RockyLinux 9 : expat (RLSA-2026:23230)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:23230 advisory. libexpat: denial of service via crafted XML input CVE-2026-45186 Tenable has extracted the preceding description block directly from the RockyLinux security...

RockyLinux 9 : image-builder (RLSA-2026:23228)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:23228 advisory. golang: net/url: Memory exhaustion in query parameter parsing in net/url CVE-2025-61726 crypto/tls: Unexpected session resumption in crypto/tls...

RockyLinux 9 : nginx:1.24 (RLSA-2026:19371)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19371 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the RockyLinux security...

RockyLinux 9 : .NET 8.0 (RLSA-2026:21293)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21293 advisory. serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization CVE-2026-34043 dotnet: .NET: infinit...

RockyLinux 9 : fence-agents (RLSA-2026:19355)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19355 advisory. cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves CVE-2026-26007 pyjwt: PyJWT accepts unknown crit header...

RockyLinux 9 : thunderbird (RLSA-2026:21381)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21381 advisory. firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component...

RockyLinux 9 : kernel (RLSA-2026:19568)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19568 advisory. kernel: net/sched: Make cakeenqueue return NETXMITCN when past bufferlimit CVE-2025-39766 kernel: scsi: qla2xxx: Fix improper freeing of purex item...

RockyLinux 9 : libsoup (RLSA-2026:19356)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19356 advisory. libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment CVE-2026-5119 Tenable has extracted the precedin...

RockyLinux 9 : dnsmasq (RLSA-2026:19373)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19373 advisory. dnsmasq: dnsmasq: heap buffer overflow in cache via NAMEESCAPE expansion CVE-2026-2291 dnsmasq: NSEC bitmap parsing infinite loop CVE-2026-4890 dnsmasq:...

RockyLinux 9 : qemu-kvm (RLSA-2026:18772)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18772 advisory. qemu-kvm: VNC WebSocket handshake use-after-free CVE-2025-11234 Tenable has extracted the preceding description block directly from the RockyLinux security...

RockyLinux 9 : buildah (RLSA-2026:19186)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19186 advisory. github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption JWE object CVE-2026-34986 Tenable has...

RockyLinux 9 : nginx (RLSA-2026:7002)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:7002 advisory. nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file modification via...

RockyLinux 9 : osbuild-composer (RLSA-2026:1381)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:1381 advisory. golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 Tenable has extracted the preceding description block directly from the...

RockyLinux 9 : image-builder (RLSA-2026:3839)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:3839 advisory. crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: net/url: Memory exhaustion in...

RockyLinux 9 : openssh (RLSA-2025:23480)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:23480 advisory. openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand CVE-2025-61984 openssh: OpenSSH: Null character in ssh://...

RockyLinux 9 : openexr (RLSA-2026:19359)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19359 advisory. OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file CVE-2026-34588 Tenable has extracted the preceding description block...

RockyLinux 9 : kernel (RLSA-2026:13565)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:13565 advisory. kernel: Linux kernel: Denial of Service in libceph OSD client due to unreset sparse-read state CVE-2026-23136 kernel: Linux kernel: Use-after-free in...

RockyLinux 9 : python-tornado (RLSA-2026:13670)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:13670 advisory. tornado-python: Tornado: Denial of Service via large multipart bodies CVE-2026-31958 tornado: Tornado: Cookie attribute injection due to improper handli...

RockyLinux 9 : fence-agents (RLSA-2026:13672)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:13672 advisory. cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves CVE-2026-26007 pyjwt: PyJWT accepts unknown crit header...

RockyLinux 9 : LibRaw (RLSA-2026:11360)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:11360 advisory. LibRaw: LibRaw: Arbitrary code execution via a specially crafted malicious file CVE-2026-24450 LibRaw: LibRaw: Arbitrary code execution via heap-based...