338622 matches found
NewStart CGSL MAIN 6.06 : gstreamer1-plugins-base Vulnerability (NS-SA-2026-0056)
The remote NewStart CGSL host, running version MAIN 6.06, has gstreamer1-plugins-base packages installed that are affected by a vulnerability: - GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gstparsevorbissetuppacket...
IBM WebSphere Application Server Liberty 17.0.0.3 < 26.0.0.8 (7278580)
The version of IBM WebSphere Application Server Liberty running on the remote host is affected by a vulnerability as referenced in the 7278580 advisory. - IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the...
Fedora 45 : ipp-usb (2026-7eaf5e3510)
The remote Fedora 45 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-7eaf5e3510 advisory. Automatic update for ipp-usb-0.9.34-2.fc45. Changelog Tue Jun 30 2026 Zdenek Dohnal - 0.9.34-2 - ipp-usb-0.9.34 is available fedora2463247,...
IBM WebSphere Application Server Liberty 17.0.0.3 < 26.0.0.8 (7278572)
The version of IBM WebSphere Application Server Liberty running on the remote host is affected by a vulnerability as referenced in the 7278572 advisory. - IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the...
Fedora 43 : collectd / varnish / varnish-modules / vmod-querystring (2026-7f36ec4c65)
The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-7f36ec4c65 advisory. Update to latest 7.7.x release available, a security release. Includes fixes for VSV00017 aka CVE-2025-8671, aAdded patches for for VSV00018 aka...
Fedora 45 : jq (2026-b43264dedb)
The remote Fedora 45 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-b43264dedb advisory. Automatic update for jq-1.8.2-4.fc45. Changelog Sat Jun 20 2026 Filipe Rosset - 1.8.2-4 - removed old upstreamed patches Sat Jun 20 2026 Filipe Ross...
CentOS 9 : kernel-5.14.0-719.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-719.el9 build changelog. - In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix use after free of parentport in cxldetachep cxldetach...
Fedora 43 : chromium (2026-7f29bc3622)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-7f29bc3622 advisory. Update to 149.0.7827.200 CVE-2026-13281: Integer overflow in Mojo CVE-2026-13282: Use after free in Payments CVE-2026-13283: Use after free in...
CentOS 9 : libgcrypt-1.10.0-12.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the libgcrypt-1.10.0-12.el9 build changelog. - Denial of Service and buffer overflow via crafted ECDH ciphertext CVE-2026-41989 Note that Nessus has not tested for this issue but has instea...
Fedora 43 : python-django-haystack (2026-1d2c7eaa2f)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-1d2c7eaa2f advisory. Fixes GHSA-r3hx-x5rh-p9vv: via eval in Elasticsearch Result Deserialization...
Fedora 44 : transmission (2026-23d0f010f8)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-23d0f010f8 advisory. Fix qt icon Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this issue...
Fedora 44 : python-django-haystack (2026-3e10194134)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3e10194134 advisory. Fixes GHSA-r3hx-x5rh-p9vv: via eval in Elasticsearch Result Deserialization...
Fedora 44 : maradns (2026-7726bdbcf1)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-7726bdbcf1 advisory. Update to 3.5.0037, fixing DNS-over-TCP bug rhbz2488786 Tenable has extracted the preceding description block directly from the Fedora security advisory. Not...
Fedora 44 : python-jupytext (2026-db770b7d7a)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-db770b7d7a advisory. See https://github.com/jupytext/jupytext/releases/tag/v1.19.4 for changes in version 1.19.4. Notable, this update fixes CVE-2026-45736 and...
NewStart CGSL MAIN 6.06 : ansible-core Multiple Vulnerabilities (NS-SA-2026-0056)
The remote NewStart CGSL host, running version MAIN 6.06, has ansible-core packages installed that are affected by multiple vulnerabilities: - A flaw was found in Ansible. The ansible-core user module can allow an unprivileged user to silently create or replace the contents of any file on any...
Fedora 43 : python-jupytext (2026-31e6b85f4e)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-31e6b85f4e advisory. See https://github.com/jupytext/jupytext/releases/tag/v1.19.4 for changes in version 1.19.4. Notable, this update fixes CVE-2026-45736 and...
Linux Distros Unpatched Vulnerability : CVE-2026-6331
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HMAC zero-length tag forgery in EVPDigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility...
Linux Distros Unpatched Vulnerability : CVE-2026-12340
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds heap read during SM2/SM3 certificate signature verification. When parsing a certificate with an SM3wSM2 signature, the Subject Key Identifier...
Axis Communications AXIS OS Improper Neutralization of Wildcards or Matching Symbols (CVE-2024-6509)
A researcher in the AXIS OS Bug Bounty Program has found that the VAPIX API alwaysmulti.cgi was vulnerable for file globbing which could lead to resource exhaustion of the Axis device. Axis has released patched AXIS OS versions for this flaw. This plugin only works with Tenable.ot. Please visit...
Linux Distros Unpatched Vulnerability : CVE-2026-57456
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. Prior to 9.2.0699, Vim's Python omni-completion runtime/autoload/python3complete.vim and the legacy...
Linux Distros Unpatched Vulnerability : CVE-2026-13595
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the libblkid library of util-linux. During nested partition probing, the BSD, Minix, Solaris x86, and UnixWare partition probers cache a raw...
RHEL 10 : coreutils (RHSA-2026:33124)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:33124 advisory. The coreutils packages contain the GNU Core Utilities and represent a combination of the previously used GNU fileutils, sh-utils, and textutils...
