336975 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-41479
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.10 and 1.7.1, Authlib's OAuth 2.0 authorization endpoint can be turned...
Linux Distros Unpatched Vulnerability : CVE-2026-50221
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device...
Oracle Linux 8 : virt:kvm_utils3 (ELSA-2026-50337)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50337 advisory. - Limit recursion in ri-records CVE-2021-3622 resolves: rhbz1976194 - Bounds check for block exceeding page length CVE-2021-3504 resolves: rhbz1950501...
AlmaLinux 10 : firefox (ALSA-2026:27733)
The remote AlmaLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:27733 advisory. firefox: thunderbird: Sandbox escape in the DOM: Workers component CVE-2026-12294 firefox: thunderbird: Information disclosure, sandbox escape in the...
Oracle Linux 9 : dnsmasq (ELSA-2026-19373)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19373 advisory. - Prevent overflow in extractname function CVE-2026-2291 - Prevent DoS in DNSSEC validation CVE-2026-4890 - Prevent out-of-bounds read in DNSSEC...
IBM WebSphere Application Server 8.5.x < 8.5.5.30 / 9.x < 9.0.5.29 XSS (7277546)
The version of IBM WebSphere Application Server running on the remote host is affected by a XSS vulnerability as referenced in the 7277546 advisory. - IBM WebSphere Application Server is affected by a cross-site scripting vulnerability in the administrative console login page. CWE: CWE-79: Improp...
IBM WebSphere Application Server 8.5.x < 8.5.5.30 / 9.x < 9.0.5.29 RCE (7277544)
The version of IBM WebSphere Application Server running on the remote host is affected by a remote code execution vulnerability as referenced in the 7277544 advisory. - IBM WebSphere Application Server is affected by a remote code execution vulnerability in the SOAP/JMX connector. CWE: CWE-502:...
Oracle Linux 8 : mysql:8.4 (ELSA-2026-26180)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-26180 advisory. mecab 0.996-2.12 - Bump version for 'mysql' module rebuild We are moving the 'mecab-devel' RPM from the 'buildroot' repo to the 'AppStream' repo -...
Fedora 44 : materialx (2026-d2806ddffc)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d2806ddffc advisory. New release version 1.39.5. See the change log. Tenable has extracted the preceding description block directly from the Fedora security advisory. No...
AlmaLinux 9 : firefox (ALSA-2026:27734)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:27734 advisory. firefox: thunderbird: Sandbox escape in the DOM: Workers component CVE-2026-12294 firefox: thunderbird: Information disclosure, sandbox escape in the...
AlmaLinux 8 : firefox (ALSA-2026:27717)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:27717 advisory. firefox: thunderbird: Sandbox escape in the DOM: Workers component CVE-2026-12294 firefox: thunderbird: Information disclosure, sandbox escape in the...
Slackware Linux 15.0 / current libarchive Vulnerability (SSA:2026-174-01)
The version of libarchive installed on the remote host is prior to 3.8.8. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-174-01 advisory. New libarchive packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the preceding...
AlmaLinux 9 : kernel (ALSA-2026:27789)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:27789 advisory. kernel: can: isotp: fix tx.buf use-after-free in isotpsendmsg CVE-2026-31474 kernel: mptcp: fix slab-use-after-free in inetlookupestablished CVE-2026-316...
RHEL 10 : keylime (RHSA-2026:28582)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28582 advisory. Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution. Security Fixes: keylime: Keylime: Securi...
RHEL 9 : libxslt (RHSA-2026:28243)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28243 advisory. libxslt is a library for transforming XML files into other textual formats including HTML, plain text, and other XML representations of the underlyi...
RHEL 10 : libxml2 (RHSA-2026:28234)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28234 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: buffer over-read in...
RHEL 10 : libtasn1 (RHSA-2026:28235)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28235 advisory. A library that provides Abstract Syntax Notation One ASN.1, as specified by the X.680 ITU-T recommendation parsing and structures management, and...
RHEL 10 : libxslt (RHSA-2026:28584)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28584 advisory. libxslt is a library for transforming XML files into other textual formats including HTML, plain text, and other XML representations of the...
RockyLinux 9 : libxslt (RLSA-2026:28243)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:28243 advisory. libxslt: use-after-free with key data stored cross-RVT CVE-2025-10911 Tenable has extracted the preceding description block directly from the RockyLinux security...
RHEL 9 : libtasn1 (RHSA-2026:28253)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28253 advisory. A library that provides Abstract Syntax Notation One ASN.1, as specified by the X.680 ITU-T recommendation parsing and structures management, and...
Oracle Linux 8 : libpq (ELSA-2026-27738)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-27738 advisory. - Backport fixes for CVE-2026-6478, CVE-2026-6637, CVE-2026-6477, CVE-2026-6475, CVE-2026-6473 from PostgreSQL 14.23 Tenable has extracted the precedi...
Oracle Linux 8 : postgresql:16 (ELSA-2026-28143)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-28143 advisory. pgaudit 16.0-1 - Update to 16.0 - Support postgresql 16 - Initial import for PG 16 module - Resolves: RHEL-3636 pgrepack 1.5.1-1 - Update to 1.5.1...
