338622 matches found
Fedora 44 : python-django-haystack (2026-3e10194134)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3e10194134 advisory. Fixes GHSA-r3hx-x5rh-p9vv: via eval in Elasticsearch Result Deserialization...
Fedora 43 : python-jupytext (2026-31e6b85f4e)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-31e6b85f4e advisory. See https://github.com/jupytext/jupytext/releases/tag/v1.19.4 for changes in version 1.19.4. Notable, this update fixes CVE-2026-45736 and...
CentOS 9 : libgcrypt-1.10.0-12.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the libgcrypt-1.10.0-12.el9 build changelog. - Denial of Service and buffer overflow via crafted ECDH ciphertext CVE-2026-41989 Note that Nessus has not tested for this issue but has instea...
Fedora 44 : python-jupytext (2026-db770b7d7a)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-db770b7d7a advisory. See https://github.com/jupytext/jupytext/releases/tag/v1.19.4 for changes in version 1.19.4. Notable, this update fixes CVE-2026-45736 and...
Fedora 44 : maradns (2026-7726bdbcf1)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-7726bdbcf1 advisory. Update to 3.5.0037, fixing DNS-over-TCP bug rhbz2488786 Tenable has extracted the preceding description block directly from the Fedora security advisory. Not...
Fedora 43 : collectd / varnish / varnish-modules / vmod-querystring (2026-7f36ec4c65)
The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-7f36ec4c65 advisory. Update to latest 7.7.x release available, a security release. Includes fixes for VSV00017 aka CVE-2025-8671, aAdded patches for for VSV00018 aka...
Fedora 45 : jq (2026-b43264dedb)
The remote Fedora 45 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-b43264dedb advisory. Automatic update for jq-1.8.2-4.fc45. Changelog Sat Jun 20 2026 Filipe Rosset - 1.8.2-4 - removed old upstreamed patches Sat Jun 20 2026 Filipe Ross...
Fedora 43 : chromium (2026-7f29bc3622)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-7f29bc3622 advisory. Update to 149.0.7827.200 CVE-2026-13281: Integer overflow in Mojo CVE-2026-13282: Use after free in Payments CVE-2026-13283: Use after free in...
Fedora 43 : python-django-haystack (2026-1d2c7eaa2f)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-1d2c7eaa2f advisory. Fixes GHSA-r3hx-x5rh-p9vv: via eval in Elasticsearch Result Deserialization...
NewStart CGSL MAIN 6.06 : ansible-core Multiple Vulnerabilities (NS-SA-2026-0056)
The remote NewStart CGSL host, running version MAIN 6.06, has ansible-core packages installed that are affected by multiple vulnerabilities: - A flaw was found in Ansible. The ansible-core user module can allow an unprivileged user to silently create or replace the contents of any file on any...
IBM WebSphere Application Server Liberty 17.0.0.3 < 26.0.0.8 (7278580)
The version of IBM WebSphere Application Server Liberty running on the remote host is affected by a vulnerability as referenced in the 7278580 advisory. - IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the...
IBM WebSphere Application Server Liberty 17.0.0.3 < 26.0.0.8 (7278572)
The version of IBM WebSphere Application Server Liberty running on the remote host is affected by a vulnerability as referenced in the 7278572 advisory. - IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the...
NewStart CGSL MAIN 6.06 : gstreamer1-plugins-base Vulnerability (NS-SA-2026-0056)
The remote NewStart CGSL host, running version MAIN 6.06, has gstreamer1-plugins-base packages installed that are affected by a vulnerability: - GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gstparsevorbissetuppacket...
CentOS 9 : kernel-5.14.0-719.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-719.el9 build changelog. - In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix use after free of parentport in cxldetachep cxldetach...
Fedora 44 : transmission (2026-23d0f010f8)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-23d0f010f8 advisory. Fix qt icon Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this issue...
Fedora 45 : ipp-usb (2026-7eaf5e3510)
The remote Fedora 45 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-7eaf5e3510 advisory. Automatic update for ipp-usb-0.9.34-2.fc45. Changelog Tue Jun 30 2026 Zdenek Dohnal - 0.9.34-2 - ipp-usb-0.9.34 is available fedora2463247,...
Debian dsa-6374 : libnginx-mod-http-geoip - security update
The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6374 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6374-1 [email protected] https://www.debian.org/securit...
Linux Distros Unpatched Vulnerability : CVE-2026-46607
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load to read a version-check cache file stored ...
Linux Distros Unpatched Vulnerability : CVE-2026-6325
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signature algorithms list, allowing a write past the bounds of the destination buffer...
Oracle Linux 9 : firefox (ELSA-2026-20574)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-20574 advisory. 140.12.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079773 - Add firefox-oracle-default-prefs.js and remove the corresponding R...
Dell Wyse Management Suite < 5.5.0.777 Multiple Vulnerabilities (DSA-2026-225)
The version of Dell Wyse Management Suite installed on the remote host is prior to 5.5.0.777 5.5 HF1. It is, therefore, affected by multiple vulnerabilities: - An acceptance of extraneous untrusted data with trusted data vulnerability that could allow a low privileged attacker with remote access ...
