HP LaserJet Improper Access Control (CVE-2014-7875)

Unspecified vulnerability on the HP LaserJet CM3530 Multifunction Printer CC519A and CC520A with firmware before 53.236.2 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors. This plugin only works with Tenable.ot. Please visit...

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2026-23231)

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix use-after-free in nftablesaddchain nftablesaddchain publishes the chain to table-chains via listaddtailrcu in nftchainadd before registering hooks. If nftablesregisterhook then fails, the error path calls...

RHEL 8 : xorg-x11-server-Xwayland (RHSA-2026:26562)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:26562 advisory. Xwayland is an X server for running X clients under Wayland. Security Fixes: xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server:...

Joomla! Extension 'JCE' < 2.9.99.5 Remote Code Execution

The version of the JCE Joomla Content Editor extension for the Joomla! application running on the remote host is prior to 2.9.99.5. It is, therefore, affected by an improper access control vulnerability. The extension allows the creation of new editor profiles for unauthenticated users, ultimatel...

Siemens RUGGEDCOM RST2428P Improper Update of Reference Count (CVE-2025-40251)

In the Linux kernel, the following vulnerability has been resolved: devlink: rate: Unset parent pointer in devlratenodesdestroy The function devlratenodesdestroy is documented to Unset parent for all rate objects. However, it was only calling the driver-specific rateleafparentset or...

Siemens RUGGEDCOM RST2428P Improper Access Control (CVE-2025-60876)

BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request-target path/query, allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw spac...

Siemens RUGGEDCOM RST2428P Out-of-bounds Write (CVE-2026-1489)

A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds write...

Siemens RUGGEDCOM RST2428P Improper Resource Shutdown or Release (CVE-2025-1376)

A vulnerability classified as problematic was found in GNU elfutils 0.192. This vulnerability affects the function elfstrptr in the library /libelf/elfstrptr.c of the component eu-strip. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The...

RHEL 9 : xorg-x11-server-Xwayland (RHSA-2026:26590)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26590 advisory. Xwayland is an X server for running X clients under Wayland. Security Fixes: xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server:...

Siemens RUGGEDCOM RST2428P Integer Overflow or Wraparound (CVE-2025-13601)

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the gescapeuristring function. If the string to escape contains a very large number of unacceptable characters which would need escaping, the calculation of the length of the escaped string...

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2025-40263)

In the Linux kernel, the following vulnerability has been resolved: Input: croseckeyb - fix an invalid memory access If croseckeybregistermatrix isn't called due to buttonsswitchesonly in croseckeybprobe, ckdev-idev remains NULL. An invalid memory access is observed in croseckeybprocess when...

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2026-23030)

In the Linux kernel, the following vulnerability has been resolved: phy: rockchip: inno-usb2: Fix a double free bug in rockchipusb2phyprobe The foreachavailablechildofnode calls ofnodeput to release childnp in each success loop. After breaking from the loop with the childnp has been released, the...

Siemens RUGGEDCOM RST2428P Race Condition (CVE-2025-40258)

"In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcpschedulework syzbot reported use-after-free in mptcpschedulework 1 Issue here is that mptcpschedulework schedules a work, then gets a refcount on sk-skrefcnt if the work was scheduled. This...

Siemens RuggedCom Rox Heap-based Buffer Overflow (CVE-2024-3447)

A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both s-datacount and the size of s-fifobuffer are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a...

Devolutions Remote Desktop Manager <= 2026.2.7 Command Injection (DEVO-2026-0018)(CVE-2026-12161)

The version of Devolutions Remote Desktop Manager installed on the remote host is 2025.2.7 or earlier. It is, therefore, affected by a command injection vulnerability: - Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticat...

Siemens Ruggedcom Rox Uncontrolled Recursion (CVE-2019-13103)

A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data. This plugin only works with Tenable.ot. Please visit...

RHEL 8 : kernel (RHSA-2026:26570)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26570 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: geneve: Fix use-after-free in...

Siemens RuggedCom Rox Integer Underflow (Wrap or Wraparound) (CVE-2019-14192)

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a netprocessreceivedpacket integer underflow during an ncinputpacket call. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2025-71189)

In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw: dmamux: fix OF node leak on route allocation failure Make sure to drop the reference taken to the DMA master OF node also on late route allocation failures. This plugin only works with Tenable.ot. Please visit...

Siemens RUGGEDCOM RST2428P Expired Pointer Dereference (CVE-2025-49795)

A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service. This plugin only works with Tenable.ot. Please visit...

Siemens RuggedCom Rox Out-of-bounds Write (CVE-2019-14193)

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfsreadlinkreply, in the if block after calculating the new path length. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Siemens RUGGEDCOM RST2428P Infinite Loop (CVE-2026-23220)

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix infinite loop caused by nextsmb2rcvhdroff reset in error paths The problem occurs when a signed request fails smb2 signature verification check. In processrequest, if checksignreq returns an error, setsmb2rspstatuswork...

Siemens RUGGEDCOM RST2428P Uncontrolled Recursion (CVE-2025-8732)

A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has been disclosed to...

Libheif < 1.22.1 OOB Read (macOS)

According to its self-reported version, libheif prior to 1.22.1 is affected by an out-of-bounds read vulnerability. The uncompressed HEIF decoder validates explicit icef compressed-unit offsets using unitoffset + unitsize. Because the addition can wrap, a crafted HEIF file can pass the range chec...

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2026-23038)

In the Linux kernel, the following vulnerability has been resolved: pnfs/flexfiles: Fix memory leak in nfs4ffallocdeviceidnode In nfs4ffallocdeviceidnode, if the allocation for dsversions fails, the function jumps to the outscratch label without freeing the already allocated dsaddrs list, leading...

