RHCOS 4 : OpenShift Container Platform 4.6.56 (RHSA-2022:0866)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0866 advisory. - cri-o: pod with access to 'hostIPC' and 'hostNetwork' kernel namespace allows sysctl from the list of safe sysctls to be applied t...

RHCOS 3 : OpenShift Container Platform 3.10 atomic-openshift kube-apiserver (RHSA-2019:2989)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2989 advisory. - atomic-openshift: OpenShift builds don't verify SSH Host Keys for the git repository CVE-2019-10150 - containers/image: not...

Linux Distros Unpatched Vulnerability : CVE-2026-43099

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipv4: icmp: fix null-ptr-deref in icmpbuildprobe ipv6stub-ipv6devfind may return ERRPTR-EAFNOSUPPORT when the IPv6 stack is not active CONFIGIPV6=m and not...

Google Chrome < 148.0.7778.96 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 148.0.7778.96. It is, therefore, affected by multiple vulnerabilities as referenced in the 202605stable-channel-update-for-desktop advisory. - Use after free in WebRTC. CVE-2026-7928, CVE-2026-7987, CVE-2026-8016 -...

RHCOS 4 : OpenShift Container Platform 4.7.45 (RHSA-2022:0870)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0870 advisory. - cri-o: pod with access to 'hostIPC' and 'hostNetwork' kernel namespace allows sysctl from the list of safe sysctls to be applied t...

Linux Distros Unpatched Vulnerability : CVE-2026-43266

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - EFI/CPER: don't go past the ARM processor CPER record buffer There's a logic inside GHES/CPER to detect if the sectionlength is too small, but it doesn't detect...

nanoclaw 路径遍历漏洞

Nanoclaw is a lightweight tool developed by Qwibit.ai, designed for securely running AI assistants within independent containers. Nanoclaw has a path traversal vulnerability. This vulnerability stems from issues with the host/container file system boundaries during outbound attachment processing...

PT-2026-38305

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.6.32 Description A logical flaw in the URL checking logic allows attackers to bypass security filters, leading to Server-Side Request Forgery SSRF. The system uses the validate url function to perform security...

RHCOS 3 : OpenShift Container Platform 3.9 atomic-openshift (RHSA-2019:3811)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3811 advisory. - atomic-openshift: OpenShift builds don't verify SSH Host Keys for the git repository CVE-2019-10150 - kubernetes: Incomplete fixes...

RHCOS 4 : OpenShift Container Platform 4.8.9 (RHSA-2021:3248)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3248 advisory. - golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header CVE-2021-31525 - golang: net: lookup...

RHCOS 3 : OpenShift Container Platform 3.11 atomic-openshift (RHSA-2019:3143)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3143 advisory. - atomic-openshift: OpenShift builds don't verify SSH Host Keys for the git repository CVE-2019-10150 Note that Nessus has not tested for thi...

PT-2026-37429

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A data race exists in the Bluetooth component involving the hdev-req status variable. While hci cmd sync sk modifies this variable under the hdev-req lock, other functions—including hci...

PT-2026-38281

Name of the Vulnerable Software and Affected Versions azureauthextension versions 0.124.0 through 0.150.0 Description A server-side authentication bypass exists in the azureauthextension when used by an OpenTelemetry receiver with auth: azure auth. The Authenticate function fails to validate...

AlmaLinux 10 : osbuild-composer (ALSA-2026:13643)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:13643 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 Tenable has extracted the preceding description block directly from the AlmaLinux...

Linux Distros Unpatched Vulnerability : CVE-2026-43109

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - x86: shadow stacks: proper error handling for mmap lock reports that shstkpopsigframe doesn't check for errors from mmapreadlockkillable, which is a silly...

Linux Distros Unpatched Vulnerability : CVE-2026-43246

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: i2c/tw9906: Fix potential memory leak in tw9906probe In one of the error paths in tw9906probe, the memory allocated in v4l2ctrlhandlerinit and...

Fedora 43 : squid (2026-e6a4814a4d)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-e6a4814a4d advisory. - new version 7.5 - security update Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Ness...

Linux Distros Unpatched Vulnerability : CVE-2026-43274

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchpipcgetclusteraggrirq The clustercfg array is dynamically allocated to hold per-CPU configuration...

AlmaLinux 10 : image-builder (ALSA-2026:13642)

The remote AlmaLinux 10 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2026:13642 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 Tenable has extracted the preceding description block directly from the AlmaLinux...

PT-2026-37532

In the Linux kernel, the following vulnerability has been resolved: dm mpath: Add missing dm put device when failing to get scsi dh name When commit fd81bc5cca8f "scsi: device handler: Return error pointer in scsi dh attached handler name" added code to fail parsing the path if scsi dh attached...