallets at risk - The Economic Times

Trust: 3.25

Fetched: Aug. 24, 2025, 9:44 a.m., Published: Aug. 19, 2025, midnight
 Vulnerabilities: memory corruption, code execution
Affected productsExternal IDs
vendor: apple model: ipad
vendor: apple model: macos
vendor: apple model: iphone
vendor: apple model: software update

Critical HashiCorp Vulnerability Execute Arbitrary Code on Underlying Host

Trust: 3.5

Fetched: Aug. 24, 2025, 9:43 a.m., Published: Aug. 4, 2025, 10 a.m.
 Vulnerabilities: file execution, privilege escalation, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-6000

Patch or Disable: Containing Static Tundra Exploiting CVE-2018-0171 in Cisco Devices | Windows Forum

Related entries in the VARIoT vulnerabilities database: VAR-201803-1387

Trust: 4.25

Fetched: Aug. 24, 2025, 9:42 a.m., Published: Aug. 22, 2025, 8:42 a.m.
 Vulnerabilities: buffer overflow, code execution
Affected productsExternal IDs
vendor: cisco model: tftp server
vendor: cisco model: routers
vendor: cisco model: ios xe
vendor: cisco model: cisco ios
db: NVD ids: CVE-2018-0171

Apple Addresses Zero-Day Vulnerability Threatening Crypto Wallets

Trust: 4.0

Fetched: Aug. 24, 2025, 9:42 a.m., Published: Aug. 23, 2025, 7:02 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2025-43300