337660 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-52293
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A segmentation violaton in the gfhevcreadspsbsinternal function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via...
AlmaLinux 8 : .NET 8.0 (ALSA-2026:25110)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:25110 advisory. dotnet: .NET: Local file tampering via link following vulnerability CVE-2026-45491 dotnet: ASP.NET Core: Denial of Service via uncontrolled resource...
Linux Distros Unpatched Vulnerability : CVE-2026-42189
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of- service vulnerability exists in the server's...
RockyLinux 9 : bind9.18 (RLSA-2026:24368)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:24368 advisory. bind: BIND 9 server memory exhaustion during GSS-API TKEY negotiation CVE-2026-3039 bind: BIND: Denial of Service via specially crafted DNS messages...
RHEL 8 : libsndfile (RHSA-2026:25227)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:25227 advisory. libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Security Fixes: libsndfile: integer...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : CUPS vulnerabilities (USN-8405-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8405-1 advisory. Ariel Silver discovered that CUPS incorrectly handled username comparisons during authorization checks. A local attacker...
GitLab 12.10 < 18.10.8 / 18.11 < 18.11.5 / 19.0 < 19.0.2 (CVE-2026-7250)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Net::CIDR::Lite vulnerabilities (USN-8406-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8406-1 advisory. Dave Rolsky discovered that Net::CIDR::Lite did not properly handle extraneous zero...
Photon OS 4.0: Linux PHSA-2026-4.0-1030
An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1030. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
RockyLinux 10 : cockpit-image-builder (RLSA-2026:24331)
The remote RockyLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2026:24331 advisory. lodash: prototype pollution in .unset and .omit functions CVE-2025-13465 lodash: lodash: Arbitrary code execution via untrusted input in template impor...
Oracle Linux 8 : .NET / 9.0 (ELSA-2026-25113)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-25113 advisory. 9.0.118-1.0.1 - Add support for Oracle Linux 9.0.118-1 - Update to .NET SDK 9.0.118 and Runtime 9.0.17 - Resolves: RHEL-181550 9.0.116-2 - Update to...
Ubuntu 18.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : shell-quote vulnerability (USN-8410-1)
The remote Ubuntu 18.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8410-1 advisory. Akshat Sinha discovered that shell-quote improperly validated object-token inputs. An attacker could possibly use this...
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : Qt Declarative vulnerability (USN-8357-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8357-1 advisory. It was discovered that Qt Declarative did not properly validate the width and height attributes of image tags in the Text component of Qt...
FreeBSD : tree-sitter-cli -- Always-Incorrect Control Flow Implementation in wasmtime crate (36ec75da-633d-11f1-9dbc-28d2443e6cfa)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 36ec75da-633d-11f1-9dbc-28d2443e6cfa advisory. https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-q49f-xg75-m9xw reports: Wasmtime ...
FreeBSD : p5-ack -- Multiple issues (7ce71561-64c7-11f1-99fc-40b034429ecf)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 7ce71561-64c7-11f1-99fc-40b034429ecf advisory. Ack project reports: CVE-2026-49147: filename ANSI escape sequences CVE-2026-49146: project...
AlmaLinux 10 : .NET 9.0 (ALSA-2026:25112)
The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:25112 advisory. dotnet: .NET: Local file tampering via link following vulnerability CVE-2026-45491 dotnet: ASP.NET Core: Denial of Service via uncontrolled resource...
RockyLinux 10 : bind (RLSA-2026:24338)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:24338 advisory. bind: BIND 9 server memory exhaustion during GSS-API TKEY negotiation CVE-2026-3039 bind: BIND: Denial of Service via specially crafted DNS messages...
AlmaLinux 8 : postgresql-jdbc (ALSA-2026:25030)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:25030 advisory. jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication CVE-2026-42198 Tenable has extracted the preceding descripti...
Linux Distros Unpatched Vulnerability : CVE-2026-53461
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, an incorrect loop in th...
Ubuntu 20.04 LTS : Linux kernel (Azure FIPS) vulnerabilities (USN-7819-2)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7819-2 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...
Debian dsa-6340 : neutron-api - security update
The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6340 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6340-1 [email protected] https://www.debian.org/security/ Moritz...
Linux Distros Unpatched Vulnerability : CVE-2026-44489
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge e.g., config.proxy are sti...
Linux Distros Unpatched Vulnerability : CVE-2026-11526
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open of filename arguments in makefilehandle...
Linux Distros Unpatched Vulnerability : CVE-2026-53689
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libnfs through 6.0.2 before 55c18ea does not validate a string size, leading to an integer overflow during a connection to a crafted NFS server. This occurs in...
