Linux Distros Unpatched Vulnerability : CVE-2026-44604

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified...

Linux Distros Unpatched Vulnerability : CVE-2026-49214

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 did not reject ASCII control characters, whitespace, or DEL in...

Fedora 44 : xrdp (2026-9a3a98bc24)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-9a3a98bc24 advisory. Close TCP socket in default configuration, because we want just Unix domain socket connections to Xvnc. Tenable has extracted the preceding description block...

Fedora 44 : pdns (2026-a6e5b1263b)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-a6e5b1263b advisory. - Update to 5.0.5 - Fix for CVE-2026-42000, CVE-2026-42001, CVE-2026-42002, CVE-2026-41999, CVE-2026-42396 Security Advisory:...

Linux Distros Unpatched Vulnerability : CVE-2026-41150

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-servic...

Fedora 44 : libssh2 (2026-f87ac8187c)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-f87ac8187c advisory. This update addresses CVE-2026-7598, a potential heap buffer overflow, which could be triggered remotely by supplying very long username and/or password...

Linux Distros Unpatched Vulnerability : CVE-2026-5296

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that when foundational...

Linux Distros Unpatched Vulnerability : CVE-2026-44421

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP...

Linux Distros Unpatched Vulnerability : CVE-2026-42500

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Decoding a paletted BMP file with an out-of-range palette index results in a panic when accessing pixels in the invalid image. CVE-2026-42500 Note that Nessus...

Debian dsa-6310 : imagemagick - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6310 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6310-1 [email protected] https://www.debian.org/securit...

RockyLinux 9 : glib2 (RLSA-2026:19361)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19361 advisory. glib: GLib: Buffer underflow in GVariant parser leads to heap corruption CVE-2025-14087 glib: Integer Overflow in GLib GIO Attribute Escaping Causes Hea...

RockyLinux 10 : xorg-x11-server-Xwayland (RLSA-2026:19125)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19125 advisory. xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling CVE-2026-33999 xorg: xwayland: X.Org X server...

RockyLinux 9 : cockpit (RLSA-2026:21468)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:21468 advisory. cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI CVE-2026-4802 Tenable has extracted the preceding description block directly fr...

RockyLinux 10 : libcap (RLSA-2026:19130)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19130 advisory. libcap: libcap: Privilege escalation via TOCTOU race condition in capsetfile CVE-2026-4878 Tenable has extracted the preceding description block directly from t...

Debian dla-4608 : corosync - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4608 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4608-1 [email protected]...

RockyLinux 9 : glibc (RLSA-2026:20597)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:20597 advisory. glibc: glibc: Incorrect DNS response parsing via crafted DNS server response CVE-2026-4437 glibc: glibc: Invalid DNS hostname returned via gethostbyaddr...

Linux Distros Unpatched Vulnerability : CVE-2026-45372

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server parses an incoming request, it...

Linux Distros Unpatched Vulnerability : CVE-2026-48711

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - sshfs-fuse - None Ubuntu Linux - Unknown description CVE-2026-48711 Note that Nessus relies on the presence of the package as reported by the...

Linux Distros Unpatched Vulnerability : CVE-2026-44463

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted...

Linux Distros Unpatched Vulnerability : CVE-2026-41159

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default...

Fedora 43 : xrdp (2026-8aeca78af9)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-8aeca78af9 advisory. Close TCP socket in default configuration, because we want just Unix domain socket connections to Xvnc. Tenable has extracted the preceding description block...

Fedora 43 : netatalk (2026-9fd50b2ff1)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-9fd50b2ff1 advisory. 4.4.3 Release Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

Fedora 44 : giflib (2026-0be1222520)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-0be1222520 advisory. Apply proposed fix for CVE-2026-26740. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...

Linux Distros Unpatched Vulnerability : CVE-2026-44837

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint...

Fedora 43 : docker-compose (2026-951a6725b8)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-951a6725b8 advisory. - Update to release v5.1.4 - Resolves: rhbz2480186 - Upstream fixes ---- - Update to release v5.1.3 - Resolves rhbz2458697 - Resolves CVE-2026-33747...

Linux Distros Unpatched Vulnerability : CVE-2026-45352

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes...

