Linux Distros Unpatched Vulnerability : CVE-2026-46075

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path Unregister the hwrng to prevent new -read calls and flush the Atmel I2C workqueue befor...

Fedora 42 : haproxy (2026-d790d66a08)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d790d66a08 advisory. Upgrade to 3.0.23 see https://www.haproxy.org/download/3.0/src/CHANGELOG for full upstream changelog Tenable has extracted the preceding description...

Linux Distros Unpatched Vulnerability : CVE-2026-45915

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fat: avoid parent link count underflow in rmdir Corrupted FAT images can leave a directory inode with an incorrect inlink e.g. 2 even though subdirectories exis...

Linux Distros Unpatched Vulnerability : CVE-2026-46019

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: atmel-aes - Fix 3-page memory leak in atmelaesbuffcleanup atmelaesbuffinit allocates 4 pages using getfreepages with ATMELAESBUFFERORDER, but...

Linux Distros Unpatched Vulnerability : CVE-2026-48693

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to...

Linux Distros Unpatched Vulnerability : CVE-2026-46062

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ntfs3: fix integer overflow in rununpack volume boundary check The volume boundary check lcn + len sbi-used.bitmap.nbits uses raw addition which can wrap around...

RHEL 9 : xorg-x11-server (RHSA-2026:20555)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20555 advisory. X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical us...

Linux Distros Unpatched Vulnerability : CVE-2026-45879

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - power: supply: bq25980: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registering th...

AlmaLinux 8 : dnsmasq (ALSA-2026:20589)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:20589 advisory. dnsmasq: dnsmasq: heap buffer overflow in cache via NAMEESCAPE expansion CVE-2026-2291 dnsmasq: NSEC bitmap parsing infinite loop CVE-2026-4890 dnsmasq:...

RHEL 9 : xorg-x11-server (RHSA-2026:20558)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20558 advisory. X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical us...

RHEL 8 : firefox (RHSA-2026:21382)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:21382 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

Linux Distros Unpatched Vulnerability : CVE-2026-46032

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: nSVM: Triple fault if restore host CR3 fails on nested VMEXIT If loading L1's CR3 fails on a nested VMEXIT, nestedsvmvmexit returns an error code that is...

Linux Distros Unpatched Vulnerability : CVE-2026-46091

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: rc: igorplugusb: heed coherency rules In a control request, the USB request structure can be subject to DMA on some HCs. Hence it must obey the rules for...

Fedora 43 : chromium (2026-b17799ac62)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-b17799ac62 advisory. Update to 148.0.7778.178 CVE-2026-9111: Use after free in WebRTC CVE-2026-9110: Inappropriate implementation in UI CVE-2026-9112: Use after free in...

Linux Distros Unpatched Vulnerability : CVE-2026-45837

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always poin...

Linux Distros Unpatched Vulnerability : CVE-2026-46078

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - erofs: fix the out-of-bounds nameoff handling for trailing dirents Currently we already have boundary- checks for nameoffs, but the trailing dirents are special...

MiracleLinux 8 : kernel-4.18.0-553.125.1.el8_10 (AXBA:2026-723:38)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXBA:2026-723:38 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: skbuff: preserve shared-frag marker during coalescing skbtrycoalesce can...

Linux Distros Unpatched Vulnerability : CVE-2026-45870

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SUNRPC: authgss: fix memory leaks in XDR decoding error paths The gssxdecctx, gssxdecstatus, and gssxdecname functions allocate memory via gssxdecbuffer, which...

Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2026-1714)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1714 advisory. When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of ra...

RHEL 8 : .NET 9.0 (RHSA-2026:21294)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:21294 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation...

Linux Distros Unpatched Vulnerability : CVE-2026-48696

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FastNetMon Community Edition through 1.2.9 has a buffer overflow, a different vulnerability than CVE-2026-48686 and CVE-2026-48689. CVE-2026-48696 Note that...

Fedora 44 : perl-HTTP-Tiny (2026-703a749924)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-703a749924 advisory. 0.094 - fix to prevent invalid characters in all headers, and prevent header smuggling CVE-2026-7010 Tenable has extracted the preceding description block...

Linux Distros Unpatched Vulnerability : CVE-2026-46044

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipmi:ssif: Clean up kthread on errors If an error occurs after the ssif kthread is created, but before the main IPMI code starts the ssif interface, the ssif...

RHEL 8 : libssh (RHSA-2026:20610)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:20610 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Incorrect...

FreeBSD : Grafana -- Grafana MSSQL Data Source Plugin: Restriction Bypass Leading to OOM DoS (9bcc3279-5901-11f1-b525-3c7c3fba4204)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9bcc3279-5901-11f1-b525-3c7c3fba4204 advisory. https://grafana.com/security/security-advisories/cve-2026-33375 reports: The Grafana MSSQL data source...

RHEL 8 : compat-libtiff3 (RHSA-2026:20592)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:20592 advisory. The libtiff3 package provides libtiff 3, an older version of libtiff library for manipulating TIFF Tagged Image File Format image format files. This...

Oracle Linux 8 : dnsmasq (ELSA-2026-20589)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-20589 advisory. - Prevent overflow in extractname function CVE-2026-2291 - Prevent DoS in DNSSEC validation CVE-2026-4890 - Prevent out-of-bounds read in DNSSEC...

