338622 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-43291
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: nfc: nci: Fix parameter validation for packet data Since commit 9c328f54741b net: nfc: nci: Add parameter validation for packet data communication with nci...
RockyLinux 9 : openexr (RLSA-2026:15887)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:15887 advisory. OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file CVE-2026-34588 Tenable has extracted the preceding description block...
RockyLinux 10 : freerdp (RLSA-2026:16014)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:16014 advisory. freerdp: FreeRDP: Denial of service via heap use-after-free during auto-reconnect CVE-2026-25997 freerdp: FreeRDP: Denial of service due to...
AlmaLinux 10 : corosync (ALSA-2026:13644)
The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:13644 advisory. corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet CVE-2026-35091 corosync: Corosync: Denial of Service via integer...
Linux Distros Unpatched Vulnerability : CVE-2026-43438
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - schedext: Remove redundant cssput in scxcgroupinit The iterator cssforeachdescendantpre walks the cgroup hierarchy under cgrouplock. It does not increment the...
Linux Distros Unpatched Vulnerability : CVE-2026-44167
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files eg. X509 certificates, RSA PKCS8...
Oracle Linux 10 : jq (ELSA-2026-16692)
The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-16692 advisory. - Fix CVE-2026-40164 - Denial of Service via crafted JSON object causing hash collisions Tenable has extracted the preceding description block direct...
Fedora 45 : docker-buildx (2026-3c4c98309d)
The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3c4c98309d advisory. Automatic update for docker-buildx-0.34.0-1.fc45. Changelog Wed May 13 2026 Bradley G Smith - 0.34.0-1 - Update to release v0.34.0 - Resolves: rhbz2467576 -...
RHEL 8 : go-toolset:rhel8 (RHSA-2026:16698)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:16698 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: cmd/go: golang: Go golang...
Linux Distros Unpatched Vulnerability : CVE-2026-43368
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/i915: Fix potential overflow of shmem scatterlist length When a scatterlists table of a GEM shmem object of size 4 GB or more is populated with pages...
Linux Distros Unpatched Vulnerability : CVE-2026-43486
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - arm64: contpte: fix setaccessflags no-op check for SMMU/ATS faults contpteptepsetaccessflags compared the gathered ptepget value against the requested entry to...
Linux Distros Unpatched Vulnerability : CVE-2026-43478
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rt1011: Use component to get the dapm context in spkmodeput The correct helper...
CentOS 9 : kernel-5.14.0-704.el9
"The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-704.el9 build changelog. - In the Linux kernel, the following vulnerability has been resolved: iommu: disable SVA when CONFIGX86 is set Patch series Fix stale...
RockyLinux 10 : glib2 (RLSA-2026:15969)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:15969 advisory. glib: GLib: Buffer underflow in GVariant parser leads to heap corruption CVE-2025-14087 glib: Integer Overflow in GLib GIO Attribute Escaping Causes He...
Linux Distros Unpatched Vulnerability : CVE-2026-43513
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from...
Linux Distros Unpatched Vulnerability : CVE-2026-43388
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/damon/core: clear walkcontrol on inactive context in damoswalk damoswalk sets ctx-walkcontrol to the caller-provided control structure before checking whethe...
RockyLinux 10 : openexr (RLSA-2026:15888)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:15888 advisory. OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file CVE-2026-34588 Tenable has extracted the preceding description block...
Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability
The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. A stored cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated...
Linux Distros Unpatched Vulnerability : CVE-2026-43444
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdkfd: Unreserve bo if queue update failed Error handling path should unreserve bo then return failed. cherry picked from commit...
Linux Distros Unpatched Vulnerability : CVE-2026-43435
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: rustbinder: fix oneway spam detection The spam detection logic in TreeRange was executed...
Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability
The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS software enable an authenticated administrator t...
CentOS 9 : python-markdown-3.3.4-5.el9
The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the python- markdown-3.3.4-5.el9 build changelog. - Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an...
Oracle Linux 8 : jq (ELSA-2026-16252)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-16252 advisory. - Fix CVE-2026-40164 - Denial of Service via crafted JSON object causing hash collisions - Fix CVE-2026-39979 out-of-bounds read in jvparsesized Tenab...
Linux Distros Unpatched Vulnerability : CVE-2026-43307
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iio: accel: adxl380: Avoid reading more entries than present in FIFO The interrupt handler reads FIFO entries in batches of N samples, where N is the number of...
Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability
The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. An authentication bypass vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with...
RHEL 9 : freerdp (RHSA-2026:16485)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:16485 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to...
