338597 matches found
Oracle Linux 9 : firefox (ELSA-2026-19370)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19370 advisory. 140.12.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079773 - Add firefox-oracle-default-prefs.js and remove the corresponding R...
Linux Distros Unpatched Vulnerability : CVE-2026-53324
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: mana: Use pciname for debugfs directory naming Use pcinamepdev for the per-device debugfs directory instead of hardcoded 0 for PFs and pcislotnamepdev-slot...
Linux Distros Unpatched Vulnerability : CVE-2026-53290
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/xe/eustall: Fix drmdevput called before stream disable in close In xeeustallstreamclose, drmdevput is called before the stream is disabled and its resources...
Linux Distros Unpatched Vulnerability : CVE-2026-40941
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass allows which...
Linux Distros Unpatched Vulnerability : CVE-2026-13595
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the libblkid library of util-linux. During nested partition probing, the BSD, Minix, Solaris x86, and UnixWare partition probers cache a raw...
Linux Distros Unpatched Vulnerability : CVE-2026-12340
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds heap read during SM2/SM3 certificate signature verification. When parsing a certificate with an SM3wSM2 signature, the Subject Key Identifier...
Oracle Linux 7 : libsoup (ELSA-2026-24722)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-24722 advisory. - Backport fix for CVE-2026-5119 Orabug: 39527088 - Fixes CVE-2026-0719 CVE-2026-1761 Orabug: 38958074 - Fix CVE-2025-14523 Orabug: 38873507 - Backport patch f...
Fedora 43 : perl-Socket (2026-7df6c5acad)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-7df6c5acad advisory. 2.041- BUGFIXES - Fix reuse of STRLEN len variable in packipmreqsource Tenable has extracted the preceding description block directly from the Fedora securit...
Linux Distros Unpatched Vulnerability : CVE-2026-53278
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - armmpam: Check whether the config array is allocated before destroying it destroycomponentcfg is called to free the configuration array. It uses the embedded...
Linux Distros Unpatched Vulnerability : CVE-2026-57966
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on th...
Linux Distros Unpatched Vulnerability : CVE-2026-11999
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - X.509 trust-chain bypass path-depth exhaustion in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with...
Linux Distros Unpatched Vulnerability : CVE-2026-40079
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in...
Linux Distros Unpatched Vulnerability : CVE-2026-10098
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OCSP CertID serial-number length-confusion in wolfSSLOCSPrespfindstatus allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be...
Linux Distros Unpatched Vulnerability : CVE-2026-53322
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vfio/pci: Clean up DMABUFs before disabling function On device shutdown, make vfiopcicoreclosedevice call vfiopcidmabufcleanup before the function is disabled v...
Linux Distros Unpatched Vulnerability : CVE-2026-56788
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attacker...
Linux Distros Unpatched Vulnerability : CVE-2026-53308
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - power: supply: max77705: Free allocated workqueue and fix removal order Use devm interface for allocating workqueue to fix two bugs at the same time: 1. Driver...
Linux Distros Unpatched Vulnerability : CVE-2026-53323
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: dsa: remove redundant netdevlockops from conduit ethtool ops DSA replaces the conduit master device's ethtoolops with its own wrappers that aggregate stats...
Linux Distros Unpatched Vulnerability : CVE-2026-6091
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An...
Linux Distros Unpatched Vulnerability : CVE-2026-46607
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load to read a version-check cache file stored ...
Oracle Linux 9 : firefox (ELSA-2026-21378)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-21378 advisory. 140.12.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079773 - Add firefox-oracle-default-prefs.js and remove the corresponding R...
Linux Distros Unpatched Vulnerability : CVE-2026-39938
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graphtheme and rrdtool IPC...
Linux Distros Unpatched Vulnerability : CVE-2026-10512
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The X25519 x8664 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully...
Linux Distros Unpatched Vulnerability : CVE-2026-56786
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RTKLIB through 2.4.3 contains an out-of-bounds write vulnerability in decodetype1033 function that fails to clamp length counters to destination buffer size,...
Linux Distros Unpatched Vulnerability : CVE-2026-0685
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Server side template inject SSTI in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code...
Apache Tomcat 11.0.0.M1 < 11.0.5
The version of Tomcat installed on the remote host is prior to 11.0.5. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat11.0.5security-11 advisory. - Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to...
Oracle Linux 9 : firefox (ELSA-2026-20574)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-20574 advisory. 140.12.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079773 - Add firefox-oracle-default-prefs.js and remove the corresponding R...
Linux Distros Unpatched Vulnerability : CVE-2026-55967
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AES-GCM encryption/decryption with extremely large cumulative single message sizes 64 GiB were not properly rejected by the streaming APIs, allowing counter wra...
