Vulners
Lucene search
Linux Distros Unpatched Vulnerability : CVE-2026-22693
| Reporter | Title | Published | Views | Family All 72 |
|---|---|---|---|---|
 | CVE-2026-0943 | 19 Jan 202602:46 | – | attackerkb |
 | Amazon Linux 2023 : firefox (ALAS2023-2026-1435) | 19 Feb 202600:00 | – | nessus |
| Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3171 (ALAS-2026-3171) | 19 Feb 202600:00 | – | nessus |
| Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2026-051 (ALASFIREFOX-2026-051) | 19 Feb 202600:00 | – | nessus |
| Fedora 42 : mingw-harfbuzz (2026-2301995d0a) | 26 Jan 202600:00 | – | nessus |
| Fedora 42 : perl-HarfBuzz-Shaper (2026-2a6cbb84d6) | 29 Jan 202600:00 | – | nessus |
| Fedora 43 : perl-HarfBuzz-Shaper (2026-2b5249b4b6) | 29 Jan 202600:00 | – | nessus |
| Fedora 43 : harfbuzz (2026-b38fe572ef) | 16 Jan 202600:00 | – | nessus |
| Fedora 42 : harfbuzz (2026-bac983cf83) | 28 Jan 202600:00 | – | nessus |
| Fedora 43 : mingw-harfbuzz (2026-dc77eb63ae) | 25 Jan 202600:00 | – | nessus |
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(282558);
script_version("1.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/05/16");
script_cve_id("CVE-2026-22693");
script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2026-22693");
script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.
- HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability
exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function
fails to check if hb_malloc returns NULL before using placement new to construct an object at the returned
pointer address. When hb_malloc fails to allocate memory (which can occur in low-memory conditions or when
using custom allocators that simulate allocation failures), it returns NULL. The code then attempts to
call the constructor on this null pointer using placement new syntax, resulting in undefined behavior and
a Segmentation Fault. This issue has been patched in version 12.3.0. (CVE-2026-22693)
Note that Nessus relies on the presence of the package as reported by the vendor.");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2026-22693");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-22693");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2026-22693");
script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
script_set_attribute(attribute:"agent", value:"unix");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:U/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:U/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-22693");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vendor_unpatched", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2026/01/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/10");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:24.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:25.04");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:25.10");
script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:8");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:12.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:10");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:9");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:harfbuzz");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:firefox");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:firefox-x11");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:harfbuzz");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:harfbuzz-cairo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:harfbuzz-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:harfbuzz-icu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-17-openjdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-17-openjdk-demo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-17-openjdk-demo-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-17-openjdk-demo-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-17-openjdk-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-17-openjdk-devel-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-17-openjdk-devel-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-17-openjdk-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-17-openjdk-headless");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-17-openjdk-headless-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-17-openjdk-headless-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-17-openjdk-javadoc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-17-openjdk-javadoc-zip");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-17-openjdk-jmods");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-17-openjdk-jmods-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-17-openjdk-jmods-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-17-openjdk-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-17-openjdk-src");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-17-openjdk-src-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-17-openjdk-src-