275 matches found
Siemens RuggedCom Rox Improper Input Validation (CVE-2020-10648)
Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration. This plugin only works with Tenable.ot. Please visit...
Siemens RuggedCom Rox Use of Weak Hash (CVE-2025-3576)
A vulnerability in the MIT Kerberos implementation allows GSSAPI- protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This m...
Siemens RuggedCom Rox Integer Overflow or Wraparound (CVE-2024-57256)
An integer overflow in ext4fsreadsymlink in Das U-Boot before 2025.01-rc1 occurs for zalloc adding one to an le32 variable via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite. This plugin only works with Tenable.ot. Please...
Siemens RuggedCom Rox Out-of-bounds Write (CVE-2022-30790)
Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid505465;...
Siemens RUGGEDCOM RST2428P Path Traversal (CVE-2025-7039)
A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to...
Siemens RUGGEDCOM RST2428P Improper Access Control (CVE-2025-60876)
BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request-target path/query, allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw spac...
Siemens RuggedCom Rox Out-of-bounds Read (CVE-2019-14197)
An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfsreadreply. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...
Siemens RuggedCom Rox Out-of-bounds Write (CVE-2019-14198)
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfsreadreply when calling storeblock in the NFSv3 case. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...
Siemens RUGGEDCOM RST2428P Integer Overflow or Wraparound (CVE-2025-13601)
A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the gescapeuristring function. If the string to escape contains a very large number of unacceptable characters which would need escaping, the calculation of the length of the escaped string...
Siemens RuggedCom Rox Use After Free (CVE-2023-3019)
A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. This plugin only works with Tenable.ot. Please visit...
Siemens Ruggedcom Rox Improper Neutralization of Argument Delimiters in a Command (CVE-2025-40948)
Affected devices do not properly validate input in the web server's JSON-RPC interface. This could allow an authenticated remote attacker to read arbitrary files from the underlying operating system's filesystem with root privileges. This plugin only works with Tenable.ot. Please visit...
Siemens RuggedCom Rox Heap-based Buffer Overflow (CVE-2024-3447)
A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both s-datacount and the size of s-fifobuffer are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a...
Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2025-40214)
In the Linux kernel, the following vulnerability has been resolved: afunix: Initialise sccindex in unixaddedge. Quang Le reported that the AFUNIX GC could garbage-collect a receive queue of an alive in-flight socket, with a nice repro. The repro consists of three stages. 1 1-a. Create a single...
Siemens RuggedCom Rox Out-of-bounds Write (CVE-2019-14204)
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfshandler reply helper function: nfsumountallreply. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...
Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2025-71190)
In the Linux kernel, the following vulnerability has been resolved: dmaengine: bcm-sba-raid: fix device leak on probe Make sure to drop the reference taken when looking up the mailbox device during probe on probe failures and on driver unbind. This plugin only works with Tenable.ot. Please visit...
Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2026-23236)
In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: properly copy ioctl memory to kernelspace The UFXIOCTLREPORTDAMAGE ioctl does not properly copy data from userspace to kernelspace, and instead directly references the memory, which can cause problems if invalid...
Siemens RUGGEDCOM RST2428P Stack-based Buffer Overflow (CVE-2025-69720)
The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyzestring in progs/infocmp.c. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...
Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2025-71185)
In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation Make sure to drop the reference taken when looking up the crossbar platform device during am335x route allocation. This plugin only works with Tenable.ot...
Siemens SINEC OS Use of Web Browser Cache Containing Sensitive Information (CVE-2026-41918)
The affected applications stores sensitive information in the browser cache when an authenticated user modify specific configurations. This could allow an authenticated attacker to access sensitive data stored in the browser. This plugin only works with Tenable.ot. Please visit...
Siemens RuggedCom Rox Integer Underflow (Wrap or Wraparound) (CVE-2019-13104)
In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy to overwrite a very large amount of data including the whole stack while reading a crafted ext4 filesystem. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for mo...