SUSE SLED15 / SLES15 Security Update : rsync (SUSE-SU-2026:2038-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2038-1 advisory. This update for rsync fixes the following issues - CVE-2026-29518: Symlink-Race TOCTOU in Daemon bsc1264511. -...

Fedora 43 : haproxy (2026-164a1e3151)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-164a1e3151 advisory. Upgrade to 3.0.23 see https://www.haproxy.org/download/3.0/src/CHANGELOG for full upstream changelog Tenable has extracted the preceding description...

RHEL 8 : compat-libtiff3 (RHSA-2026:20591)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:20591 advisory. The libtiff3 package provides libtiff 3, an older version of libtiff library for manipulating TIFF Tagged Image File Format image format files. This...

FreeBSD : Grafana -- Grafana Testdata datasource can issue unbounded memory allocations (62717c0f-5901-11f1-b525-3c7c3fba4204)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 62717c0f-5901-11f1-b525-3c7c3fba4204 advisory. https://grafana.com/security/security-advisories/cve-2026-28375 reports: A testdata data-source can be...

Ubuntu 24.04 LTS / 25.10 : Linux kernel (Azure) vulnerabilities (USN-8310-1)

"The remote Ubuntu 24.04 LTS / 25.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8310-1 advisory. It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy...

Linux Distros Unpatched Vulnerability : CVE-2026-45949

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hwrng: core - use RCU and workstruct to fix race condition Currently, hwrngfill is not cleared until the hwrngfillfn thread exits. Since hwrngunregister reads...

RHEL 10 : qt6-qtdeclarative (RHSA-2026:20567)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:20567 advisory. Qt6 - QtDeclarative component. Security Fixes: qt: Qt SVG: Arbitrary QML/JavaScript code injection via malicious SVG file CVE-2025-14576 For more...

Linux Distros Unpatched Vulnerability : CVE-2026-48694

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FastNetMon Community Edition through 1.2.9 contains a configuration injection vulnerability in the Juniper router integration plugin. In...

Amazon Linux 2 : soci-snapshotter, --advisory ALAS2DOCKER-2026-118 (ALASDOCKER-2026-118)

The version of soci-snapshotter installed on the remote host is prior to 0.13.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-118 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go...

Linux Distros Unpatched Vulnerability : CVE-2026-46012

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rxrpc: Fix memory leaks in rxkadverifyresponse Fix rxkadverifyresponse to free the ticket and the server key under all circumstances by initialising the ticket...

Fedora 42 : poppler (2026-2bdb132e40)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-2bdb132e40 advisory. This update fixes CVE-2025-52885 and CVE-2025-43718 Tenable has extracted the preceding description block directly from the Fedora security advisory...

Linux Distros Unpatched Vulnerability : CVE-2026-46021

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - thermal: core: Fix thermal zone governor cleanup issues If thermalzonedeviceregisterwithtrips fails after adding a thermal governor to the thermal zone being...

Linux Distros Unpatched Vulnerability : CVE-2026-45983

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nfsd: never defer requests during idmap lookup During v4 request compound arg decoding, some ops e.g. SETATTR can trigger idmap lookup upcalls. When those upcal...

Linux Distros Unpatched Vulnerability : CVE-2026-45984

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gfs2: Fix use-after-free in iomap inline data write path The inline data buffer head dibh is being released prematurely in gfs2iomapbegin via releasemetapath...

Linux Distros Unpatched Vulnerability : CVE-2026-48962

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. parseOutputGlob wraps the...

Linux Distros Unpatched Vulnerability : CVE-2026-45843

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - slip: bound decode reads against the compressed packet length slhcuncompress parses a VJ-compressed TCP header by advancing a pointer through the packet via...

Amazon Linux 2023 : valkey, valkey-devel (ALAS2023-2026-1748)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1748 advisory. Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from processCommandAndResetClient when re-executing ...

Linux Distros Unpatched Vulnerability : CVE-2026-45845

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/sched: taprio: fix NULL pointer dereference in class dump When a TAPRIO child qdisc is deleted via RTMDELQDISC, tapriograft is called with new == NULL and...

Oracle Linux 8 : compat-libtiff3 (ELSA-2026-20585)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-20585 advisory. 3.9.4-15 - fix CVE-2026-4775: signed integer overflow in putcontig8bitYCbCr44tile RHEL-159315 Tenable has extracted the preceding description block directly fr...

Linux Distros Unpatched Vulnerability : CVE-2026-45997

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: sd: fix missing putdisk when deviceadd&diskdev fails If deviceadd&sdkp-diskdev fails, putdevice runs scsidiskrelease, which frees the scsidisk but leaves...

Linux Distros Unpatched Vulnerability : CVE-2026-48961

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-by...

Linux Distros Unpatched Vulnerability : CVE-2026-46069

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: mwifiex: fix use-after-free in mwifiexadaptercleanup The mwifiexadaptercleanup function uses timerdelete non-synchronous for the wakeuptimer before the...

AlmaLinux 10 : mysql8.4 (ALSA-2026:20693)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:20693 advisory. mysql: InnoDB unspecified vulnerability CPU Apr 2026 CVE-2026-22004 mysql: Information Schema unspecified vulnerability CPU Apr 2026 CVE-2026-22001 mysq...