338230 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-46093
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/vmalloc: take vmappurgelock in shrinker decayvapoolnode can be invoked concurrently from two paths: purgevmaparealazy when pools are being purged, and the...
Fedora 44 : editorconfig (2026-4fb6f57673)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-4fb6f57673 advisory. Update to 0.12.11: security fix for CVE-2026-40489. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note th...
Linux Distros Unpatched Vulnerability : CVE-2026-46046
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext4: fix missing brelse in ext4xattrinodedecrefall The commit c8e008b60492 ext4: ignore xattrs past end introduced a refcount leak in when blockcsum is false...
Linux Distros Unpatched Vulnerability : CVE-2026-45894
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iommu/vt-d: Clear Present bit before tearing down PASID entry The Intel VT-d Scalable Mode PASID table entry consists of 512 bits 64 bytes. When tearing down an...
Linux Distros Unpatched Vulnerability : CVE-2026-45848
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - apparmor: fix NULL sock in aasockfileperm Deal with the potential that sock and sock-sk can be NULL during socket setup or teardown. This could lead to an oops...
Linux Distros Unpatched Vulnerability : CVE-2026-45856
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/uverbs: Validate wqesize before using it in ibuverbspostsend ibuverbspostsend uses cmd.wqesize from userspace without any validation before passing it to...
RHEL 10 : podman (RHSA-2026:20570)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20570 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use...
Ubuntu 24.04 LTS / 25.10 / 26.04 LTS : libssh2 vulnerability (USN-8309-1)
The remote Ubuntu 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8309-1 advisory. It was discovered that libssh2 incorrectly handled username and password length values during SSH password authentication. A remote attacker...
Linux Distros Unpatched Vulnerability : CVE-2026-46096
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tpm2-sessions: Fix missing tpmbufdestroy in tpm2readpublic tpm2readpublic calls tpmbufinit but fails to call tpmbufdestroy on two exit paths, leaking a page...
Linux Distros Unpatched Vulnerability : CVE-2026-45964
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SUNRPC: fix gssauth kref leak in gssallocmsg error path Commit 5940d1cf9f42 SUNRPC: Rebalance a kref in authgss.c added a krefget&gssauth-kref call to balance t...
FreeBSD : Grafana -- RCE on Grafana via sqlExpressions (f45ad940-58ff-11f1-b525-3c7c3fba4204)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f45ad940-58ff-11f1-b525-3c7c3fba4204 advisory. https://grafana.com/security/security-advisories/cve-2026-27876 reports: A chained attack via SQL...
Linux Distros Unpatched Vulnerability : CVE-2026-25680
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Note that Nessus relies on the presence of the...
Linux Distros Unpatched Vulnerability : CVE-2026-5223
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of...
FreeBSD : Grafana -- XSS in Grafana Explore stack trace (6cc28c49-58fe-11f1-b525-3c7c3fba4204)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6cc28c49-58fe-11f1-b525-3c7c3fba4204 advisory. https://grafana.com/security/security-advisories/cve-2025-41117 reports: Stack traces in Grafana's...
Linux Distros Unpatched Vulnerability : CVE-2026-45916
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - power: supply: sbs-battery: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registerin...
Fedora 42 : perl-Crypt-DSA (2026-ffe3625a50)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ffe3625a50 advisory. This update fixes a couple of security issues: Replace two arg open CVE-2026-8704 Replace rand with a cryptographically-secure source of random data...
Linux Distros Unpatched Vulnerability : CVE-2026-45994
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ibmasm: fix OOB reads in commandfilewrite due to missing size checks The commandfilewrite handler allocates a kernel buffer of exactly count bytes and copies us...
Amazon Linux 2 : nss, --advisory ALAS2-2026-3304 (ALAS-2026-3304)
The version of nss installed on the remote host is prior to 3.90.0-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3304 advisory. Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR...
Linux Distros Unpatched Vulnerability : CVE-2026-5222
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple...
RHCOS 4 : Red Hat build of MicroShift 4.19.32 (RHSA-2026:20322)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:20322 advisory. - google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation...
Linux Distros Unpatched Vulnerability : CVE-2020-25813
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users. CVE-2020-25813 Note that Nessus...
Fedora 43 : perl-Crypt-DSA (2026-fdc100f74f)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-fdc100f74f advisory. This update fixes a couple of security issues: Replace two arg open CVE-2026-8704 Replace rand with a cryptographically-secure source of random data...
SUSE SLED15 / SLES15 Security Update : vim (SUSE-SU-2026:2029-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2029-1 advisory. This update for vim fixes the following issue: Security fixes: - CVE-2026-39881: command injection in NetBeans interfac...
Linux Distros Unpatched Vulnerability : CVE-2026-48691
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP ASPATH attribute encoder. In src/bgpprotocol.hpp, the...
Linux Distros Unpatched Vulnerability : CVE-2026-3012
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Samba's certificate auto-enrollment Group Policy handling. When certificate auto- enrollment is enabled, Samba may retrieve a CA certificate...
