338597 matches found
F5 Networks BIG-IP : BIG-IP qkview vulnerability (K000157895)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4. It is, therefore, affected by a vulnerability as referenced in the K000157895 advisory. An improper sanitization vulnerability exists in the BIG-IPqkviewutility that allows a low-privileged attacker to...
Debian dsa-6286 : evince - security update
The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6286 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6286-1 [email protected] https://www.debian.org/security/...
MiracleLinux 9 : ruby-3.0.7-166.el9_7 (AXSA:2026-694:02)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-694:02 advisory. erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 Tenable has extracted the preceding description block directly from the...
MiracleLinux 9 : ruby:3.3 (AXSA:2026-706:01)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-706:01 advisory. erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 Tenable has extracted the preceding description block directly from the...
AlmaLinux 8 : kernel (ALSA-2026:19666)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:19666 advisory. kernel: Fragnesia is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation LPE vulnerability in the Linux kernel...
FreeBSD : FreeBSD -- Remote code execution via installer Wi-Fi access point scans (039c0ab0-54b7-11f1-8d7a-bc241121aa0a)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 039c0ab0-54b7-11f1-8d7a-bc241121aa0a advisory. When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of...
F5 Networks BIG-IP : iControl REST and tmsh vulnerability (K000160863)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160863 advisory. A vulnerability exists in iControl REST and the TMOS Shell tmsh where a highly privileged, authenticat...
Photon OS 4.0: Expat PHSA-2026-4.0-1022
An update of the expat package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1022. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Unity Linux 20.1070e Security Update: mariadb (UTSA-2026-021671)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021671 advisory. MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECTLEX::nestlevel is local to each VIEW. Tenable has extracted the preceding...
FreeBSD : FreeBSD -- Kernel use-after-free via file descriptor syscalls (ee21f41f-54b5-11f1-8d7a-bc241121aa0a)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ee21f41f-54b5-11f1-8d7a-bc241121aa0a advisory. A file descriptor can be closed while a thread is blocked in a poll2 or select2 call waiting for that...
Linux Distros Unpatched Vulnerability : CVE-2026-45067
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - symfony - None Ubuntu Linux - Unknown description CVE-2026-45067 Note that Nessus relies on the presence of the package as reported by the vendor...
AlmaLinux 8 : kernel-rt (ALSA-2026:19664)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:19664 advisory. kernel: Fragnesia is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation LPE vulnerability in the Linux kernel...
Unity Linux 20.1070e Security Update: mariadb (UTSA-2026-021667)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021667 advisory. MariaDB through 10.5.9 allows a setvar.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery. Tenable has extracted the...
Unity Linux 20.1070e Security Update: mariadb (UTSA-2026-021663)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021663 advisory. MariaDB through 10.5.9 allows attackers to trigger a convertconsttoint use-after-free when the BIGINT data type is used. Tenable has extracted the preceding...
Linux Distros Unpatched Vulnerability : CVE-2026-9120
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in WebRTC in Google Chrome prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security...
F5 Networks BIG-IP : BIG-IP DNS tmsh vulnerability (K000157981)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0. It is, therefore, affected by a vulnerability as referenced in the K000157981 advisory. When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed TMOS Shell tmsh command that ma...
MiracleLinux 9 : nginx:1.26 (AXSA:2026-705:01)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-705:01 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the MiracleLinux...
RHEL 8 : kernel (RHSA-2026:20051)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20051 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Fragnesia is a variant of Dir...
Linux Distros Unpatched Vulnerability : CVE-2026-9112
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in GPU in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTM...
F5 Networks BIG-IP : BIG-IP Configuration utility vulnerability (K000156734)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3 / 17.5.1.3 / 21.0.0. It is, therefore, affected by a vulnerability as referenced in the K000156734 advisory. A vulnerability exists in the undisclosed pages in the Configuration utility that may allow a low-...
Linux Distros Unpatched Vulnerability : CVE-2026-1322
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have...
F5 Networks BIG-IP : iControl SOAP vulnerability (K000160973)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160973 advisory. A vulnerability exists in iControl SOAP where an authenticated attacker with the Resource Administrato...
MiracleLinux 9 : kernel-5.14.0-611.54.6.el9_7 (AXSA:2026-692:35)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-692:35 advisory. kernel: net: skbuff: propagate shared-frag marker through frag-transfer helpers CVE-2026-46300 kernel: ptrace: require CAPSYSPTRACE when task has no ...
Unity Linux 20.1070e Security Update: mariadb (UTSA-2026-021668)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021668 advisory. MariaDB through 10.5.13 allows a hamaria::extra application crash via certain SELECT statements. Tenable has extracted the preceding description block directly from...
