Linux Distros Unpatched Vulnerability : CVE-2026-11659

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in UI in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML...

EulerOS 2.0 SP11 : curl (EulerOS-SA-2026-2238)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the...

EulerOS 2.0 SP11 : avahi (EulerOS-SA-2026-2197)

According to the versions of the avahi packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below,...

Security Updates for Microsoft Office Products (June 2026)

The Microsoft Office Products are missing a security update. They are, therefore, affected by multiple vulnerabilities: - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. CVE-2026-44819, CVE-2026-44824, CVE-2026-45461, CVE-2026-45463,...

Linux Distros Unpatched Vulnerability : CVE-2026-46298

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pseries/papr-hvpipe: Fix race with interrupt handler While executing -ioctl handler or -release handler, if an interrupt fires on the same cpu, then we can ente...

Linux Distros Unpatched Vulnerability : CVE-2026-11631

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Aura in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially...

Linux Distros Unpatched Vulnerability : CVE-2026-11629

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2026-46307

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: ath5k: do not access array OOB Vincent reports: The ath5k driver seems to do an array-index-out- of-bounds access as shown by the UBSAN kernel message:...

Linux Distros Unpatched Vulnerability : CVE-2026-46322

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tun: free page on buildskb failure in tunxdpone When buildskb fails in tunxdpone, the function sets ret to -ENOMEM and jumps to the out label, which returns...

Linux Distros Unpatched Vulnerability : CVE-2026-11634

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Gamepad in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HT...

EulerOS 2.0 SP11 : NetworkManager (EulerOS-SA-2026-2196)

According to the versions of the NetworkManager packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allow...

Linux Distros Unpatched Vulnerability : CVE-2026-11638

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Printing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page...

KB5094125: Windows Server 2025 Security Update (June 2026)

The remote Windows host is missing security update 5094125. It is, therefore, affected by multiple vulnerabilities - Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network. CVE-2026-47291 - Heap-based buffer overflow in Remote Desktop...

Linux Distros Unpatched Vulnerability : CVE-2026-11684

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the utility process to leak...

RHEL 9 : thunderbird (RHSA-2026:24721)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:24721 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Memory safety bugs fixed in Firefox ES...

Linux Distros Unpatched Vulnerability : CVE-2026-34355

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A buffer overflow in modproxyhtml in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version...

AlmaLinux 8 : libyang (ALSA-2026:24545)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2026:24545 advisory. libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob CVE-2026-44673 Tenable has extracted the preceding...

Linux Distros Unpatched Vulnerability : CVE-2026-46330

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Revert net/smc: Introduce TCP ULP support This reverts commit d7cd421da9da2cc7b4d25b8537f66db5c8331c40. As reported by Al Viro, the TCP ULP support for SMC is...

Linux Distros Unpatched Vulnerability : CVE-2026-9669

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor,...

Adobe InDesign < 20.5.4 / 21.0 < 21.4.0 Multiple Vulnerabilities (APSB26-58) (macOS)

The version of Adobe InDesign installed on the remote macOS host is prior to 20.5.4, 21.4.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-58 advisory. - InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability th...

EulerOS 2.0 SP11 : golang (EulerOS-SA-2026-2207)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a...

RockyLinux 8 : samba (RLSA-2026:22644)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:22644 advisory. samba: group policy certificate enrollment uses http:// without validation CVE-2026-3012 samba: Samba: Remote Code Execution in printing subsystem via...

Linux Distros Unpatched Vulnerability : CVE-2026-11682

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to...

Linux Distros Unpatched Vulnerability : CVE-2026-42488

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Some shadow paging errors paths will switch the page-tables without updating the currently running vCPU reference. This causes a mismatch between the loaded...

Linux Distros Unpatched Vulnerability : CVE-2026-11691

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer...

EulerOS 2.0 SP11 : libpng (EulerOS-SA-2026-2212)

According to the versions of the libpng packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. In...

KB5094041: Windows Server 2012 R2 Security Update (June 2026)

The remote Windows host is missing security update 5094041. It is, therefore, affected by multiple vulnerabilities - Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network. CVE-2026-47291 - Heap-based buffer overflow in Remote Desktop...

Linux Distros Unpatched Vulnerability : CVE-2026-46319

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/sched: actct: Only release RCU read lock after ctft When looking up a flow table in actct in tcfctflowtableget, rhashtablelookupfast internally opens and...

Linux Distros Unpatched Vulnerability : CVE-2026-46314

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/v3d: Reject empty multisync extension to prevent infinite loop v3dgetextensions walks a userspace- provided singly-linked list of ioctl extensions without a...

Linux Distros Unpatched Vulnerability : CVE-2026-11640

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a...

Linux Distros Unpatched Vulnerability : CVE-2026-11653

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass...

Security Updates for Microsoft Word Products (June 2026)

The Microsoft Word Products are missing a security update. They are, therefore, affected by multiple vulnerabilities: - Access of resource using incompatible type 'type confusion' in Microsoft Office allows an unauthorized attacker to execute code locally. CVE-2026-45456, CVE-2026-45458 - Untrust...

Linux Distros Unpatched Vulnerability : CVE-2026-41852

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in Spring Expression Language SpEL evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only...

EulerOS 2.0 SP11 : glibc (EulerOS-SA-2026-2205)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The iconv function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or...

EulerOS 2.0 SP11 : protobuf (EulerOS-SA-2026-2260)

According to the versions of the protobuf packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypasse...

EulerOS 2.0 SP11 : gnutls (EulerOS-SA-2026-2244)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in GnuTLS. This vulnerability allows a denial of service DoS by excessive CPU Central Processing Unit and memory consumption via...

Linux Distros Unpatched Vulnerability : CVE-2026-11662

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Type Confusion in Bindings in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2026-41843

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through...

Linux Distros Unpatched Vulnerability : CVE-2026-46293

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - clk: microchip: mpfs-ccc: fix out of bounds access during output registration UBSAN reported an out of bounds access during registration of the last two outputs...

Oracle Linux 8 : libyang (ELSA-2026-24545)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-24545 advisory. 1.0.184-2 - DoS or arbitrary code execution via maliciously crafted LYB binary blob - Resolves: RHEL-177017 - CVE-2026-44673 Tenable has extracted the precedin...

Linux Distros Unpatched Vulnerability : CVE-2026-11693

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Plugins in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass si...

RHEL 9 : krb5 (RHSA-2026:24683)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:24683 advisory. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending password...

RHEL 9 : krb5 (RHSA-2026:24685)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:24685 advisory. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending password...

Linux Distros Unpatched Vulnerability : CVE-2026-11669

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read in Media in Google Chrome on ChromeOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain...

Cisco Catalyst SD-WAN Controller, Catalyst SD-WAN Manager, and Catalyst SD-WAN Validator Authenticated Privilege Escalation (cisco-sa-sdwan-privesc-4uxFrdzx)

According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability. - A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD- WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly...

Fedora 43 : putty (2026-61f53cc218)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-61f53cc218 advisory. This is an update fixing several security related problems in putty. Tenable has extracted the preceding description block directly from the Fedora...

EulerOS 2.0 SP11 : libpng (EulerOS-SA-2026-2250)

According to the versions of the libpng packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. In...

Linux Distros Unpatched Vulnerability : CVE-2026-11654

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in CameraCapture in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted...

KB5094042: Windows Server 2012 Security Update (June 2026)

The remote Windows host is missing security update 5094042. It is, therefore, affected by multiple vulnerabilities - Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network. CVE-2026-47291 - Heap-based buffer overflow in Remote Desktop...

Linux Distros Unpatched Vulnerability : CVE-2026-11688

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted...