Linux Distros Unpatched Vulnerability : CVE-2025-71313

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PCI: endpoint: Add missing NULL check for allocworkqueue allocworkqueue can return NULL on memory allocation failure. Without proper error checking, this may le...

MiracleLinux 8 : kernel-4.18.0-553.126.1.el8_10 (AXSA:2026-751:40)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-751:40 advisory. kernel: Bluetooth: MGMT: Fix possible UAFs CVE-2025-39981 kernel: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr CVE-2025-681...

Linux Distros Unpatched Vulnerability : CVE-2026-7666

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a...

Linux Distros Unpatched Vulnerability : CVE-2026-46271

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: ath12k: do WoW offloads only on primary link In case of multi-link connection, WCN7850 firmware crashes due to WoW offloads enabled on both primary and...

Linux Distros Unpatched Vulnerability : CVE-2026-10650

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lwssshparseplaintext of the file plugins/protocollwssshbase/sshd.c o...

Linux Distros Unpatched Vulnerability : CVE-2025-71306

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ima: Fix stack-out-of-bounds in isbprmcredsforexec KASAN reported a stack-out-of-bounds access in imaappraisemeasurement from isbprmcredsforexec: BUG: KASAN:...

TencentOS Server 4: LibRaw (TSSA-2026:0413)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0413 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Linux Distros Unpatched Vulnerability : CVE-2026-45977

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fbnic: close fwlog race between users and teardown Fixes a theoretical race on fwlog between the teardown path and fwlog write functions. fwlog is written insi...

Linux Distros Unpatched Vulnerability : CVE-2026-46007

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hwmon: powerz Avoid cacheline sharing for DMA buffer Depending on the architecture the transfer buffer may share a cacheline with the following mutex. As the...

AlmaLinux 9 : firefox (ALSA-2026:21378)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:21378 advisory. firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component...

Linux Distros Unpatched Vulnerability : CVE-2026-45878

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdkfd: Fix watchid bounds checking in debug address watch v2 The address watch clear code receives watchid as an unsigned value u32, but some helper...

AlmaLinux 10 : cockpit (ALSA-2026:21676)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:21676 advisory. cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI CVE-2026-4802 Tenable has extracted the preceding description block directly fr...

Linux Distros Unpatched Vulnerability : CVE-2026-46139

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb: client: use kzalloc to zero-initialize security descriptor buffer Commit 62e7dd0a39c2d smb: common: change the data type of numaces to le16 split struct...

Linux Distros Unpatched Vulnerability : CVE-2026-46155

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb/client: fix out-of-bounds read in smb2compoundop If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early,...

Linux Distros Unpatched Vulnerability : CVE-2026-46272

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - coresight: tmc-etr: Fix race condition between sysfs and perf mode When trying to run perf and sysfs mode simultaneously, the WARNON in tmcetrenablehw is...

Linux Distros Unpatched Vulnerability : CVE-2026-38978

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths. CVE-2026-38978 Note that Nessus relies ...

Linux Distros Unpatched Vulnerability : CVE-2026-45990

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - slub: fix data loss and overflow in krealloc Commit 2cd8231796b5 mm/slub: allow to set node and align in kvrealloc introduced the ability to force a reallocati...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS : rsync vulnerabilities (USN-8349-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8349-1 advisory. Calum Hutton discovered that rsync contained a heap-based out-of-bounds read when handling file transfers. A remote...

Linux Distros Unpatched Vulnerability : CVE-2026-35193

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to...

AlmaLinux 9 : compat-openssl11 (ALSA-2026:22313)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2026:22313 advisory. openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing CVE-2026-28390 Tenable has extracted the preceding description...

RockyLinux 9 : systemd (RLSA-2026:19213)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19213 advisory. systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data CVE-2026-29111 Tenable has extracted the preceding description blo...

Linux Distros Unpatched Vulnerability : CVE-2026-46247

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - clk: qcom: gfx3d: add parent to parent request map After commit d228ece36345 clk: divider: remove roundrate in favor of determinerate determining GFX3D clock ra...

Linux Distros Unpatched Vulnerability : CVE-2026-50031

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface IPMI specification defin...

Linux Distros Unpatched Vulnerability : CVE-2026-45947

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdgpu: Fix memory leak in amdgpuacpienumeratexcc In amdgpuacpienumeratexcc, if amdgpuacpidevinit returns -ENOMEM, the function returns directly without...

pyOpenSSL 0.14.x < 26.0.0 Security Bypass

The version of pyOpenSSL installed on the remote host is prior to 26.0.0. It is, therefore, affected by a security bypass vulnerability: - pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to...

Linux Distros Unpatched Vulnerability : CVE-2026-46030

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - EDAC/versalnet: Fix devicenode leak in mcprobe ofparsephandle returns a devicenode reference that must be released with ofnodeput. The original code never freed...

