Linux Distros Unpatched Vulnerability : CVE-2026-42791

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows forged OCSP responses signed with an expired responder certificat...

Linux Distros Unpatched Vulnerability : CVE-2026-46159

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - btrfs: fix btrfsioctlspaceinfo slotcount TOCTOU which can lead to info-leak btrfsioctlspaceinfo has a TOCTOU race between two passes over the block group RAID...

Linux Distros Unpatched Vulnerability : CVE-2026-45925

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - thermal/of: Fix reference leak in thermalofcmlookup In thermalofcmlookup, trnp is obtained via ofparsephandle, but never released. Use the freedevicenode cleanu...

Linux Distros Unpatched Vulnerability : CVE-2026-9977

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in WebShare in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the...

Linux Distros Unpatched Vulnerability : CVE-2026-46230

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdgpu/vcn3: Prevent OOB reads when parsing dec msg Check bounds against the end of the BO whenever we access the msg. CVE-2026-46230 Note that Nessus relie...

Linux Distros Unpatched Vulnerability : CVE-2026-46120

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ip6gre: Use cached t-net in ip6erspanchangelink. After commit 5e72ce3e3980 net: ipv6: Use link netns in newlink of rtnllinkops, ip6erspannewlink correctly...

RHEL 9 : firefox (RHSA-2026:21743)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:21743 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

Linux Distros Unpatched Vulnerability : CVE-2026-46169

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hfsplus: fix uninit-value by validating catalog record size Syzbot reported a KMSAN uninit-value issue in hfsplusstrcasecmp. The root cause is that hfsbrecread...

Linux Distros Unpatched Vulnerability : CVE-2026-46171

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - riscv: kvm: fix vector context allocation leak When the second kzalloc hostcontext.vector.datap fails in kvmriscvvcpuallocvectorcontext, the first allocation...

RockyLinux 10 : glib2 (RLSA-2026:19148)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19148 advisory. glib: GLib: Buffer underflow in GVariant parser leads to heap corruption CVE-2025-14087 glib: Integer Overflow in GLib GIO Attribute Escaping Causes He...

Linux Distros Unpatched Vulnerability : CVE-2026-9957

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in PDF in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file...

Linux Distros Unpatched Vulnerability : CVE-2026-46225

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - spi: rspi: fix controller deregistration Make sure to deregister the controller before releasing underlying resources like DMA during driver unbind...

Linux Distros Unpatched Vulnerability : CVE-2026-46130

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dm-verity-fec: fix reading parity bytes split across blocks take 3 fecdecodebufs assumes that the parity bytes of the first RS codeword it decodes are never spl...

Linux Distros Unpatched Vulnerability : CVE-2026-2601

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab EE affecting all versions from 11.5 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain...

Fedora 44 : perl-Sereal / perl-Sereal-Decoder / perl-Sereal-Encoder (2026-26bb3fe2c6)

The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-26bb3fe2c6 advisory. This update includes a security fix to make sure that COPY tags cannot be used to read past end of the buffer. Tenable has extracted the preceding descriptio...

Linux Distros Unpatched Vulnerability : CVE-2026-9988

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML...

Linux Distros Unpatched Vulnerability : CVE-2026-9927

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2026-9905

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Accessibility in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to...

RockyLinux 8 : .NET 8.0 (RLSA-2026:21291)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21291 advisory. serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization CVE-2026-34043 dotnet: .NET: infinit...

Linux Distros Unpatched Vulnerability : CVE-2026-9953

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory v...

Linux Distros Unpatched Vulnerability : CVE-2026-46115

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - block: add pgmap check to biovecphysmergeable biovecphysmergeable is used by the request merge, DMA mapping, and integrity merge paths to decide if two physical...

AlmaLinux 8 : flatpak (ALSA-2026:21756)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:21756 advisory. flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on hos...

Linux Distros Unpatched Vulnerability : CVE-2026-9923

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromi...

Linux Distros Unpatched Vulnerability : CVE-2026-9921

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uninitialized Use in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin information via a crafted HTML pag...

