Siemens RUGGEDCOM RST2428P NULL Pointer Dereference (CVE-2026-24515)

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

Siemens RUGGEDCOM RST2428P Stack-based Buffer Overflow (CVE-2025-69720)

The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyzestring in progs/infocmp.c. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Siemens RUGGEDCOM RST2428P External Control of File Name or Path (CVE-2026-26157)

A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentiall...

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2026-23222)

In the Linux kernel, the following vulnerability has been resolved: crypto: omap - Allocate OMAPCRYPTOFORCECOPY scatterlists correctly The existing allocation of scatterlists in omapcryptocopysglists was allocating an array of scatterlist pointers, not scatterlist objects, resulting in a 4x too...

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2025-40257)

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix a race in mptcppmdeladdtimer mptcppmdeladdtimer can call skstoptimersyncsk, &entry-addtimer while another might have free entry already, as reported by syzbot. Add RCU protection to fix this issue. Also change confusin...

Siemens RUGGEDCOM RST2428P Integer Overflow or Wraparound (CVE-2025-6052)

A flaw was found in how GLibs GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesnt. As a result, data may be written...

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2025-40214)

In the Linux kernel, the following vulnerability has been resolved: afunix: Initialise sccindex in unixaddedge. Quang Le reported that the AFUNIX GC could garbage-collect a receive queue of an alive in-flight socket, with a nice repro. The repro consists of three stages. 1 1-a. Create a single...

Siemens RUGGEDCOM RST2428P Out-of-bounds Write (CVE-2026-1484)

A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrust...

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2025-71188)

In the Linux kernel, the following vulnerability has been resolved: dmaengine: lpc18xx-dmamux: fix device leak on route allocation Make sure to drop the reference taken when looking up the DMA mux platform device during route allocation. Note that holding a reference to a device does not prevent...

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2026-23025)

In the Linux kernel, the following vulnerability has been resolved: mm/pagealloc: prevent pcp corruption with SMP=n The kernel test robot has reported: BUG: spinlock trylock failure on UP on CPU0, kcompactd0/28 lock: 0xffff888807e35ef0, .magic: dead4ead, .owner: kcompactd0/28, .ownercpu: 0 CPU: 0...

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2026-23030)

In the Linux kernel, the following vulnerability has been resolved: phy: rockchip: inno-usb2: Fix a double free bug in rockchipusb2phyprobe The foreachavailablechildofnode calls ofnodeput to release childnp in each success loop. After breaking from the loop with the childnp has been released, the...

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2025-71185)

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation Make sure to drop the reference taken when looking up the crossbar platform device during am335x route allocation. This plugin only works with Tenable.ot...

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2025-71186)

In the Linux kernel, the following vulnerability has been resolved: dmaengine: stm32: dmamux: fix device leak on route allocation Make sure to drop the reference taken when looking up the DMA mux platform device during route allocation. Note that holding a reference to a device does not prevent i...

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2025-71190)

In the Linux kernel, the following vulnerability has been resolved: dmaengine: bcm-sba-raid: fix device leak on probe Make sure to drop the reference taken when looking up the mailbox device during probe on probe failures and on driver unbind. This plugin only works with Tenable.ot. Please visit...

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2025-71189)

In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw: dmamux: fix OF node leak on route allocation failure Make sure to drop the reference taken to the DMA master OF node also on late route allocation failures. This plugin only works with Tenable.ot. Please visit...

Siemens RUGGEDCOM RST2428P Race Condition (CVE-2025-40258)

"In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcpschedulework syzbot reported use-after-free in mptcpschedulework 1 Issue here is that mptcpschedulework schedules a work, then gets a refcount on sk-skrefcnt if the work was scheduled. This...

Siemens RUGGEDCOM RST2428P Stack-based Buffer Overflow (CVE-2025-6170)

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare...

Siemens RUGGEDCOM RST2428P Multiple Releases of Same Resource or Handle (CVE-2025-40261)

In the Linux kernel, the following vulnerability has been resolved: nvme: nvme-fc: Ensure -ioerrwork is cancelled in nvmefcdeletectrl nvmefcdeleteassocation waits for pending I/O to complete before returning, and an error can cause -ioerrwork to be queued after cancelworksync had been called. Mov...

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2025-10966)

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more. This plugin only works with Tenable.ot. Please visit...

Siemens RUGGEDCOM RST2428P Use of Web Browser Cache Containing Sensitive Information (CVE-2026-41918)

The affected applications stores sensitive information in the browser cache when an authenticated user modify specific configurations. This could allow an authenticated attacker to access sensitive data stored in the browser. This plugin only works with Tenable.ot. Please visit...