337866 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-7666
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a...
Linux Distros Unpatched Vulnerability : CVE-2026-8404
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control...
Linux Distros Unpatched Vulnerability : CVE-2026-46222
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: rockchip: rkcif: Add missing MUSTCONNECT flag to pads The pads missed checks for connected devices which may a null dereference when the stream is enable...
Linux Distros Unpatched Vulnerability : CVE-2026-46057
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - landlock: Fix LOGSUBDOMAINSOFF inheritance across fork hookcredtransfer only copies the Landlock security blob when the source credential has a domain. This is...
Linux Distros Unpatched Vulnerability : CVE-2026-46035
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/pagealloc: return NULL early from allocfrozenpagesnolock in NMI on UP On UP kernels !CONFIGSMP, spintrylock is a no-op that unconditionally succeeds even whe...
Linux Distros Unpatched Vulnerability : CVE-2026-45937
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: inside-secure/eip93 - fix kernel panic in driver detach During driver detach, the same hash algorithm is unregistered multiple times due to a wrong...
Linux Distros Unpatched Vulnerability : CVE-2026-47334
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly sleep while holding a spinlock in notification handling code. The bug can be...
Linux Distros Unpatched Vulnerability : CVE-2025-68154
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the fsSize function in systeminformation is vulnerable to OS...
Linux Distros Unpatched Vulnerability : CVE-2026-49975
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's modhttp leads to denial of service via malicious HTTP requests. This issue...
Linux Distros Unpatched Vulnerability : CVE-2026-46104
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - selinux: use sk blob accessor in socket permission helpers SELinux socket state lives in the composite LSM socket blob. sockhasperm and nlmsgsockhasextendedperm...
RockyLinux 10 : luksmeta (RLSA-2026:18421)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18421 advisory. luksmeta: Data corruption when handling LUKS1 partitions with luksmeta CVE-2025-11568 Tenable has extracted the preceding description block directly from the...
Linux Distros Unpatched Vulnerability : CVE-2026-46221
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - EDAC/versalnet: Fix device name memory leak The device name allocated via kzalloc in initonemc is assigned to dev-initname but never freed on the normal removal...
Linux Distros Unpatched Vulnerability : CVE-2026-45969
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HID: playstation: Add missing check for inputffcreatememless The psgamepadcreate function calls inputffcreatememless without verifying its return value, which c...
Linux Distros Unpatched Vulnerability : CVE-2026-10294
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such...
AlmaLinux 9 : .NET 10.0 (ALSA-2026:21297)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:21297 advisory. dotnet: .NET: infinite loop allows an attacker to cause a denial of service CVE-2026-42899 Tenable has extracted the preceding description block directly from the...
Linux Distros Unpatched Vulnerability : CVE-2026-45918
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ovpn: tcp - don't deref NULL sksocket member after tcpclose When deleting a peer in case of keepalive expiration, the peer is removed from the OpenVPN hashtable...
Linux Distros Unpatched Vulnerability : CVE-2026-46030
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - EDAC/versalnet: Fix devicenode leak in mcprobe ofparsephandle returns a devicenode reference that must be released with ofnodeput. The original code never freed...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS : rsync vulnerabilities (USN-8349-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8349-1 advisory. Calum Hutton discovered that rsync contained a heap-based out-of-bounds read when handling file transfers. A remote...
AlmaLinux 8 : samba (ALSA-2026:22644)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:22644 advisory. samba: group policy certificate enrollment uses without validation CVE-2026-3012 samba: Samba: Remote Code Execution in printing subsystem via unescaped...
Linux Distros Unpatched Vulnerability : CVE-2026-10650
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lwssshparseplaintext of the file plugins/protocollwssshbase/sshd.c o...
Linux Distros Unpatched Vulnerability : CVE-2026-38978
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths. CVE-2026-38978 Note that Nessus relies ...
Linux Distros Unpatched Vulnerability : CVE-2026-35193
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to...
AlmaLinux 9 : compat-openssl11 (ALSA-2026:22313)
The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2026:22313 advisory. openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing CVE-2026-28390 Tenable has extracted the preceding description...
AlmaLinux 9 : firefox (ALSA-2026:21378)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:21378 advisory. firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component...
pyOpenSSL 0.14.x < 26.0.0 Security Bypass
The version of pyOpenSSL installed on the remote host is prior to 26.0.0. It is, therefore, affected by a security bypass vulnerability: - pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to...
Linux Distros Unpatched Vulnerability : CVE-2026-46007
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hwmon: powerz Avoid cacheline sharing for DMA buffer Depending on the architecture the transfer buffer may share a cacheline with the following mutex. As the...
