Linux Distros Unpatched Vulnerability : CVE-2026-9984

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium...

Linux Distros Unpatched Vulnerability : CVE-2026-10003

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Views in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute...

Linux Distros Unpatched Vulnerability : CVE-2026-9973

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds write in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2026-45922

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/mlx5: Fix memory leak in GETDATADIRECTSYSFSPATH handler The UVERBSHANDLERMLX5IBMETHODGETDATADIRECTSYSFSPATH function allocates memory for the device path...

Linux Distros Unpatched Vulnerability : CVE-2026-48112

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap out-of- bounds read in 7-Zip Ar handler BSD SYMDEF parser. A...

Linux Distros Unpatched Vulnerability : CVE-2026-46121

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/damon/sysfs-schemes: protect memcgpath kfree with damonsysfslock Patch series mm/damon/sysfs- schemes: fix use-after-free for memcgpath. Reads of 'memcgpath'...

Linux Distros Unpatched Vulnerability : CVE-2026-9938

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : libcaca vulnerability (USN-8318-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8318-1 advisory. It was discovered that libcaca incorrectly handled certain malformed files. An attacker could use this issue to cause libcaca to...

Linux Distros Unpatched Vulnerability : CVE-2026-46173

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - exit: prevent preemption of oopsing TASKDEAD task When an already-exiting task oopses, maketaskdead currently calls dotaskdead with preemption enabled. That is...

Linux Distros Unpatched Vulnerability : CVE-2023-38709

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP...

Debian dla-4607 : linux-config-6.1 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4607 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4607-1 [email protected]...

SUSE SLES16 Security Update : libarchive (SUSE-SU-2026:21831-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21831-1 advisory. This update for libarchive fixes the following issues - CVE-2026-4111: logical deadlock the RAR5 filter subsystem and the...

Linux Distros Unpatched Vulnerability : CVE-2026-46169

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hfsplus: fix uninit-value by validating catalog record size Syzbot reported a KMSAN uninit-value issue in hfsplusstrcasecmp. The root cause is that hfsbrecread...

Fedora 44 : libpng (2026-67c1138ed2)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-67c1138ed2 advisory. updated to 1.6.58 1.6.58 is released with a fix for a simple correctness bug not a security issue this time: pnggetPLTE returns stale palette data...

Linux Distros Unpatched Vulnerability : CVE-2026-46130

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dm-verity-fec: fix reading parity bytes split across blocks take 3 fecdecodebufs assumes that the parity bytes of the first RS codeword it decodes are never spl...

Linux Distros Unpatched Vulnerability : CVE-2026-46180

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: brcmfmac: Fix potential use-after-free issue when stopping watchdog task Watchdog task might end between sendsig and kthreadstop calls, what results in th...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Memcached vulnerabilities (USN-8320-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8320-1 advisory. It was discovered that Memcached's SASL password database authentication had a timing side channel when handling username...

Linux Distros Unpatched Vulnerability : CVE-2026-46117

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/mana: Remove user triggerable WARNON in manaibcreateqprss Sashiko points out that the user can specify WQs sharing the same CQ as a part of the uAPI and th...

Linux Distros Unpatched Vulnerability : CVE-2026-46191

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fbcon: Avoid OOB font access if console rotation fails Clear the font buffer if the reallocation during console rotation fails in fbconrotatefont. The putcs...

SUSE SLES15 Security Update : podman (SUSE-SU-2026:2082-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2082-1 advisory. This update for podman rebuilds it against the current go security release. Tenable has extracted the preceding description block directly...

Linux Distros Unpatched Vulnerability : CVE-2026-9881

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to...

Cisco Nexus 3000 and 9000 Series Switches BGP DoS (cisco-sa-bgp-iefab-3hb2pwtx)

According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability. - A vulnerability in the Border Gateway Protocol BGP enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an...

Linux Distros Unpatched Vulnerability : CVE-2026-9887

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Proxy in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted PAC script. Chromium security...

Linux Distros Unpatched Vulnerability : CVE-2026-10002

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file...

RHEL 8 : xorg-x11-server (RHSA-2026:21715)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:21715 advisory. X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical us...

