Sign-up

VARIoT news about IoT security

Update Canonical Ubuntu Server: USN-7480-1: OpenJDK 8 vulnerabilities

Trust: 6.0

Fetched: June 1, 2025, 9:33 a.m., Published: Jan. 1, 7480, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2025-30691, CVE-2025-21587, CVE-2025-30698

[Palo Alto Networks Security Advisories] CVE-2025-0136 PAN-OS: Unencrypted Data Transfer when using AES-128-CCM onIntel-based hardware devices - RedPacket Security

Trust: 3.75

Fetched: June 1, 2025, 9:32 a.m., Published: May 14, 2025, 5:02 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: paloaltonetworks model: firewall
vendor: paloaltonetworks model: networks
vendor: paloaltonetworks model: pan-os
vendor: palo model: firewall
vendor: palo model: networks
vendor: palo model: pan-os
vendor: palo alto networks model: firewall
vendor: palo alto networks model: networks
vendor: palo alto networks model: pan-os
db: NVD ids: CVE-2025-0136

Update Canonical Ubuntu Desktop: USN-7480-1: OpenJDK 8 vulnerabilities

Trust: 6.0

Fetched: June 1, 2025, 9:26 a.m., Published: Jan. 1, 7480, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2025-30691, CVE-2025-21587, CVE-2025-30698

Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution

Related entries in the VARIoT vulnerabilities database: VAR-202505-0239

Trust: 5.75

Fetched: June 1, 2025, 9:21 a.m., Published: May 11, 2025, midnight
 Vulnerabilities: code execution, denial of service, information disclosure...
Affected productsExternal IDs
vendor: google model: android
db: NVD ids: CVE-2025-26423, CVE-2025-26424, CVE-2025-22425, CVE-2025-26429, CVE-2024-49842, CVE-2024-49841, CVE-2025-26422, CVE-2025-26427, CVE-2023-35657, CVE-2024-49846, CVE-2025-20666, CVE-2025-26430, CVE-2025-21453, CVE-2024-34739, CVE-2025-26442, CVE-2025-0072, CVE-2025-26425, CVE-2024-49835, CVE-2025-26440, CVE-2025-0087, CVE-2024-47896, CVE-2024-45580, CVE-2025-0427, CVE-2025-21467, CVE-2023-21342, CVE-2024-47891, CVE-2025-21459, CVE-2024-49847, CVE-2025-26436, CVE-2025-26444, CVE-2025-26426, CVE-2024-52939, CVE-2024-47900, CVE-2024-49845, CVE-2025-26435, CVE-2025-21468, CVE-2024-46975, CVE-2025-26438, CVE-2024-49739, CVE-2024-12577, CVE-2025-0077, CVE-2025-26420, CVE-2025-27363, CVE-2025-26421, CVE-2024-46974, CVE-2025-26428

UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware

Trust: 4.5

Fetched: June 1, 2025, 9:13 a.m., Published: May 22, 2025, 10 a.m.
 Vulnerabilities: file enumeration
Affected productsExternal IDs
vendor: snort.org model: snort
vendor: jquery model: jquery
vendor: cisco model: web security appliance
vendor: cisco model: adaptive security appliance
vendor: cisco model: umbrella
vendor: cisco model: firepower
vendor: cisco model: meraki mx
vendor: snort model: snort
db: NVD ids: CVE-2025-0994, CVE-2025-0944

Critical Rockwell PowerMonitor 1000 vulnerabilities risk device takeover, raising industrial cybersecurity threat - Industrial Cyber

Related entries in the VARIoT vulnerabilities database: VAR-202412-2454

Trust: 5.25

Fetched: June 1, 2025, 9:13 a.m., Published: May 30, 2025, 2:52 p.m.
 Vulnerabilities: denial of service, buffer overflow, memory corruption...
Affected productsExternal IDs
vendor: treck model: tcp/ip stack
vendor: rockwell model: powermonitor 1000
vendor: rockwell automation model: powermonitor 1000
db: NVD ids: CVE-2024-12373, CVE-2024-12371, CVE-2024-12372

Multiple Vulnerabilities in Ivanti Endpoint Manager Mobile Could Allow for Remote Code Execution

Trust: 3.0

Fetched: June 1, 2025, 9:12 a.m., Published: May 15, 2025, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs

Your Asus router may be compromised - here's how to tell and what to do | ZDNET

Related entries in the VARIoT vulnerabilities database: VAR-202309-0729

Trust: 3.5

Fetched: June 1, 2025, 9:09 a.m., Published: May 1, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: home
vendor: asus model: router
vendor: asus model: routers
vendor: asus model: asus
db: NVD ids: CVE-2023-39780

