Sign-up

VARIoT news about IoT security

AppArmor vulnerability fixes available | Ubuntu

Trust: 4.75

Fetched: March 17, 2026, 10:01 a.m., Published: March 12, 2026, midnight
 Vulnerabilities: privilege escalation, information leak, denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu

Android's March 2026 security patch fixes over 100 flaws, one under targeted exploitation - Help Net Security

Trust: 5.75

Fetched: March 17, 2026, 9:51 a.m., Published: March 3, 2026, 9:38 a.m.
 Vulnerabilities: privilege escalation, code execution, information disclosure
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2026-0030, CVE-2026-21385, CVE-2026-0027, CVE-2026-0038, CVE-2024-43859, CVE-2026-0028, CVE-2026-0047, CVE-2025-48631, CVE-2026-0037, CVE-2026-0006, CVE-2026-0031

CVE-2026-2329: Critical Unauthenticated Stack Buffer Overflow in Grandstream GXP1600 VoIP Phones (FIXED)

Trust: 5.25

Fetched: March 17, 2026, 9:48 a.m., Published: Feb. 18, 2026, midnight
 Vulnerabilities: code execution, buffer overflow
Affected productsExternal IDs
vendor: canary model: canary
vendor: grandstream model: gxp1610
vendor: grandstream model: gxp1628
vendor: grandstream model: gxp1615
vendor: grandstream model: gxp1625
vendor: grandstream model: gxp1630
vendor: grandstream model: gxp1620
vendor: grandstream model: gxp1600
db: NVD ids: CVE-2026-2329

875 Million Android Phones At Risk From 60-Second Hack

Trust: 4.0

Fetched: March 17, 2026, 9:39 a.m., Published: March 16, 2026, 7:34 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: essential model: phone
db: NVD ids: CVE-2026-20435

Qualcomm GBL Exploit Unlocks Bootloaders on Android 16 Flagships

Trust: 3.25

Fetched: March 17, 2026, 9:37 a.m., Published: March 16, 2026, 9:25 a.m.
 Vulnerabilities: code execution, command injection
Affected productsExternal IDs
vendor: samsung model: galaxy
vendor: samsung model: android
vendor: samsung model: samsung
vendor: xiaomi model: redmi
vendor: xiaomi model: miui
vendor: oneplus model: oneplus

Protocol guided mutation fuzzing to automatically discover vulnerability in commercial IoT devices | Discover Internet of Things | Springer Nature Link

Trust: 5.5

Fetched: March 17, 2026, 9:34 a.m., Published: March 14, 2026, midnight
 Vulnerabilities: code injection

Android Phones Vulnerability Can Break Lock Screen in Under 60 Seconds - El-Balad.com

Trust: 3.0

Fetched: March 17, 2026, 9:22 a.m., Published: March 16, 2026, 6:34 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2026-20435

Android Phone Vulnerability Could Allow Hackers to…

Trust: 4.0

Fetched: March 17, 2026, 9:20 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2025-20435

Werkzeug Vulnerability Allows Windows Device Names Exploitation - Advisories

Trust: 3.0

Fetched: March 15, 2026, 10:11 a.m., Published: March 6, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2026-27199

Critical Android Update: Google Patches 44 Security Holes

Trust: 5.75

Fetched: March 15, 2026, 10:09 a.m., Published: March 3, 2026, 5:52 a.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
vendor: oneplus model: oneplus
vendor: oneplus model: one
vendor: samsung model: samsung
vendor: samsung model: android
vendor: essential model: phone
db: NVD ids: CVE-2024-43093, CVE-2024-50302

CVE-2026-22285 - Dell Device Management Agent Plaintext Storage of Password Vulnerability

Trust: 3.0

Fetched: March 15, 2026, 10:09 a.m., Published: March 4, 2026, 4:16 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2026-22285

Cisco ASA 5500-X Devices Under Attack: U.S. CISA Issues Emergency Directive - Endpoint Security

Related entries in the VARIoT vulnerabilities database: VAR-201404-0573, VAR-201404-0570

