338202 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-46226
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - spi: fsl: fix controller deregistration Make sure to deregister the controller before releasing underlying resources like DMA during driver unbind. CVE-2026-462...
Linux Distros Unpatched Vulnerability : CVE-2026-46197
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdkfd: validate SVM ioctl nattr against buffer size Validate nattr field against the buffer size, preventing out-of-bounds buffer access via user-controlle...
SUSE SLES15 Security Update : yq (SUSE-SU-2026:2096-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2096-1 advisory. This update for yq fixes the following issues - CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be...
openSUSE 16 Security Update : google-osconfig-agent (openSUSE-SU-2026:20815-1)
The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20815-1 advisory. This update for google-osconfig-agent fixes the following issues - CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too...
Linux Distros Unpatched Vulnerability : CVE-2026-46169
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hfsplus: fix uninit-value by validating catalog record size Syzbot reported a KMSAN uninit-value issue in hfsplusstrcasecmp. The root cause is that hfsbrecread...
Linux Distros Unpatched Vulnerability : CVE-2026-46203
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - spi: cadence-quadspi: fix unclocked access on unbind Make sure that the controller is runtime resumed before disabling it during driver unbind to avoid an...
Linux Distros Unpatched Vulnerability : CVE-2026-46136
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: mt76: mt7921: fix a potential clc buffer length underflow The buflen is used to limit the iterations for retrieving the country power setting and may...
SUSE SLES15 Security Update : go1.26-openssl (SUSE-SU-2026:2092-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2092-1 advisory. This update for go1.26-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME...
Linux Distros Unpatched Vulnerability : CVE-2026-46209
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/gem: Fix inconsistent plane dimension calculation in drmgemfbinitwithfuncs drmgemfbinitwithfuncs computes sub-sampled plane dimensions using plain integer...
Linux Distros Unpatched Vulnerability : CVE-2026-46195
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb: client: validate dacloffset before building DACL pointers parsesecdesc, buildsecdesc, and the chown path in idmodetocifsacl all add the server-supplied...
Linux Distros Unpatched Vulnerability : CVE-2026-46175
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - f2fs: fix fsck inconsistency caused by FGGC of node block During FGGC node block migration, fsck may incorrectly treat the migrated node block as fsync-written...
SUSE SLES15 Security Update : go1.25-openssl (SUSE-SU-2026:2093-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2093-1 advisory. This update for go1.25-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME...
Linux Distros Unpatched Vulnerability : CVE-2026-46181
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/mlx4: Fix mis-use of RCU in mlx4srqevent Sashiko points out the radixtree itself is RCU safe, but nothing ever frees the mlx4srq struct with RCU, and it...
Linux Distros Unpatched Vulnerability : CVE-2026-46179
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ASoC: SOF: Don't allow pointer operations on unconfigured streams When reporting the pointer for a compressed stream we report the current I/O frame position by...
Linux Distros Unpatched Vulnerability : CVE-2026-46133
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/rxe: Reject unknown opcodes before ICRC processing Even after applying commit 7244491dab34 RDMA/rxe: Validate pad and ICRC before payloadsize in rxercv, a...
Linux Distros Unpatched Vulnerability : CVE-2026-46113
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: x86: Fix shadow paging use-after-free due to unexpected GFN The shadow MMU computes GFNs for direct shadow pages using sp-gfn plus the SPTE index. This...
Linux Distros Unpatched Vulnerability : CVE-2026-46111
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: hciconn: fix potential UAF in createbigsync Add hciconnvalid check in createbigsync to detect stale connections before proceeding with BIG creation...
Linux Distros Unpatched Vulnerability : CVE-2026-46156
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LoongArch: Fix potential ADE in loongsongpufixupdmahang The switch case in loongsongpufixupdmahang may not DC2 or DC3, and readlcrtcreg will access with random...
SUSE SLES12 Security Update : postgresql15 (SUSE-SU-2026:2085-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2085-1 advisory. This update for postgresql15 fixes the following issues Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema...
Linux Distros Unpatched Vulnerability : CVE-2026-46219
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - spi: mpc52xx: fix use-after-free on unbind The state machine work is scheduled by the interrupt handler and therefore needs to be cancelled after disabling...
Linux Distros Unpatched Vulnerability : CVE-2026-46165
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - openvswitch: vport: fix self-deadlock on release of tunnel ports vports are used concurrently and protected by RCU, so netdevput must happen after the RCU grace...
Linux Distros Unpatched Vulnerability : CVE-2026-46146
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: usb-audio: Avoid potential endless loop in convertchmapv3 The convertchmapv3 has a loop with its increment size of csdesc-wLength, but we forgot to valida...
Linux Distros Unpatched Vulnerability : CVE-2026-46170
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mptcp: pm: ADDADDR rtx: free sk if last When an ADDADDR is retransmitted, the sk is held in skresettimer, and released at the end. If at that moment, it was the...
