337899 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-45989
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - of: unittest: fix use-after-free in testdrvprobe The function testdrvprobe retrieves the devicenode from the PCI device, applies an overlay, and then immediatel...
Linux Distros Unpatched Vulnerability : CVE-2026-6873
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.http.HttpRequest.getsignedcookie in Django uses a non-injective salt derivation...
Linux Distros Unpatched Vulnerability : CVE-2026-44581
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely on CSP nonces...
Linux Distros Unpatched Vulnerability : CVE-2026-45854
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: inside-secure/eip93 - unregister only available algorithm EIP93 has an options register. This register indicates which crypto algorithms are implemented...
Linux Distros Unpatched Vulnerability : CVE-2026-45884
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - apparmor: avoid per-cpu hold underflow in aagetbuffer When aagetbuffer pulls from the per-cpu list it unconditionally decrements cache-hold. If hold reaches 0...
Linux Distros Unpatched Vulnerability : CVE-2026-46239
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: i2c: ov5647: Fix runtime PM refcount leak in sctrl Three control cases AUTOGAIN, EXPOSUREAUTO, ANALOGUEGAIN directly return without calling pmruntimeput,...
Linux Distros Unpatched Vulnerability : CVE-2026-46067
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/damon/core: validate damosquotagoal-nid for nodememcgused,freebp Users can set damosquotagoal-nid with arbitrary value for nodememcgused,freebp. But DAMON co...
Linux Distros Unpatched Vulnerability : CVE-2026-3276
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating...
Linux Distros Unpatched Vulnerability : CVE-2026-46222
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: rockchip: rkcif: Add missing MUSTCONNECT flag to pads The pads missed checks for connected devices which may a null dereference when the stream is enable...
Oracle Linux 8 : gnutls (ELSA-2026-20611)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-20611 advisory. - Fix CVE-2026-33846 DTLS fragment reassembly, High, heap overwrite - Fix CVE-2026-42009 DTLS fragment reassembly, High, undefined behaviour - Fix...
Linux Distros Unpatched Vulnerability : CVE-2026-46134
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - platform/chrome: crosectypec: Init mutex in Thunderbolt registration crostypecregisterthunderbolt missed initializing the adata-lock mutex. This leads to a NULL...
Linux Distros Unpatched Vulnerability : CVE-2026-45979
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: clean up the amdgpucsparserbos In low memory conditions, kmalloc can fail. In su...
Linux Distros Unpatched Vulnerability : CVE-2026-46251
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - btrfs: fix blockgrouptree dirtylist corruption When the incompat flag EXTENTTREEV2 is set, we unconditionally add the block group tree to the switchcommits list...
Linux Distros Unpatched Vulnerability : CVE-2026-46104
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - selinux: use sk blob accessor in socket permission helpers SELinux socket state lives in the composite LSM socket blob. sockhasperm and nlmsgsockhasextendedperm...
RockyLinux 10 : libssh (RLSA-2026:18160)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:18160 advisory. libssh: Buffer underflow in sshgethexa on invalid input CVE-2026-0966 libssh: Improper sanitation of paths received from SCP servers CVE-2026-0964...
Linux Distros Unpatched Vulnerability : CVE-2026-47334
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly sleep while holding a spinlock in notification handling code. The bug can be...
Linux Distros Unpatched Vulnerability : CVE-2026-46194
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - f2fs: fix nodecnt race between extent node destroy and writeback f2fsdestroyextentnode does not set FINOEXTENT before clearing extent nodes. When called from...
AlmaLinux 9 : libexif (ALSA-2026:22553)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:22553 advisory. libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling CVE-2026-40385 libexif: libexif: Denial of Service...
MiracleLinux 8 : dotnet9.0-9.0.117-1.el8_10 (AXSA:2026-755:09)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-755:09 advisory. dotnet: .NET: infinite loop allows an attacker to cause a denial of service CVE-2026-42899 Tenable has extracted the preceding description block directly from...
Linux Distros Unpatched Vulnerability : CVE-2026-46118
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pseries/papr-hvpipe: Fix null ptr deref in paprhvpipedevcreatehandle commit 6d3789d347a7 papr- hvpipe: convert paprhvpipedevcreatehandle to FDPREPARE, changed t...
Linux Distros Unpatched Vulnerability : CVE-2026-40290
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology...
AIX : Multiple Vulnerabilities (IJ58122)
The version of AIX installed on the remote host is prior to APAR IJ58122. It is, therefore, affected by multiple vulnerabilities as referenced in the IJ58122 advisory. - A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition XSD...
Linux Distros Unpatched Vulnerability : CVE-2026-49975
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's modhttp leads to denial of service via malicious HTTP requests. This issue...
Linux Distros Unpatched Vulnerability : CVE-2025-68154
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the fsSize function in systeminformation is vulnerable to OS...