Trust: 5.5

Fetched: March 15, 2026, 10:08 a.m., Published: Sept. 29, 2025, 2:08 p.m.
 Vulnerabilities: denial of service, command injection, privilege escalation...
Affected productsExternal IDs
vendor: cisco model: firepower
vendor: cisco model: device manager
vendor: cisco model: firepower threat defense
vendor: cisco model: asdm
vendor: cisco model: adaptive security device manager
vendor: cisco model: adaptive security appliance
vendor: cisco model: cisco adaptive security appliance
vendor: cisco model: ios software
vendor: cisco model: asa series
vendor: cisco model: asa 5500
vendor: cisco model: asa software
vendor: cisco model: series
vendor: cisco model: security device manager
db: NVD ids: CVE-2025-20333, CVE-2025-20363, CVE-2014-2129, CVE-2025-20362, CVE-2014-2126

Detection: Cisco IOS XE Implant Access | Splunk Security Content

Trust: 3.75

Fetched: March 15, 2026, 10:04 a.m., Published: Feb. 25, 2026, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: cisco ios xe
vendor: cisco model: ios xe
vendor: cisco model: cisco ios
vendor: cisco model: ios xe software
db: NVD ids: CVE-2023-20198

Pixel Update Bulletin-March 2026 | Android Open Source Project

Trust: 4.25

Fetched: March 15, 2026, 10 a.m., Published: March 15, 2026, midnight
 Vulnerabilities: code execution, information disclosure, denial of service
Affected productsExternal IDs
vendor: google model: wifi
vendor: google model: pixel
vendor: google model: android
db: NVD ids: CVE-2025-48611, CVE-2025-36920, CVE-2026-0119, CVE-2026-0122, CVE-2026-0112, CVE-2026-0115, CVE-2026-0118, CVE-2026-0113, CVE-2026-0109, CVE-2026-0110, CVE-2026-0123, CVE-2026-0121, CVE-2026-0124, CVE-2026-0116, CVE-2026-0107, CVE-2026-0108, CVE-2026-0117, CVE-2026-0120, CVE-2026-0111, CVE-2026-0114

Microsoft Patch Tuesday March Fixes 79 Flaws, 2 Zero-Days

Trust: 3.75

Fetched: March 15, 2026, 9:53 a.m., Published: March 11, 2026, 9:09 a.m.
 Vulnerabilities: improper access control, security feature bypass, denial of service...
Affected productsExternal IDs
db: NVD ids: CVE-2026-26127, CVE-2026-26128, CVE-2026-21262, CVE-2026-26118, CVE-2026-26144, CVE-2026-26109

CVE-2026-21536: Microsoft Devices Pricing RCE Vulnerability

Trust: 3.75

Fetched: March 15, 2026, 9:47 a.m., Published: March 15, 2026, midnight
 Vulnerabilities: command execution, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2026-21536

Apple releases iOS 15.8.7 and iOS 16.7.15 for older devices to patch the Coruna exploit - Mobile News - Nsane Forums

Trust: 4.25

Fetched: March 15, 2026, 9:45 a.m., Published: March 12, 2026, 2:30 a.m.
 Vulnerabilities: code execution, memory corruption
Affected productsExternal IDs
vendor: apple model: software update
vendor: apple model: ipod touch
vendor: apple model: iphone
vendor: apple model: webkit
vendor: apple model: ipad air
vendor: apple model: ipad
db: NVD ids: CVE-2023-43000, CVE-2023-41974, CVE-2024-23222

Cisco Secure Firewall Threat Defense Software TLS with Snort 3 Detection Engine Denial of Service Vulnerability

Trust: 4.75

Fetched: March 15, 2026, 9:45 a.m., Published: March 4, 2026, 4:10 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: asa software
vendor: snort model: snort

Siemens RUGGEDCOM APE1808 Devices | CISA

Trust: 5.5

Fetched: March 15, 2026, 9:36 a.m., Published: March 9, 2026, midnight
 Vulnerabilities: format string vulnerability, authentication bypass
Affected productsExternal IDs
vendor: siemens model: ruggedcom
db: NVD ids: CVE-2026-24858, CVE-2025-62439, CVE-2025-64157, CVE-2025-55018

How a Security Vulnerability Exploit Bypasses Encryption

Trust: 5.5

Fetched: March 15, 2026, 9:35 a.m., Published: March 10, 2026, midnight
 Vulnerabilities: integer overflow, memory corruption, privilege escalation
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2024-43047, CVE-2026-21385