Siemens SIMATIC Devices Stack-based Buffer Overflow (CVE-2021-47107)

NFSD: READDIR buffer overflow. If a client sends a READDIR count argument that is too small say, zero, then the buffer size calculation in the new initdirlist helper functions results in an underflow, allowing the XDR stream functions to write beyond the actual buffer. This calculation has always...

Siemens SIMATIC Devices Improper Locking (CVE-2024-27004)

In the Linux kernel, the following vulnerability has been resolved: clk: Get runtime PM before walking tree during disableunused This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Siemens SIMATIC Devices Buffer Overflow (CVE-2024-35935)

btrfs: send: handle path ref underflow in header iterateinoderef This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503528; scriptversion"1.2";...

Siemens SIMATIC Devices Improper Input Validation (CVE-2024-38662)

bpf: Allow delete from sockmap/sockhash only if update is allowed. We have seen an influx of syzkaller reports where a BPF program attached to a tracepoint triggers a locking rule violation by performing a mapdelete on a sockmap/sockhash. We don't intend to support this artificial use scenario...

Siemens SIMATIC Devices Use After Free (CVE-2025-21727)

padata: fix UAF in padatareorder This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503695; scriptversion"1.2";...

Siemens SIMATIC Devices Classic Buffer Overflow (CVE-2024-50131)

In the Linux kernel, the following vulnerability has been resolved: tracing: Consider the NULL character when validating the event length strlen returns a string length excluding the null byte. If the string length equals to the maximum buffer length, the buffer will have no space for the NULL...

Siemens SIMATIC Devices Improper Input Validation (CVE-2024-35845)

wifi: iwlwifi: dbg-tlv: ensure NUL termination The iwlfwinidebuginfotlv is used as a string, so we must ensure the string is terminated correctly before using it. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL...

Siemens SIMATIC Devices NULL Pointer Dereference (CVE-2024-35984)

i2c: smbus: fix NULL function pointer dereference This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503537; scriptversion"1.2";...

Siemens SIMATIC Devices Improper Input Validation (CVE-2024-27436)

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Stop parsing channels bits when all channels are found. If a usb audio device sets more bits than the amount of channels it could write outside of the map array. This plugin only works with Tenable.ot. Please vis...

Siemens SIMATIC Devices Improper Removal of Sensitive Information Before Storage or Transfer (CVE-2024-26816)

x86, relocs: relocations in .notes section. When building with CONFIGXENPV=y, .text symbols are emitted into the .notes section so that Xen can find the startupxen entry point. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Siemens SIMATIC Devices Race Condition (CVE-2024-26960)

In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix race between freeswapandcache and swapoff This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc...

Siemens SIMATIC Devices Use After Free (CVE-2024-57979)

pps: Fix a use-after-free This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503612; scriptversion"1.2";...

Siemens SIMATIC Devices Missing Release of Memory after Effective Lifetime (CVE-2024-35978)

Bluetooth: Fix memory leak in hcireqsynccomplete This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503414; scriptversion"1.2";...

Siemens SIMATIC Devices Improper Input Validation (CVE-2024-27038)

Vulnerability in Linux kernel: clk: clkcoreget NULL dereference It is possible for clkcoreget to dereference a NULL in the following sequence: clkcoreget ofclkgethwfromclkspec ofclkgethwfromprovider clkgethw clkgethw can return NULL which is dereferenced by clkcoreget at hw-core. Prior to commit...

Siemens SIMATIC Devices Out-of-bounds Write (CVE-2024-50134)

In the Linux kernel, the following vulnerability has been resolved: drm/vboxvideo: Replace fake VLA at end of vbvamousepointershape with real VLA Replace the fake VLA at end of the vbvamousepointershape shape with a real VLA to fix a memcpy: detected field-spanning write error. Note as mentioned ...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices NULL Pointer Dereference (CVE-2024-44989)

In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm realdev null pointer dereference. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; i...

Siemens SIMATIC Devices Improper Locking (CVE-2024-35805)

In the Linux kernel, the following vulnerability has been resolved: dm snapshot: fix lockup in dmexceptiontableexit There was reported lockup when we exit a snapshot with many exceptions. Fix this by adding condresched to the loop that frees the exceptions. This plugin only works with Tenable.ot...

Siemens SIMATIC Devices NULL Pointer Dereference (CVE-2024-36008)

In the Linux kernel, the following vulnerability has been resolved: ipv4: check for NULL idev in iprouteusehint syzbot was able to trigger a NULL deref in fibvalidatesource in an old tree. It appears the bug exists in latest trees. This plugin only works with Tenable.ot. Please visit...

Siemens SIMATIC Devices Improper Input Validation (CVE-2024-26659)

xhci: isoc Babble and Buffer Overrun events are not handled properly. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503655; scriptversion"1.2";...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Improper Validation of Array Index (CVE-2024-49894)

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index out of bounds in degamma hardware format translation Fixes index out of bounds issue in cmhelpertranslatecurvetodegammahwformat function. The issue could occur when the index 'i' exceeds the number of...