Sign-up

VARIoT news about IoT security

Update Microsoft SQL Server 2017: KB5063760: Fixes a SQL injection vulnerability in a system stored procedure.

Trust: 4.0

Fetched: Aug. 22, 2025, 9:34 a.m., Published: Aug. 22, 2017, midnight
 Vulnerabilities: sql injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-53727, CVE-2025-49759, CVE-2025-49758, CVE-2025-24999

Cisco Identity Services Engine Arbitrary File Upload Vulnerability

Trust: 5.0

Fetched: Aug. 22, 2025, 9:34 a.m., Published: Aug. 20, 2025, 4:43 p.m.
 Vulnerabilities: file upload vulnerability
Affected productsExternal IDs
vendor: cisco model: identity services engine
vendor: cisco model: cisco identity services engine

The Root(ing) Of All Evil: Security Holes That Could Compromise Your Mobile Device

Trust: 3.75

Fetched: Aug. 22, 2025, 9:33 a.m., Published: Aug. 13, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2024-48336

CVE-2025-43986: Unauthenticated Telnet Service Vulnerability in KuWFi GC111 Devices - Cybersecurity Exploit Tracker by Ameeba

Trust: 3.0

Fetched: Aug. 22, 2025, 9:33 a.m., Published: Nov. 30, 0001, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-43986

Critical HashiCorp Vulnerability Allows Attackers to Run Code on Host Machine

Trust: 4.75

Fetched: Aug. 22, 2025, 9:32 a.m., Published: Aug. 4, 2025, 6:02 a.m.
 Vulnerabilities: code execution, file execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-6000

Vulnerability Assessment and Patch Management - IT Exams Training - ActualTests

Trust: 3.75

Fetched: Aug. 22, 2025, 9:31 a.m., Published: Aug. 22, 2020, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: citrix model: application delivery controller

iPhone And Mac Users Alert! One Malicious Image Could Let Hackers Take Over Your Device

Trust: 4.75

Fetched: Aug. 22, 2025, 9:30 a.m., Published: June 18, 2002, midnight
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: apple model: ipad air
vendor: apple model: ipad
vendor: apple model: macos
vendor: apple model: iphone

Cisco Identity Services Engine Arbitrary File Upload Vulnerability (CVE-2025-20131)

Trust: 5.0

Fetched: Aug. 22, 2025, 9:30 a.m., Published: Aug. 21, 2025, 9:38 a.m.
 Vulnerabilities: file upload vulnerability
Affected productsExternal IDs
vendor: cisco model: identity services engine
vendor: cisco model: cisco identity services engine
db: NVD ids: CVE-2025-20131

Update Microsoft SQL Server 2019: KB5063758: Fixes a vulnerability that lets users who have access to certain stored procedure

Trust: 3.0

Fetched: Aug. 22, 2025, 9:29 a.m., Published: Aug. 22, 2019, midnight
 Vulnerabilities: sql injection
Affected productsExternal IDs
db: NVD ids: CVE-2025-53727, CVE-2025-49759, CVE-2025-49758, CVE-2025-24999

CVE-2025-43982: Hidden Hard-coded Root Account in Shenzhen Tuoshi NR500-EA Devices - Cybersecurity Exploit Tracker by Ameeba

Trust: 3.0

Fetched: Aug. 22, 2025, 9:29 a.m., Published: Nov. 30, 0001, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-43982

FBI, Cisco warn of Russia-linked hackers targeting critical infrastructure organizations | Cybersecurity Dive

Related entries in the VARIoT vulnerabilities database: VAR-201803-1387

Trust: 4.0

Fetched: Aug. 22, 2025, 9:28 a.m., Published: Aug. 20, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: ios software
db: NVD ids: CVE-2018-0171

CISA: 3 Urgent ICS/Medical Advisories (MELSEC iQ-F, Mitsubishi AC, Synapse Mobility) | Windows Forum

Trust: 3.25

Fetched: Aug. 22, 2025, 9:23 a.m., Published: Aug. 21, 2025, 4:10 p.m.
 Vulnerabilities: authentication bypass, privilege escalation
Affected productsExternal IDs
vendor: mitsubishi electric model: melsec iq-f
vendor: mitsubishielectric model: melsec iq-f
vendor: mitsubishi model: melsec iq-f

Russian state-sponsored espionage group Static Tundra compromises unpatched end-of-life network devices

Related entries in the VARIoT vulnerabilities database: VAR-201803-1387

Trust: 4.25

Fetched: Aug. 22, 2025, 9:22 a.m., Published: Aug. 20, 2025, 1 p.m.
 Vulnerabilities: denial of service, default credentials
Affected productsExternal IDs
vendor: cisco model: tftp server
vendor: cisco model: router
vendor: cisco model: ios xe software
vendor: cisco model: cisco ios xe
vendor: cisco model: ios software
vendor: cisco model: ios xe
vendor: cisco model: cisco ios
db: NVD ids: CVE-2018-0171

Apple Releases iOS 18.6.2 Urgent Update: Why You Must Install it Now?

Trust: 4.25

Fetched: Aug. 22, 2025, 9:09 a.m., Published: June 18, 2002, midnight
 Vulnerabilities: memory corruption
Affected productsExternal IDs
db: NVD ids: CVE-2025-43300

Update Canonical Ubuntu Desktop: USN-7688-1: cifs-utils vulnerabilities

Trust: 4.0

Fetched: Aug. 20, 2025, 11:13 a.m., Published: Jan. 20, 7688, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2022-29869, CVE-2021-20208, CVE-2022-27239, CVE-2020-14342

Zoom has fixed a critical vulnerability in the Windows version: users are advised to update urgently | dev.ua

Trust: 4.25

Fetched: Aug. 20, 2025, 11:12 a.m., Published: Aug. 25, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: zoom model: client
db: NVD ids: CVE-2025-49457

CVE-2025-20225 | TenableĀ®

Trust: 5.75

Fetched: Aug. 20, 2025, 11:11 a.m., Published: Aug. 2, 2025, midnight
 Vulnerabilities: memory leak, denial of service
Affected productsExternal IDs
vendor: cisco model: ios xe software
vendor: cisco model: ios software
vendor: cisco model: cisco ios
vendor: cisco model: ios xe
vendor: cisco model: adaptive security appliance
db: NVD ids: CVE-2025-20225

CVE-2025-38581 - crypto: ccp - Fix crash when rebind ccp device for ccp.ko - SecAlerts

Trust: 3.0

Fetched: Aug. 20, 2025, 11:11 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-38581

Security Advisory -Vulnerabilities found in some Dahua products - Dahua International

Trust: 3.5

Fetched: Aug. 20, 2025, 11:10 a.m., Published: -
 Vulnerabilities: code execution, buffer overflow, service disruption
Affected productsExternal IDs
db: NVD ids: CVE-2025-31700, CVE-2025-31701

Vulnerabilities

Trust: 4.5

Fetched: Aug. 20, 2025, 11:10 a.m., Published: Aug. 2, 2025, midnight
 Vulnerabilities: pointer dereference bug, resource exhaustion, denial of service...
Affected productsExternal IDs
vendor: google model: google chrome
vendor: google model: android
vendor: google model: chrome
db: NVD ids: CVE-2023-50868, CVE-2023-50387, CVE-2022-47929, CVE-2022-3786, CVE-2022-3602