Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2019-7309)

In the GNU C Library aka glibc or libc6 through 2.29, the memcmp function for the x32 architecture can incorrectly return zero indicating that the inputs are equal because the RDX most significant bit is mishandled. This plugin only works with Tenable.ot. Please visit...

Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2019-9169)

In the GNU C Library aka glibc or libc6 through 2.29, proceednextnode in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2024-2961)

The iconv function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable. This plugin only works with...

Siemens SIMATIC S7-1500 NULL Pointer Dereference (CVE-2025-6395)

A NULL pointer dereference flaw was found in the GnuTLS software in gnutlsfigurecommonciphersuite. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

Siemens SIMATIC S7-1500 NULL Pointer Dereference (CVE-2019-9923)

paxdecodeheader in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenabl...

Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2022-48303)

GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in fromheader in list.c via a V7 archive in which mtime has approximately 11 whitespace...

Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2019-1010180)

GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet. This plug...

EulerOS 2.0 SP10 : glibc (EulerOS-SA-2025-2384)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be...

EulerOS 2.0 SP12 : ncurses (EulerOS-SA-2025-2368)

According to the versions of the ncurses packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function...

EulerOS 2.0 SP12 : gdb (EulerOS-SA-2025-2321)

According to the versions of the gdb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfddwarf2findnearestlinewithalt at...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2025-2412)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

binutils: GNU Binutils ld elflink.c elf_gc_sweep memory corruption

A vulnerability was found in GNU Binutils 2.40 to version 2.44 and affects the elfgcsweep function of the bfd/elflink.c file of the component ld. The manipulation leads to memory corruption and a program crash. An attacker must have local access to exploit this vulnerability...

SUSE CVE-2025-59777

NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service DoS...

Amazon Linux 2 : runc, --advisory ALAS2DOCKER-2025-085 (ALASDOCKER-2025-085)

The version of runc installed on the remote host is prior to 1.3.3-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-085 advisory. Placeholder CVE. Details forthcoming CVE-2025-31133 net/url: insufficient validation of bracketed IPv6 hostnames The Par...

Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2025-1275)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1275 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL...

Amazon Linux 2 : oci-add-hooks, --advisory ALAS2DOCKER-2025-083 (ALASDOCKER-2025-083)

The version of oci-add-hooks installed on the remote host is prior to 0-0.5.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-083 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted valu...

Amazon Linux 2 : amazon-cloudwatch-agent, --advisory ALAS2-2025-3068 (ALAS-2025-3068)

The version of amazon-cloudwatch-agent installed on the remote host is prior to 1.300060.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3068 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values othe...

Amazon Linux 2 : containerd, --advisory ALAS2DOCKER-2025-082 (ALASDOCKER-2025-082)

The version of containerd installed on the remote host is prior to 2.1.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-082 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6...

Amazon Linux 2 : soci-snapshotter, --advisory ALAS2DOCKER-2025-080 (ALASDOCKER-2025-080)

The version of soci-snapshotter installed on the remote host is prior to 0.11.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-080 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than...

Amazon Linux 2 : containerd, --advisory ALAS2ECS-2025-079 (ALASECS-2025-079)

The version of containerd installed on the remote host is prior to 2.1.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2025-079 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6...