Linux Distros Unpatched Vulnerability : CVE-2026-44545

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory. Because Autobahn defaults both values to 0...

Linux Distros Unpatched Vulnerability : CVE-2026-46087

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/damon/stat: fix memory leak on damonstart failure in damonstatstart Destroy the DAMON context and reset the global pointer when damonstart fails. Otherwise,...

Linux Distros Unpatched Vulnerability : CVE-2026-46188

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - octeonepvf: add NULL check for napibuildskb napibuildskb can return NULL on allocation failure. In octepvfoqprocessrx, the result is used directly without a NUL...

RockyLinux 10 : systemd (RLSA-2026:19068)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19068 advisory. systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data CVE-2026-29111 Tenable has extracted the preceding description...

AIX : Multiple Vulnerabilities (IJ58140)

The version of AIX installed on the remote host is prior to APAR IJ58140. It is, therefore, affected by multiple vulnerabilities as referenced in the IJ58140 advisory. - A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition XSD...

Mozilla Firefox < 151.0.3

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 151.0.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-54 advisory. - Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox...

AlmaLinux 8 : .NET 9.0 (ALSA-2026:21294)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:21294 advisory. dotnet: .NET: infinite loop allows an attacker to cause a denial of service CVE-2026-42899 Tenable has extracted the preceding description block directly from the...

Oracle Linux 8 : compat-openssl10 (ELSA-2026-22315)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-22315 advisory. 1.1.0.2o-4.2 - Fixes CVE-2026-28390: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing Resolves: RHEL-165754 Tenable has...

Linux Distros Unpatched Vulnerability : CVE-2026-45924

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: call ksmbdvfskernpathendremoving on some error paths There are two places where ksmbdvfskernpathendremoving needs to be called in order to balance what t...

Linux Distros Unpatched Vulnerability : CVE-2026-45881

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - soc: mediatek: svs: Fix memory leak in svsenabledebugwrite In svsenabledebugwrite, the buf allocated by memdupusernul is leaked if kstrtoint fails. Fix this by...

Debian dsa-6321 : ceph - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6321 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6321-1 [email protected]...

Linux Distros Unpatched Vulnerability : CVE-2026-46211

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/msm/gem: fix error handling in msmioctlgeminfogetmetadata msmioctlgeminfogetmetadata always returns 0 regardless of errors. When copytouser fails or the use...

Fedora 43 : hplip (2026-28afc9a105)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-28afc9a105 advisory. Update to 3.26.4, fixes CVE-2026-8631, CVE-2026-8632 Tenable has extracted the preceding description block directly from the Fedora security advisor...

Linux Distros Unpatched Vulnerability : CVE-2026-47337

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AFINET/AFINET6 socket mediation. The bug can be...

Linux Distros Unpatched Vulnerability : CVE-2026-46162

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ice: fix double free in icesfethactivate error path When auxiliarydeviceadd fails, icesfethactivate jumps to auxdevuninit and calls...

Linux Distros Unpatched Vulnerability : CVE-2026-45946

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - power: supply: ab8500: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registering the...

Linux Distros Unpatched Vulnerability : CVE-2026-46248

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: ath12k: clear stale link mapping of ahvif-linksmap When an arvif is initialized in non-AP STA mode but MLO connection preparation fails before the arvif i...

MiracleLinux 8 : cockpit-310.8-1.el8_10.ML.1 (AXSA:2026-750:04)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-750:04 advisory. cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI CVE-2026-4802 Tenable has extracted the preceding description block directly...

Linux Distros Unpatched Vulnerability : CVE-2025-71311

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs/ntfs3: Initialize new folios before use KMSAN reports an uninitialized value in longestmatchstd, invoked from ntfscompresswrite. When new folios are allocate...

Linux Distros Unpatched Vulnerability : CVE-2026-46011

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: mtk-jpeg: fix use-after-free in release path due to uncancelled work The mtkjpegrelease function frees the context structure ctx without first cancelling...

SUSE SLES15 Security Update : kernel (Live Patch 27 for SUSE Linux Enterprise 15 SP5) (SUSE-SU-2026:2149-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2149-1 advisory. This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.110 fixes various security issues The following security issues were fixed: ...

Linux Distros Unpatched Vulnerability : CVE-2026-44546

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not...

Photon OS 5.0: Linux PHSA-2026-5.0-0861

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0861. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Linux Distros Unpatched Vulnerability : CVE-2026-46176

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/mlx5: Fix error path fall-through in mlx5ibdevressrqinit mlx5ibdevressrqinit allocates two SRQs, s0 and s1. When ibcreatesrq fails for s1, the error branch...

Linux Distros Unpatched Vulnerability : CVE-2026-46025

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/damon/core: fix damoncall vs kdamondfn exit race Patch series mm/damon/core: fix damoncall/damoswalk vs kdmond exit race. damoncall and damoswalk can leak...

Siemens SENTRON PAC Out-of-bounds Read (CVE-2020-13987)

The TCP/IP stack uIP in affected devices is vulnerable to out-of-bounds read when calculating the checksum for IP packets. An attacker located in the same network could trigger a Denial-of-Service condition on the device by sending a specially crafted IP packet. This plugin only works with...

