338597 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-33278
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code...
Linux Distros Unpatched Vulnerability : CVE-2026-43455
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mctp: route: hold key-lock in mctpflowprepareoutput mctpflowprepareoutput checks key-dev and may call mctpdevsetkey, but it does not hold key-lock while doing s...
Amazon Linux 2023 : python3.11-pip, python3.11-pip-wheel (ALAS2023-2026-1665)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1665 advisory. pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such...
Fedora 43 : expat (2026-89f45c355d)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-89f45c355d advisory. Rebase to version 2.8.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021565)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021565 advisory. In the Linux kernel, the following vulnerability has been resolved: brcmfmac: return error when getting invalid maxflowrings from dongle When firmware hit trap at...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021566)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021566 advisory. In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Clean up sidomain in the initdmars error path A splat from kmemcachedestroy was seen...
Splunk Universal Forwarder 9.4.0 < 9.4.11 (SVD-2026-0506)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0506 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...
Linux Distros Unpatched Vulnerability : CVE-2026-43371
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: macb: Shuffle the tx ring before enabling tx Quanyang observed that when using an NFS rootfs on an AMD ZynqMp board, the rootfs may take an extended time t...
RHEL 9 : python3.9 (RHSA-2026:19576)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19576 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...
RHEL 8 : container-tools:rhel8 (RHSA-2026:19634)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19634 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes:...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021551)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021551 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: avoid crash when inline data creation follows DIO write When inode is created and written t...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Highlight.js vulnerability (USN-8276-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8276-1 advisory. It was discovered that Highlight.js used plain JavaScript objects for internal language name lookups, making them susceptible to prototype...
RHEL 9 : gimp (RHSA-2026:19362)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19362 advisory. The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox,...
RHEL 9 : libsndfile (RHSA-2026:19610)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19610 advisory. libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Security Fixes: libsndfile: integer...
Linux Distros Unpatched Vulnerability : CVE-2026-42944
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDN...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021571)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021571 advisory. In the Linux kernel, the following vulnerability has been resolved: net: inet6: do not leave a dangling sk pointer in inet6create sockinitdata attaches the allocated...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021609)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021609 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: added NULL check at start of dcvalidatestream Why prevent invalid memory access...
Linux Distros Unpatched Vulnerability : CVE-2026-41999
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect Behaviour of Views with TCP PROXY Requests CVE-2026-41999 Note that Nessus relies on the presence of the package as reported by the vendor...
RockyLinux 9 : LibRaw (RLSA-2026:19345)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19345 advisory. LibRaw: LibRaw: Arbitrary code execution via a specially crafted malicious file CVE-2026-24450 LibRaw: LibRaw: Arbitrary code execution via heap-based...
Amazon Linux 2023 : wireshark-cli, wireshark-devel (ALAS2023-2026-1677)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1677 advisory. RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution CVE-2026-5405 Tenable has extracted the preceding description block...
Amazon Linux 2023 : cups, cups-client, cups-devel (ALAS2023-2026-1668)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1668 advisory. OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon cupsd contains an authorization bypass...
Fedora 43 : firefox / nss (2026-cd20332935)
The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-cd20332935 advisory. Update NSS to 3.123.1 Update to Firefox 151.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...
Linux Distros Unpatched Vulnerability : CVE-2025-54518
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a...
Fedora 43 : mysql8.0 (2026-0c462e5676)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-0c462e5676 advisory. MySQL 8.0.46 Release notes: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-46.html Known issue: s390x-specific issue - zlib with DFLTCC...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021556)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021556 advisory. In the Linux kernel, the following vulnerability has been resolved: NFS: Fix an Oops in nfsdautomount When mounting from a NFSv4 referral, path-dentry can end up bei...
Linux Distros Unpatched Vulnerability : CVE-2026-45185
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends...
Linux Distros Unpatched Vulnerability : CVE-2026-34159
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserializetensor skips all bounds validation when a tensor'...
