VARIoT latest news about IoT security

Critical Apache Tomcat RCE Vulnerability Exploited in Just 30hrs of Public Exploit Trust: 4.0 Fetched: March 26, 2025, 9:19 a.m., Published: March 18, 2025, 4:51 a.m.	Vulnerabilities: code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2025-24813

Update Canonical Ubuntu Server: USN-7362-1: go-gh vulnerability Trust: 4.25 Fetched: March 26, 2025, 9:17 a.m., Published: Jan. 26, 7362, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

canonical

model:

ubuntu

db:

NVD

ids:

CVE-2024-53859

Update Canonical Ubuntu Desktop: USN-7362-1: go-gh vulnerability Trust: 4.25 Fetched: March 26, 2025, 9:17 a.m., Published: Jan. 26, 7362, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

canonical

model:

ubuntu

db:

NVD

ids:

CVE-2024-53859

Update Canonical Ubuntu Desktop: USN-7361-1: Libxslt vulnerability Trust: 4.25 Fetched: March 26, 2025, 9:17 a.m., Published: Jan. 26, 7361, midnight	Vulnerabilities: denial of service

Affected products

External IDs

vendor:

canonical

model:

ubuntu

Update Canonical Ubuntu Desktop: USN-7366-1: Rack vulnerabilities Trust: 4.0 Fetched: March 26, 2025, 9:16 a.m., Published: Jan. 26, 7366, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

canonical

model:

ubuntu

db:

NVD

ids:

CVE-2025-27111, CVE-2025-27610, CVE-2025-25184

New Ransomware Operator Exploits Fortinet Vulnerability Duo Trust: 4.5 Fetched: March 26, 2025, 9:14 a.m., Published: March 13, 2025, 4:19 a.m.	Vulnerabilities: command execution

Affected products

External IDs

vendor:	fortigate	model:	fortios
vendor:	palo alto networks	model:	networks
vendor:	palo alto networks	model:	firewall
vendor:	citrix	model:	sd-wan
vendor:	draytek	model:	routers
vendor:	draytek	model:	draytek routers
vendor:	cisco	model:	access points
vendor:	cisco	model:	sd-wan
vendor:	cisco	model:	routers
vendor:	cisco	model:	series
vendor:	palo	model:	networks
vendor:	palo	model:	firewall
vendor:	trend	model:	security

db:

NVD

ids:

CVE-2024-55591, CVE-2025-24472

CVE-2025-1445 : IEC 61850 Client and Server Functionality Vulnerability in RTU500 Devices by Hitachi Energy \| SecurityVulnerability.io Trust: 3.25 Fetched: March 26, 2025, 9:13 a.m., Published: March 25, 2025, 12:38 p.m.	Vulnerabilities: -

Affected products

External IDs

db:

NVD

ids:

CVE-2025-1445

Microsoft Defender Vulnerability Management News and Insights \| Microsoft Security Blog Trust: 3.75 Fetched: March 26, 2025, 9:08 a.m., Published: March 2, 2025, midnight	Vulnerabilities: memory corruption, privilege escalation, code execution

Affected products

External IDs

db:

NVD

ids:

CVE-2023-42793

IoT Devices in Healthcare: Tutorial, Examples & Vendors - SecuriThings Related entries in the VARIoT vulnerabilities database: VAR-201903-0181, VAR-202108-1556, VAR-202108-1361 Trust: 5.25 Fetched: March 26, 2025, 9:06 a.m., Published: March 25, 2025, 12:23 p.m.	Vulnerabilities: path traversal, sql injection, buffer overflow...

Affected products

External IDs

vendor:	bosch	model:	ip cameras
vendor:	axis	model:	ip cameras
vendor:	axis	model:	axis
vendor:	baxter	model:	wireless battery module
vendor:	baxter	model:	spectrum infusion system
vendor:	avigilon	model:	multiple
vendor:	google	model:	home
vendor:	google	model:	nexus
vendor:	essential	model:	phone

db:

NVD

ids:

CVE-2019-6538, CVE-2024-1629, CVE-2020-25179, CVE-2021-42744, CVE-2022-22765, CVE-2022-26392, CVE-2021-37166, CVE-2021-39375

Apple tells 1.4b iPhone users to update devices NOW... or risk being attacked \| Daily Mail Online Trust: 4.5 Fetched: March 25, 2025, 9:12 a.m., Published: March 12, 2025, 5:09 p.m.	Vulnerabilities: -