RockyLinux 10 : iputils (RLSA-2026:18162)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18162 advisory. iputils: iputils integer overflow CVE-2025-48964 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. Note that...

Linux Distros Unpatched Vulnerability : CVE-2026-45952

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: Add validation for MTU changes Increasing the MTU beyond the HDS threshold cause...

Linux Distros Unpatched Vulnerability : CVE-2026-46145

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/mana: Validate rxhashkeylen Sashiko points out that rxhashkeylen comes from a uAPI structure and is blindly passed to memcpy, allowing the userspace to tra...

Linux Distros Unpatched Vulnerability : CVE-2026-47192

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - kas's late signature validation may allow unnoticed repository manipulations CVE-2026-47192 Note that Nessus relies on the presence of the package as reported b...

Linux Distros Unpatched Vulnerability : CVE-2026-46085

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rxrpc: Fix rxkad crypto unalignment handling Fix handling of a packet with a misaligned crypto length. Also handle non-ENOMEM errors from decryption by aborting...

Photon OS 5.0: Curl PHSA-2026-5.0-0856

An update of the curl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0856. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Linux Distros Unpatched Vulnerability : CVE-2026-45980

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - accel/amdxdna: Stop job scheduling across aie2releaseresource Running jobs on a hardware context while it is in the process of releasing resources can lead to...

Linux Distros Unpatched Vulnerability : CVE-2026-45887

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - afunix: Fix memleak of newsk in unixstreamconnect. When preparepeercred fails in unixstreamconnect, unixreleasesock is not called for newsk, and the memory is...

AlmaLinux 8 : .NET 10.0 (ALSA-2026:21295)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:21295 advisory. dotnet: .NET: infinite loop allows an attacker to cause a denial of service CVE-2026-42899 Tenable has extracted the preceding description block directly from the...

Linux Distros Unpatched Vulnerability : CVE-2026-46259

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - procfs: fix missing RCU protection when reading realparent in dotaskstat When reading /proc/pid/stat, dotaskstat accesses task-realparent without proper RCU...

Linux Distros Unpatched Vulnerability : CVE-2026-45950

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: starfive - Fix memory leak in starfiveaesaeaddoonereq The starfiveaesaeaddoonereq function allocates rctx-adata with kzalloc but fails to free it if...

TencentOS Server 4: squid (TSSA-2026:0346)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0346 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Linux Distros Unpatched Vulnerability : CVE-2026-45906

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: power: supply: pf1550: Fix use-after- free in powersupplychanged Using the devm variant for...

CentOS 9 : vim-8.2.2637-31.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the vim-8.2.2637-31.el9 build changelog. - arbitrary command execution via modeline sandbox bypass CVE-2026-34982 Note that Nessus has not tested for this issue but has instead relied only ...

Linux Distros Unpatched Vulnerability : CVE-2026-45935

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs/ntfs3: Fix slab-out-of-bounds read in DeleteIndexEntryRoot In the 'DeleteIndexEntryRoot' case of the 'doaction' function, the entry size 'esize' is retrieve...

Linux Distros Unpatched Vulnerability : CVE-2026-37711

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the...

Siemens SENTRON PAC Out-of-bounds Write (CVE-2020-17437)

The TCP/IP stack uIP in affected devices is vulnerable to out-of-bounds write when processing TCP packets with urgent pointer URG where the location of the TCP data payload is calculated improperly. An attacker located in the same network could trigger a Denial-of-Service condition on the device ...

Linux Distros Unpatched Vulnerability : CVE-2026-46034

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vfio/cdx: Fix NULL pointer dereference in interrupt trigger path Add validation to ensure MSI is configured before accessing cdxirqs array in...

Linux Distros Unpatched Vulnerability : CVE-2026-48019

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - php-laravel-framework - None CVE-2026-48019 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900...

RockyLinux 10 : python-jwcrypto (RLSA-2026:19042)

The remote RockyLinux 10 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2026:19042 advisory. JWCrypto: python-cryptography: python: JWCrypto: Memory exhaustion via crafted compressed JWE tokens CVE-2026-39373 Tenable has extracted the preceding...

MiracleLinux 8 : flatpak-1.12.9-4.el8_10 (AXSA:2026-753:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-753:02 advisory. flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on...

Fedora 43 : dovecot (2026-693373747f)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-693373747f advisory. CVE-2026-27851: lib-var-expand: Safe filter marks all following pipelines safe. CVE-2026-33603: auth: CRAM-SHA--PLUS channel binding could be faked...

Linux Distros Unpatched Vulnerability : CVE-2026-46213

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HID: appletb-kbd: fix UAF in inactivity-timer cleanup path Commit 38224c472a03 HID: appletb-kbd: fix slab use-after-free bug in appletbkbdprobe added...

Linux Distros Unpatched Vulnerability : CVE-2026-46268

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PCI/P2PDMA: Fix p2pmemallocmmap warning condition Commit b7e282378773 has already changed the initial page refcount of p2pdma page from one to zero, however, in...