F5 Networks BIG-IP : BIG-IP TMM vulnerability (K000158038)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0. It is, therefore, affected by a vulnerability as referenced in the K000158038 advisory. When a classification profile is configured on a UDP virtual server, undisclosed requests can cause the...
Slackware Linux 15.0 / current rsync Multiple Vulnerabilities (SSA:2026-141-02)
The version of rsync installed on the remote host is prior to 3.4.3. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2026-141-02 advisory. New rsync packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the preceding...
Linux Distros Unpatched Vulnerability : CVE-2026-9126
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in DOM in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...
F5 Networks BIG-IP : BIG-IP and BIG-IQ privilege escalation vulnerability (K000160972)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160972 advisory. A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker...
Linux Distros Unpatched Vulnerability : CVE-2020-37239
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Unbound vulnerabilities (USN-8282-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8282-1 advisory. Andrew Griffiths discovered that Unbound did not properly handle certain DNSCrypt packets. A remote attacker could possib...
Linux Distros Unpatched Vulnerability : CVE-2026-9110
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in UI in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to...
Linux Distros Unpatched Vulnerability : CVE-2026-43494
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/rds: reset opnents when zerocopy page pin fails When iovitergetpages2 fails in rdsmessagezcopyfromuser, the pinned pages are released with putpage, and...
Linux Distros Unpatched Vulnerability : CVE-2026-24425
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template...
Linux Distros Unpatched Vulnerability : CVE-2026-9113
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read in GPU in Google Chrome on Mac prior to 148.0.7778.179 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML...
Security Updates for Microsoft Exchange Server (May 2026)
The Microsoft Exchange Server installed on the remote host is missing a security update. It is, therefore, affected by a vulnerability as referenced in the May, 2026 security bulletin. - Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Serve...
F5 Networks BIG-IP : BIG-IP privilege escalation vulnerability (K000160975)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160975 advisory. A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at lea...
Linux Distros Unpatched Vulnerability : CVE-2026-9124
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Input in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer proce...
F5 Networks BIG-IP : BIG-IP and BIG-IQ Configuration utility vulnerability (K000156761)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0. It is, therefore, affected by a vulnerability as referenced in the K000156761 advisory. An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP an...
F5 Networks BIG-IP : BIG-IP APM vulnerability (K000161056)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0.1. It is, therefore, affected by a vulnerability as referenced in the K000161056 advisory. When a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause...
F5 Networks BIG-IP : iControl REST and tmsh vulnerability (K000161018)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000161018 advisory. Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : GnuTLS vulnerabilities (USN-8284-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8284-1 advisory. Joshua Rogers discovered that GnuTLS did not properly handle malformed DTLS handshake fragments in certain cases. A remot...
Multiple Node.js Modules compromised in self-spreading npm supply chain attack (mini-Shai-Hulud) (05/11/2026)
The remote host has a version of one or more Node.js modules installed known to be compromised in the self-spreading 'mini-Shai-Hulud' npm supply chain attack reported on 05/11/2026. This wave is tracked separately from the original Shai-Hulud campaign because of distinct compromised maintainers...
Linux Distros Unpatched Vulnerability : CVE-2026-46640
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Twig: Arbitrary PHP code execution via self. macro-reference compilation CVE-2026-46640 Note that Nessus relies on the presence of the package as reported by th...
Linux Distros Unpatched Vulnerability : CVE-2026-9118
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in XR in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium...
F5 Networks BIG-IP : BIG-IP iControl SOAP vulnerability (K000160926)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0.1. It is, therefore, affected by a vulnerability as referenced in the K000160926 advisory. An authenticated attacker with the Resource Administrator or Administrator role can create SNMP...
F5 Networks BIG-IP : iControl REST and tmsh vulnerability (K000160981)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160981 advisory. A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker...
F5 Networks BIG-IP : BIG-IP SIP profile vulnerability (K000161023)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000161023 advisory. When a SIP profile is configured on a virtual server, undisclosed traffic can cause the Traffic...
Linux Distros Unpatched Vulnerability : CVE-2026-46635
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Twig: Sandbox property allowlist bypass via the column filter arraycolumn on objects CVE-2026-46635 Note that Nessus relies on the presence of the package as...
Linux Distros Unpatched Vulnerability : CVE-2026-9114
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in QUIC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via malicious network...
F5 Networks BIG-IP : BIG-IP SSL/TLS vulnerability (K000158978)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4. It is, therefore, affected by a vulnerability as referenced in the K000158978 advisory. When SSL profiles are configured on a virtual server, undisclosed traffic can cause the virtual server to stop...