SUSE-SU-2026:2380-1 Security update for hplip

This update for hplip fixes the following issues Update to HPLIP 3.26.4: Security issues: - CVE-2025-43023: weak code signing DSA key used to generate package signatures can lead to key spoofing and malicious software installation bsc1266031. - CVE-2026-8631: escalation of privileges and/or...

SHARP MFPs Configuration API Vulnerability (CVE-2024-47005)

Sharp and Toshiba Tec MFPs provide configuration related APIs. They are expected to be called by administrative users only, but insufficiently restricted. A non-administrative user may execute some configuration APIs. This plugin only works with Tenable.ot. Please visit...

SHARP MFPs Stored Cross-Site Scripting (CVE-2024-48870)

Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability. If crafted input is stored by an administrative user, malicious script may be executed on the web browsers of other victim users. This plugin only works wi...

EUVD-2025-206522

Multiple MFPs provided by Brother Industries, Ltd. does not properly validate server certificates, which may allow a man-in-the-middle attacker to replace the set of root certificates used by the product with a set of arbitrary certificates...

Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-27434)

The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27434 advisory. - In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't set th...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Use of Uninitialized Resource (CVE-2024-46744)

In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Incomplete Cleanup (CVE-2024-49851)

tpm: Clean up TPM space after command failure tpmdevtransmit prepares the TPM space before attempting command transmission. However if the command fails no rollback of this preparation is done. This can result in transient handles being leaked if the device is subsequently closed with no further...

Siemens SIMATIC Devices Use of Uninitialized Resource (CVE-2025-21787)

team: better TEAMOPTIONTYPESTRING validation This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503529; scriptversion"1.2";...

Siemens SIMATIC Devices Improper Input Validation (CVE-2024-42304)

In the Linux kernel, the following vulnerability has been resolved: ext4: make sure the first directory block is not a hole This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc...

Siemens SIMATIC Devices NULL Pointer Dereference (CVE-2025-21814)

ptp: Ensure info-enable callback is always set This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503440; scriptversion"1.2";...

Siemens SIMATIC Devices Insufficient Psychological Acceptability (CVE-2024-35996)

cpu: Re-enable CPU mitigations by default for !X86 architectures This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503468; scriptversion"1.2";...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Uncontrolled Resource Consumption (CVE-2024-47710)

sockmap: vulnerability result of adding a condresched in sockhashfree to prevent CPU soft lockups when destroying maps with a large number of buckets. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...

Siemens SIMATIC Devices NULL Pointer Dereference (CVE-2025-21844)

smb: client: Add check for nextbuffer in receiveencryptedstandard This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503639; scriptversion"1.2";...

Siemens SIMATIC Devices Use After Free (CVE-2024-35955)

kprobes: Fix possible use-after-free issue on kprobe registration This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503699; scriptversion"1.2";...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Use After Free (CVE-2024-47706)

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix possible UAF for bfqq-bic with merge chain In this case, IO from Process 1 will get bfqq2 from BIC1 first, and then get bfqq3 through merge chain, and finially handle IO by bfqq3. Howerver, current code will think...

Siemens SIMATIC Devices Improper Input Validation (CVE-2024-26875)

media: pvrusb2: fix uaf in pvr2contextsetnotify. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503541; scriptversion"1.2";...

Siemens SIMATIC Devices Improper Check for Unusual or Exceptional Conditions (CVE-2024-44948)

In the Linux kernel, the following vulnerability has been resolved: x86/mtrr: Check if fixed MTRRs exist before saving them MTRRs have an obsolete fixed variant for fine grained caching control of the 640K-1MB region that uses separate MSRs. This fixed variant has a separate capability bit in the...

Siemens SIMATIC Devices Improper Input Validation (CVE-2024-27053)

Vulnerability in the Linux kernel: wifi: wilc1000: RCU usage in connect path This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503627;...

Siemens SIMATIC Devices Use After Free (CVE-2024-23848)

In the Linux kernel through 6.7.1, there is a use-after-free in cecqueuemsgfh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL...

Siemens SIMATIC Devices Race Condition (CVE-2024-35899)

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: flush pending destroy work before exitnet release Similar to 2c9f0293280e netfilter: nftables: flush pending destroy work before netlink notifier to address a race between exitnet and the destroy workqueue. T...