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-17-openjdk-static-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-17-openjdk-static-libs-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-17-openjdk-static-libs-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-21-openjdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-21-openjdk-demo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-21-openjdk-demo-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-21-openjdk-demo-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-21-openjdk-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-21-openjdk-devel-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-21-openjdk-devel-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-21-openjdk-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-21-openjdk-headless");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-21-openjdk-headless-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-21-openjdk-headless-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-21-openjdk-javadoc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-21-openjdk-javadoc-zip");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-21-openjdk-jmods");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-21-openjdk-jmods-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-21-openjdk-jmods-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-21-openjdk-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-21-openjdk-src");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-21-openjdk-src-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-21-openjdk-src-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-21-openjdk-static-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-21-openjdk-static-libs-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-21-openjdk-static-libs-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-25-openjdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-25-openjdk-crypto-adapter");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-25-openjdk-crypto-adapter-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-25-openjdk-crypto-adapter-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-25-openjdk-demo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-25-openjdk-demo-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-25-openjdk-demo-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-25-openjdk-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-25-openjdk-devel-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-25-openjdk-devel-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-25-openjdk-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-25-openjdk-headless");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-25-openjdk-headless-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-25-openjdk-headless-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-25-openjdk-javadoc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-25-openjdk-javadoc-zip");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-25-openjdk-jmods");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-25-openjdk-jmods-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-25-openjdk-jmods-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-25-openjdk-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-25-openjdk-src");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-25-openjdk-src-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-25-openjdk-src-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-25-openjdk-static-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-25-openjdk-static-libs-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:java-25-openjdk-static-libs-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mingw32-harfbuzz");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mingw32-harfbuzz-static");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mingw64-harfbuzz");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mingw64-harfbuzz-static");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:thunderbird");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:harfbuzz");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:firefox-x11");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:harfbuzz");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:harfbuzz-cairo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:harfbuzz-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:harfbuzz-icu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-17-openjdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-17-openjdk-demo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-17-openjdk-demo-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-17-openjdk-demo-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-17-openjdk-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-17-openjdk-devel-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-17-openjdk-devel-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