Sign-up

VARIoT news about IoT security

Update Canonical Ubuntu Desktop: USN-7371-1: FreeRDP vulnerabilities

Trust: 6.25

Fetched: March 28, 2025, 9:32 a.m., Published: Jan. 28, 7371, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2024-32458, CVE-2024-32459, CVE-2024-32659, CVE-2024-32660

Update Canonical Ubuntu Server: USN-7369-1: elfutils vulnerabilities

Trust: 6.0

Fetched: March 28, 2025, 9:32 a.m., Published: Jan. 28, 7369, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2025-1371, CVE-2025-1372, CVE-2025-1365, CVE-2025-1377, CVE-2024-25260

Thousands of D-Link VPN Routers Vulnerable to Device Takeover Attacks - Spiceworks

Related entries in the VARIoT vulnerabilities database: VAR-202012-0332, VAR-202012-0333, VAR-202012-0331

Trust: 4.5

Fetched: March 28, 2025, 9:31 a.m., Published: March 10, 2025, 8:41 a.m.
 Vulnerabilities: command injection, code injection
Affected productsExternal IDs
vendor: d-link model: dsr-150
vendor: d-link model: dsr-500
vendor: d-link model: dsr-1000ac
vendor: d-link model: dsr-250
vendor: d-link model: router
vendor: cisco model: router
vendor: cisco model: routers
db: NVD ids: CVE-2020-25758, CVE-2020-25759, CVE-2020-25757

DrayTek routers face active exploitation of older vulnerabilities | Cybersecurity Dive

Related entries in the VARIoT vulnerabilities database: VAR-202002-1447

Trust: 5.5

Fetched: March 28, 2025, 9:28 a.m., Published: March 26, 2025, midnight
 Vulnerabilities: buffer overflow, code execution, directory traversal
Affected productsExternal IDs
vendor: draytek model: vigor
vendor: draytek model: draytek routers
vendor: draytek model: routers
db: NVD ids: CVE-2021-20124, CVE-2024-51138, CVE-2021-20123, CVE-2024-51139, CVE-2020-8515

Critical Flaws Expose Millions of Solar Energy Devices To Cyberattacks

Trust: 3.75

Fetched: March 28, 2025, 9:27 a.m., Published: March 27, 2025, 4:47 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs

CISA Warns of NAKIVO Backup Vulnerability Exploited in Attacks - PoC Released

Trust: 3.75

Fetched: March 28, 2025, 9:26 a.m., Published: March 20, 2025, 11:04 a.m.
 Vulnerabilities: path traversal, directory traversal
Affected productsExternal IDs
db: NVD ids: CVE-2024-48248

CVE-2025-1882 - i-Drive Device Setting Handler Local Register Interface Improper Access Control Vulnerability

Trust: 3.75

Fetched: March 28, 2025, 9:24 a.m., Published: March 3, 2025, 9:15 p.m.
 Vulnerabilities: improper access control, access control vulnerability
Affected productsExternal IDs
db: NVD ids: CVE-2025-1882

PoC Exploit Released for Use-after-free Linux Kernel Vulnerability

Trust: 5.0

Fetched: March 28, 2025, 9:24 a.m., Published: March 18, 2025, 9:37 a.m.
 Vulnerabilities: code execution, kernel crash
Affected productsExternal IDs
db: NVD ids: CVE-2024-36904

Linux Kernel Out-of-bounds Write Vulnerability Let Attackers Escalate Privileges

Trust: 4.5

Fetched: March 28, 2025, 9:23 a.m., Published: March 20, 2025, 7:31 a.m.
 Vulnerabilities: buffer overflow, privilege escalation, memory corruption
Affected productsExternal IDs
vendor: apple model: macos
db: NVD ids: CVE-2025-0927

CVE-2025-0118 GlobalProtect App: Execution of Unsafe ActiveX Control Vulnerability