Fedora 43 : pdns (2026-6458693037)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-6458693037 advisory. - Update to 5.0.5 - Fix for CVE-2026-42000, CVE-2026-42001, CVE-2026-42002, CVE-2026-41999, CVE-2026-42396 Security Advisory:...

RockyLinux 10 : gdk-pixbuf2 (RLSA-2026:19127)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19127 advisory. gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image CVE-2026-5201 Tenable has extracted the...

RockyLinux 9 : thunderbird (RLSA-2026:21381)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21381 advisory. firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component...

Linux Distros Unpatched Vulnerability : CVE-2026-44836

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives ...

RockyLinux 9 : libsndfile (RLSA-2026:19610)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19610 advisory. libsndfile: integer overflow in imareaderinit CVE-2026-37555 Tenable has extracted the preceding description block directly from the RockyLinux security advisory...

Fedora 44 : docker-compose (2026-3316f97296)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3316f97296 advisory. - Update to release v5.1.4 - Resolves: rhbz2480186 - Upstream fixes ---- - Update to release v5.1.3 - Resolves rhbz2458697 - Resolves CVE-2026-33747...

Fedora 44 : netatalk (2026-e7e7bb2417)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-e7e7bb2417 advisory. 4.4.3 Release Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

RockyLinux 10 : thunderbird (RLSA-2026:19153)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19153 advisory. firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1 CVE-2026-7323 firefox: thunderbird: Information disclosure d...

Fedora 43 : python-urllib3 (2026-6dde06a6e9)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-6dde06a6e9 advisory. Update to 2.7.0 rhbz2467787 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

Linux Distros Unpatched Vulnerability : CVE-2026-9516

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-by...

RockyLinux 9 : python3.14 (RLSA-2026:19176)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19176 advisory. cpython: wsgiref.headers.Headers allows header newline injection in Python CVE-2026-0865 cpython: CPython: Logging Bypass in Legacy .pyc File Handling...

RockyLinux 9 : dovecot (RLSA-2026:19364)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19364 advisory. dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command CVE-2025-59032 dovecot: denial of service via crafted...

Linux Distros Unpatched Vulnerability : CVE-2026-9894

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandb...

Google Chrome < 148.0.7778.215 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 148.0.7778.215. It is, therefore, affected by multiple vulnerabilities as referenced in the 202605stable-channel-update-for-desktop0877304591 advisory. - Use after free in Input in Google Chrome prior to 148.0.7778.216...

Linux Distros Unpatched Vulnerability : CVE-2026-1402

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain...

RHEL 8 : kernel-rt (RHSA-2026:21745)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:21745 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...

AlmaLinux 8 : cockpit (ALSA-2026:21700)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:21700 advisory. cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI CVE-2026-4802 Tenable has extracted the preceding description block directly fro...

RockyLinux 10 : golang (RLSA-2026:19022)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19022 advisory. crypto/x509: Incorrect enforcement of email constraints in crypto/x509 CVE-2026-27137 net/url: Incorrect parsing of IPv6 host literals in net/url...

Fedora 43 : podofo (2026-19873e3fac)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-19873e3fac advisory. Update to podof-1.0.4. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Linux Distros Unpatched Vulnerability : CVE-2026-9970

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in WebGL in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : GStreamer Good Plugins vulnerabilities (USN-8317-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8317-1 advisory. It was discovered that GStreamer Good Plugins incorrectly handled certain MP4 audio tracks. An attacker could possibly use this issue...

Veeam Backup and Replication < 13.0.2.29 (kb4852)

The version of Veeam Backup and Replication installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the kb4852 advisory. - A vulnerability allowing an authenticated user with the Backup Administrator role to write arbitrary files on...

RockyLinux 10 : glibc (RLSA-2026:19061)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19061 advisory. glibc: glibc: Incorrect DNS response parsing via crafted DNS server response CVE-2026-4437 glibc: glibc: Invalid DNS hostname returned via gethostbyadd...

Ubuntu 24.04 LTS / 25.10 : Foomuuri vulnerabilities (USN-8326-1)

The remote Ubuntu 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8326-1 advisory. Matthias Gerstner discovered that Foomuuri's D-Bus service did not properly enforce authorization. An unprivileged local attacker could possibly...