Affected products

External IDs

vendor:	apple	model:	iphone
vendor:	apple	model:	software update
vendor:	apple	model:	ipad
vendor:	apple	model:	macos
vendor:	apple	model:	safari
vendor:	apple	model:	ipad air
vendor:	apple	model:	webkit

db:

NVD

ids:

CVE-2025-24201

Cisco Nexus 3000 and 9000 Series Switches Command Injection Vulnerability Trust: 5.0 Fetched: March 25, 2025, 9:09 a.m., Published: Feb. 26, 2025, 3:52 p.m.	Vulnerabilities: command injection

Affected products

External IDs

vendor:	cisco	model:	series switches
vendor:	cisco	model:	nexus 9000 series
vendor:	cisco	model:	nexus 7000
vendor:	cisco	model:	cisco nx-os
vendor:	cisco	model:	nx-os
vendor:	cisco	model:	nexus
vendor:	cisco	model:	nx-os software
vendor:	cisco	model:	nexus 9000
vendor:	cisco	model:	series
vendor:	cisco	model:	nexus 3000

Cisco Email Security Appliance and Cisco Secure Email and Web Manager External Authentication Bypass Vulnerability Trust: 5.0 Fetched: March 25, 2025, 9:08 a.m., Published: Aug. 2, 2022, 1:07 p.m.	Vulnerabilities: authentication bypass

Affected products

External IDs

vendor:	cisco	model:	cisco cloud email security
vendor:	cisco	model:	email security appliance
vendor:	cisco	model:	cisco asyncos
vendor:	cisco	model:	asyncos
vendor:	cisco	model:	cloud email security
vendor:	cisco	model:	cisco email security appliance
vendor:	cisco	model:	asyncos software

Create device limit restrictions - Microsoft Intune \| Microsoft Learn Trust: 3.0 Fetched: March 23, 2025, 9:37 a.m., Published: Jan. 27, 2025, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

apple

model:

macos

ZDI-CAN-25373 Windows Shortcut Exploit Abused as Zero-Day in Widespread APT Campaigns \| Trend Micro (US) Trust: 3.5 Fetched: March 23, 2025, 9:36 a.m., Published: March 18, 2025, midnight	Vulnerabilities: code execution

Affected products

External IDs

vendor:	trend	model:	security
vendor:	trend	model:	deep security
vendor:	trend micro	model:	security
vendor:	trend micro	model:	deep security
vendor:	trendmicro	model:	security
vendor:	trendmicro	model:	deep security

System BIOS w wersji R2 do komputerów Alienware m16 \| Szczegóły sterownika \| Dell Polska Trust: 3.25 Fetched: March 23, 2025, 9:33 a.m., Published: March 11, 2025, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

dell

model:

bios

System BIOS komputerów Dell Inspiron 14 Plus 7440 / 16 Plus 7640 \| Szczegóły sterownika \| Dell Polska Trust: 3.25 Fetched: March 23, 2025, 9:32 a.m., Published: March 14, 2025, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

dell

model:

bios

System BIOS komputerów Dell Latitude 5310 i 5310 2 w 1 \| Szczegóły sterownika \| Dell Polska Trust: 3.0 Fetched: March 23, 2025, 9:30 a.m., Published: March 23, 5310, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:	dell	model:	bios
vendor:	dell	model:	latitude

Motoring vulnerabilities Trust: 3.0 Fetched: March 23, 2025, 9:30 a.m., Published: May 23, 2025, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

cherokee

model:

cherokee

CVE-2025-23416 - Apache Device Path Traversal Vulnerability \| Kenya Education Network Trust: 4.25 Fetched: March 23, 2025, 9:29 a.m., Published: March 5, 2025, 7:27 p.m.	Vulnerabilities: path traversal

Affected products

External IDs

db:

NVD

ids:

CVE-2025-23416

System BIOS komputerów Dell Inspiron 14 5435/16 5635 oraz Vostro 16 5635 \| Szczegóły sterownika \| Dell Polska Trust: 3.25 Fetched: March 23, 2025, 9:29 a.m., Published: March 5, 2025, midnight	Vulnerabilities: -

Affected products

External IDs

vendor:

dell

model:

bios

VARIoT news about IoT security