Axis Communications AXIS OS Improper Validation of Specified Type of Input (CVE-2024-47262)
Dzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API param.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the web interface of the Axis device. Axis has released patched AXIS OS versions for this flaw. Endpoints not...
Linux Distros Unpatched Vulnerability : CVE-2026-53305
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: typec: ps883x: Fix Oops at unbind When trying to unbind a device in order to bind to it vfio-platform as: echo bc0000.geniqup...
Linux Distros Unpatched Vulnerability : CVE-2026-55955
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component. This issue affects...
Linux Distros Unpatched Vulnerability : CVE-2026-40941
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass allows which...
FreeBSD : NSD -- vulnerabilities (bebbc065-73d2-11f1-910d-3c7c3fba4204)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the bebbc065-73d2-11f1-910d-3c7c3fba4204 advisory. NLnet Labs reports: CVE-2026-12244: A specially crafted SVCB RR can cause a heap overflow of u...
Axis Communications AXIS OS Cleartext Transmission of Sensitive Information (CVE-2024-0066)
A researcher in the AXIS OS Bug Bounty Program has found that a O3C feature may expose sensitive traffic between the client Axis device and O3C server. This issue does not apply if O3C is not used. Axis has released patched AXIS OS versions for this flaw. This plugin only works with Tenable.ot...
Oracle Linux 8 : python3.12-urllib3 (ELSA-2026-32992)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-32992 advisory. 1.26.19-3 - Security fixes for CVE-2026-44431 and CVE-2026-44432 Resolves: RHEL-185125, RHEL-184900 Tenable has extracted the preceding description...
Linux Distros Unpatched Vulnerability : CVE-2026-12912
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libtiff. A remote attacker could exploit this vulnerability by providing a specially crafted PixarLog-compressed TIFF image. This issue occu...
Oracle Linux 10 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50351)
The remote Oracle Linux 10 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-50351 advisory. 6.12.0-203.76.7.6 - net: skbuff: fix missing zerocopy reference in pskbcarve helpers Minh Nguyen Orabug: 39639984 CVE-2026-52943 Credit Statement: The...
Linux Distros Unpatched Vulnerability : CVE-2026-57966
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on th...
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.3.18 (RHSA-2026:33371)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:33371 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release ...
Linux Distros Unpatched Vulnerability : CVE-2026-0685
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Server side template inject SSTI in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code...
Linux Distros Unpatched Vulnerability : CVE-2026-57453
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. From 9.1.1784 until 9.2.0678, when the bundled zip plugin autoload/zip.vim falls back to PowerShell to browse,...
Apache Tomcat 9.0.0.M1 < 9.0.102
The version of Tomcat installed on the remote host is prior to 9.0.102. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.102security-9 advisory. - Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to...
Linux Distros Unpatched Vulnerability : CVE-2026-39897
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vulnerability in the htmlauthfooter. This...
Linux Distros Unpatched Vulnerability : CVE-2026-39951
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graphnameregexp ...
Linux Distros Unpatched Vulnerability : CVE-2026-53310
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - soc/tegra: cbb: Fix cross-fabric target timeout lookup When a fabric receives an error interrupt, the error may have occurred on a different fabric. The target...
Linux Distros Unpatched Vulnerability : CVE-2026-13523
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A weakness has been identified in GPAC up to 26.02.0. This affects an unknown part of the file src/utils/baseencoding.c of the component ISOBMFF Parser. Executi...
Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50352)
The remote Oracle Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-50352 advisory. 5.15.0-321.202.5.3 - net: skbuff: fix missing zerocopy reference in pskbcarve helpers Minh Nguyen Orabug: 39639981 CVE-2026-52943 Credit Statement: The...
Linux Distros Unpatched Vulnerability : CVE-2026-57454
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. From 9.2.0320 until 9.2.0679, a crafted undo or swap file can store a virtual-text property whose offset and...
Linux Distros Unpatched Vulnerability : CVE-2026-7531
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a...
Linux Distros Unpatched Vulnerability : CVE-2026-40082
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have missing sessionregenerateid after login, leading to Session...
Apache Tomcat 10.1.0.M1 < 10.1.39
The version of Tomcat installed on the remote host is prior to 10.1.39. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat10.1.39security-10 advisory. - Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to...
IBM MQ 9.1 < 9.1.0.37 LTS / 9.2 < 9.2.0.43 LTS / 9.3 < 10.0.0.0 CD / 9.3 < 9.3.0.41 LTS / 9.4 < 9.4.0.25 LTS (7277718)
The version of IBM MQ Server running on the remote host is affected by multiple vulnerabilities as referenced in the 7277718 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions tha...
RHEL 9 : .NET 9.0 (RHSA-2026:28051)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28051 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...
Linux Distros Unpatched Vulnerability : CVE-2026-55693
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. Prior to 9.2.0653, the treecountwords function in src/spellfile.c fills in the word-count fields of a spell-fil...
SUSE SLED15 / SLES15 Security Update : bind (SUSE-SU-2026:2673-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2673-1 advisory. Security issues: - CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY negotiation bsc1265591. ...
Amazon Linux 2 : containerd, --advisory ALAS2NITRO-ENCLAVES-2026-113 (ALASNITRO-ENCLAVES-2026-113)
The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-113 advisory. Memory exhaustion DoS causing OOM kill of containerd process NOTE:...