AlmaLinux 9 : glibc (ALSA-2026:20597)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:20597 advisory. glibc: glibc: Incorrect DNS response parsing via crafted DNS server response CVE-2026-4437 glibc: glibc: Invalid DNS hostname returned via gethostbyaddr...
Debian dla-4658 : amqp-tools - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4658 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4658-1 [email protected]...
Linux Distros Unpatched Vulnerability : CVE-2026-53300
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: enetc: fix NTMP DMA use-after-free issue The AI-generated review reported a potential DMA use-after- free issue 1. If netcxmitntmpcmd times out and returns...
RHEL 9 : glibc (RHSA-2026:33231)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:33231 advisory. The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cach...
AlmaLinux 9 : mod_md (ALSA-2026:30844)
The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2026:30844 advisory. httpd: modmd: unrestricted OCSP response leads to resource exhaustion CVE-2026-29168 Tenable has extracted the preceding description block directly from the...
Linux Distros Unpatched Vulnerability : CVE-2026-11940
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the...
Linux Distros Unpatched Vulnerability : CVE-2026-13757
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in p11-kit. The RPC message attribute parsing functions p11rpcmessagegetattribute and p11rpcmessagegetattributearrayvalue form a...
Linux Distros Unpatched Vulnerability : CVE-2026-53301
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - reset: amlogic: t7: Fix null reset ops Fix missing reset ops causing kernel null pointer dereference. This SOC's reset is currently not used yet. CVE-2026-53301...
Linux Distros Unpatched Vulnerability : CVE-2026-11703
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing SNI/ALPN binding on stateful session-ID resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session...
RHEL 9 : glibc (RHSA-2026:33229)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:33229 advisory. The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cach...
Axis Communications AXIS OS Improper Neutralization of Wildcards or Matching Symbols (CVE-2024-0055)
A researcher in the AXIS OS Bug Bounty Program has found that the VAPIX APIs mediaclip.cgi and playclip.cgi were vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for this flaw. This plugin only works with Tenable.ot. Please...
AlmaLinux 9 : perl-Archive-Tar (ALSA-2026:30856)
The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2026:30856 advisory. perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access CVE-2026-42496 Tenable has extracted the preceding descriptio...
Amazon Linux 2023 : rclone (ALAS2023-2026-1907)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1907 advisory. Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD reques...
Oracle Linux 9 : firefox (ELSA-2026-21378)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-21378 advisory. 140.12.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079773 - Add firefox-oracle-default-prefs.js and remove the corresponding R...
RHEL 10 : perl-IO-Compress (RHSA-2026:30860)
The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:30860 advisory. This distribution provides a Perl interface to allow reading and writing of compressed data created with the zlib and bzip2 libraries. IO-Compress...
Apache Tomcat 10.1.0.M1 < 10.1.56 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 10.1.56. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.1.56security-10 advisory. - Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the...
Oracle Linux 8 : perl-Archive-Tar (ELSA-2026-30852)
The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-30852 advisory. - Fix CVE-2026-42496: validate symlink and hardlink targets in secure extract mode - Fixes CVE-2018-12015 directory traversal bug 1588761 Tenable has extracted...
Apache Tomcat 11.0.0.M1 < 11.0.5
The version of Tomcat installed on the remote host is prior to 11.0.5. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat11.0.5security-11 advisory. - Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to...
Linux Distros Unpatched Vulnerability : CVE-2026-55961
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wolfSSLPKCS7verify returning success for a degenerate certs-only PKCS7 object that contains no signer. Such an object has empty signerInfos, so the underlying...
Linux Distros Unpatched Vulnerability : CVE-2026-53404
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent...
Linux Distros Unpatched Vulnerability : CVE-2026-53323
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: dsa: remove redundant netdevlockops from conduit ethtool ops DSA replaces the conduit master device's ethtoolops with its own wrappers that aggregate stats...
Linux Distros Unpatched Vulnerability : CVE-2026-6091
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An...
Linux Distros Unpatched Vulnerability : CVE-2026-6731
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS name...
Linux Distros Unpatched Vulnerability : CVE-2026-53293
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdgpu: fix AMDGPUINFOREADMMRREG There were multiple issues in that code. First of all the order between the reset semaphore and the mmlock was wrong e.g...
Linux Distros Unpatched Vulnerability : CVE-2026-0864
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using the configparser module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be...
Linux Distros Unpatched Vulnerability : CVE-2026-11979
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libxml2 is vulnerable to multiple stack-based buffer overflows in the xmlcatalog utility when running in --shell mode. The usershell function processes user inp...
Linux Distros Unpatched Vulnerability : CVE-2026-13758
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CryptX versions before 0.088001 for Perl compare AEAD authentication tags in non-constant time in the streaming decryptdone path. The decryptdone$tag form...
Linux Distros Unpatched Vulnerability : CVE-2026-53925
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the securepopen function in glances/secure.py interprets file...
Linux Distros Unpatched Vulnerability : CVE-2026-56788
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attacker...