337440 matches found
Photon OS 4.0: Linux PHSA-2026-4.0-1014
An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1014. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Linux Distros Unpatched Vulnerability : CVE-2026-41579
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - runc - None CVE-2026-41579 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenable, Inc...
Linux Distros Unpatched Vulnerability : CVE-2026-12143
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the field argument to FormDataappend and the filename optio...
Linux Distros Unpatched Vulnerability : CVE-2026-42306
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version...
Linux Distros Unpatched Vulnerability : CVE-2025-55648
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap buffer overflow in the gfopusparsepacketheader function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via...
Linux Distros Unpatched Vulnerability : CVE-2025-55647
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An Out-of-Memory in the mp4muxcencinsertpssh function filters/muxisom.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a...
Linux Distros Unpatched Vulnerability : CVE-2025-55662
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...
Linux Distros Unpatched Vulnerability : CVE-2026-54057
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.3, kitty's OSC 21 color-control query reply reflects attacker-controlled bytes, includin...
Fedora 44 : composer (2026-9b34a78e81)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-9b34a78e81 advisory. Version 2.10.1 - 2026-06-04 Security: Fixed shell escaping when opening an editor 12903 Security: Verify backup phar signature before restoring it when using...
Fedora 44 : collectd / varnish / varnish-modules / vmod-querystring / vmod-uuid (2026-2148c0e80b)
The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-2148c0e80b advisory. New upstream release varnish-8.0.2, a security release. Includes fix for VSV00019. Dependent packages are included in this update. Tenable has extracted the...
EulerOS Virtualization 2.13.1 : glibc (EulerOS-SA-2026-2370)
According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Calling the scanf family of functions with a %mc malloc'd character match in the GNU C Library version 2.7 to version 2.43 with a...
EulerOS Virtualization 2.13.1 : xz (EulerOS-SA-2026-2393)
According to the versions of the xz packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzmaindexdecoder was us...
RockyLinux 9 : poppler (RLSA-2026:25058)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:25058 advisory. poppler: Integer overflow in Poppler SplashOutputDev::tilingPatternFill leads to heap buffer overflow via unchecked dimension multiplication CVE-2026-10118 Tenab...
Linux Distros Unpatched Vulnerability : CVE-2026-44494
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollution Gadget...
RockyLinux 9 : .NET 10.0 (RLSA-2026:25222)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25222 advisory. dotnet: .NET: Local file tampering via link following vulnerability CVE-2026-45491 dotnet: ASP.NET Core: Denial of Service via uncontrolled resource...
RHEL 8 : flatpak (RHSA-2026:25381)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25381 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak:...
MongoDB 7.0.x < 7.0.35 / 8.0.x < 8.0.24 / 8.2.x < 8.2.10 / 8.3.x < 8.3.3 / 9.0.0-rc0 Multiple Vulnerabilities
The version of MongoDB installed on the remote host is 7.0.x prior to 7.0.35, 8.0.x prior to 8.0.24, 8.2.x prior to 8.2.10, or 8.3.x prior to 8.3.3. It is, therefore, affected by multiple vulnerabilities: - A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable...
EulerOS Virtualization 2.13.1 : polkit (EulerOS-SA-2026-2384)
According to the versions of the polkit packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the...
RockyLinux 10 : valkey (RLSA-2026:25216)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25216 advisory. redis: use-after-free in unblock client flow may allow remote code execution CVE-2026-23479 redis: Remote code execution via use-after-free in Lua...
Linux Distros Unpatched Vulnerability : CVE-2026-50009
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the stateless reset...
Linux Distros Unpatched Vulnerability : CVE-2026-9735
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is...
Security Updates for Microsoft Dynamics 365 (on-premises) (June 2026)
The Microsoft Dynamics 365 on-premises is missing a security update. It is, therefore, affected by a vulnerability: - Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 on-premises allows an authorized attacker to elevate privileges over a network. CVE-2026-4037...
RockyLinux 9 : libyang (RLSA-2026:25051)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:25051 advisory. libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob CVE-2026-44673 Tenable has extracted the preceding...