Smart Home, Dumb Security: Device Vulnerability Unveiled - Save the Debate

Trust: 3.5

Fetched: June 1, 2025, 9:08 a.m., Published: May 21, 2025, 4 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: samsung model: samsung
vendor: essential model: phone
vendor: ecobee model: smart thermostat

ASUS Router Hack: How to Tell If Your Device Is Compromised

Related entries in the VARIoT vulnerabilities database: VAR-202309-0729

Trust: 5.5

Fetched: June 1, 2025, 9:07 a.m., Published: May 30, 2025, 2:18 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
vendor: asus model: router
vendor: asus model: asus firmware
vendor: asus model: asus
vendor: asus model: routers
vendor: cisco model: router
vendor: cisco model: cisco routers
vendor: cisco model: routers
db: NVD ids: CVE-2023-39780

Assignment 3

Trust: 3.25

Fetched: June 1, 2025, 9:06 a.m., Published: Jan. 2, 2025, midnight
 Vulnerabilities: default password, denial of service, sql injection
Affected productsExternal IDs

Smart Home, Dumb Security: Device Vulnerability Explored - Khizri

Trust: 3.5

Fetched: June 1, 2025, 9:05 a.m., Published: May 12, 2025, 12:33 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: google home
vendor: google model: home

CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution - Blog | TenableĀ®

Trust: 3.0

Fetched: June 1, 2025, 9:04 a.m., Published: May 13, 2025, 9:40 p.m.
 Vulnerabilities: code execution, authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2025-4428, CVE-2025-4427

Cybersecurity Threat Advisory: ViciousTrap exploiting Cisco vulnerability

Related entries in the VARIoT vulnerabilities database: VAR-202304-1067

Trust: 4.75

Fetched: May 30, 2025, 9:40 a.m., Published: May 28, 2025, 11:19 p.m.
 Vulnerabilities: traffic interception
Affected productsExternal IDs
vendor: cisco model: rv016
vendor: cisco model: routers
vendor: cisco model: rv325
vendor: cisco model: rv082
vendor: cisco model: series
vendor: cisco model: small business
vendor: cisco model: router
vendor: cisco model: cisco small business
vendor: cisco model: rv042
vendor: barracuda model: barracuda
db: NVD ids: CVE-2023-20118

CVE-2025-41438 - Consilium Safety CS5000 Fire Panel Initialization of a Resource with an Insecure Default - SecAlerts

Trust: 3.25

Fetched: May 30, 2025, 9:40 a.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2025-41438

Update Canonical Ubuntu Server: USN-7479-1: MySQL vulnerabilities

Trust: 3.25

Fetched: May 30, 2025, 9:40 a.m., Published: Jan. 30, 7479, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

Proof-of-Concept Released Oracle VM VirtualBox - Cyber Security Review

Trust: 4.75

Fetched: May 30, 2025, 9:39 a.m., Published: May 16, 2025, 8:20 a.m.
 Vulnerabilities: path traversal, certificate validation vulnerability, command execution...
Affected productsExternal IDs
vendor: mitel model: micollab
db: NVD ids: CVE-2024-55550, CVE-2024-41713, CVE-2025-30712, CVE-2024-48865

PumaBot: Novel Botnet Targeting IoT Surveillance Devices

Trust: 3.75

Fetched: May 30, 2025, 9:39 a.m., Published: May 28, 2025, midnight
 Vulnerabilities: script execution
Affected productsExternal IDs
vendor: winscp model: winscp

CVE-2025-0131 GlobalProtect App: Incorrect Privilege Management Vulnerability in OPSWAT MetaDefender Endpoint Security SDK

Trust: 4.75

Fetched: May 30, 2025, 9:38 a.m., Published: May 14, 2025, 4 p.m.
 Vulnerabilities: privilege management vulnerability
Affected productsExternal IDs
vendor: palo model: palo alto networks globalprotect
vendor: palo model: networks
vendor: palo model: networks globalprotect
vendor: palo alto networks model: palo alto networks globalprotect
vendor: palo alto networks model: networks
vendor: palo alto networks model: networks globalprotect
db: NVD ids: CVE-2025-0131

URGENT: SonicWall Devices Under Active Attack - Critical Vulnerabilities Being Exploited in the Wild - ClickControl IT & Cybersecurity

Related entries in the VARIoT vulnerabilities database: VAR-202109-0375, VAR-202312-2070

Trust: 4.75

Fetched: May 30, 2025, 9:37 a.m., Published: May 6, 2025, 4:10 p.m.
 Vulnerabilities: session hijacking, command injection, os command injection
Affected productsExternal IDs
vendor: sonicwall model: sma 100
vendor: sonicwall model: secure mobile access
vendor: sonicwall model: ssl-vpn
vendor: sonicwall model: sma100
db: NVD ids: CVE-2021-20035, CVE-2023-44221, CVE-2024-38475