338597 matches found
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021567)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021567 advisory. In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function When a reset notify IPC...
RHEL 10 : yggdrasil (RHSA-2026:19450)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19450 advisory. yggdrasil is a system daemon that subscribes to topics on an MQTT broker and routes any data received on the topics to an appropriate child worker...
Drupal 10.x < 10.4.10 / 10.5.x < 10.5.10 / 10.6.x < 10.6.9 / 11.1.x < 11.1.10 / 11.2.x < 11.2.12 / 11.3.x < 11.3.10 Drupal Vulnerability (SA-CORE-2026-004)
According to its self-reported version, the instance of Drupal running on the remote web server is 10.x prior to 10.4.10, 10.5.x prior to 10.5.10, 10.6.x prior to 10.6.9, 11.1.x prior to 11.1.10, 11.2.x prior to 11.2.12, or 11.3.x prior to 11.3.10. It is, therefore, affected by a vulnerability. -...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021584)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021584 advisory. In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet If the KVP or VSS daemon star...
Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2026-1672)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1672 advisory. Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1...
Linux Distros Unpatched Vulnerability : CVE-2026-8711
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg,...
Fedora 43 : kernel (2026-3f85a4eba7)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3f85a4eba7 advisory. The 7.0.9-104/204 kernels contain a fix for a SKBFLSHAREDFRAG page-cache corruption vulnerability as well as some mitigations for PinTheft Tenable has...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021563)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021563 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: libsas: Fix use-after-free bug in smpexecutetasksg When executing SMP task failed, the...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021648)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021648 advisory. In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Limit packet length to skb-len Packet length retrieved from descriptor may be...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021525)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021525 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix a race condition between loginwork and the login thread In case a...
Linux Distros Unpatched Vulnerability : CVE-2026-42396
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail CVE-2026-42396 Note that Nessus relies on the presence of the package as...
Linux Distros Unpatched Vulnerability : CVE-2026-40622
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domain names' family of attacks that could extend the ghost domai...
RockyLinux 9 : PackageKit (RLSA-2026:19354)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19354 advisory. PackageKit: race condition vulnerability leads to arbitrary package installation as root CVE-2026-41651 Tenable has extracted the preceding description block...
Linux Distros Unpatched Vulnerability : CVE-2026-42534
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the jostle logic that could defeat its purpose and degrade resolution performance...
Google Chrome < 148.0.7778.178 Multiple Vulnerabilities
The version of Google Chrome installed on the remote macOS host is prior to 148.0.7778.178. It is, therefore, affected by multiple vulnerabilities as referenced in the 202605stable-channel-update-for-desktop0841193308 advisory. - Use after free in DOM in Google Chrome on prior to 148.0.7778.179...
Linux Distros Unpatched Vulnerability : CVE-2026-44608
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met multi-threaded, RPZ...
FreeBSD : MySQL -- Multiple vulnerabilities (f69dbfcc-535b-11f1-8b62-8447094a420f)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the f69dbfcc-535b-11f1-8b62-8447094a420f advisory. Oracle reports: See linked CVE's for details. Tenable has extracted the preceding description...
Fedora 43 : python-django5 (2026-4d1404fc5d)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-4d1404fc5d advisory. - Fixes CVE-2026-5766: Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass - Fixes CVE-2026-35192: Session...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021533)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021533 advisory. In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix pci device refcount leak in pprnotifier As comment of pcigetdomainbusandslot says,...
Amazon Linux 2023 : python3.13-lxml (ALAS2023-2026-1679)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1679 advisory. lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input t...
RHEL 9 : git-lfs (RHSA-2026:19722)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:19722 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while...
Amazon Linux 2023 : python3-lxml (ALAS2023-2026-1678)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1678 advisory. lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input t...
RHEL 9 : dnsmasq (RHSA-2026:19373)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19373 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server...
RockyLinux 9 : grafana (RLSA-2026:19185)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19185 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 Tenable has extracted the preceding description block directly from the RockyLinux...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021607)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021607 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix spinunlockirqrestore called with IRQs enabled Fix missuse of...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021549)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021549 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix possible memory leak in sndac97devregister If deviceregister fails in...
RHEL 9 : firefox (RHSA-2026:19464)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19464 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...
Fedora 44 : kernel (2026-57965ac9f7)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-57965ac9f7 advisory. The 7.0.9-104/204 kernels contain a fix for a SKBFLSHAREDFRAG page-cache corruption vulnerability as well as some mitigations for PinTheft Tenable has...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021645)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021645 advisory. In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a server shutdown leak Fix a race where kthreadstop may prevent the threadfn from eve...
RHEL 9 : freerdp (RHSA-2026:19349)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19349 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to...
Amazon Linux 2023 : editorconfig, editorconfig-devel, editorconfig-libs (ALAS2023-2026-1642)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1642 advisory. editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ecglob that allows an...
Amazon Linux 2023 : bouncycastle, bouncycastle-javadoc, bouncycastle-mail (ALAS2023-2026-1688)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1688 advisory. Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all core modules. This vulnerability is associated with program files...
Amazon Linux 2023 : freerdp, freerdp-devel, freerdp-libs (ALAS2023-2026-1643)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1643 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Versions prior to 3.25.0 have an off-by- one in the path traversal filter in channels/drive/client/drivefile.c. The containsdotdot...
Debian dsa-6283 : firefox-esr - security update
The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6283 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6283-1 [email protected]...
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-8273-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8273-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021615)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021615 advisory. In the Linux kernel, the following vulnerability has been resolved: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data In case the non-paged data...
Fedora 43 : python-dotenv (2026-20312e36a8)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-20312e36a8 advisory. Update to 1.2.2, security fix for CVE-2026-28684. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
Linux Distros Unpatched Vulnerability : CVE-2026-43412
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start During ADSP stop and start, the kernel crashes due to the order in which ASoC components...
Fedora 43 : freerdp (2026-dfde5fc92a)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-dfde5fc92a advisory. Update to 3.26.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021558)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021558 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix ib block iterator counter overflow When registering a new DMA MR after selecting t...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021651)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021651 advisory. In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix a deadlock problem when config TC during resetting When config TC during the reset...
Linux Distros Unpatched Vulnerability : CVE-2026-8212
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021587)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021587 advisory. In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Defer probe of clients after smmu device bound Null pointer dereference occurs du...
Linux Distros Unpatched Vulnerability : CVE-2026-8430
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing...
Linux Distros Unpatched Vulnerability : CVE-2026-42960
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021577)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021577 advisory. In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: enhanced error handling for tightly received RTS messages in xtprxrtssessionnew...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021616)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021616 advisory. In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket BUG: KASAN: slab-use-after-free in...
Linux Distros Unpatched Vulnerability : CVE-2026-8368
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross- origin redirects. On a 3xx response, the redirect...
RHEL 9 : thunderbird (RHSA-2026:19469)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:19469 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the...
Amazon Linux 2023 : firefox (ALAS2023-2026-1652)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1652 advisory. Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic in ptr::dropinplace skips setting the length to zero. CVE-2026-6654...