RockyLinux 8 : freerdp (RLSA-2026:16019)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:16019 advisory. freerdp: FreeRDP: Denial of service due to use-after-free vulnerability CVE-2026-25952 freerdp: FreeRDP: Denial of Service via double free vulnerability...
Oracle Linux 9 : freerdp (ELSA-2026-16482)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-16482 advisory. - Fix double free in xfrailwindowcommon cleanup CVE-2026-26986 - Fix growth of preallocated buffers CVE-2026-27951 - Fix heap-buffer-overflow in...
RHEL 9 : freerdp (RHSA-2026:16866)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:16866 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to...
RHEL 9 : freerdp (RHSA-2026:16482)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:16482 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to...
RHEL 8 : freerdp (RHSA-2026:16814)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:16814 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to...
RHEL 9 : freerdp (RHSA-2026:16865)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:16865 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to...
RHEL 8 : freerdp (RHSA-2026:16777)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:16777 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to...
Microsoft Edge (Chromium) < 148.0.3967.55 Multiple Vulnerabilities
The version of Microsoft Edge installed on the remote Windows host is prior to 148.0.3967.55. It is, therefore, affected by multiple vulnerabilities as referenced in the May 11, 2026 advisory. - Insufficient validation of untrusted input in Media in Google Chrome on Android prior to 148.0.7778.96...
MiracleLinux 8 : grafana-9.2.10-30.el8_10 (AXSA:2026-603:15)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-603:15 advisory. golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-32282 crypto/tls: golang: Go crypto/tls: Denial of Service via...
Oracle Linux 9 : openexr (ELSA-2026-15887)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-15887 advisory. 3.1.1-3.2 - fix CVE-2026-34588 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...
MiracleLinux 9 : java-1.8.0-openjdk-1.8.0.492.b09-2.el9.ML.1 (AXSA:2026-610:09)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-610:09 advisory. JDK: Enhance crypto algorithm support CVE-2026-22007 JDK: Improve Kerberos credentialing CVE-2026-22013 JDK: Enhance Path Factories Redux...
FreeBSD : postorius -- XSS (5b3b7f60-4de9-11f1-873e-0f64d023d0c7)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 5b3b7f60-4de9-11f1-873e-0f64d023d0c7 advisory. NIST reports: Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in...
KB5087470: Windows Server 2012 Security Update (May 2026)
The remote Windows host is missing security update 5087470. It is, therefore, affected by multiple vulnerabilities - Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network. CVE-2026-41089 - Heap-based buffer overflow in Windows Win32K - GRFX...
Apache Tomcat 10.1.0.M1 < 10.1.55 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 10.1.55. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.1.55security-10 advisory. - DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat...
MiracleLinux 9 : java-21-openjdk-21.0.11.0.10-2.el9.ML.1 (AXSA:2026-605:06)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-605:06 advisory. JDK: Enhance crypto algorithm support CVE-2026-22007 JDK: Improve Kerberos credentialing CVE-2026-22013 JDK: Enhance Path Factories Redux...
Oracle Linux 10 : openexr (ELSA-2026-15888)
The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-15888 advisory. 3.1.10-8.2 - fix CVE-2026-34588 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has n...
MiracleLinux 9 : systemd-252-55.el9_7.9.ML.1 (AXSA:2026-609:06)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-609:06 advisory. systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data CVE-2026-29111 Tenable has extracted the preceding description...
RHEL 8 : kernel (RHSA-2026:16201)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:16201 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Dirty Frag is a new universal Local...
MiracleLinux 9 : openexr-3.1.1-3.el9_7.2 (AXSA:2026-604:03)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-604:03 advisory. OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file CVE-2026-34588 Tenable has extracted the preceding description bloc...
Slackware Linux 15.0 / current expat Vulnerability (SSA:2026-132-01)
The version of expat installed on the remote host is prior to 2.7.5 / 2.8.1. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-132-01 advisory. New expat packages are available for Slackware 15.0 and -current to fix a security issue. Tenable has extracted the preceding...
Adobe Media Encoder < 25.6.5 / 26.0.0 < 26.2.0 Multiple Arbitrary code execution (APSB26-47) (macOS)
The version of Adobe Media Encoder installed on the remote macOS host is prior to 25.6.5, 26.2.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-47 advisory. - Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound...
Linux Distros Unpatched Vulnerability : CVE-2026-42257
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands...
RHEL 9 : kernel (RHSA-2026:16202)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:16202 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Dirty Frag is a new universal Local...
RHEL 10 : openexr (RHSA-2026:15888)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:15888 advisory. OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents...