Linux Distros Unpatched Vulnerability : CVE-2026-54280

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, payload resources are not closed correctly when a client...

Amazon Linux 2023 : python3-urllib3 (ALAS2023-2026-1843)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1843 advisory. urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen..., assertsamehost=False still...

Amazon Linux 2 : kernel, --advisory ALAS2-2026-3374 (ALAS-2026-3374)

The version of kernel installed on the remote host is prior to 4.14.355-282.731. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3374 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions...

RHEL 10 : firefox (RHSA-2026:27715)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:27715 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

Autodesk Revit 2024 < 2024.3.5 / 2025 < 2025.4.5 / 2026 < 2026.4.1 / 2027 < 2027.1 DoS (adsk-sa-2026-0007)

The version of Autodesk Revit installed on the remote host is 2024 prior to 2024.3.5, 2025 prior to 2025.4.5, 2026 prior to 2026.4.1, or 2027 prior to 2027.1. It is, therefore, affected by a denial of service vulnerability: - A maliciously crafted RFA file, when converted to FormIt via 'Convert R...

RHEL 10 : golang-github-openprinting-ipp-usb (RHSA-2026:27740)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:27740 advisory. HTTP reverse proxy, backed by IPP-over-USB connection to device. It enables driverless support for USB devices capable of using IPP-over-USB...

SUSE SLES15 Security Update : ldns (SUSE-SU-2026:2461-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2461-1 advisory. This update for ldns fixes the following issue - CVE-2026-10846: When ldns is used by applications for stub resolving, it does not...

Amazon Linux 2023 : perl-Sereal-Decoder (ALAS2023-2026-1830)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1830 advisory. Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srldecoder.c, srlreadobject and srlreadhash process a COPY tag, a back-reference whose...

Amazon Linux 2 : evince, --advisory ALAS2-2026-3354 (ALAS-2026-3354)

The version of evince installed on the remote host is prior to 3.28.2-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3354 advisory. CVE-2026-46529 is a command injection vulnerability in Evince, Atril, and Xreader caused by missing quoting of shell-like input in...

Amazon Linux 2023 : perl-Crypt-PBKDF2 (ALAS2023-2026-1891)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1891 advisory. Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlyin...

RHEL 9 : Red Hat OpenStack Platform 17.1 (golang-uber-multierr) (RHSA-2026:28046)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28046 advisory. Security Fixes: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-32282 For more details about the security issues,...

RHEL 8 : kernel-rt (RHSA-2026:27812)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27812 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements...

Amazon Linux 2023 : mariadb1011, mariadb1011-backup, mariadb1011-client-utils (ALAS2023-2026-1844)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1844 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable...

Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1863)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1863 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions CVE-2026-46243 In the Linux kernel, the following vulnerability has...

SUSE SLED15 / SLES15 Security Update : ldns (SUSE-SU-2026:2462-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2462-1 advisory. This update for ldns fixes the following issue - CVE-2026-10846: When ldns is used by applications for stub resolving, ...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2026-125 (ALASKERNEL-5.4-2026-125)

The version of kernel installed on the remote host is prior to 5.4.302-224.474. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.4-2026-125 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego...

Amazon Linux 2023 : golist (ALAS2023-2026-1874)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1874 advisory. x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, . to execute repeatedly on the same...

Amazon Linux 2023 : perl-Unicode-LineBreak (ALAS2023-2026-1831)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1831 advisory. Text::LineFold versions through 2019.001 for Perl duplicate the output based on the number of special break characters. Text::LineFold splits the input string by specific line break characters such as...

Amazon Linux 2023 : gdal310, gdal310-devel, gdal310-java (ALAS2023-2026-1833)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1833 advisory. In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer withou...

Amazon Linux 2 : rclone, --advisory ALAS2-2026-3384 (ALAS-2026-3384)

The version of rclone installed on the remote host is prior to 1.55.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3384 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Tenable has extracted...