Linux Distros Unpatched Vulnerability : CVE-2026-47244
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final,...
EulerOS Virtualization 2.13.1 : curl (EulerOS-SA-2026-2368)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcu...
MiracleLinux 8 : postgresql-jdbc-42.2.14-4.el8_10 (AXSA:2026-782:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-782:01 advisory. jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication CVE-2026-42198 Tenable has extracted the preceding...
Security Update for Microsoft .NET Core SDK (June 2026)
The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by the following vulnerabilities as referenced in the vendor advisory. - Improper authorization in .NET allows an authorized attacker to elevate privileges locally. CVE-2026-45490 Not...
EulerOS Virtualization 2.13.1 : libcap (EulerOS-SA-2026-2373)
According to the versions of the libcap packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the...
EulerOS Virtualization 2.13.1 : libgcrypt (EulerOS-SA-2026-2374)
According to the versions of the libgcrypt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to...
Linux Distros Unpatched Vulnerability : CVE-2026-12017
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to bypass...
Linux Distros Unpatched Vulnerability : CVE-2026-9749
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving...
Linux Distros Unpatched Vulnerability : CVE-2026-11822
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory...
EulerOS Virtualization 2.13.1 : libpng (EulerOS-SA-2026-2375)
According to the versions of the libpng packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image...
Xen: x86 HVM I/O Port List Traversal (XSA-491)
HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model via XENDOMCTLioportmapping, and hence the linked list used may changed at any time. Traversal of those lists while handling guest I/O port accesses therefore needs...
Linux Distros Unpatched Vulnerability : CVE-2026-12008
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially...
Debian dla-4629 : apache2 - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4629 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4629-1 [email protected]...
RockyLinux 10 : .NET 9.0 (RLSA-2026:25112)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25112 advisory. dotnet: .NET: Local file tampering via link following vulnerability CVE-2026-45491 dotnet: ASP.NET Core: Denial of Service via uncontrolled resource...
FreeBSD : h2o -- heap overrun parsing zero-length SNI (fba766f4-ccda-4e1b-8875-ab857c6a6532)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fba766f4-ccda-4e1b-8875-ab857c6a6532 advisory. h2o project reports: When h2o receives a TLS or QUIC ClientHello containing a zero-length SNI extension...
EulerOS Virtualization 2.13.0 : vim (EulerOS-SA-2026-2421)
According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob...
EulerOS Virtualization 2.13.1 : python-pip (EulerOS-SA-2026-2386)
According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable...
Linux Distros Unpatched Vulnerability : CVE-2026-12035
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...
EulerOS Virtualization 2.13.1 : libtiff (EulerOS-SA-2026-2377)
According to the versions of the libtiff packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the...
SAP NetWeaver AS ABAP Missing Authorization Check (3735546)
The version of SAP NetWeaver AS ABAP and ABAP Platform detected on the remote host is affected by a missing authorization check vulnerability as referenced in SAP Security Note 3735546: - Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an...
Linux Distros Unpatched Vulnerability : CVE-2026-50011
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, RedisArrayAggregator...
RockyLinux 10 : mod_http2 (RLSA-2026:25225)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:25225 advisory. httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVE-2026-49975 Tenable has extracted the preceding description block...
Linux Distros Unpatched Vulnerability : CVE-2026-0438
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A System Management Mode SMM handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user...
Fedora 44 : kernel (2026-8b619eef6f)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-8b619eef6f advisory. The 7.0.12-101/201 updates contain fixes for CVE-2025-10263. This CVE, while important, only impacts specific aarch64 CPUs. Tenable has extracted the precedi...
Linux Distros Unpatched Vulnerability : CVE-2026-44492
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not normalise IPv4-mapped IPv6 addresses. When NOPROXY...
Linux Distros Unpatched Vulnerability : CVE-2026-9741
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption QE or Client-Side Field Level Encryption CSFLE results in...
EulerOS Virtualization 2.13.0 : binutils (EulerOS-SA-2026-2396)
According to the versions of the binutils packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of- bounds read in the bfd...