337660 matches found
Debian dsa-6344 : chromium - security update
The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6344 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6344-1 [email protected]...
Linux Distros Unpatched Vulnerability : CVE-2026-54056
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or trunca...
Linux Distros Unpatched Vulnerability : CVE-2026-54229
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the dump directory with DDOPENREADONLY and calls ddcho...
Linux Distros Unpatched Vulnerability : CVE-2026-42850
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special...
Fedora 44 : chromium (2026-2debc85b3c)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-2debc85b3c advisory. Update to 149.0.7827.102 CVE-2026-11628: Use after free in Ozone CVE-2026-11629: Use after free in Ozone CVE-2026-11630: Use after free in File Inpu...
Linux Distros Unpatched Vulnerability : CVE-2025-55660
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A stack overflow in the gfopusreadlength function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a...
Fedora 44 : weasyprint (2026-6525541bb8)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-6525541bb8 advisory. New upstream version which also includes a security update CVE-2026-49452. Tenable has extracted the preceding description block directly from the Fedora...
Photon OS 4.0: Linux PHSA-2026-4.0-1014
An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1014. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Photon OS 5.0: Zlib PHSA-2026-5.0-0874
An update of the zlib package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0874. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Linux Distros Unpatched Vulnerability : CVE-2026-54231
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log...
Fedora 44 : composer (2026-9b34a78e81)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-9b34a78e81 advisory. Version 2.10.1 - 2026-06-04 Security: Fixed shell escaping when opening an editor 12903 Security: Verify backup phar signature before restoring it when using...
Linux Distros Unpatched Vulnerability : CVE-2026-12143
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the field argument to FormDataappend and the filename optio...
Linux Distros Unpatched Vulnerability : CVE-2025-15104
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nu Html Checker validator.nu contains a restriction bypass that allows remote attackers to make the server perform arbitrary HTTP/HTTPS requests to internal...
Linux Distros Unpatched Vulnerability : CVE-2026-54057
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.3, kitty's OSC 21 color-control query reply reflects attacker-controlled bytes, includin...
Fedora 44 : chezmoi (2026-905e9afc79)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-905e9afc79 advisory. Update to 2.70.5 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...
Linux Distros Unpatched Vulnerability : CVE-2026-43966
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via...
Linux Distros Unpatched Vulnerability : CVE-2026-42851
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal a remote SSH peer, a downloaded fil...
Linux Distros Unpatched Vulnerability : CVE-2026-54055
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protoc...
Linux Distros Unpatched Vulnerability : CVE-2025-55645
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap buffer overflow in the gfcencsetpssh function isomedia/drmsample.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a...
Linux Distros Unpatched Vulnerability : CVE-2025-55643
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A NULL pointer dereference in the TrackWriter handling component filters/muxisom.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via...
Linux Distros Unpatched Vulnerability : CVE-2026-54230
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirection...
Linux Distros Unpatched Vulnerability : CVE-2025-55642
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GPAC MP4Box v2.4 was discovered to contain a floating point exception in the avidmxprocess function isomedia/isomwrite.c. CVE-2025-55642 Note that Nessus relies...
Linux Distros Unpatched Vulnerability : CVE-2025-55652
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap buffer overflow in the gfisomvpconfignew function isomedia/avcext.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a...
Linux Distros Unpatched Vulnerability : CVE-2025-55650
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap use-after-free in the gfnodegettag function scenegraph/basescenegraph.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplyi...
Linux Distros Unpatched Vulnerability : CVE-2025-55661
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted M...
Fedora 44 : apptainer (2026-ff5370cd61)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-ff5370cd61 advisory. Update to upstream 1.5.1. Fixes CVE-2026-48785 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
Linux Distros Unpatched Vulnerability : CVE-2026-54228
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A time-of-check time-of-use TOCTOU race condition was found in the abrt-dbus D-Bus service's SetElement method. Between dump directory creation and post-create...
Linux Distros Unpatched Vulnerability : CVE-2026-41579
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - runc - None CVE-2026-41579 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenable, Inc...
Linux Distros Unpatched Vulnerability : CVE-2026-41568
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version...
Fedora 44 : collectd / varnish / varnish-modules / vmod-querystring / vmod-uuid (2026-2148c0e80b)
The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-2148c0e80b advisory. New upstream release varnish-8.0.2, a security release. Includes fix for VSV00019. Dependent packages are included in this update. Tenable has extracted the...