Trust: 3.75

Fetched: March 28, 2025, 9:22 a.m., Published: March 12, 2025, 4 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: palo alto networks model: firewall
vendor: palo alto networks model: palo alto networks globalprotect
vendor: palo alto networks model: networks
vendor: palo alto networks model: networks globalprotect
vendor: paloaltonetworks model: firewall
vendor: paloaltonetworks model: palo alto networks globalprotect
vendor: paloaltonetworks model: networks
vendor: paloaltonetworks model: networks globalprotect
vendor: palo model: firewall
vendor: palo model: palo alto networks globalprotect
vendor: palo model: networks
vendor: palo model: networks globalprotect
db: NVD ids: CVE-2025-0118

Ingress NGINX Remote Code Execution Vulnerability Let Attacker Takeover Cluster

Trust: 4.75

Fetched: March 28, 2025, 9:22 a.m., Published: March 25, 2025, 9:21 a.m.
 Vulnerabilities: path traversal, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-1097, CVE-2025-24513, CVE-2025-1974, CVE-2025-1098, CVE-2025-24514

VPN Vulnerabilities Emerges As The Key Tool for Threat Actors to Attack Organizations

Related entries in the VARIoT vulnerabilities database: VAR-202210-0198, VAR-201906-0815

Trust: 4.75

Fetched: March 28, 2025, 9:20 a.m., Published: March 19, 2025, 11:27 a.m.
 Vulnerabilities: path traversal, authentication bypass
Affected productsExternal IDs
vendor: fortigate model: fortios
db: NVD ids: CVE-2022-40684, CVE-2018-13379

Production Line Cameras Vulnerabilities Let Attackers Stop The Recordings

Trust: 4.0

Fetched: March 28, 2025, 9:13 a.m., Published: March 26, 2025, 7:03 p.m.
 Vulnerabilities: authentication bypass
Affected productsExternal IDs
db: NVD ids: CVE-2025-26689

Smart device vulnerabilities and securing against them | Kaspersky official blog

Trust: 4.25

Fetched: March 28, 2025, 9:08 a.m., Published: Jan. 28, 2050, midnight
 Vulnerabilities: weak password
Affected productsExternal IDs
vendor: apple model: watch
vendor: century model: router

Splunk RCE Vulnerability Let Attackers Execute Arbitrary Code Via File Upload

Trust: 4.75

Fetched: March 28, 2025, 9:05 a.m., Published: March 27, 2025, 3:14 a.m.
 Vulnerabilities: information disclosure, code execution
Affected productsExternal IDs
db: NVD ids: CVE-2025-20229, CVE-2025-20231

Siemens Exposes 9.8-Rated Bootloader Flaw in SINAMICS S200 Devices | Cyware Alerts - Hacker News

Trust: 3.25

Fetched: March 26, 2025, 9:22 a.m., Published: March 9, 2025, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: siemens model: sinamics

Vulnerabilities of Cisco Network Devices

Trust: 3.0

Fetched: March 26, 2025, 9:21 a.m., Published: March 23, 2025, 1:27 a.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: nx-os
vendor: cisco model: fxos
vendor: cisco model: firepower
vendor: cisco model: cisco nx-os
vendor: cisco model: nexus

Update Canonical Ubuntu Desktop: USN-7367-1: zvbi vulnerabilities

Trust: 3.0

Fetched: March 26, 2025, 9:21 a.m., Published: Jan. 26, 7367, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: canonical model: ubuntu

Update Canonical Ubuntu Server: USN-7359-1: Valkey vulnerabilities

Trust: 6.0

Fetched: March 26, 2025, 9:20 a.m., Published: Jan. 26, 7359, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2024-51741, CVE-2024-46981

Cisco IOS XR Software Internet Key Exchange Version 2 Denial of Service Vulnerability

Trust: 4.5

Fetched: March 26, 2025, 9:19 a.m., Published: March 12, 2025, 3:54 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: cisco model: ios xr software
vendor: cisco model: ios xr
vendor: cisco model: cisco ios
vendor: cisco model: cisco ios xr