Sign-up

VARIoT news about IoT security

CISA Adds Critical Vulnerabilities: What Windows Administrators Must Know | Windows Forum

Related entries in the VARIoT vulnerabilities database: VAR-201708-0889

Trust: 5.5

Fetched: March 21, 2025, 9:14 a.m., Published: May 21, 2025, midnight
 Vulnerabilities: command injection, path traversal, directory traversal...
Affected productsExternal IDs
vendor: trend model: security
db: NVD ids: CVE-2017-12637, CVE-2025-1316, CVE-2024-48248

Apache Camel Vulnerability Let Attackers Inject Arbitrary Headers - PoC Exploit

Trust: 4.0

Fetched: March 21, 2025, 9:14 a.m., Published: March 12, 2025, 6:49 a.m.
 Vulnerabilities: arbitrary command execution, code execution, header injection...
Affected productsExternal IDs
db: NVD ids: CVE-2025-27636

Windows File Explorer Vulnerability Let Attackers Perform Network Spoofing - PoC Released

Trust: 4.0

Fetched: March 21, 2025, 9:14 a.m., Published: March 19, 2025, 8:56 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: wireshark model: wireshark
db: NVD ids: CVE-2025-24071

CISA Warns of Fortinet FortiOS Authentication Bypass Vulnerability

Trust: 4.75

Fetched: March 21, 2025, 9:12 a.m., Published: March 19, 2025, 6:31 a.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2025-24472

What Is a Configuration Vulnerability? | Datto

Trust: 4.0

Fetched: March 21, 2025, 9:09 a.m., Published: June 20, 2019, 10:09 a.m.
 Vulnerabilities: configuration vulnerability
Affected productsExternal IDs

CVE-2024-57040 (CVSS 9.8): TP-Link TL-WR845N Router Vulnerability Grants Hackers Easy Access

Trust: 3.0

Fetched: March 21, 2025, 9:07 a.m., Published: March 17, 2025, 1:55 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-57040

Windows Remote Desktop Services Vulnerability Allows Code Execution

Trust: 4.0

Fetched: March 19, 2025, 9:21 a.m., Published: March 12, 2025, 12:02 p.m.
 Vulnerabilities: code execution, path traversal, buffer overflow
Affected productsExternal IDs
db: NVD ids: CVE-2025-26645, CVE-2025-24045, CVE-2025-24084, CVE-2025-24057, CVE-2025-24035, CVE-2025-24064

CISA Warns of Juniper Junos OS Improper Isolation Vulnerability Exploited in Wild

Trust: 4.0

Fetched: March 19, 2025, 9:20 a.m., Published: March 13, 2025, 4:30 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2025-21590

CVE-2025-24076 : Privilege Elevation Vulnerability in Windows Cross Device Service by Microsoft | SecurityVulnerability.io

Trust: 3.25

Fetched: March 19, 2025, 9:18 a.m., Published: March 11, 2025, 4:59 p.m.
 Vulnerabilities: privilege elevation
Affected productsExternal IDs
db: NVD ids: CVE-2025-24076

A Survey on IoT Vulnerability Discovery | SpringerLink

Trust: 3.5

Fetched: March 19, 2025, 9:17 a.m., Published: March 19, 2022, midnight
 Vulnerabilities: -

Chrome Security Update - Patch for Multiple High-Severity Vulnerabilities

Trust: 4.75

Fetched: March 19, 2025, 9:16 a.m., Published: March 11, 2025, 7:32 a.m.
 Vulnerabilities: code execution, memory corruption
Affected productsExternal IDs
vendor: google model: chrome
db: NVD ids: CVE-2025-2137, CVE-2025-2135, CVE-2025-1920, CVE-2025-2136

Find All The Vulnerabilities Hiding in IoT Devices - Finite State

Related entries in the VARIoT vulnerabilities database: VAR-201404-0592

Trust: 3.5

Fetched: March 19, 2025, 9:15 a.m., Published: March 5, 2025, midnight
 Vulnerabilities: sql injection, privilege escalation, buffer overflow...
Affected productsExternal IDs
db: NVD ids: CVE-2014-0160

Meltdown/Spectre vulnerability status for Chrome OS devices

Related entries in the VARIoT vulnerabilities database: VAR-201801-0826, VAR-201801-1712, VAR-201801-1711, VAR-201805-0963