-17-openjdk-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-17-openjdk-headless");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-17-openjdk-headless-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-17-openjdk-headless-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-17-openjdk-javadoc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-17-openjdk-javadoc-zip");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-17-openjdk-jmods");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-17-openjdk-jmods-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-17-openjdk-jmods-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-17-openjdk-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-17-openjdk-src");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-17-openjdk-src-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-17-openjdk-src-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-17-openjdk-static-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-17-openjdk-static-libs-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-17-openjdk-static-libs-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-21-openjdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-21-openjdk-demo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-21-openjdk-demo-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-21-openjdk-demo-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-21-openjdk-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-21-openjdk-devel-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-21-openjdk-devel-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-21-openjdk-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-21-openjdk-headless");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-21-openjdk-headless-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-21-openjdk-headless-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-21-openjdk-javadoc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-21-openjdk-javadoc-zip");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-21-openjdk-jmods");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-21-openjdk-jmods-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-21-openjdk-jmods-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-21-openjdk-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-21-openjdk-src");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-21-openjdk-src-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-21-openjdk-src-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-21-openjdk-static-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-21-openjdk-static-libs-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-21-openjdk-static-libs-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-25-openjdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-25-openjdk-crypto-adapter");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-25-openjdk-crypto-adapter-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-25-openjdk-crypto-adapter-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-25-openjdk-demo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-25-openjdk-demo-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-25-openjdk-demo-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-25-openjdk-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-25-openjdk-devel-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-25-openjdk-devel-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-25-openjdk-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-25-openjdk-headless");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-25-openjdk-headless-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-25-openjdk-headless-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-25-openjdk-javadoc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-25-openjdk-javadoc-zip");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-25-openjdk-jmods");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-25-openjdk-jmods-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-25-openjdk-jmods-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-25-openjdk-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-25-openjdk-src");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-25-openjdk-src-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-25-openjdk-src-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-25-openjdk-static-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-25-openjdk-static-libs-fastdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-25-openjdk-static-libs-slowdebug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mingw32-harfbuzz");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mingw32-harfbuzz-static");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mingw64-harfbuzz");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mingw64-harfbuzz-static");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:thunderbird");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
