338207 matches found
RHEL 9 : glibc (RHSA-2026:20597)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20597 advisory. The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name...
Amazon Linux 2 : cni-plugins, --advisory ALAS2-2026-3311 (ALAS-2026-3311)
The version of cni-plugins installed on the remote host is prior to 1.7.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3311 advisory. Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta...
Linux Distros Unpatched Vulnerability : CVE-2026-46040
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - inotify: fix watch count leak when fsnotifyaddinodemarklocked fails When fsnotifyaddinodemarklocked fails in inotifynewwatch, the error path calls...
Linux Distros Unpatched Vulnerability : CVE-2022-36123
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol .bss. This allows Xen PV guest OS users to cause a denial of servi...
AlmaLinux 8 : gnutls (ALSA-2026:20611)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:20611 advisory. gnutls: Add more checks to DTLS reassembly CVE-2026-33846 gnutls: Fix qsort comparator in DTLS reassembly CVE-2026-42009 gnutls: Fix crashing on an...
Linux Distros Unpatched Vulnerability : CVE-2026-45871
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tpm: st33zp24: Fix missing cleanup on getburstcount error getburstcount can return -EBUSY on timeout. When this happens, st33zp24send returns directly without...
Linux Distros Unpatched Vulnerability : CVE-2026-48690
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the packet capture buffer allocation. In src/packetstorage.hpp, the...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2026-124 (ALASKERNEL-5.4-2026-124)
The version of kernel installed on the remote host is prior to 5.4.302-224.473. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2026-124 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: drop logically empty...
Linux Distros Unpatched Vulnerability : CVE-2026-45932
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Fix tcx/netkit detach permissions when prog fd isn't given This commit fixes a security issue where BPFPROGDETACH on tcx or netkit devices could be execute...
Linux Distros Unpatched Vulnerability : CVE-2026-46079
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rbd: fix null-ptr-deref when deviceadddisk fails dorbdadd publishes the device with deviceadd before calling deviceadddisk. If deviceadddisk fails after devicea...
Fedora 43 : rust-afterburn (2026-7b69143f64)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-7b69143f64 advisory. Rebuild with version 0.10.79 of the openssl crate which includes fixes for the following security issues: - CVE-2026-41676 / GHSA-pqf5-4pqq-29f5 -...
Amazon Linux 2 : oci-add-hooks, --advisory ALAS2ECS-2026-118 (ALASECS-2026-118)
The version of oci-add-hooks installed on the remote host is prior to 0-0.10.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-118 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2026-120 (ALASKERNEL-5.10-2026-120)
The version of kernel installed on the remote host is prior to 5.10.255-253.1008. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2026-120 advisory. In the Linux kernel, the following vulnerability has been resolved: Buffer overflow in...
Oracle Linux 8 : glibc (ELSA-2026-20587)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-20587 advisory. - Add tests for CVE-2026-4437 and CVE-2026-4438 RHEL-173358 - CVE-2026-4046: Fix assertion failure in IBM1390 and IBM1399 iconv modules RHEL-162891 -...
Linux Distros Unpatched Vulnerability : CVE-2026-45857
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: csiostor: Fix dereference of null pointer rn The error exit path when rn is NULL ends up deferencing the null pointer rn via the use of the macro...
Linux Distros Unpatched Vulnerability : CVE-2026-45934
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation I have been observing a number of systems aborting at insertdevextents in...
Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1753)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1753 advisory. In the Linux kernel, the following vulnerability has been resolved: mm/pagewalk: fix race between concurrent split and refault CVE-2026-31456 In the Linux kernel, the following vulnerability h...
Linux Distros Unpatched Vulnerability : CVE-2026-45866
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - serial: caif: fix use-after-free in caifserial ldiscclose There is a use-after-free bug in caifserial where handletx may access ser-tty after the tty has been...
Linux Distros Unpatched Vulnerability : CVE-2026-45954
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fbdev: au1200fb: Fix a memory leak in au1200fbdrvprobe In au1200fbdrvprobe, when platformgetirq fails, it directly returns from the function with an error code,...
RHEL 10 : xorg-x11-server-Xwayland (RHSA-2026:20563)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20563 advisory. Xwayland is an X server for running X clients under Wayland. Security Fixes: xorg: xwayland: X.Org X server: Denial of Service via integer...
Linux Distros Unpatched Vulnerability : CVE-2026-48684
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the NetFlow v9 options template parser. In processnetflowv9optionstemplate...
Amazon Linux 2 : dnsmasq, --advisory ALAS2DNSMASQ-2026-004 (ALASDNSMASQ-2026-004)
The version of dnsmasq installed on the remote host is prior to 2.90-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DNSMASQ-2026-004 advisory. A Denial of Service DoS vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial o...
Linux Distros Unpatched Vulnerability : CVE-2026-45858
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext4: don't zero the entire extent if EXT4EXTDATAPARTIALVALID1 When allocating initialized blocks from a large unwritten extent, or when splitting an unwritten...
Linux Distros Unpatched Vulnerability : CVE-2026-48864
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker- controlled compressed data within .solv files due to...
Linux Distros Unpatched Vulnerability : CVE-2022-29582
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel before 5.17.3, fs/iouring.c has a use-after-free due to a race condition in iouring timeouts. This can be triggered by a local user who has ...