Oracle Linux 7 : freerdp (ELSA-2026-11323)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-11323 advisory. - Fixed CVE-2026-22852 CVE-2026-22854 CVE-2026-22856 CVE-2026-23732 CVE-2026-23948 CVE-2026-24491 CVE-2026-24675 CVE-2026-24676 CVE-2026-24679...
Ubuntu 20.04 LTS : Linux kernel (FIPS) vulnerabilities (USN-7585-2)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7585-2 advisory. It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls...
RHEL 8 : rsync (RHSA-2026:25170)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:25170 advisory. The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : NNCP vulnerability (USN-8359-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has a package installed that is affected by a vulnerability as referenced in the USN-8359-1 advisory. It was discovered that NNCP did not properly sanitize file paths in packet data during file requesting and file saving operations. A remote...
RHEL 9 : .NET 10.0 (RHSA-2026:25222)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25222 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...
RHEL 8 : .NET 10.0 (RHSA-2026:25114)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25114 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...
GitLab 15.5 < 18.10.8 / 18.11 < 18.11.5 / 19.0 < 19.0.2 (CVE-2026-6552)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab EE affecting all versions from 15.5 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an...
RHEL 8 : httpd:2.4 (RHSA-2026:25090)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:25090 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP/2: Remote Denial of...
RHEL 8 : postgresql-jdbc (RHSA-2026:25030)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:25030 advisory. PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs...
Ubuntu 26.04 LTS : Twig vulnerability (USN-8408-1)
The remote Ubuntu 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8408-1 advisory. It was discovered that Twig did not properly validate PHP callables when using a source policy. An authenticated user could possibly use this issue to execute...
Slackware Linux 15.0 samba Multiple Vulnerabilities (SSA:2026-158-01)
The version of samba installed on the remote host is prior to 4.22.10. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2026-158-01 advisory. New samba packages are available for Slackware 15.0 to fix security issues. Tenable has extracted the preceding description...
openSUSE 16 Security Update : NetworkManager (openSUSE-SU-2026:20911-1)
The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20911-1 advisory. Security fixes: - CVE-2025-9615: Fixed non-admin user using others' certificates bsc1257359. Other fixes: - Accept localhost hostnames if static...
Linux Distros Unpatched Vulnerability : CVE-2026-46374
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untruste...
RHEL 10 : .NET 9.0 (RHSA-2026:25112)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25112 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...
RHEL 10 : mod_http2 (RHSA-2026:25225)
The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:25225 advisory. The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: HTTP/2: Remot...
Ubuntu 20.04 LTS : Linux kernel (FIPS) vulnerabilities (USN-7795-2)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7795-2 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...
Linux Distros Unpatched Vulnerability : CVE-2026-11884
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap buffer overflow flaw was found in 389 Directory Server. When serializing objectclass definitions, the ocsuperior SUP field length is omitted from buffer...
RockyLinux 8 : kernel (RLSA-2026:23258)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:23258 advisory. kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions CVE-2026-46243 Tenable has extracted the preceding description block directly from t...
GitLab 17.10 < 18.10.8 / 18.11 < 18.11.5 / 19.0 < 19.0.2 (CVE-2026-1500)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an...
RHEL 9 : bind (RHSA-2026:25214)
"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:25214 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named %NASLMINLEVEL...
Linux Distros Unpatched Vulnerability : CVE-2026-49759
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack-based Buffer Overflow vulnerability in Erlang OTP erts inetdrv allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP...
RockyLinux 9 : redis (RLSA-2026:23229)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:23229 advisory. redis: RESTORE invalid memory access may allow remote code execution CVE-2026-25243 Tenable has extracted the preceding description block directly from the...
Linux Distros Unpatched Vulnerability : CVE-2026-49219
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, an incorrect parsing of...
openSUSE 16 Security Update : salt (openSUSE-SU-2026:20918-1)
The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20918-1 advisory. Security fixes: - CVE-2026-31958: python-tornado: parsing large multipart bodies with many parts can cause a denial of service bsc1259554 Tenable has...
FreeBSD : Erlang/OTP -- timing-based username enumeration in SSH password authentication (d87e7df5-64d4-11f1-ab11-4c526214c986)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d87e7df5-64d4-11f1-ab11-4c526214c986 advisory. https://github.com/erlang/otp/security/advisories/GHSA-3w6p-vwhf-wvp4 reports: A timing-based username...
GitLab 12.0 < 18.10.8 / 18.11 < 18.11.5 / 19.0 < 19.0.2 (CVE-2026-3553)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an...