script_require_ports("Host/OS/CentOS Linux-7", "Host/OS/CentOS Linux-8", "Host/OS/Debian Linux-11", "Host/OS/Debian Linux-12", "Host/OS/Red Hat Enterprise Linux-10", "Host/OS/Red Hat Enterprise Linux-7", "Host/OS/Red Hat Enterprise Linux-8", "Host/OS/Red Hat Enterprise Linux-9", "Host/OS/Ubuntu Linux-24.04", "Host/OS/Ubuntu Linux-25.04", "Host/OS/Ubuntu Linux-25.10");
exit(0);
}
if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/CentOS/rpm-list")) && empty_or_null(get_one_kb_item("Host/Debian/dpkg-l")) && empty_or_null(get_one_kb_item("Host/RedHat/rpm-list"))) audit(AUDIT_PACKAGE_LIST_MISSING);
include('linux_unpatched.inc');
var distro_constraints_array = {
"Debian Linux-12": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "12",
"pkgs": [
{"reference": "gir1.2-harfbuzz-0.0"},
{"reference": "libharfbuzz-bin"},
{"reference": "libharfbuzz-dev"},
{"reference": "libharfbuzz-doc"},
{"reference": "libharfbuzz-gobject0"},
{"reference": "libharfbuzz-icu0"},
{"reference": "libharfbuzz-subset0"},
{"reference": "libharfbuzz0-udeb"},
{"reference": "libharfbuzz0b"}
]
}
]
},
"Debian Linux-11": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "11",
"pkgs": [
{"reference": "gir1.2-harfbuzz-0.0"},
{"reference": "libharfbuzz-bin"},
{"reference": "libharfbuzz-dev"},
{"reference": "libharfbuzz-doc"},
{"reference": "libharfbuzz-gobject0"},
{"reference": "libharfbuzz-icu0"},
{"reference": "libharfbuzz0-udeb"},
{"reference": "libharfbuzz0b"}
]
}
]
},
"Ubuntu Linux-24.04": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "24.04",
"pkgs": [
{"reference": "gir1.2-harfbuzz-0.0"},
{"reference": "libharfbuzz-bin"},
{"reference": "libharfbuzz-cairo0"},
{"reference": "libharfbuzz-dev"},
{"reference": "libharfbuzz-doc"},
{"reference": "libharfbuzz-gobject0"},
{"reference": "libharfbuzz-icu0"},
{"reference": "libharfbuzz-subset0"},
{"reference": "libharfbuzz0-udeb"},
{"reference": "libharfbuzz0b"}
]
}
]
},
"Ubuntu Linux-25.04": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "25.04",
"pkgs": [
{"reference": "gir1.2-harfbuzz-0.0"},
{"reference": "libharfbuzz-bin"},
{"reference": "libharfbuzz-cairo0"},
{"reference": "libharfbuzz-dev"},
{"reference": "libharfbuzz-doc"},
{"reference": "libharfbuzz-gobject0"},
{"reference": "libharfbuzz-icu0"},
{"reference": "libharfbuzz-subset0"},
{"reference": "libharfbuzz0-udeb"},
{"reference": "libharfbuzz0b"}
]
}
]
},
"Ubuntu Linux-25.10": {
"package_manager": "dpkg-l",
"constraints": [
{
"release": "25.10",
"pkgs": [
{"reference": "gir1.2-harfbuzz-0.0"},
{"reference": "libharfbuzz-bin"},
{"reference": "libharfbuzz-cairo0"},
{"reference": "libharfbuzz-dev"},
{"reference": "libharfbuzz-doc"},
{"reference": "libharfbuzz-gobject0"},
{"reference": "libharfbuzz-icu0"},
{"reference": "libharfbuzz-subset0"},
{"reference": "libharfbuzz0-udeb"},
{"reference": "libharfbuzz0b"}
]
}
]
},
"Red Hat Enterprise Linux-10": {
"package_manager": "rpm-list",
"constraints": [
{
"release": "10",
"pkgs": [
{"reference": "firefox"},
{"reference": "harfbuzz"},
{"reference": "harfbuzz-cairo"},
{"reference": "harfbuzz-devel"},
{"reference": "harfbuzz-icu"},
{"reference": "java-21-openjdk"},
{"reference": "java-21-openjdk-demo"},
{"reference": "java-21-openjdk-demo-fastdebug"},
{"reference": "java-21-openjdk-demo-slowdebug"},
{"reference": "java-21-openjdk-devel"},
{"reference": "java-21-openjdk-devel-fastdebug"},
{"reference": "java-21-openjdk-devel-slowdebug"},
{"reference": "java-21-openjdk-fastdebug"},
{"reference": "java-21-openjdk-headless"},
{"reference": "java-21-openjdk-headless-fastdebug"},
{"reference": "java-21-openjdk-headless-slowdebug"},
{"reference": "java-21-openjdk-javadoc"},
{"reference": "java-21-openjdk-javadoc-zip"},
{"reference": "java-21-openjdk-jmods"},
{"reference": "java-21-openjdk-jmods-fastdebug"},
{"reference": "java-21-openjdk-jmods-slowdebug"},
{"reference": "java-21-openjdk-slowdebug"},
{"reference": "java-21-openjdk-src"},
{"reference": "java-21-openjdk-src-fastdebug"},
{"reference": "java-21-openjdk-src-slowdebug"},
{"reference": "java-21-openjdk-static-libs"},
{"reference": "java-21-openjdk-static-libs-fastdebug"},
{"reference": "java-21-openjdk-static-libs-slowdebug"},
{"reference": "java-25-openjdk"},
{"reference": "java-25-openjdk-crypto-adapter"},
{"reference": "java-25-openjdk-crypto-adapter-fastdebug"},
{"reference": "java-25-openjdk-crypto-adapter-slowdebug"},
{"reference": "java-25-openjdk-demo"},
{"reference": "java-25-openjdk-demo-fastdebug"},
{"reference": "java-25-openjdk-demo-slowdebug"},
{"reference": "java-25-openjdk-devel"},
{"reference": "java-25-openjdk-devel-fastdebug"},
{"reference": "java-25-openjdk-devel-slowdebug"},
{"reference": "java-25-openjdk-fastdebug"},
{"reference": "java-25-openjdk-headless"},
{"reference": "java-25-openjdk-headless-fastdebug"},
{"reference": "java-25-openjdk-headless-slowdebug"},
{"reference": "java-25-openjdk-javadoc"},
{"reference": "java-25-openjdk-javadoc-zip"},
{"reference": "java-25-openjdk-jmods"},
