338597 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-45232
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establishproxyconnection function in socket.c that allows netwo...
Linux Distros Unpatched Vulnerability : CVE-2026-5089
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 sexagesimal parsing code in perlsyck.h has a buffer underflow bug in both intbase...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021597)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021597 advisory. In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: fix -anonvma race If an -anonvma is attached to the VMA, collapseandfreepmd...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021653)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021653 advisory. In the Linux kernel, the following vulnerability has been resolved: nvme: avoid double free special payload If a discard request needs to be retried, and that retry...
RHEL 9 : thunderbird (RHSA-2026:19461)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:19461 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the...
Ubuntu 16.04 LTS : Smarty vulnerability (USN-8272-1)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8272-1 advisory. Takuya Aramaki discovered that Smarty did not properly escape JavaScript code. An attacker could possibly use this issue to conduct a cross-site scripting attack...
Linux Distros Unpatched Vulnerability : CVE-2026-5090
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The htmlfilter function did not escape single quotes. HTML...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021564)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021564 advisory. In the Linux kernel, the following vulnerability has been resolved: xfrm: Reinject transport-mode packets through workqueue The following warning is displayed when t...
Amazon Linux 2023 : python3.13-pip, python3.13-pip-wheel (ALAS2023-2026-1654)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1654 advisory. pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferr...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021594)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021594 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible NULL deref in fib6nhinit syzbot reminds us that in6devget can return NULL...
Fedora 44 : kernel (2026-6b173ffc2a)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-6b173ffc2a advisory. The 7.0.7 stable kernel update contains a number of important fixes across the tree. It also patches up a vulnerable codepath for franesia that was not in th...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021639)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021639 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUGON when 0 reference count at btrfslookupextentinfo Instead of doing a BUGON handl...
RHEL 9 : python3.9 (RHSA-2026:19570)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19570 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021605)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021605 advisory. In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix migratetonode assuming there is at least one VMA in a MM We currently assume th...
RHEL 9 : python3.9 (RHSA-2026:19571)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19571 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...
RockyLinux 9 : crun (RLSA-2026:19178)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19178 advisory. crun: crun: Privilege escalation due to incorrect parsing of the --user option CVE-2026-30892 Tenable has extracted the preceding description block directly from...
Linux Distros Unpatched Vulnerability : CVE-2026-42923
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator where the code path to consult the negative cache for DS recor...
Linux Distros Unpatched Vulnerability : CVE-2026-43297
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: rockchip: rga: Fix possible ERRPTR dereference in rgabufinit rgagetframe can return ERRPTR-EINVAL when buffer type is unsupported or invalid. rgabufinit...
RHEL 7 : python (RHSA-2026:19589)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19589 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic da...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021544)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021544 advisory. In the Linux kernel, the following vulnerability has been resolved: cifs: fix oops during encryption When running xfstests against Azure the following oops occurred ...
Fedora 44 : mysql8.0 (2026-1704f705ab)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-1704f705ab advisory. MySQL 8.0.46 Release notes: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-46.html Known issue: s390x-specific issue - zlib with DFLTCC...
Fedora 44 : mysql8.4 (2026-92a75ddb71)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-92a75ddb71 advisory. MySQL 8.4.9 Release notes: https://dev.mysql.com/doc/relnotes/mysql/8.4/en/news-8-4-9.html Known issue: s390x-specific issue - zlib with DFLTCC...
Linux Distros Unpatched Vulnerability : CVE-2026-43397
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/bridge: samsung-dsim: Fix memory leak in error path In samsungdsimhostattach, drmbridgeadd is called to add the bridge. However, if samsungdsimregisterteirq...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021546)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021546 advisory. In the Linux kernel, the following vulnerability has been resolved: thermal: intelpowerclamp: Use getcpu instead of smpprocessorid to avoid crash When CPU 0 is offli...
Linux Distros Unpatched Vulnerability : CVE-2026-43330
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: caam - fix overflow on long hmac keys When a key longer than block size is supplied, it is copied and then hashed into the real key. The memory allocate...
Linux Distros Unpatched Vulnerability : CVE-2026-43433
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: rustbinder: avoid reading the written value in offsets array When sending a transaction, its...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021634)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021634 advisory. In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: independent PMD page table shared count The folio refcount may be increased unexpect...
Amazon Linux 2023 : firefox (ALAS2023-2026-1652)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1652 advisory. Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic in ptr::dropinplace skips setting the length to zero. CVE-2026-6654...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021537)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021537 advisory. In the Linux kernel, the following vulnerability has been resolved: NFSD: Protect against send buffer overflow in NFSv2 READ Since before the git era, NFSD has...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021628)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021628 advisory. In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: Initialize unused data in j1939sendone syzbot reported kernel-infoleak in...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021573)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021573 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Make qedfexecutetmf non-preemptible Stop calling smpprocessorid from preemptible code...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021579)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021579 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/radeon: check bova-bo is non-NULL before using it The call to radeonvmclearfreed might clear...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021632)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021632 advisory. In the Linux kernel, the following vulnerability has been resolved: media: i2c: et8ek8: Don't strip remove function when driver is builtin Using exit for the remove...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021609)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021609 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: added NULL check at start of dcvalidatestream Why prevent invalid memory access...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021604)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021604 advisory. In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91: call inputfreedevice on allocated iiodev Current implementation of at91tsregister...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021625)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021625 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnelfind The per-netns IP tunnel hash tab...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021534)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021534 advisory. A deadlock flaw was found in the Linux kernels BPF subsystem. This flaw allows a local user to potentially crash the system. Tenable has extracted the preceding...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021586)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021586 advisory. In the Linux kernel, the following vulnerability has been resolved: netlink: prevent potential spectre v1 gadgets Most netlink attributes are parsed and validated...
Amazon Linux 2023 : runfinch-finch (ALAS2023-2026-1671)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1671 advisory. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. CVE-2025-47913 Arithmetic over induction variables in loops...
Linux Distros Unpatched Vulnerability : CVE-2026-42246
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middl...
Amazon Linux 2023 : oci-add-hooks (ALAS2023-2026-1660)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1660 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to...
Linux Distros Unpatched Vulnerability : CVE-2026-42258
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to comman...
Amazon Linux 2023 : runc (ALAS2023-2026-1661)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1661 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to...
Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2026-1645)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1645 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to...
Linux Distros Unpatched Vulnerability : CVE-2026-42245
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021541)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021541 advisory. In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Fix buffer overflow in transstatshow Fix buffer overflow in transstatshow. Convert...
Amazon Linux 2023 : ecs-init (ALAS2023-2026-1637)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1637 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to...
FreeBSD : MySQL -- Multiple vulnerabilities (f69dbfcc-535b-11f1-8b62-8447094a420f)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the f69dbfcc-535b-11f1-8b62-8447094a420f advisory. Oracle reports: See linked CVE's for details. Tenable has extracted the preceding description...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021592)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021592 advisory. In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix freeing of the HMB descriptor table The HMB descriptor table is sized to the maximu...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021613)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021613 advisory. In the Linux kernel, the following vulnerability has been resolved: HID: wacom: fix when get product name maybe null pointer Due to incorrect dev-product reporting b...