250 matches found
SUSE-SU-2026:2380-1 Security update for hplip
This update for hplip fixes the following issues Update to HPLIP 3.26.4: Security issues: - CVE-2025-43023: weak code signing DSA key used to generate package signatures can lead to key spoofing and malicious software installation bsc1266031. - CVE-2026-8631: escalation of privileges and/or...
SHARP MFPs Stored Cross-Site Scripting (CVE-2024-48870)
Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability. If crafted input is stored by an administrative user, malicious script may be executed on the web browsers of other victim users. This plugin only works wi...
SHARP MFPs Configuration API Vulnerability (CVE-2024-47005)
Sharp and Toshiba Tec MFPs provide configuration related APIs. They are expected to be called by administrative users only, but insufficiently restricted. A non-administrative user may execute some configuration APIs. This plugin only works with Tenable.ot. Please visit...
EUVD-2025-206522
Multiple MFPs provided by Brother Industries, Ltd. does not properly validate server certificates, which may allow a man-in-the-middle attacker to replace the set of root certificates used by the product with a set of arbitrary certificates...
Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-27434)
The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27434 advisory. - In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't set th...
Siemens SIMATIC Devices Use After Free (CVE-2025-21858)
geneve: Fix use-after-free in genevefinddev This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503396; scriptversion"1.2";...
Siemens SIMATIC Devices Improper Input Validation (CVE-2024-26642)
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: disallow anonymous set with timeout flag This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...
Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-49977)
net: stmmac: porttransmitratekbps could be set to a value of 0, which is then passed to the divs64 function when tc-cbs is disabled. This leads to a zero-division error. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...
Siemens SIMATIC Devices Improper Input Validation (CVE-2024-27437)
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Disable auto-enable of exclusive INTx IRQ Currently for devices requiring masking at the irqchip for INTx, ie. devices without DisINTx support, the IRQ is enabled in requestirq and subsequently disabled as necessary to...
Siemens SIMATIC Devices Exposure of Resource to Wrong Sphere (CVE-2024-36959)
In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix refcount leak in pinctrldttomap If we fail to allocate propname buffer, we need to drop the reference count we just took. Because the pinctrldtfreemaps includes the droping operation, here we call it...
Siemens SIMATIC Devices NULL Pointer Dereference (CVE-2024-36902)
Vulnerability in Linux kernel: ipv6: fib6rules: avoid possible NULL dereference in fib6ruleaction syzbot is able to trigger the following crash 1, caused by unsafe ip6dstidev use. Indeed ip6dstidev can return NULL, and must always be checked. This plugin only works with Tenable.ot. Please visit...
Siemens SIMATIC Devices Improper Locking (CVE-2024-50210)
In the Linux kernel, the following vulnerability has been resolved: posix-clock: posix-clock: Fix unbalanced locking in pcclocksettime If getclockdesc succeeds, it calls fget for the clockid's fd, and get the clk-rwsem read lock, so the error path should release the lock to make the lock balance...
Siemens SIMATIC Devices Improper Input Validation (CVE-2024-26651)
sr9800: Local Denial of Service Vulnerability. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503678; scriptversion"1.2";...
Siemens SIMATIC Devices Classic Buffer Overflow (CVE-2024-35823)
In the Linux kernel, the following vulnerability has been resolved: vt: fix unicode buffer corruption when deleting characters This is the same issue that was fixed for the VGA text buffer in commit 39cdb68c64d8 vt: fix memory overlapping when deleting chars in the buffer. The cure is also the sa...
Siemens SIMATIC Devices Out-of-bounds Write (CVE-2024-50134)
In the Linux kernel, the following vulnerability has been resolved: drm/vboxvideo: Replace fake VLA at end of vbvamousepointershape with real VLA Replace the fake VLA at end of the vbvamousepointershape shape with a real VLA to fix a memcpy: detected field-spanning write error. Note as mentioned ...
Siemens SIMATIC Devices Improper Handling of Structural Elements (CVE-2024-36929)
In the Linux kernel, the following vulnerability has been resolved: net: core: reject skbcopyexpand for fraglist GSO skbs SKBGSOFRAGLIST skbs must not be linearized, otherwise they become invalid. Return NULL if such an skb is passed to skbcopy or skbcopyexpand, in order to prevent a crash on a...
Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-43890)
tracing: vulnerability due to an overflow in getfreeelt, which could lead to infinite loops and CPU hangs when the tracing map becomes full. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...
Siemens SIMATIC Devices Use After Free (CVE-2024-26961)
In the Linux kernel, the following vulnerability has been resolved: mac802154: fix llsec key resources release in mac802154llseckeydel This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...
Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Improper Locking (CVE-2024-50044)
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: FIX possible deadlock in rfcommskstatechange rfcommskstatechange attempts to use socklock so it must never be called with it locked but rfcommsockioctl always attempt to lock it. This plugin only works with...
Siemens SIMATIC Devices Improper Input Validation (CVE-2024-26882)
net: iptunnel: make sure to pull inner header in iptunnelrcv. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503477; scriptversion"1.2";...