411 matches found
Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Use of Uninitialized Resource (CVE-2024-46744)
In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...
Siemens SIMATIC Devices Integer Overflow or Wraparound (CVE-2024-58017)
printk: Fix signed integer overflow when defining LOGBUFLENMAX This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503397; scriptversion"1.2";...
Siemens SIMATIC Devices Out-of-bounds Write (CVE-2024-36916)
In the Linux kernel, the following vulnerability has been resolved: blk-iocost: avoid out of bounds shift UBSAN catches undefined behavior in blk-iocost, where sometimes iocg-delay is shifted right by a number that is too large, resulting in undefined behavior on some architectures. 186.556576...
Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-44960)
usb: gadget: core: Check for unset descriptor. It needs to be reassured that the descriptor has been set before looking at maxpacket. This fixes a null pointer panic in this case. This may happen if the gadget doesn't properly set up the endpoint for the current speed, or the gadget descriptors a...
Siemens SIMATIC Devices Improper Locking (CVE-2024-26643)
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: mark set as dead when unbinding anonymous set with timeout This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable,...
Siemens SIMATIC Devices NULL Pointer Dereference (CVE-2024-26812)
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Create persistent INTx handler This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if descripti...
Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Out-of-bounds Read (CVE-2024-49930)
wifi: ath11k: fix array out-of-bound access in SoC stats. Currently, the ath11ksocdpstats::halreoerror array is defined with a maximum size of DPREODSTRINGMAX. However, the ath11kdpprocessrx function access ath11ksocdpstats::halreoerror using the REO destination SRNG ring ID, which is incorrect...
Siemens SIMATIC Devices Improper Input Validation (CVE-2024-27437)
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Disable auto-enable of exclusive INTx IRQ Currently for devices requiring masking at the irqchip for INTx, ie. devices without DisINTx support, the IRQ is enabled in requestirq and subsequently disabled as necessary to...
Siemens SIMATIC Devices Improper Validation of Array Index (CVE-2024-35905)
In the Linux kernel, the following vulnerability has been resolved: bpf: Protect against int overflow for stack access size This patch re-introduces protection against the size of access to stack memory being negative; the access size can appear negative as a result of overflowing its signed int...
Siemens SIMATIC Devices Use After Free (CVE-2024-27395)
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Fix Use-After-Free in ovsctexit Since kfreercu, which is called in the hlistforeachentryrcu traversal of ovsctlimitexit, is not part of the RCU read critical section, it is possible that the RCU grace period wil...
Siemens SIMATIC Devices Use After Free (CVE-2025-21858)
geneve: Fix use-after-free in genevefinddev This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503396; scriptversion"1.2";...
Siemens SIMATIC Devices Improper Input Validation (CVE-2024-27047)
Vulnerablity in Linux kernel: net: phy: phygetinternaldelay accessing an empty array The phygetinternaldelay function could try to access to an empty array in the case that the driver is calling phygetinternaldelay without defining delayvalues and rx-internal- delay-ps or tx-internal-delay-ps is...
Siemens SIMATIC Devices Improper Input Validation (CVE-2024-26642)
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: disallow anonymous set with timeout flag This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...
Siemens SIMATIC Devices Use After Free (CVE-2024-23848)
In the Linux kernel through 6.7.1, there is a use-after-free in cecqueuemsgfh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL...
Siemens SIMATIC Devices Improper Validation of Array Index (CVE-2024-35813)
In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid negative index with array access Commit 4d0c8d0aef63 mmc: core: Use mrq.sbc in close-ended ffu assigns previdata = idatasi - 1, but doesn't check that the iterator i is greater than zero. Let's fix this by adding...
Siemens SIMATIC Devices Exposure of Resource to Wrong Sphere (CVE-2024-36959)
In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix refcount leak in pinctrldttomap If we fail to allocate propname buffer, we need to drop the reference count we just took. Because the pinctrldtfreemaps includes the droping operation, here we call it...
Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Improper Cleanup on Thrown Exception (CVE-2024-53059)
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix response handling in iwlmvmsendrecoverycmd 1. The size of the response packet is not validated. 2. The response buffer is not freed. Resolve these issues by switching to iwlmvmsendcmdstatus, which handles...
Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Use After Free (CVE-2024-49903)
In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uaf in dbFreeBits syzbot reported ================================================================== BUG: KASAN: slab-use-after-free in mutexlockcommon kernel/locking/mutex.c:587 inline BUG: KASAN: slab-use-after-free in...
Siemens SIMATIC Devices Improper Input Validation (CVE-2024-42272)
sched: actct: take care of padding in struct zoneshtkey. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503724; scriptversion"1.2";...
Siemens SIMATIC Devices Improper Input Validation (CVE-2024-35902)
net/rds: possible cp null dereference cp might be null, calling cp-cpconn would produce null dereference. Cp is a parameter of rdsrdmamap and is not reassigned. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 809...