Linux Distros Unpatched Vulnerability : CVE-2026-46036
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vfio/cdx: Serialize VFIODEVICESETIRQS with a per-device mutex vfiocdxsetmsitrigger reads vdev-configmsi and operates on the vdev-cdxirqs array based on its valu...
Linux Distros Unpatched Vulnerability : CVE-2026-50031
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface IPMI specification defin...
Linux Distros Unpatched Vulnerability : CVE-2026-47329
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor notification responses. The bug can be...
AlmaLinux 10 : cockpit (ALSA-2026:21676)
The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:21676 advisory. cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI CVE-2026-4802 Tenable has extracted the preceding description block directly fr...
Linux Distros Unpatched Vulnerability : CVE-2026-46232
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HID: playstation: Clamp numtouchreports A device would never lie about the number of touch reports would it? If it does the loop in dualshock4parsereport will...
Photon OS 5.0: Linux PHSA-2026-5.0-0849
An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0849. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Linux Distros Unpatched Vulnerability : CVE-2026-46008
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/damon/core: fix damoswalk vs kdamondfn exit race When kdamondfn main loop is finished, the function cancels remaining damoswalk request and unset the...
Linux Distros Unpatched Vulnerability : CVE-2026-45928
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: chips-media: wave5: Fix memory leak on codecinfo allocation failure In wave5vpuopenenc and wave5vpuopendec, a vpu instance is allocated via kzalloc. If t...
Linux Distros Unpatched Vulnerability : CVE-2026-46182
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pseries/papr-hvpipe: Prevent kernel stack memory leak to userspace The hdr variable is allocated on the stack and only hdr.version and hdr.flags are initialized...
Linux Distros Unpatched Vulnerability : CVE-2026-47331
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux 6.8 contains AppArmor SAUCE patches which fail to acquire a lock when modifying a linked list. An unprivileged local user could trigger the race...
Linux Distros Unpatched Vulnerability : CVE-2025-71308
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - accel/amdxdna: Fix potential NULL pointer dereference in context cleanup aiedestroycontext is invoked during error handling in aie2createcontext. However,...
RockyLinux 10 : freerdp (RLSA-2026:19142)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19142 advisory. freerdp: FreeRDP: Denial of service via heap use-after-free during auto-reconnect CVE-2026-25997 freerdp: FreeRDP: Denial of service due to...
Linux Distros Unpatched Vulnerability : CVE-2026-45882
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - power: supply: pm8916bmsvm: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registerin...
Linux Distros Unpatched Vulnerability : CVE-2026-46020
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/damon/core: validate damosquotagoal-nid for nodememused,freebp Patch series mm/damon/core: validate damosquotagoal-nid. nodememcgused,freebp DAMOS quota goal...
Linux Distros Unpatched Vulnerability : CVE-2026-6657
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the alloworiginpat configuration is...
Linux Distros Unpatched Vulnerability : CVE-2026-46249
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - octeontx2-af: Fix PF driver crash with kexec kernel booting During a kexec reboot the hardware is not power-cycled, so AF state from the old kernel can persist...
Linux Distros Unpatched Vulnerability : CVE-2026-45989
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - of: unittest: fix use-after-free in testdrvprobe The function testdrvprobe retrieves the devicenode from the PCI device, applies an overlay, and then immediatel...
TencentOS Server 3: httpd:2.4 (TSSA-2026:0425)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0425 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
RockyLinux 10 : tomcat (RLSA-2026:18537)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:18537 advisory. tomcat: Apache Tomcat: Security constraint bypass for CGI scripts CVE-2025-46701 org.apache.tomcat/tomcat-catalina: tomcat: Apache Tomcat: session...
Linux Distros Unpatched Vulnerability : CVE-2026-47332
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly validate the size of an internal structure, leading to an out-of-bounds read in...
Linux Distros Unpatched Vulnerability : CVE-2026-46048
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: fix usbdev refcount leak on probe failure createcard takes a reference on the U...
Linux Distros Unpatched Vulnerability : CVE-2026-10528
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11. This issue affects the function DcmItem::read of the file...
RockyLinux 10 : galera and mariadb11.8 (RLSA-2026:19021)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19021 advisory. MariaDB: MariaDB: Remote Code Execution or Denial of Service via JSONSCHEMAVALID function vulnerability CVE-2026-32710 Tenable has extracted the preceding...
RockyLinux 10 : openssl (RLSA-2026:19066)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19066 advisory. openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key CVE-2026-31790 Tenable has extracted the preceding description blo...