Ubuntu 24.04 LTS : ONNX vulnerability (USN-8307-1)
The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8307-1 advisory. It was discovered that ONNX did not properly validate paths when extracting tar archives during model downloads. An attacker could possibly use this issue to...
RHEL 9 : .NET 10.0 (RHSA-2026:21297)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:21297 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation...
Linux Distros Unpatched Vulnerability : CVE-2026-46031
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: ks8851: Reinstate disabling of BHs around IRQ handler If the driver executes ks8851irq AND a TX packet has been sent, then the driver enables TX queue via...
Fedora 43 : rust-eif_build (2026-507f965d21)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-507f965d21 advisory. Rebuild with version 0.10.79 of the openssl crate which includes fixes for the following security issues: - CVE-2026-41676 / GHSA-pqf5-4pqq-29f5 -...
Amazon Linux 2023 : python3-twisted, python3-twisted+tls (ALAS2023-2026-1734)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1734 advisory. The twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending a crafted...
Linux Distros Unpatched Vulnerability : CVE-2026-45855
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ata: libata-scsi: avoid Non-NCQ command starvation When a non-NCQ command is issued while NCQ commands are being executed, atascsiqcissue indicates to the SCSI...
Linux Distros Unpatched Vulnerability : CVE-2026-45942
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext4: fix e4b bitmap inconsistency reports A bitmap inconsistency issue was observed during stress tests under mixed huge-page workloads. Ext4 reported multiple...
Linux Distros Unpatched Vulnerability : CVE-2026-46022
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - misc: ibmasm: fix OOB MMIO read in ibmasmhandlemouseinterrupt ibmasmhandlemouseinterrupt performs an out-of-bounds MMIO read when the queue reader or writer ind...
Linux Distros Unpatched Vulnerability : CVE-2026-48689
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamicbinarybuffert class src/dynamicbinarybuffer.hpp. Five...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2026-104 (ALASKERNEL-5.15-2026-104)
The version of kernel installed on the remote host is prior to 5.15.206-144.232. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2026-104 advisory. In the Linux kernel, the following vulnerability has been resolved: net/rds: reset opnents when zerocopy...
Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2026-059 (ALASFIREFOX-2026-059)
The version of firefox installed on the remote host is prior to 140.10.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2FIREFOX-2026-059 advisory. libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. CVE-2026-410...
Linux Distros Unpatched Vulnerability : CVE-2025-71304
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disables networking for non-ambient...
Fedora 44 : perl-Crypt-DSA (2026-cdcb20089b)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-cdcb20089b advisory. This update fixes a couple of security issues: Replace two arg open CVE-2026-8704 Replace rand with a cryptographically-secure source of random data...
FreeBSD : Grafana -- Query resampling can cause unbounded memory allocations (c079e809-5900-11f1-b525-3c7c3fba4204)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c079e809-5900-11f1-b525-3c7c3fba4204 advisory. https://grafana.com/security/security-advisories/cve-2026-27879 reports: A resample query can be used t...
Amazon Linux 2023 : firefox (ALAS2023-2026-1725)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1725 advisory. In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input. CVE-2026-45186 Use-after-free in th...
Debian dsa-6300 : node-shell-quote - security update
The remote Debian 12 / 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-6300 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6300-1 [email protected] https://www.debian.org/security/...
Linux Distros Unpatched Vulnerability : CVE-2026-45867
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - power: supply: act8945a: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registering t...
Linux Distros Unpatched Vulnerability : CVE-2026-4408
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the check password...
Linux Distros Unpatched Vulnerability : CVE-2026-46038
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: qrtr: ns: Free the node during ctrlcmdbye A node sends the BYE packet when it is about to go down. So the nameserver should advertise the removal of the no...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : SimpleEval vulnerability (USN-8301-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8301-1 advisory. Byambadalai Sumiya discovered that SimpleEval did not properly restrict attribute access and...
Tenable Sensor Proxy < 1.4.0 Multiple Vulnerabilities (TNS-2026-15)
According to its self-reported version, the Tenable Sensor Proxy running on the remote host is prior to 1.4.0. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2026-15 advisory. - When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed...
Linux Distros Unpatched Vulnerability : CVE-2026-41074
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RT is an open source, enterprise-grade issue and ticket tracking system. Versions 6.0.0 through 6.0.2 contain a Cross-Site Request Forgery CSRF vulnerability. A...
Linux Distros Unpatched Vulnerability : CVE-2026-45944
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iommu/vt-d: Clear Present bit before tearing down context entry When tearing down a context entry, the current implementation zeros the entire 128-bit entry usi...
Linux Distros Unpatched Vulnerability : CVE-2025-71305
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/display/dpmst: Add protection against 0 vcpi When releasing a timeslot there is a slight chance we may end up with the wrong payload mask due to overflow if...
Slackware Linux 15.0 / current mozilla-thunderbird Vulnerability (SSA:2026-146-01)
The version of mozilla-thunderbird installed on the remote host is prior to 140.11.1esr. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-146-01 advisory. New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. Tenable has...