{"reference": "java-25-openjdk-jmods-fastdebug"},
{"reference": "java-25-openjdk-jmods-slowdebug"},
{"reference": "java-25-openjdk-slowdebug"},
{"reference": "java-25-openjdk-src"},
{"reference": "java-25-openjdk-src-fastdebug"},
{"reference": "java-25-openjdk-src-slowdebug"},
{"reference": "java-25-openjdk-static-libs"},
{"reference": "java-25-openjdk-static-libs-fastdebug"},
{"reference": "java-25-openjdk-static-libs-slowdebug"},
{"reference": "thunderbird"}
]
}
]
},
"CentOS Linux-7": {
"package_manager": "rpm-list",
"constraints": [
{
"release": "7",
"pkgs": [
{"reference": "firefox"},
{"reference": "harfbuzz"},
{"reference": "harfbuzz-devel"},
{"reference": "harfbuzz-icu"}
]
}
]
},
"Red Hat Enterprise Linux-7": {
"package_manager": "rpm-list",
"constraints": [
{
"release": "7",
"pkgs": [
{"reference": "firefox"},
{"reference": "harfbuzz"},
{"reference": "harfbuzz-devel"},
{"reference": "harfbuzz-icu"}
]
}
]
},
"CentOS Linux-8": {
"package_manager": "rpm-list",
"constraints": [
{
"release": "8",
"pkgs": [
{"reference": "firefox"},
{"reference": "harfbuzz"},
{"reference": "harfbuzz-devel"},
{"reference": "harfbuzz-icu"},
{"reference": "java-17-openjdk"},
{"reference": "java-17-openjdk-demo"},
{"reference": "java-17-openjdk-demo-fastdebug"},
{"reference": "java-17-openjdk-demo-slowdebug"},
{"reference": "java-17-openjdk-devel"},
{"reference": "java-17-openjdk-devel-fastdebug"},
{"reference": "java-17-openjdk-devel-slowdebug"},
{"reference": "java-17-openjdk-fastdebug"},
{"reference": "java-17-openjdk-headless"},
{"reference": "java-17-openjdk-headless-fastdebug"},
{"reference": "java-17-openjdk-headless-slowdebug"},
{"reference": "java-17-openjdk-javadoc"},
{"reference": "java-17-openjdk-javadoc-zip"},
{"reference": "java-17-openjdk-jmods"},
{"reference": "java-17-openjdk-jmods-fastdebug"},
{"reference": "java-17-openjdk-jmods-slowdebug"},
{"reference": "java-17-openjdk-slowdebug"},
{"reference": "java-17-openjdk-src"},
{"reference": "java-17-openjdk-src-fastdebug"},
{"reference": "java-17-openjdk-src-slowdebug"},
{"reference": "java-17-openjdk-static-libs"},
{"reference": "java-17-openjdk-static-libs-fastdebug"},
{"reference": "java-17-openjdk-static-libs-slowdebug"},
{"reference": "java-21-openjdk"},
{"reference": "java-21-openjdk-demo"},
{"reference": "java-21-openjdk-demo-fastdebug"},
{"reference": "java-21-openjdk-demo-slowdebug"},
{"reference": "java-21-openjdk-devel"},
{"reference": "java-21-openjdk-devel-fastdebug"},
{"reference": "java-21-openjdk-devel-slowdebug"},
{"reference": "java-21-openjdk-fastdebug"},
{"reference": "java-21-openjdk-headless"},
{"reference": "java-21-openjdk-headless-fastdebug"},
{"reference": "java-21-openjdk-headless-slowdebug"},
{"reference": "java-21-openjdk-javadoc"},
{"reference": "java-21-openjdk-javadoc-zip"},
{"reference": "java-21-openjdk-jmods"},
{"reference": "java-21-openjdk-jmods-fastdebug"},
{"reference": "java-21-openjdk-jmods-slowdebug"},
{"reference": "java-21-openjdk-slowdebug"},
{"reference": "java-21-openjdk-src"},
{"reference": "java-21-openjdk-src-fastdebug"},
{"reference": "java-21-openjdk-src-slowdebug"},
{"reference": "java-21-openjdk-static-libs"},
{"reference": "java-21-openjdk-static-libs-fastdebug"},
{"reference": "java-21-openjdk-static-libs-slowdebug"},
{"reference": "mingw32-harfbuzz"},
{"reference": "mingw32-harfbuzz-static"},
{"reference": "mingw64-harfbuzz"},
{"reference": "mingw64-harfbuzz-static"},
{"reference": "thunderbird"}
]
}
]
},
"Red Hat Enterprise Linux-8": {
"package_manager": "rpm-list",
"constraints": [
{
"release": "8",
"pkgs": [
{"reference": "firefox"},
{"reference": "harfbuzz"},
{"reference": "harfbuzz-devel"},
{"reference": "harfbuzz-icu"},
{"reference": "java-17-openjdk"},
{"reference": "java-17-openjdk-demo"},
{"reference": "java-17-openjdk-demo-fastdebug"},
{"reference": "java-17-openjdk-demo-slowdebug"},
{"reference": "java-17-openjdk-devel"},
{"reference": "java-17-openjdk-devel-fastdebug"},
{"reference": "java-17-openjdk-devel-slowdebug"},
{"reference": "java-17-openjdk-fastdebug"},
{"reference": "java-17-openjdk-headless"},
{"reference": "java-17-openjdk-headless-fastdebug"},
{"reference": "java-17-openjdk-headless-slowdebug"},
{"reference": "java-17-openjdk-javadoc"},
{"reference": "java-17-openjdk-javadoc-zip"},
{"reference": "java-17-openjdk-jmods"},
{"reference": "java-17-openjdk-jmods-fastdebug"},
{"reference": "java-17-openjdk-jmods-slowdebug"},
{"reference": "java-17-openjdk-slowdebug"},
{"reference": "java-17-openjdk-src"},
{"reference": "java-17-openjdk-src-fastdebug"},
{"reference": "java-17-openjdk-src-slowdebug"},
{"reference": "java-17-openjdk-static-libs"},
{"reference": "java-17-openjdk-static-libs-fastdebug"},
{"reference": "java-17-openjdk-static-libs-slowdebug"},
{"reference": "java-21-openjdk"},
{"reference": "java-21-openjdk-demo"},
{"reference": "java-21-openjdk-demo-fastdebug"},
{"reference": "java-21-openjdk-demo-slowdebug"},
{"reference": "java-21-openjdk-devel"},
{"reference": "java-21-openjdk-devel-fastdebug"},