Linux Distros Unpatched Vulnerability : CVE-2026-9995

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in WebXR in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2026-47104

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parseiadarray in descriptor.c that allows attackers to trigger a denial of...

Linux Distros Unpatched Vulnerability : CVE-2026-9937

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perfo...

Linux Distros Unpatched Vulnerability : CVE-2026-46231

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - batman-adv: bla: put backbone reference on failed claim hash insert When batadvblaaddclaim fails to insert a new claim into the hash, it leaked a reference to t...

Linux Distros Unpatched Vulnerability : CVE-2026-9996

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read in WebRTC in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process...

Linux Distros Unpatched Vulnerability : CVE-2026-46181

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/mlx4: Fix mis-use of RCU in mlx4srqevent Sashiko points out the radixtree itself is RCU safe, but nothing ever frees the mlx4srq struct with RCU, and it...

Linux Distros Unpatched Vulnerability : CVE-2026-46168

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mptcp: fix scheduling with atomic in timestamp sockopt Using locksockfast atomic context around socksettimestamp and socksettimestamping is unsafe, as both...

Linux Distros Unpatched Vulnerability : CVE-2025-70103

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras::DecodeImagePNM function in file lib/extras/dec/pnm.cc...

Fedora 43 : mapserver (2026-1aa6743d40)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-1aa6743d40 advisory. Update to mapserver-8.6.3. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

Linux Distros Unpatched Vulnerability : CVE-2026-10004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Passwords in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to perform UI spoofing via a crafted...

Linux Distros Unpatched Vulnerability : CVE-2026-45907

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/mlx5e: Fix deadlocks between devlink and netdev instance locks In the mentioned Fixes commit, various work tasks triggering devlink health reporter recovery...

Linux Distros Unpatched Vulnerability : CVE-2026-9970

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in WebGL in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a...

Ubuntu 24.04 LTS / 25.10 : Foomuuri vulnerabilities (USN-8326-1)

The remote Ubuntu 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8326-1 advisory. Matthias Gerstner discovered that Foomuuri's D-Bus service did not properly enforce authorization. An unprivileged local attacker could possibly...

Linux Distros Unpatched Vulnerability : CVE-2026-46199

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdgpu/vcn4: Prevent OOB reads when parsing dec msg Check bounds against the end of the BO whenever we access the msg. CVE-2026-46199 Note that Nessus relie...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-39834)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-39834 advisory. - When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflo...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-39821)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-39821 advisory. - The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to ...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-39832)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-39832 advisory. - When adding a key to a remote agent constraint extensions such as...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-42508)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-42508 advisory. - Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocatio...

Linux Distros Unpatched Vulnerability : CVE-2026-45888

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - md/raid1: fix memory leak in raid1run raid1run calls setupconf which registers a thread via mdregisterthread. If raid1setlimits fails, the previously registered...

Linux Distros Unpatched Vulnerability : CVE-2026-48524

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT wi...

RockyLinux 8 : gnutls (RLSA-2026:20611)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:20611 advisory. gnutls: Add more checks to DTLS reassembly CVE-2026-33846 gnutls: Fix qsort comparator in DTLS reassembly CVE-2026-42009 gnutls: Fix crashing on an...

openSUSE 16 Security Update : apache2 (openSUSE-SU-2026:20810-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20810-1 advisory. Changes in apache2: Version update to 2.4.66 jscPED-16181 SECURITY: CVE-2025-66200: Apache HTTP Server: moduserdir+suexec bypass via AllowOverri...

SUSE SLES12 Security Update : postgresql15 (SUSE-SU-2026:2085-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2085-1 advisory. This update for postgresql15 fixes the following issues Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema...

SUSE SLES15 Security Update : gnutls (SUSE-SU-2026:2087-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2087-1 advisory. This update for gnutls fixes the following issues - CVE-2026-3833: x509/name-constraints: compare domain names case-insensitive...

SUSE SLES12 Security Update : kernel (SUSE-SU-2026:2068-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2068-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50053:...

Linux Distros Unpatched Vulnerability : CVE-2026-9901

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code vi...