Linux Distros Unpatched Vulnerability : CVE-2026-0438
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A System Management Mode SMM handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user...
Linux Distros Unpatched Vulnerability : CVE-2026-12013
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Media in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...
EulerOS Virtualization 2.13.0 : ncurses (EulerOS-SA-2026-2408)
According to the versions of the ncurses packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyzestring in...
EulerOS Virtualization 2.13.0 : systemd (EulerOS-SA-2026-2419)
According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config...
FreeBSD : h2o -- HTTP/2 state amplification denial of service (35c57495-2231-4733-a66e-044f3dad8b21)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 35c57495-2231-4733-a66e-044f3dad8b21 advisory. h2o project reports: An HTTP/2 attack can combine HPACK decompression state amplification with stalled...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : .NET vulnerabilities (USN-8420-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8420-1 advisory. It was discovered that .NET did not properly handle link resolution before file access. A local attacker could use this...
Spring Security 5.7.x < 5.7.24 / 5.8.x < 5.8.26 / 6.3.x < 6.3.17 / 6.4.x < 6.4.17 / 6.5.x < 6.5.11 / 7.0.x < 7.0.6 DoS
The version of Spring Security installed on the remote host is 5.7.x prior to 5.7.24, 5.8.x prior to 5.8.26, 6.3.x prior to 6.3.17, 6.4.x prior to 6.4.17, 6.5.x prior to 6.5.11, or 7.0.x prior to 7.0.6. It is, therefore, affected by a vulnerability: - An application using...
EulerOS Virtualization 2.13.1 : python-requests (EulerOS-SA-2026-2388)
According to the versions of the python-requests packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a...
MongoDB 7.0.x < 7.0.35 / 8.0.x < 8.0.24 / 8.2.x < 8.2.10 / 8.3.x < 8.3.3 Multiple Vulnerabilities
The version of MongoDB installed on the remote host is 7.0.x prior to 7.0.35, 8.0.x prior to 8.0.24, 8.2.x prior to 8.2.10, or 8.3.x prior to 8.3.3. It is, therefore, affected by multiple vulnerabilities: - The $internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document...
Linux Distros Unpatched Vulnerability : CVE-2026-12022
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform ...
Linux Distros Unpatched Vulnerability : CVE-2026-50010
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final,...
Fedora 45 : kubernetes1.35 (2026-f8b0e6c297)
The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-f8b0e6c297 advisory. Automatic update for kubernetes1.35-1.35.6-1.fc45. Changelog Fri Jun 12 2026 Bradley G Smith - 1.35.6-1 - Update to release v1.35.6 - Resolves: rhbz2467606 -...
RockyLinux 8 : .NET 9.0 (RLSA-2026:25113)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25113 advisory. dotnet: .NET: Local file tampering via link following vulnerability CVE-2026-45491 dotnet: ASP.NET Core: Denial of Service via uncontrolled resource...
Spring Framework 6.2.x < 6.2.18.1 / 7.0.x < 7.0.7.1 SSRF
The version of Spring Framework installed on the remote host is 6.2.x prior to 6.2.18.1, or 7.0.x prior to 7.0.7.1. It is, therefore, affected by a vulnerability: - Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL strin...
EulerOS Virtualization 2.13.1 : libssh (EulerOS-SA-2026-2376)
According to the versions of the libssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A weakness has been identified in libssh up to 0.11.3. The impacted element is the function...
SAP NetWeaver AS Java Reflected XSS (3723655)
The version of SAP NetWeaver Application Server Java detected on the remote host is affected by a reflected cross-site scripting vulnerability as referenced in SAP Security Note 3723655: - Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver JAVA JDBC Test Servlet, an...
EulerOS Virtualization 2.13.1 : bind (EulerOS-SA-2026-2366)
According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU...
Linux Distros Unpatched Vulnerability : CVE-2026-44492
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not normalise IPv4-mapped IPv6 addresses. When NOPROXY...
Linux Distros Unpatched Vulnerability : CVE-2026-47729
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - squid - None Ubuntu Linux - Out-of-bounds Read attack against the FTP gateway CVE-2026-47729 Note that Nessus relies on the presence of the packa...
Debian dla-4626 : libinput-bin - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4626 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4626-1 [email protected]...