{"reference": "java-21-openjdk-devel-slowdebug"},
{"reference": "java-21-openjdk-fastdebug"},
{"reference": "java-21-openjdk-headless"},
{"reference": "java-21-openjdk-headless-fastdebug"},
{"reference": "java-21-openjdk-headless-slowdebug"},
{"reference": "java-21-openjdk-javadoc"},
{"reference": "java-21-openjdk-javadoc-zip"},
{"reference": "java-21-openjdk-jmods"},
{"reference": "java-21-openjdk-jmods-fastdebug"},
{"reference": "java-21-openjdk-jmods-slowdebug"},
{"reference": "java-21-openjdk-slowdebug"},
{"reference": "java-21-openjdk-src"},
{"reference": "java-21-openjdk-src-fastdebug"},
{"reference": "java-21-openjdk-src-slowdebug"},
{"reference": "java-21-openjdk-static-libs"},
{"reference": "java-21-openjdk-static-libs-fastdebug"},
{"reference": "java-21-openjdk-static-libs-slowdebug"},
{"reference": "mingw32-harfbuzz"},
{"reference": "mingw32-harfbuzz-static"},
{"reference": "mingw64-harfbuzz"},
{"reference": "mingw64-harfbuzz-static"},
{"reference": "thunderbird"}
]
}
]
},
"Red Hat Enterprise Linux-9": {
"package_manager": "rpm-list",
"constraints": [
{
"release": "9",
"pkgs": [
{"reference": "firefox"},
{"reference": "firefox-x11"},
{"reference": "harfbuzz"},
{"reference": "harfbuzz-devel"},
{"reference": "harfbuzz-icu"},
{"reference": "java-17-openjdk"},
{"reference": "java-17-openjdk-demo"},
{"reference": "java-17-openjdk-demo-fastdebug"},
{"reference": "java-17-openjdk-demo-slowdebug"},
{"reference": "java-17-openjdk-devel"},
{"reference": "java-17-openjdk-devel-fastdebug"},
{"reference": "java-17-openjdk-devel-slowdebug"},
{"reference": "java-17-openjdk-fastdebug"},
{"reference": "java-17-openjdk-headless"},
{"reference": "java-17-openjdk-headless-fastdebug"},
{"reference": "java-17-openjdk-headless-slowdebug"},
{"reference": "java-17-openjdk-javadoc"},
{"reference": "java-17-openjdk-javadoc-zip"},
{"reference": "java-17-openjdk-jmods"},
{"reference": "java-17-openjdk-jmods-fastdebug"},
{"reference": "java-17-openjdk-jmods-slowdebug"},
{"reference": "java-17-openjdk-slowdebug"},
{"reference": "java-17-openjdk-src"},
{"reference": "java-17-openjdk-src-fastdebug"},
{"reference": "java-17-openjdk-src-slowdebug"},
{"reference": "java-17-openjdk-static-libs"},
{"reference": "java-17-openjdk-static-libs-fastdebug"},
{"reference": "java-17-openjdk-static-libs-slowdebug"},
{"reference": "java-21-openjdk"},
{"reference": "java-21-openjdk-demo"},
{"reference": "java-21-openjdk-demo-fastdebug"},
{"reference": "java-21-openjdk-demo-slowdebug"},
{"reference": "java-21-openjdk-devel"},
{"reference": "java-21-openjdk-devel-fastdebug"},
{"reference": "java-21-openjdk-devel-slowdebug"},
{"reference": "java-21-openjdk-fastdebug"},
{"reference": "java-21-openjdk-headless"},
{"reference": "java-21-openjdk-headless-fastdebug"},
{"reference": "java-21-openjdk-headless-slowdebug"},
{"reference": "java-21-openjdk-javadoc"},
{"reference": "java-21-openjdk-javadoc-zip"},
{"reference": "java-21-openjdk-jmods"},
{"reference": "java-21-openjdk-jmods-fastdebug"},
{"reference": "java-21-openjdk-jmods-slowdebug"},
{"reference": "java-21-openjdk-slowdebug"},
{"reference": "java-21-openjdk-src"},
{"reference": "java-21-openjdk-src-fastdebug"},
{"reference": "java-21-openjdk-src-slowdebug"},
{"reference": "java-21-openjdk-static-libs"},
{"reference": "java-21-openjdk-static-libs-fastdebug"},
{"reference": "java-21-openjdk-static-libs-slowdebug"},
{"reference": "java-25-openjdk"},
{"reference": "java-25-openjdk-crypto-adapter"},
{"reference": "java-25-openjdk-crypto-adapter-fastdebug"},
{"reference": "java-25-openjdk-crypto-adapter-slowdebug"},
{"reference": "java-25-openjdk-demo"},
{"reference": "java-25-openjdk-demo-fastdebug"},
{"reference": "java-25-openjdk-demo-slowdebug"},
{"reference": "java-25-openjdk-devel"},
{"reference": "java-25-openjdk-devel-fastdebug"},
{"reference": "java-25-openjdk-devel-slowdebug"},
{"reference": "java-25-openjdk-fastdebug"},
{"reference": "java-25-openjdk-headless"},
{"reference": "java-25-openjdk-headless-fastdebug"},
{"reference": "java-25-openjdk-headless-slowdebug"},
{"reference": "java-25-openjdk-javadoc"},
{"reference": "java-25-openjdk-javadoc-zip"},
{"reference": "java-25-openjdk-jmods"},
{"reference": "java-25-openjdk-jmods-fastdebug"},
{"reference": "java-25-openjdk-jmods-slowdebug"},
{"reference": "java-25-openjdk-slowdebug"},
{"reference": "java-25-openjdk-src"},
{"reference": "java-25-openjdk-src-fastdebug"},
{"reference": "java-25-openjdk-src-slowdebug"},
{"reference": "java-25-openjdk-static-libs"},
{"reference": "java-25-openjdk-static-libs-fastdebug"},
{"reference": "java-25-openjdk-static-libs-slowdebug"},
{"reference": "thunderbird"}
]
}
]
}
};
var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);
if (!empty_or_null(report))
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : report
);
exit(0);
}
else
{
audit(AUDIT_HOST_NOT, 'affected');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
16 May 2026 00:00Current
5.8Medium risk
Vulners AI Score5.8
CVSS 3.15.3
EPSS0.00089
SSVC