RockyLinux 9 : nginx:1.24 (RLSA-2026:28212)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:28212 advisory. nginx: ngxhttprewritemodule: code execution and denial of service CVE-2026-9256 Tenable has extracted the preceding description block directly from the RockyLinu...
RHEL 9 : libxml2 (RHSA-2026:28254)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28254 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: buffer over-read in...
AlmaLinux 8 : libpq (ALSA-2026:27738)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:27738 advisory. postgresql: PostgreSQL: Operating system account hijack via symlink following in pgbasebackup and pgrewind CVE-2026-6475 postgresql: PostgreSQL libpq:...
AlmaLinux 10 : postgresql16 (ALSA-2026:27743)
The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:27743 advisory. postgresql: PostgreSQL: Operating system account hijack via symlink following in pgbasebackup and pgrewind CVE-2026-6475 postgresql: PostgreSQL libpq:...
AlmaLinux 9 : postgresql (ALSA-2026:27741)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:27741 advisory. postgresql: PostgreSQL: Operating system account hijack via symlink following in pgbasebackup and pgrewind CVE-2026-6475 postgresql: PostgreSQL libpq:...
RHEL 8 : vim (RHSA-2026:28553)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28553 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Command injection allows arbitrary code execution via...
RHEL 9 : vim (RHSA-2026:28209)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28209 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Command injection allows arbitrary code execution via...
RHEL 9 : libpng15 (RHSA-2026:28457)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:28457 advisory. The libpng15 package provides libpng 1.5, an older version of the libpng. library for manipulating PNG Portable Network Graphics image format files...
RHEL 10 : libpng (RHSA-2026:28233)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28233 advisory. The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics PNG image format files. Securit...
RHEL 9 : libpng15 (RHSA-2026:28244)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:28244 advisory. The libpng15 package provides libpng 1.5, an older version of the libpng. library for manipulating PNG Portable Network Graphics image format files...
RHEL 9 : libpng15 (RHSA-2026:28458)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:28458 advisory. The libpng15 package provides libpng 1.5, an older version of the libpng. library for manipulating PNG Portable Network Graphics image format files...
RHEL 9 : libpng (RHSA-2026:28255)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28255 advisory. The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics PNG image format files. Security...
RHEL 9 : nginx:1.24 (RHSA-2026:28212)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28212 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...
RHEL 9 : python3.14 (RHSA-2026:28247)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28247 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...
RHEL 10 : python3.14 (RHSA-2026:28581)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28581 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...
Oracle Linux 9 : git-lfs (ELSA-2026-19350)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-19350 advisory. 3.7.1-4 - Rebuild with new Golang - Resolves: RHEL-158765, RHEL-166675, RHEL-167677, RHEL-170838 Tenable has extracted the preceding description block...
AlmaLinux 9 : skopeo (ALSA-2026:28074)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:28074 advisory. crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation CVE-2026-32281 crypto/tls: golang: Go crypto/tls:...
Oracle Linux 9 : grafana-pcp (ELSA-2026-19351)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-19351 advisory. - Resolves RHEL-166679: CVE-2026-32282 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note th...
Oracle Linux 9 : grafana (ELSA-2026-19352)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19352 advisory. - Resolves RHEL-161803: CVE-2026-27877 - Resolves RHEL-166678: CVE-2026-32282 Tenable has extracted the preceding description block directly from the...
AlmaLinux 10 : python3.14-urllib3 (ALSA-2026:27929)
The remote AlmaLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:27929 advisory. urllib3: urllib3: Denial of Service due to excessive HTTP response decompression CVE-2026-44432 urllib3: urllib3: Information disclosure via cross-origi...
AlmaLinux 10 : python-urllib3 (ALSA-2026:28000)
The remote AlmaLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:28000 advisory. urllib3: urllib3: Denial of Service due to excessive HTTP response decompression CVE-2026-44432 urllib3: urllib3: Information disclosure via cross-origi...
Debian dsa-6363 : python3-urllib3 - security update
The remote Debian 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-6363 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6363-1 [email protected] https://www.debian.org/security/ Moritz...
Carrier Corporation i-VU Open Redirect (CVE-2024-8527)
CWE-601 URL Redirection to Untrusted Site 'Open Redirect' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The application accepts a user-supplied URL and redirects without proper validation, allowing attackers to exploit user sessions through ...
Linux Distros Unpatched Vulnerability : CVE-2026-52725
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.1...
Oracle Linux 9 : vim (ELSA-2026-19224)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19224 advisory. - RHEL-159630 CVE-2026-33412 vim: Vim: Arbitrary code execution via command injection in glob function - RHEL-155438 CVE-2026-28417 vim: Vim: Arbitrary code...
Oracle Linux 9 : compat-openssl11 (ELSA-2026-19187)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-19187 advisory. 1:1.1.1k-5.2 - Fixes CVE-2025-69419 OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS12 processing Resolves: RHEL-142723 Tenable has extract...
RHEL 9 : redis (RHSA-2026:28139)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28139 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and...
Oracle Linux 9 : linux-sgx (ELSA-2026-18868)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-18868 advisory. 2.26-7 - Fix pccs npm security flaws 2.26-6 - Port to pycryptography and pyasn1 and make keyring optional 2.26-5 - Sync specfile changes from Fedora...