Fedora 43 : mapserver (2026-1aa6743d40)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-1aa6743d40 advisory. Update to mapserver-8.6.3. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

Linux Distros Unpatched Vulnerability : CVE-2025-70103

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras::DecodeImagePNM function in file lib/extras/dec/pnm.cc...

Linux Distros Unpatched Vulnerability : CVE-2026-10004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Passwords in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to perform UI spoofing via a crafted...

SUSE SLES12 Security Update : samba (SUSE-SU-2026:2073-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2073-1 advisory. This update for samba fixes the following issues - CVE-2026-2340: vfsworm does not block directory modification bsc1261158. - CVE-2026-3238:...

RockyLinux 8 : cockpit (RLSA-2026:21700)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:21700 advisory. cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI CVE-2026-4802 Tenable has extracted the preceding description block directly fr...

RockyLinux 10 : edk2 (RLSA-2026:18465)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18465 advisory. edk2: EDK2: Improper Input Validation allows arbitrary command execution CVE-2025-2296 Tenable has extracted the preceding description block directly from the...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-39821)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-39821 advisory. - The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to ...

Erlang/OTP 27.0 < 27.3.4.12 / 28.0 < 28.5.0.1 / 29.0 < 29.0.1 OCSP Expired Responder Certificate Bypass (CVE-2026-42791)

The version of Erlang/OTP installed on the remote host is 27.0 prior to 27.3.4.12, 28.0 prior to 28.5.0.1, or 29.0 prior to 29.0.1. It is, therefore, affected by a vulnerability: - Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows forged OCSP responses...

RockyLinux 10 : glib2 (RLSA-2026:19148)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19148 advisory. glib: GLib: Buffer underflow in GVariant parser leads to heap corruption CVE-2025-14087 glib: Integer Overflow in GLib GIO Attribute Escaping Causes He...

Linux Distros Unpatched Vulnerability : CVE-2026-45907

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/mlx5e: Fix deadlocks between devlink and netdev instance locks In the mentioned Fixes commit, various work tasks triggering devlink health reporter recovery...

Linux Distros Unpatched Vulnerability : CVE-2026-9956

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execut...

openSUSE 16 Security Update : google-osconfig-agent (openSUSE-SU-2026:20815-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20815-1 advisory. This update for google-osconfig-agent fixes the following issues - CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too...

Linux Distros Unpatched Vulnerability : CVE-2026-46168

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mptcp: fix scheduling with atomic in timestamp sockopt Using locksockfast atomic context around socksettimestamp and socksettimestamping is unsafe, as both...

Linux Distros Unpatched Vulnerability : CVE-2026-48754

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux - Unknown description CVE-2026-48754 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenabl...

SUSE SLES15 Security Update : redis7 (SUSE-SU-2026:2097-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2097-1 advisory. This update for redis7 fixes the following issues - CVE-2026-23631: Lua use-after-free via the master-replica synchronization...

Linux Distros Unpatched Vulnerability : CVE-2026-9907

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read in Dawn in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2026-9926

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform...

RockyLinux 10 : sudo (RLSA-2026:19067)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19067 advisory. sudo: Sudo: Privilege escalation due to failure in privilege drop calls CVE-2026-35535 Tenable has extracted the preceding description block directly from the...

Linux Distros Unpatched Vulnerability : CVE-2026-46175

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - f2fs: fix fsck inconsistency caused by FGGC of node block During FGGC node block migration, fsck may incorrectly treat the migrated node block as fsync-written...

Linux Distros Unpatched Vulnerability : CVE-2026-9933

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially...

SUSE SLES15 Security Update : apache2 (SUSE-SU-2026:2103-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2103-1 advisory. This update for apache2 fixes the following issues - CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957....

SUSE SLES12 Security Update : kernel (SUSE-SU-2026:2068-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2068-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50053:...

Linux Distros Unpatched Vulnerability : CVE-2026-46199

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdgpu/vcn4: Prevent OOB reads when parsing dec msg Check bounds against the end of the BO whenever we access the msg. CVE-2026-46199 Note that Nessus relie...

Linux Distros Unpatched Vulnerability : CVE-2026-48735

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory...

SUSE SLES15 Security Update : yq (SUSE-SU-2026:2096-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2096-1 advisory. This update for yq fixes the following issues - CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be...