RHEL 8 : firefox (RHSA-2026:19542)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:19542 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...
Fedora 44 : erlang-cowlib (2026-84270bbc49)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-84270bbc49 advisory. Cowlib 2.16.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...
RHEL 7 : glib2 (RHSA-2026:19566)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19566 advisory. GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, th...
Fedora 43 : mysql8.4 (2026-a7adf2637c)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-a7adf2637c advisory. MySQL 8.4.9 Release notes: https://dev.mysql.com/doc/relnotes/mysql/8.4/en/news-8-4-9.html Known issue: s390x-specific issue - zlib with DFLTCC...
RHEL 9 : rhc (RHSA-2026:19369)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19369 advisory. rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management. Security...
Linux Distros Unpatched Vulnerability : CVE-2026-43322
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in lereadfeaturescomplete This fixes the following backtrace...
Linux Distros Unpatched Vulnerability : CVE-2026-44390
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability when handling replies with very large RRsets that Unbound needs to perform name...
Linux Distros Unpatched Vulnerability : CVE-2026-43442
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: iouring: fix physical SQE bounds check for SQEMIXED 128-byte ops When IORINGSETUPSQEMIXED is...
Linux Distros Unpatched Vulnerability : CVE-2026-42256
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021524)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021524 advisory. In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential null-ptr-deref in deviceadd I got the following null-ptr-deref report...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021592)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021592 advisory. In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix freeing of the HMB descriptor table The HMB descriptor table is sized to the maximu...
Amazon Linux 2023 : libpng, libpng-devel, libpng-static (ALAS2023-2026-1670)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1670 advisory. Use-after-free in pngsetPLTE, pngsettRNS and pngsethIST in libpng before 1.6.57. Passing a pointer returned by the corresponding getter back into the setter causes the setter to read from a stale point...
Splunk Enterprise 10.0.0 < 10.0.5, 10.2.0 < 10.2.2 (SVD-2026-0503)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0503 advisory. - In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11,...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021640)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021640 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix uninit-value access in ipmakeskb KMSAN reported uninit-value access in ipmakeskb 1...
IBM WebSphere Application Server 8.5.x < 8.5.5.30 / 9.x < 9.0.5.28 / Liberty 19.0.0.7 < 26.0.0.6 DoS (7273424)
The version of IBM WebSphere Application Server running on the remote host is affected by a DoS vulnerability as referenced in the 7273424 advisory. - IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to a denial of service, caused by sending a...
Linux Distros Unpatched Vulnerability : CVE-2026-39836
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0. CVE-2026-39836 Note that Nessus relies on the presence of the...
RHEL 9 : glib2 (RHSA-2026:19452)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19452 advisory. GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in...
Linux Distros Unpatched Vulnerability : CVE-2026-43286
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/hugetlb: restore failed global reservations to subpool Commit a833a693a490 mm: hugetlb: fix incorrect fallback for subpool fixed an underflow error for...
Fedora 43 : rust-nu (2026-b00a9673c8)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-b00a9673c8 advisory. Rebuild with version 0.10.79 of the openssl crate which includes fixes for the following security issues: - CVE-2026-41676 / GHSA-pqf5-4pqq-29f5 -...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021637)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021637 advisory. In the Linux kernel, the following vulnerability has been resolved: mm: vmscan: account for free pages to prevent infinite Loop in throttledirectreclaim The task...
Linux Distros Unpatched Vulnerability : CVE-2026-43335
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: sm8450: Fix NULL pointer dereference in icclinknodes The change to dynam...
RHEL 9 : libtiff (RHSA-2026:19609)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19609 advisory. The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: libtiff: Arbitrar...
Splunk Enterprise 9.3.0 < 9.3.12, 9.4.0 < 9.4.11, 10.0.0 < 10.0.6, 10.2 < 10.2.3 (SVD-2026-0505)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0505 advisory. - Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr,...