Trust: 3.5

Fetched: March 19, 2025, 9:13 a.m., Published: March 2, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: chrome os
vendor: google model: chrome
vendor: lenovo model: flex
vendor: lenovo model: thinkpad yoga 11e
vendor: lenovo model: thinkpad 13
vendor: lenovo model: yoga 11e
vendor: lenovo model: thinkpad
vendor: lenovo model: thinkpad yoga
vendor: lenovo model: thinkpad x131e
vendor: lenovo model: system
vendor: lenovo model: updates
vendor: lenovo model: thinkpad 11e
vendor: lenovo model: yoga
vendor: asus model: asus
vendor: samsung model: samsung
vendor: samsung model: note
db: NVD ids: CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3639

Schneider Electric's ASCO Annunciators: Vulnerabilities that Could Make Your Devices Go 'Announce-ya Later!' - The Nimble Nerd

Trust: 3.75

Fetched: March 19, 2025, 9:13 a.m., Published: March 19, 5310, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs

Cisco IOS, IOS XE, and IOS XR Software Link Layer Discovery Protocol Buffer Overflow Vulnerabilities

Trust: 3.75

Fetched: March 19, 2025, 9:12 a.m., Published: Dec. 15, 2022, 10:19 p.m.
 Vulnerabilities: buffer overflow
Affected productsExternal IDs
vendor: cisco systems model: link layer discovery protocol
vendor: cisco systems model: ios software
vendor: cisco systems model: nx-os
vendor: cisco systems model: cisco ios
vendor: cisco systems model: ios xr
vendor: cisco systems model: catalyst
vendor: cisco systems model: ios xr software
vendor: cisco systems model: cisco ios xe
vendor: cisco systems model: ios xr software releases
vendor: cisco systems model: nx-os software
vendor: cisco systems model: technical support
vendor: cisco systems model: ios xe
vendor: cisco systems model: router
vendor: cisco systems model: cisco nx-os
vendor: cisco systems model: ios xe software
vendor: cisco systems model: cisco ios xr
vendor: cisco systems model: series
vendor: cisco model: link layer discovery protocol
vendor: cisco model: ios software
vendor: cisco model: nx-os
vendor: cisco model: cisco ios
vendor: cisco model: ios xr
vendor: cisco model: catalyst
vendor: cisco model: ios xr software
vendor: cisco model: cisco ios xe
vendor: cisco model: ios xr software releases
vendor: cisco model: nx-os software
vendor: cisco model: technical support
vendor: cisco model: ios xe
vendor: cisco model: router
vendor: cisco model: cisco nx-os
vendor: cisco model: ios xe software
vendor: cisco model: cisco ios xr
vendor: cisco model: series

Top Vulnerabilities in Connected Devices in your Home

Trust: 3.75

Fetched: March 19, 2025, 9:12 a.m., Published: March 2, 2025, midnight
 Vulnerabilities: command injection, cross-site scripting
Affected productsExternal IDs
vendor: google model: home

Android zero-day vulnerabilities actively abused. Update as soon as you can | Malwarebytes

Trust: 4.0

Fetched: March 19, 2025, 9:05 a.m., Published: March 5, 2025, 12:03 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2024-43093, CVE-2024-50302

Fix CVE-2025-24201: Apple Web Sandbox Vulnerability

Trust: 4.5

Fetched: March 19, 2025, 9:04 a.m., Published: March 13, 2025, midnight
 Vulnerabilities: memory corruption
Affected productsExternal IDs
vendor: apple model: software update
vendor: apple model: safari
vendor: apple model: macos
db: NVD ids: CVE-2025-24201

Update Canonical Ubuntu Server: USN-7281-1: GnuTLS vulnerability

Trust: 4.25

Fetched: March 18, 2025, 9:21 a.m., Published: Jan. 18, 7281, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu

Apple just released an emergency security update for a flaw used in an ‘extremely sophisticated attack’ - update your devices right now | Tom's Guide

Trust: 3.75

Fetched: March 18, 2025, 9:21 a.m., Published: March 12, 2025, 3:12 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
vendor: apple model: webkit
vendor: apple model: ipad
vendor: apple model: macos
vendor: apple model: iphone
vendor: apple model: safari
db: NVD ids: CVE-2025-24201