Linux Distros Unpatched Vulnerability : CVE-2026-53300
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: enetc: fix NTMP DMA use-after-free issue The AI-generated review reported a potential DMA use-after- free issue 1. If netcxmitntmpcmd times out and returns...
Linux Distros Unpatched Vulnerability : CVE-2026-39893
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request variable was concatenated into a RLIKE SQL...
Linux Distros Unpatched Vulnerability : CVE-2026-53293
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdgpu: fix AMDGPUINFOREADMMRREG There were multiple issues in that code. First of all the order between the reset semaphore and the mmlock was wrong e.g...
Linux Distros Unpatched Vulnerability : CVE-2026-55961
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wolfSSLPKCS7verify returning success for a degenerate certs-only PKCS7 object that contains no signer. Such an object has empty signerInfos, so the underlying...
Linux Distros Unpatched Vulnerability : CVE-2026-53301
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - reset: amlogic: t7: Fix null reset ops Fix missing reset ops causing kernel null pointer dereference. This SOC's reset is currently not used yet. CVE-2026-53301...
Linux Distros Unpatched Vulnerability : CVE-2026-6291
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bleichenbacher padding oracle in PKCS7 KTRI decryption. When decrypting PKCS7 EnvelopedData using RSA PKCS1 v1.5 key transport, wolfSSL returned distinguishable...
Linux Distros Unpatched Vulnerability : CVE-2026-11703
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing SNI/ALPN binding on stateful session-ID resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session...
Linux Distros Unpatched Vulnerability : CVE-2026-53925
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the securepopen function in glances/secure.py interprets file...
Amazon Linux 2 : ecs-init, --advisory ALAS2ECS-2026-129 (ALASECS-2026-129)
The version of ecs-init installed on the remote host is prior to 1.103.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2026-129 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...
EulerOS Virtualization 2.13.0 : kernel (EulerOS-SA-2026-2518)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : xfrm: esp: avoid in-place decrypt on shared skb fragsCVE-2026-43284 Tenable has extracted the preceding description block directly...
Linux Distros Unpatched Vulnerability : CVE-2026-6331
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HMAC zero-length tag forgery in EVPDigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility...
Amazon Linux 2023 : ecs-init (ALAS2023-2026-1906)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1906 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks...
RHEL 10 : thunderbird (RHSA-2026:30846)
The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:30846 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Sandbox escape in the DOM: Workers...
RHEL 10 : git-lfs (RHSA-2026:30855)
The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:30855 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing...
Oracle Linux 8 : git-lfs (ELSA-2026-30853)
The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-30853 advisory. - Backport CVE-2026-39821 fix vendored golang.org/x/net IDNA Tenable has extracted the preceding description block directly from the Oracle Linux security...
Linux Distros Unpatched Vulnerability : CVE-2026-54369
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions aclgetfile, aclsetfile, aclextendedfile, and...
RHEL 9 : kpatch-patch-5_14_0-570_116_1, kpatch-patch-5_14_0-570_17_1, kpatch-patch-5_14_0-570_39_1, kpatch-patch-5_14_0-570_66_1, and kpatch-patch-5_14_0-570_94_1 (RHSA-2026:33223)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:33223 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patc...
Linux Distros Unpatched Vulnerability : CVE-2026-13593
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CSS::Minifier::XS versions before 0.14 for Perl have a memory leak when the entire document is minified away. The minify function has a memory leak when...
Linux Distros Unpatched Vulnerability : CVE-2026-55960
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Un-negotiated Raw Public Key RFC 7250 accepted in place of an X.509 certificate, bypassing chain validation. A raw public key has no chain, so ParseCertRelative...
Linux Distros Unpatched Vulnerability : CVE-2026-8720
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wcBlake2bHmacFinal and wcBlake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of the input. When...
Linux Distros Unpatched Vulnerability : CVE-2026-6678
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer underflow in wcPKCS7DecryptOri when handling crafted Other Recipient Info, leading to incorrect length handling during decryption. CVE-2026-6678 Note th...
RHEL 8 : kpatch-patch-4_18_0-553_109_1, kpatch-patch-4_18_0-553_125_1, kpatch-patch-4_18_0-553_53_1, kpatch-patch-4_18_0-553_72_1, and kpatch-patch-4_18_0-553_85_1 (RHSA-2026:33220)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:33220 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patc...
Linux Distros Unpatched Vulnerability : CVE-2026-13523
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A weakness has been identified in GPAC up to 26.02.0. This affects an unknown part of the file src/utils/baseencoding.c of the component ISOBMFF Parser. Executi...