Linux Distros Unpatched Vulnerability : CVE-2026-46206
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - batman-adv: reject new tpmeter sessions during teardown Prevent tpmeter from starting new sender or receiver sessions after meshstate has left BATADVMESHACTIVE...
Vim < 9.2.0357 Command Injection via Tag Filenames (GHSA-cwgx-gcj7-6qh8)
The version of Vim installed on the remote host is prior to 9.2.0357. It is, therefore, affected by a vulnerability as referenced in the GHSA-cwgx-gcj7-6qh8 advisory. - A command injection vulnerability exists in Vim's tag file processing. A malicious tags file containing backtick-enclosed shell...
Linux Distros Unpatched Vulnerability : CVE-2026-46184
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sound: ua101: fix division by zero at probe Add a missing sanity check for bNrChannels in detectusbformat to prevent a division by zero in playbackurbcomplete a...
Linux Distros Unpatched Vulnerability : CVE-2026-46185
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb/client: fix out-of-bounds read in symlinkdata Since smb2checkmessage returns success without length validation for the symlink error response, in symlinkdat...
Linux Distros Unpatched Vulnerability : CVE-2026-46132
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: rtnetlink: zero iflavfbroadcast to avoid stack infoleak in rtnlfillvfinfo rtnlfillvfinfo declares struct iflavfbroadcast on the stack without...
Linux Distros Unpatched Vulnerability : CVE-2026-42563
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's ProcessMergeDriv...
Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-39832)
The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-39832 advisory. - When adding a key to a remote agent constraint extensions such as...
AlmaLinux 9 : flatpak (ALSA-2026:21755)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:21755 advisory. flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on hos...
RockyLinux 10 : gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free (RLSA-2026:19024)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19024 advisory. GStreamer: GStreamer: Arbitrary code execution via ASF file processing CVE-2026-2920 GStreamer: GStreamer: Remote Code Execution via heap-based buffer...
RockyLinux 10 : python3.14 (RLSA-2026:19019)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19019 advisory. cpython: wsgiref.headers.Headers allows header newline injection in Python CVE-2026-0865 cpython: CPython: Logging Bypass in Legacy .pyc File Handling...
RockyLinux 10 : linux-sgx (RLSA-2026:18480)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:18480 advisory. qs: qs: Denial of Service via improper input validation in array parsing CVE-2025-15284 node-tar: tar: node-tar: Arbitrary file overwrite and symlink...
RockyLinux 8 : flatpak (RLSA-2026:21756)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21756 advisory. flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on ho...
RockyLinux 8 : gnutls (RLSA-2026:20611)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:20611 advisory. gnutls: Add more checks to DTLS reassembly CVE-2026-33846 gnutls: Fix qsort comparator in DTLS reassembly CVE-2026-42009 gnutls: Fix crashing on an...
AlmaLinux 8 : flatpak (ALSA-2026:21756)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:21756 advisory. flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on hos...
openSUSE 16 Security Update : apache2 (openSUSE-SU-2026:20810-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20810-1 advisory. Changes in apache2: Version update to 2.4.66 jscPED-16181 SECURITY: CVE-2025-66200: Apache HTTP Server: moduserdir+suexec bypass via AllowOverri...
Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-46597)
The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-46597 advisory. - An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM pack...
RHEL 10 : flatpak (RHSA-2026:21757)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:21757 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak:...
Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-39834)
The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-39834 advisory. - When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflo...
RHEL 8 : flatpak (RHSA-2026:21756)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:21756 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak:...
RHEL 9 : flatpak (RHSA-2026:21755)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:21755 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak:...
Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-42508)
The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-42508 advisory. - Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocatio...
Oracle Linux 8 : flatpak (ELSA-2026-21756)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-21756 advisory. 1.12.9-4 - Fix arbitrary code execution via crafted symlinks in sandbox-expose options Resolves: RHEL-165633 - Fix arbitrary file deletion on host via...
SUSE SLES15 Security Update : gnutls (SUSE-SU-2026:2087-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2087-1 advisory. This update for gnutls fixes the following issues - CVE-2026-3833: x509/name-constraints: compare domain names case-insensitive...
Linux Distros Unpatched Vulnerability : CVE-2026-45898
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/iwcm: Fix workqueue list corruption by removing worklist The commit e1168f0 RDMA/iwcm: Simplify cmeventhandler changed the work submission logic to...
Linux Distros Unpatched Vulnerability : CVE-2026-46189
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/vmwpvrdma: Fix double free on pvrdmaallocucontext error path Sashiko points out that pvrdmauarfree is already called within pvrdmadeallocucontext, so calli...
SUSE SLED15 / SLES15 Security Update : apache2 (SUSE-SU-2026:2104-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2104-1 advisory. This update for apache2 fixes the following issues - CVE-2026-23918: http2: double free and possible RCE on...
Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-39830)
The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-39830 advisory. - A malicious SSH peer could send unsolicited global request responses to fill an internal buffe...