Unity Linux 20.1070e Security Update: resteasy (UTSA-2026-016727)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016727 advisory. A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when...

Linux Distros Unpatched Vulnerability : CVE-2026-41076

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.9 and prior in addition to 6.0.0 through 6.0.2 contain an authentication...

Unity Linux 20.1070e Security Update: nodejs-hawk (UTSA-2026-016758)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016758 advisory. Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response...

Unity Linux 20.1060e / 20.1070e Security Update: jboss-logging (UTSA-2026-016641)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016641 advisory. Apache Log4j2 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 JNDI features used in configuration, log messages, and parameters do not...

Oracle Linux 8 : libsndfile (ELSA-2026-19559)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19559 advisory. 1.0.28-17 - apply patch for CVE-2026-37555 Resolves: ?RHEL-174533 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-nokogiri (UTSA-2026-016661)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016661 advisory. Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE...

Linux Distros Unpatched Vulnerability : CVE-2026-31072

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Path-to-Regexp vulnerability (USN-8290-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8290-1 advisory. It was discovered that Path-to-Regexp incorrectly handled route patterns containing multiple named parameters...

Debian dsa-6287 : chromium - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6287 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6287-1 [email protected]...

Unity Linux 20.1070e Security Update: infinispan (UTSA-2026-016712)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016712 advisory. The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this...

Unity Linux 20.1070e Security Update: netty (UTSA-2026-016738)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016738 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a...

RockyLinux 9 : grafana-pcp (RLSA-2023:2177)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:2177 advisory. golang: net/http: handle server errors after sending GOAWAY CVE-2022-27664 Tenable has extracted the preceding description block directly from the RockyLinux...

Mattermost Server 10.11.x <= 10.11.13 / 11.5.x <= 11.5.1 Multiple Vulnerabilities (MMSA-2026-00570 / MMSA-2026-00575 / MMSA-2026-00582 / MMSA-2026-00622)

The version of Mattermost Server installed on the remote host is affected by multiple vulnerabilities: - Mattermost fails to validate the Host header when constructing response URLs for custom slash commands which allows an authenticated attacker to redirect slash command responses to an...

Unity Linux 20.1070e Security Update: wildfly-common (UTSA-2026-016751)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016751 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a...

Linux Distros Unpatched Vulnerability : CVE-2026-8964

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spoofing issue in the Popup Blocker component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. CVE-2026-8964 Note that Nessus relies on the...

Linux Distros Unpatched Vulnerability : CVE-2026-8952

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Privilege escalation in the Application Update component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. CVE-2026-8952 Note that Nessus relies...

Unity Linux 20.1060e / 20.1070e Security Update: mybatis (UTSA-2026-016634)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016634 advisory. MyBatis before 3.5.6 mishandles deserialization of object streams. Tenable has extracted the preceding description block directly from the Unity Linux security...

NVIDIA Virtual GPU Manager Multiple Vulnerabilities (May 2026)

The NVIDIA Virtual GPU Manager software on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, including the following: - A vulnerability exists where an attacker could leak held driver locks, potentially leading to denial of service...

Unity Linux 20.1070e Security Update: libEMF (UTSA-2026-016701)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016701 advisory. libEMF aka ECMA-234 Metafile Library through 1.0.11 allows denial of service issue 1 of 2. Tenable has extracted the preceding description block directly from the...

Ubuntu 24.04 LTS / 25.10 : XDG Desktop Portal vulnerability (USN-8287-1)

The remote Ubuntu 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8287-1 advisory. It was discovered that XDG Desktop Portal incorrectly handled trashing files. A local attacker could possibly use this issue to delete arbitrary files on...

Linux Distros Unpatched Vulnerability : CVE-2026-45073

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - symfony - None Ubuntu Linux - Unknown description CVE-2026-45073 Note that Nessus relies on the presence of the package as reported by the vendor...

Unity Linux 20.1070e Security Update: shadow (UTSA-2026-016733)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016733 advisory. shadow: TOCTOU time-of-check time-of-use race condition when copying and removing directory trees Tenable has extracted the preceding description block directly from...

Unity Linux 20.1070e Security Update: mod_fcgid (UTSA-2026-016767)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016767 advisory. A security Bypass vulnerability exists in the FcgidPassHeader Proxy in modfcgid through 2016-07-07. Tenable has extracted the preceding description block directly fr...

Linux Distros Unpatched Vulnerability : CVE-2026-45064

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux - Unknown description CVE-2026-45064 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenabl...