Siemens SIMATIC S7-1500 TM MFP Use After Free (CVE-2026-28387)

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...

Lexmark Printers Improper Restriction of Operations Within the Bounds of a Memory Buffer (CVE-2018-15519)

Various Lexmark devices have a Buffer Overflow issue 1 of 2. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid505489; scriptversion"1.3";...

Siemens RUGGEDCOM RST2428P Out-of-bounds Write (CVE-2025-40345)

In the Linux kernel, the following vulnerability has been resolved: usb: storage: sddr55: Reject out-of-bound newpba Discovered by Atuin - Automated Vulnerability Discovery Engine. newpba comes from the status packet returned after each write. A bogus device could report values beyond the block...

Siemens RuggedCom Rox Use After Free (CVE-2023-3019)

A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. This plugin only works with Tenable.ot. Please visit...

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2026-23230)

In the Linux kernel, the following vulnerability has been resolved: smb: client: split cachedfid bitfields to avoid shared-byte RMW races isopen, haslease and onlist are stored in the same bitfield byte in struct cachedfid but are updated in different code paths that may run concurrently. Bitfiel...

Lexmark Printers Denial of Service (CVE-2019-9931)

Various Lexmark printers contain a denial of service vulnerability in the SNMP service that can be exploited to crash the device. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

RHEL 8 : firefox (RHSA-2026:26629)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:26629 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

RHEL 8 : firefox (RHSA-2026:26606)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:26606 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2025-10966)

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more. This plugin only works with Tenable.ot. Please visit...

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2025-40250)

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Clean up only new IRQ glue on requestirq failure The mlx5irqalloc function can inadvertently free the entire rmap and end up in a crash1 when the other threads tries to access this, when requestirq fails due to exhauste...

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2026-23026)

In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: gpi: Fix memory leak in gpiperipheralconfig Fix a memory leak in gpiperipheralconfig where the original memory pointed to by gchan-config could be lost if krealloc fails. The issue occurs when: 1. gchan-config...

Siemens RuggedCom Rox Out-of-bounds Write (CVE-2019-14202)

An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfshandler reply helper function: nfsreadlinkreply. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...

AlmaLinux 8 : kernel-rt (ALSA-2026:26428)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:26428 advisory. kernel: mptcp: fix slab-use-after-free in inetlookupestablished CVE-2026-31669 kernel: xen/privcmd: fix double free via VMA splitting CVE-2026-31787...

Debian dsa-6349 : atril - security update

The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6349 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6349-1 [email protected] https://www.debian.org/security/...

Siemens RUGGEDCOM RST2428P Multiple Releases of Same Resource or Handle (CVE-2025-40261)

In the Linux kernel, the following vulnerability has been resolved: nvme: nvme-fc: Ensure -ioerrwork is cancelled in nvmefcdeletectrl nvmefcdeleteassocation waits for pending I/O to complete before returning, and an error can cause -ioerrwork to be queued after cancelworksync had been called. Mov...

Siemens RUGGEDCOM RST2428P NULL Pointer Dereference (CVE-2026-22976)

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix NULL deref when deactivating inactive aggregate in qfqreset qfqclass-leafqdisc-q.qlen 0 does not imply that the class itself is active. Two qfqclass objects may point to the same leafqdisc. This happens whe...

Siemens RuggedCom Rox Path Traversal (CVE-2025-6020)

A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. This plugin only works with Tenable.ot. Please visit...

Siemens RUGGEDCOM RST2428P External Control of File Name or Path (CVE-2026-26158)

A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to...

Squid < 7.6 Heap-based Buffer Overflow

The version of Squid on the remote host is prior to 7.6. It is, therefore, affected by a heap-based buffer overflow vulnerability: - Due to an Improper Input Validation bug, Squid is vulnerable to a Heap-based Buffer Overflow attack against cache digests. This problem allows a trusted server to...

Vim < 9.2.0565 Out-of-Bounds Read (GHSA-47gw-8gc3-mgcm)

The version of Vim installed on the remote host is prior to 9.2.0565. It is, therefore, affected by a vulnerability as referenced in the GHSA-47gw-8gc3-mgcm advisory. - The updatesnapshot function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is...

Mattermost Server 10.11.x < 10.11.14 / 11.5.x < 11.5.2 Vulnerability (MMSA-2025-00552)

The version of Mattermost Server installed on the remote host is affected by a vulnerability: - Mattermost fails to check if teamid was being changed when updating playbooks, allowing users with only Manage Playbook Configurations permission to change a playbook's team, bypassing manage members...

RHEL 9 : redhat-ds:12 (RHSA-2026:26639)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26639 advisory. Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol LDAP...

Ruby net-imap < 0.5.15 / 0.6.x < 0.6.4.1 Multiple Vulnerabilities

The version of the net-imap Ruby library installed on the remote host is prior to 0.5.15, or 0.6.x prior to 0.6.4.1. It is, therefore, affected by multiple vulnerabilities. - Several Net::IMAP commands accept a raw data argument that is sent verbatim after validation to prevent command injection...

Cisco Identity Services Engine (cisco-sa-ise-multi-G5WP8vv)

According to its self-reported version, Cisco ISE is affected by a vulnerability. - A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute... CVE-2026-20181 Please see the included Cisco BIDs and Cisco Security Advisory for more information. TRUSTED...

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2026-23238)

"In the Linux kernel, the following vulnerability has been resolved: romfs: check sbsetblocksize return value romfsfillsuper ignores the return value of sbsetblocksize, which can fail if the requested block size is incompatible with the block device's configuration. This can be triggered by setti...