Linux Distros Unpatched Vulnerability : CVE-2026-45892
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext4: drop extent cache after doing PARTIALVALID1 zeroout When splitting an unwritten extent in the middle and converting it to initialized in ext4splitextent...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Vim vulnerabilities (USN-8304-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8304-1 advisory. Joshua Rogers discovered that Vim incorrectly handled certain URL schemes...
Amazon Linux 2 : socat, --advisory ALAS2-2026-3303 (ALAS-2026-3303)
The version of socat installed on the remote host is prior to 1.7.3.2-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3303 advisory. readline.sh in socat through 1.8.0.1 relies on the /tmp/$USER/stderr2 file. CVE-2024-54661 Tenable has extracted the preceding...
Amazon Linux 2 : php, --advisory ALAS2PHP8.2-2026-011 (ALASPHP8.2-2026-011)
The version of php installed on the remote host is prior to 8.2.31-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.2-2026-011 advisory. In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's...
Fedora 42 : rrdtool (2026-93281f2f96)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-93281f2f96 advisory. This is an update backporting some safety checks from the rrdtool-1.10.0. Tenable has extracted the preceding description block directly from the Fedora...
CentOS 9 : vim-8.2.2637-29.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the vim-8.2.2637-29.el9 build changelog. - Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass CVE-2026-35177 Note that Nessus has not tested for this issue but has inste...
Linux Distros Unpatched Vulnerability : CVE-2026-45960
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hfsplus: return error when node already exists in hfsbnodecreate When hfsbnodecreate finds that a node is already hashed which should not happen in normal...
Fedora 44 : rust-eif_build (2026-32c3ca78ef)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-32c3ca78ef advisory. Rebuild with version 0.10.79 of the openssl crate which includes fixes for the following security issues: - CVE-2026-41676 / GHSA-pqf5-4pqq-29f5 -...
RHEL 8 : libssh (RHSA-2026:20610)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:20610 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Incorrect...
RHEL 8 : compat-libtiff3 (RHSA-2026:20591)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:20591 advisory. The libtiff3 package provides libtiff 3, an older version of libtiff library for manipulating TIFF Tagged Image File Format image format files. This...
Linux Distros Unpatched Vulnerability : CVE-2026-45917
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipvs: do not keep destdst if dev is going down There is race between the netdev notifier ipvsdstevent and the code that caches dst with dev that is going down. ...
Amazon Linux 2 : runc, --advisory ALAS2DOCKER-2026-125 (ALASDOCKER-2026-125)
The version of runc installed on the remote host is prior to 1.3.4-5. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-125 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a...
AlmaLinux 9 : ruby:4.0 (ALSA-2026:20596)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:20596 advisory. ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection CVE-2026-33210 erb: ERB: Arbitrary code execution via...
FreeBSD : Grafana -- Grafana Testdata datasource can issue unbounded memory allocations (62717c0f-5901-11f1-b525-3c7c3fba4204)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 62717c0f-5901-11f1-b525-3c7c3fba4204 advisory. https://grafana.com/security/security-advisories/cve-2026-28375 reports: A testdata data-source can be...
Amazon Linux 2023 : php8.5, php8.5-bcmath, php8.5-cli (ALAS2023-2026-1733)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1733 advisory. uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes. CVE-2026-42371 In uriparser before 1.0.2, there is pointer...
Linux Distros Unpatched Vulnerability : CVE-2026-45970
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bonding: alb: fix UAF in rlbarprecv during bond up/down The ALB RX path may access rxhashtbl concurrently with bond teardown. During rapid bond up/down cycles,...
Linux Distros Unpatched Vulnerability : CVE-2026-46018
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: usb-audio: stop parsing UAC2 rates at MAXNRRATES parseuac2sampleraterange caps the number of enumerated rates at MAXNRRATES, but it only breaks out of the...
Linux Distros Unpatched Vulnerability : CVE-2026-46103
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - can: ucan: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than...
Amazon Linux 2 : rclone, --advisory ALAS2-2026-3309 (ALAS-2026-3309)
The version of rclone installed on the remote host is prior to 1.55.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3309 advisory. Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag...
RHEL 8 : libexif (RHSA-2026:20929)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20929 advisory. The libexif packages provide a library for extracting extra information from image files. Security Fixes: libexif: libexif: Information...
Amazon Linux 2 : runc, --advisory ALAS2ECS-2026-119 (ALASECS-2026-119)
The version of runc installed on the remote host is prior to 1.3.4-5. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-119 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a...
Linux Distros Unpatched Vulnerability : CVE-2026-46098
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: caif: clear client service pointer on teardown caifconnect can tear down an existing client after remote shutdown by calling caifdisconnectclient followed ...
RHEL 8 : freeipmi (RHSA-2026:20579)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:20579 advisory. The freeipmi packages contain an Intelligent Platform Management Interface IPMI remote console and system management software based on the IPMI...
Linux Distros Unpatched Vulnerability : CVE-2026-45963
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ASoC: nau8821: Cancel delayed work on component remove Attempting to unload the driver while a jack detection work is pending would likely crash the kernel when...
Linux Distros Unpatched Vulnerability : CVE-2026-45893
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - apparmor: Fix & Optimize table creation from possibly unaligned memory Source blob may come from userspace and might be unaligned. Try to optize the copying...