126 matches found
Astra Linux - уязвимость в python-urllib3
urllib3 before version 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest. NOTE: this is similar to CVE-2020-26116...
Security Updates for Microsoft SQL Server (March 2026)
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerabilities: - A privilege escalation vulnerability CVE-2026-21262, CVE-2026-26115, CVE-2026-26116 Note that Nessus has not tested for these issues but has instea...
CVE-2026-26116 SQL Server Elevation of Privilege Vulnerability
...
CVE-2026-26116
creationtimestamp| type| source ---|---|--- 2026-03-10 16:57:37+00:00| seen| https://www.thezdi.com/blog/2026/3/10/the-march-2026-security-update-review 2026-03-11 03:00:16+00:00| seen| https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+March+2026/32782 2026-03-11 03:00:20+00:00| seen|...
KB5077468 - Description of the security update for SQL Server 2025 GDR: March 10, 2026
KB5077468 - Description of the security update for SQL Server 2025 GDR: March 10, 2026 Applies To SQL Server 2025 on Windows all editions, SQL Server 2025 on Linux all editions Summary Improvements and fixes included in this update How to obtain and install the update More information File...
KB5077466 - Description of the security update for SQL Server 2025 CU2: March 10, 2026
KB5077466 - Description of the security update for SQL Server 2025 CU2: March 10, 2026 Applies To SQL Server 2025 on Windows all editions, SQL Server 2025 on Linux all editions Summary Improvements and fixes included in this update How to obtain and install the update How to obtain or download th...
CVE-2022-26116
Multiple improper neutralization of special elements used in SQL commands 'SQL Injection' vulnerability CWE-89 in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attack...
CVE-2021-26116
An improper neutralization of special elements used in an OS command vulnerability in the command line interpreter of FortiAuthenticator before 6.3.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...
Linux Distros Unpatched Vulnerability : CVE-2023-26116
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service ReDoS via the angular.copy utility function due to the usage ...
Linux Distros Unpatched Vulnerability : CVE-2020-26116
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP...
K000141463: Angular JS vulnerabilities CVE-2019-10768 and CVE-2023-26116
Security Advisory Description CVE-2019-10768 In AngularJS before 1.7.9 the function merge could be tricked into adding or modifying properties of Object.prototype using a proto payload. CVE-2023-26116 Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Servi...
Ubuntu: Security Advisory (USN-6891-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-26116
Adobe Experience Manager (AEM) 6.5.20 and earlier are affected by a reflected Cross‑Site Scripting (XSS) vulnerability. An attacker can lure a user to a crafted URL referencing a vulnerable page, causing malicious JavaScript to execute in the victim’s browser. The issue is documented across multi...
RHEL 9 : firefox (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - wasm2c: DoS via crafted binary CVE-2023-31670 - Versions of the package angular from 1.2.21 are vulnerabl...
RHEL 6 : angularjs (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - angularjs: Regular Expression Denial of Service via the element CVE-2023-26118 - Versions of the package...
Fedora 39 : icecat (2023-035866b576)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-035866b576 advisory. - Release 115.3.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...
Rocky Linux 8 : python38:3.8 (RLSA-2021:1879)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:1879 advisory. - http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker control...
CLSA-2023-1698945913 python3: Fix of CVE-2020-26116
CVE-2020-26116: prevent header injection in http methods...
Fedora: Security Advisory for icecat (FEDORA-2023-7342330743)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 38 : icecat (2023-7342330743)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-7342330743 advisory. - Release 115.3.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...