Linux Distros Unpatched Vulnerability : CVE-2026-32738

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samplesperchunk=0 in the st...

Linux Distros Unpatched Vulnerability : CVE-2026-42326

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when writing an IPTC...

Linux Distros Unpatched Vulnerability : CVE-2026-47165

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, the distributed pixel...

Unity Linux 20.1070e Security Update: log4j (UTSA-2026-016696)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016696 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...

Unity Linux 20.1070e Security Update: gradle (UTSA-2026-016763)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016763 advisory. The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the sam...

Unity Linux 20.1060e / 20.1070e Security Update: xerces-c (UTSA-2026-016688)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016688 advisory. The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the...

Unity Linux 20.1060e / 20.1070e Security Update: qt5-qtsvg (UTSA-2026-016645)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016645 advisory. Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps::growAppend called from QPainterPath::addPath and...

Unity Linux 20.1060e / 20.1070e Security Update: python-flask-restx (UTSA-2026-016606)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016606 advisory. Flask-RESTX pypi package flask-restx is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vulnerable to ReDoS Regular Expression Denial ...

Unity Linux 20.1070e Security Update: wildfly-elytron (UTSA-2026-016747)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016747 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a...

Unity Linux 20.1070e Security Update: HikariCP (UTSA-2026-016695)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016695 advisory. Apache Log4j2 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 JNDI features used in configuration, log messages, and parameters do not...

Unity Linux 20.1070e Security Update: resteasy (UTSA-2026-016757)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016757 advisory. A cross-site scripting XSS flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: hibernate4 (UTSA-2026-016599)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016599 advisory. A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit...

Unity Linux 20.1060e / 20.1070e Security Update: nettle (UTSA-2026-016616)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016616 advisory. A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions GOST DSA, EDDSA & ECDSA result in the Elliptic Curve...

Unity Linux 20.1050e / 20.1070e Security Update: perl-Mojolicious (UTSA-2026-016607)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016607 advisory. The Mojolicious module before 8.65 for Perl is vulnerable to securecompare timing attacks that allow an attacker to guess the length of a secret string. Only version...

Unity Linux 20.1060e / 20.1070e Security Update: hiredis (UTSA-2026-016624)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016624 advisory. Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or...

Unity Linux 20.1060e / 20.1070e Security Update: nodejs-underscore (UTSA-2026-016621)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016621 advisory. The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function,...

Unity Linux 20.1070e Security Update: springframework (UTSA-2026-016731)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016731 advisory. In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from...

NVIDIA Linux GPU Display Driver (May 2026)

The NVIDIA GPU display driver software on the remote host is missing a security update. It is, therefore, affected by the following vulnerabilities: - A vulnerability exists where an attacker could cause a use-after-free, potentially leading to denial of service, escalation of privileges,...

Unity Linux 20.1070e Security Update: infinispan (UTSA-2026-016749)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016749 advisory. Apache Log4j2 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 JNDI features used in configuration, log messages, and parameters do not...

Unity Linux 20.1070e Security Update: libEMF (UTSA-2026-016704)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016704 advisory. libEMF aka ECMA-234 Metafile Library through 1.0.11 allows denial of service issue 2 of 2. Tenable has extracted the preceding description block directly from the...

Unity Linux 20.1070e Security Update: log4j (UTSA-2026-016732)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016732 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a...

Unity Linux 20.1070e Security Update: rubygem-nokogiri (UTSA-2026-016729)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016729 advisory. Nokogiri is an open source XML and HTML library for Ruby. Nokogiri = 1.13.4. There are no known workarounds for this issue. Tenable has extracted the preceding...

Unity Linux 20.1070e Security Update: datanucleus-core (UTSA-2026-016737)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016737 advisory. Apache Log4j2 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 JNDI features used in configuration, log messages, and parameters do not...

Fedora 44 : linux-firmware (2026-2b07c67f06)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-2b07c67f06 advisory. Update to 20260519: ASoC: tas2783: Add Firmware files for tas2783A projects add firmware for MT7927 WiFi device Add HP ISH firmware for Intel Panther Lake...

Unity Linux 20.1060e / 20.1070e Security Update: ganglia (UTSA-2026-016666)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016666 advisory. ganglia-web aka Ganglia Web Frontend through 3.7.5 allows XSS via the header.php ce parameter. Tenable has extracted the preceding description block directly from th...

Unity Linux 20.1070e Security Update: log4j (UTSA-2026-016724)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016724 advisory. Apache Log4j2 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 JNDI features used in configuration, log messages, and parameters do not...