338622 matches found
Alibaba Cloud Linux 3 : 0112: python3.11 (ALINUX3-SA-2026:0112)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0112 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-4786: Mitgation ofCVE-2026-4519 w...
RHEL 9 : ruby (RHSA-2026:18039)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18039 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management task...
RHEL 9 : PackageKit (RHSA-2026:18036)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18036 advisory. PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architectu...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: nodejs-requirejs (UTSA-2026-021492)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021492 advisory. jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts..configure. This vulnerability allows attackers to execute...
RHEL 9 : PackageKit (RHSA-2026:18031)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18031 advisory. PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architectu...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: google-oauth-java-client (UTSA-2026-021484)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021484 advisory. The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid...
TencentOS Server 3: gimp:2.8 (TSSA-2026:0324)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0324 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Linux Distros Unpatched Vulnerability : CVE-2026-23927
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an...
Oracle Linux 10 : libpng (ELSA-2026-18064)
The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18064 advisory. 2:1.6.40-8.4 - fix CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE RHEL-161324 Tenable has extracted the preceding descriptio...
MiracleLinux 8 : jq-1.6-12.el8_10 (AXSA:2026-629:02)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-629:02 advisory. jq: out-of-bounds read in jvparsesized on error formatting for non-NUL-terminated buffers CVE-2026-39979 jq: jq: Denial of Service via crafted JSON...
Alibaba Cloud Linux 3 : 0111: golang (ALINUX3-SA-2026:0111)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0111 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-27140: SWIG file names containing...
RHEL 8 : dovecot (RHSA-2026:18053)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:18053 advisory. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3...
MantisBT 2.26.1 < 2.28.2 Private Issue Monitoring Authorization Bypass (GHSA-ggw7-9675-6v4v)
The version of MantisBT installed on the remote host is 2.26.1 or later but prior to 2.28.2. It is, therefore, affected by a vulnerability: - MantisBT has an authorization bypass in private issue monitoring. CVE-2026-34579 Note that Nessus has not tested for this issue but has instead relied only...
Lexmark Printer Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2010-0619)
Stack-based buffer overflow in the base, IPDS DLE, Forms DLE, Barcode DLE, Prescribe DLE, and Printcryption DLE components on certain Lexmark laser printers and multi-function printers allows remote attackers to execute arbitrary code or cause a denial of service device hang via a long argument t...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: firebird (UTSA-2026-021466)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021466 advisory. Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libarchive (UTSA-2026-021469)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021469 advisory. A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field pzlog2bs read...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: libpng (UTSA-2026-021494)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021494 advisory. LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to 1.6.55, an...
Linux Distros Unpatched Vulnerability : CVE-2026-6402
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a non-potentially trustworthy origin...
AlmaLinux 9 : libpng (ALSA-2026:18028)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:18028 advisory. libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 Tenable has extracted the preceding description block directly from th...
Alibaba Cloud Linux 3 : 0110: java-1.8.0-openjdk (ALINUX3-SA-2026:0110)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0110 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-22007: No description is availabl...
MantisBT 1.0.0 < 2.28.2 Dynamic Custom Textarea Field Reflected XSS (GHSA-j7v9-f46r-2rp4)
The version of MantisBT installed on the remote host is 1.0.0 or later but prior to 2.28.2. It is, therefore, affected by a vulnerability: - MantisBT is Vulnerable to Reflected XSS in Rendering Dynamic Custom Textarea Field. CVE-2026-41897 Note that Nessus has not tested for this issue but has...
RHEL 9 : jq (RHSA-2026:18042)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:18042 advisory. jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: glib2 (UTSA-2026-021476)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021476 advisory. gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4CONNMSGLEN is not sufficient for a trailing '\0'...
RHEL 8 : jq (RHSA-2026:18047)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:18047 advisory. jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or...
Alibaba Cloud Linux 3 : 0109: xorg-x11-server (ALINUX3-SA-2026:0109)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0109 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-33999: A flaw was found in the...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: git (UTSA-2026-021472)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021472 advisory. Git for Windows is the Windows port of Git. Prior to 2.53.02, it is possible to obtain a user's NTLM hash by tricking them into cloning from a malicious server. Sinc...
Alibaba Cloud Linux 3 : 0113: python3 (ALINUX3-SA-2026:0113)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0113 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-4786: Mitgation ofCVE-2026-4519 w...