Linux Distros Unpatched Vulnerability : CVE-2026-46266
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - inet: RAW sockets using IPPROTORAW MUST drop incoming ICMP Yizhou Zhao reported that simply having one RAW socket on protocol IPPROTORAW 255 was dangerous...
Linux Distros Unpatched Vulnerability : CVE-2026-45937
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: inside-secure/eip93 - fix kernel panic in driver detach During driver detach, the same hash algorithm is unregistered multiple times due to a wrong...
Linux Distros Unpatched Vulnerability : CVE-2026-8404
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control...
Linux Distros Unpatched Vulnerability : CVE-2026-46035
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/pagealloc: return NULL early from allocfrozenpagesnolock in NMI on UP On UP kernels !CONFIGSMP, spintrylock is a no-op that unconditionally succeeds even whe...
RockyLinux 10 : go-fdo-client (RLSA-2026:19139)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19139 advisory. crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages CVE-2026-32283 Tenable has extracted the preceding description blo...
RockyLinux 10 : corosync (RLSA-2026:19043)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19043 advisory. corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet CVE-2026-35091 corosync: Corosync: Denial of Service via intege...
RockyLinux 10 : python3.12 (RLSA-2026:19064)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19064 advisory. expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375...
Linux Distros Unpatched Vulnerability : CVE-2026-46126
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/mana: Fix manadestroywqobj cleanup in manaibcreateqprss Sashiko points out there are two bugs here in the error unwind flow, both related to how the WQ tab...
Linux Distros Unpatched Vulnerability : CVE-2026-46255
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dmaengine: fsl-edma: don't explicitly disable clocks in .remove The clocks in fsledmaengine::muxclk are allocated and enabled with devmclkgetenabled, which...
Linux Distros Unpatched Vulnerability : CVE-2026-46097
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Input: edt-ft5x06 - fix use-after-free in debugfs teardown The commit 68743c500c6e Input: edt-ft5x06 - use per-client debugfs directory removed the manual debug...
Linux Distros Unpatched Vulnerability : CVE-2026-46057
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - landlock: Fix LOGSUBDOMAINSOFF inheritance across fork hookcredtransfer only copies the Landlock security blob when the source credential has a domain. This is...
Linux Distros Unpatched Vulnerability : CVE-2026-45702
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology...
Linux Distros Unpatched Vulnerability : CVE-2026-44582
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be...
RockyLinux 9 : compat-openssl11 (RLSA-2026:22313)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:22313 advisory. openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing CVE-2026-28390 Tenable has extracted the preceding descriptio...
pyOpenSSL 22.0.x < 26.0.0 Buffer Overflow
The version of pyOpenSSL installed on the remote host is prior to 26.0.0. It is, therefore, affected by a buffer overflow vulnerability: - pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to...
Linux Distros Unpatched Vulnerability : CVE-2026-46207
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vsock/virtio: fix empty payload in tap skb for non-linear buffers For non-linear skbs, virtiotransportbuildskb goes through virtiotransportcopynonlinearskb to...
AlmaLinux 10 : flatpak (ALSA-2026:21757)
The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:21757 advisory. flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on ho...
Linux Distros Unpatched Vulnerability : CVE-2026-10702
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3. CVE-2026-10702 Note that Nessus relies on the...
RockyLinux 10 : qemu-kvm (RLSA-2026:18479)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:18479 advisory. firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims CVE-2024-11694 firefox: thunderbird: Unhandled Exception in Add-on...
Linux Distros Unpatched Vulnerability : CVE-2026-46273
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ibmveth: Disable GSO for packets with small MSS Some physical adapters on Power systems do not support segmentation offload when the MSS is less than 224 bytes...
AlmaLinux 9 : .NET 9.0 (ALSA-2026:21296)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:21296 advisory. dotnet: .NET: infinite loop allows an attacker to cause a denial of service CVE-2026-42899 Tenable has extracted the preceding description block directly from the...
Linux Distros Unpatched Vulnerability : CVE-2025-71309
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix deadlock in nireadfoliocmpr Syzbot reported a task hung in nireadpagecmpr now...
AlmaLinux 10 : mod_http2 (ALSA-2026:22528)
The remote AlmaLinux 10 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2026:22528 advisory. httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase CVE-2025-53020 Tenable has extracted the preceding description block directly from the AlmaLinux securit...
Linux Distros Unpatched Vulnerability : CVE-2026-46223
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cgroup: Defer css percpuref kill on rmdir until cgroup is depopulated A chain of commits going back to v7.0 reworked rmdir to satisfy the controller invariant...
Linux Distros Unpatched Vulnerability : CVE-2026-35563
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the...
Fedora 44 : hplip (2026-df2e96fe77)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-df2e96fe77 advisory. Update to 3.26.4, fixes CVE-2026-8631, CVE-2026-8632 Tenable has extracted the preceding description block directly from the Fedora security advisor...