Linux Distros Unpatched Vulnerability : CVE-2026-46036

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vfio/cdx: Serialize VFIODEVICESETIRQS with a per-device mutex vfiocdxsetmsitrigger reads vdev-configmsi and operates on the vdev-cdxirqs array based on its valu...

Linux Distros Unpatched Vulnerability : CVE-2026-45918

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ovpn: tcp - don't deref NULL sksocket member after tcpclose When deleting a peer in case of keepalive expiration, the peer is removed from the OpenVPN hashtable...

Linux Distros Unpatched Vulnerability : CVE-2026-10294

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such...

Linux Distros Unpatched Vulnerability : CVE-2026-47329

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor notification responses. The bug can be...

RockyLinux 10 : postgresql16 (RLSA-2026:19010)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19010 advisory. postgresql: PostgreSQL oidvector discloses a few bytes of memory CVE-2026-2003 postgresql: PostgreSQL missing validation of multibyte character length...

Linux Distros Unpatched Vulnerability : CVE-2026-24712

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection. CVE-2026-24712 Note that Nessus relies on the presen...

Linux Distros Unpatched Vulnerability : CVE-2026-46029

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/slab: return NULL early from kmallocnolock in NMI on UP On UP kernels !CONFIGSMP, spintrylock is a no-op that unconditionally succeeds even when the lock is...

RockyLinux 10 : tomcat (RLSA-2026:19054)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19054 advisory. tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation CVE-2026-24734 Tenable has extracted the preceding description blo...

Linux Distros Unpatched Vulnerability : CVE-2026-46254

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AppArmor: Allow apparmor to handle unaligned dfa tables The dfa tables can originate from kernel or userspace and 8-byte alignment isn't always guaranteed and a...

Linux Distros Unpatched Vulnerability : CVE-2026-46008

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/damon/core: fix damoswalk vs kdamondfn exit race When kdamondfn main loop is finished, the function cancels remaining damoswalk request and unset the...

Linux Distros Unpatched Vulnerability : CVE-2026-45874

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - phy: freescale: imx8qm-hsio: fix NULL pointer dereference During the probe the refclkpad pointer is set to NULL if the 'fsl,refclk-pad-mode' property is not...

Linux Distros Unpatched Vulnerability : CVE-2026-47331

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux 6.8 contains AppArmor SAUCE patches which fail to acquire a lock when modifying a linked list. An unprivileged local user could trigger the race...

Linux Distros Unpatched Vulnerability : CVE-2026-46267

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nfc: hci: shdlc: Stop timers and work before freeing context llcshdlcdeinit purges SHDLC skb queues and frees the llcshdlc structure while its timers and state...

Linux Distros Unpatched Vulnerability : CVE-2026-45966

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: apparmor: fix NULL pointer dereference in unixneedsrevalidation When receiving file...

Linux Distros Unpatched Vulnerability : CVE-2026-45938

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - power: supply: pm8916lbc: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registering...

Linux Distros Unpatched Vulnerability : CVE-2026-49941

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses. The add method called the encode method to parse addresses. If the addresses did no...

RockyLinux 10 : yggdrasil (RLSA-2026:19126)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19126 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 ke...

Linux Distros Unpatched Vulnerability : CVE-2026-45928

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: chips-media: wave5: Fix memory leak on codecinfo allocation failure In wave5vpuopenenc and wave5vpuopendec, a vpu instance is allocated via kzalloc. If t...

Linux Distros Unpatched Vulnerability : CVE-2026-46232

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HID: playstation: Clamp numtouchreports A device would never lie about the number of touch reports would it? If it does the loop in dualshock4parsereport will...

Linux Distros Unpatched Vulnerability : CVE-2025-71308

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - accel/amdxdna: Fix potential NULL pointer dereference in context cleanup aiedestroycontext is invoked during error handling in aie2createcontext. However,...

Linux Distros Unpatched Vulnerability : CVE-2026-46240

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: iris: Fix use-after-free in irisreleaseinternalbuffers The recent change in commit 1dabf00ee206 media: iris: gen1: Destroy internal buffers after FW...

MiracleLinux 8 : firefox-140.10.1-1.el8_10.ML.1 (AXSA:2026-744:11)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-744:11 advisory. firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1 CVE-2026-7323 firefox: thunderbird: Information disclosure...

Linux Distros Unpatched Vulnerability : CVE-2026-37711

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the...

Siemens SENTRON PAC Out-of-bounds Write (CVE-2020-17437)

The TCP/IP stack uIP in affected devices is vulnerable to out-of-bounds write when processing TCP packets with urgent pointer URG where the location of the TCP data payload is calculated improperly. An attacker located in the same network could trigger a Denial-of-Service condition on the device ...