RHEL 9 : Red Hat JBoss Enterprise Application Platform 8.1.6 (RHSA-2026:18055)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:18055 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release ...
RHEL 8 : Red Hat JBoss Enterprise Application Platform 8.1.6 (RHSA-2026:18054)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:18054 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release ...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libarchive (UTSA-2026-021482)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021482 advisory. A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can explo...
Alibaba Cloud Linux 3 : 0104: libxml2 (ALINUX3-SA-2026:0104)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0104 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-9714: Uncontrolled recursion inXPath...
TencentOS Server 3: nodejs:20 (TSSA-2026:0327)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0327 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Fedora 44 : pgbouncer (2026-d3d959a176)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d3d959a176 advisory. Update to 1.25.2. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...
Photon OS 4.0: Gstreamer PHSA-2026-4.0-1015
An update of the gstreamer package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1015. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Fedora 43 : pgbouncer (2026-fad57ac86d)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-fad57ac86d advisory. Update to 1.25.2. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...
Fedora 44 : yelp (2026-ed4f450fa9)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-ed4f450fa9 advisory. Yelp 49.1, fixing: Flatpak applications are able to exfiltrate host files due to yelp's CSP being too permissive Tenable has extracted the preceding...
Fedora 42 : python-uv-build / rust-astral-tokio-tar / uv (2026-8d8aee6aaf)
The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-8d8aee6aaf advisory. Update uv and python-uv-build to 0.11.11. Update the astral-tokio-tar Rust crate to 0.6.1, fixing security advisories GHSA- xx64-wwv2-hcqq and GHSA-...
Fedora 44 : libmetal / open-amp (2026-c618807faa)
The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-c618807faa advisory. Update to 2026.04.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for thi...
Debian dsa-6279 : redis - security update
The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6279 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6279-1 [email protected]...
Linux Distros Unpatched Vulnerability : CVE-2026-46728
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash. CVE-2026-46728 Note that Nessus...
Fedora 42 : apptainer (2026-db5621b65e)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-db5621b65e advisory. Update to upstream 1.5.0, fix CVE-2026-32285 and CVE-2026-34986 ---- Update to upstream 1.5.0-rc.2 ---- Update to upstream 1.5.0-rc.1 Tenable has...
Fedora 43 : python-uv-build / rust-astral-tokio-tar / uv (2026-a8100094df)
The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-a8100094df advisory. Update uv and python-uv-build to 0.11.11. Update the astral-tokio-tar Rust crate to 0.6.1, fixing security advisories GHSA- xx64-wwv2-hcqq and GHSA-...
Fedora 44 : python-uv-build / rust-astral-tokio-tar / uv (2026-7aacc8ea7d)
The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-7aacc8ea7d advisory. Update uv and python-uv-build to 0.11.11. Update the astral-tokio-tar Rust crate to 0.6.1, fixing security advisories GHSA- xx64-wwv2-hcqq and GHSA-...
Linux Distros Unpatched Vulnerability : CVE-2026-34253
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This...
Linux Distros Unpatched Vulnerability : CVE-2026-8721
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes...
Fedora 42 : coturn (2026-dfa8ea5809)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-dfa8ea5809 advisory. Coturn 4.11.0 - Fix prometheus response memory leak introduced in 4.10.0 - Use constant-time compare for STUN MESSAGE-INTEGRITY HMAC - Fix format-string...
Fedora 43 : coturn (2026-f0fbd93125)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-f0fbd93125 advisory. Coturn 4.11.0 - Fix prometheus response memory leak introduced in 4.10.0 - Use constant-time compare for STUN MESSAGE-INTEGRITY HMAC - Fix format-string...
Fedora 44 : pypy (2026-130f7539d3)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-130f7539d3 advisory. Security fix for CVE-2026-3219 in the bundled pip wheel Tenable has extracted the preceding description block directly from the Fedora security advisory. Not...
Linux Distros Unpatched Vulnerability : CVE-2026-41051
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories. CVE-2026-41051 Note...
Fedora 43 : valkey (2026-76cf27ea56)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-76cf27ea56 advisory. Version 8.1.7 Security fixes - CVE-2026-23479 Use-After-Free in unblock client flow - CVE-2026-25243 Invalid Memory Access in RESTORE command -...