Advisory ROSA-SA-2026-3230

software: avahi 0.8 WASP: ROSA-CHROME unaffected versions = avahi-0.8-12.git35bb1b.4 affected versions avahi-0.8-12.git35bb1b.4 CVE-ID: CVE-2025-68276 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Vulnerability in Avahi mDNS/DNS-SD. An unprivileged local user can cause an avahi-daemon DoS crash by...

Advisory ROSA-SA-2026-3228

software: gpsd 3.21 WASP: ROSA-CHROME unaffected versions = gpsd-3.21-5 affected versions gpsd-3.21-5 CVE-ID: CVE-2025-67268 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: Vulnerability in gpsd before commit dc966aa: in drivers/drivernmea2000.c, function hnd129540 handling PGN 129540 - GNSS Satellite...

Advisory ROSA-SA-2026-3225

software: busybox 1.37.0 OS: ROSA-CHROME unaffected versions = busybox-1.37.0-2 affected versions busybox-1.37.0-2 CVE-ID: CVE-2025-46394 BDU-ID: None CVE-Crit: LOW CVE-DESC.: In tar in BusyBox, file names in a TAR archive can be hidden in the list output using terminal escape sequences...

Advisory ROSA-SA-2026-3222

software: suricata 7.0.13 WASP: ROSA-CHROME unaffected versions = suricata-7.0.13-1 affected versions suricata-7.0.13-1 CVE-ID: CVE-2025-64330 BDU-ID: 2025-14771 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Suricata Intrusion Detection and Prevention System is related to a buffer overflow in...

Advisory ROSA-SA-2026-3221

software: python-ldap 3.4.5 WASP: ROSA-CHROME unaffected versions = python-ldap-3.4.5-2 affected versions python-ldap-3.4.5-2 CVE-ID: CVE-2025-61911 BDU-ID: 2026-02913 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the filter.py component of the Python module for working with Python-LDAP LDAP...

Advisory ROSA-SA-2026-3219

software: cups 2.4.16 OS: ROSA-CHROME unaffected versions = cups-2.4.16-1 affected versions cups-2.4.16-1 CVE-ID: CVE-2025-58436 BDU-ID: 2026-02912 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the CUPS print server is associated with uncontrolled resource consumption. Exploitation of the...

Advisory ROSA-SA-2026-3216

software: libpng 1.6.53 WASP: ROSA-CHROME unaffected versions = libpng-1.6.53-1 affected versions libpng-1.6.53-1 CVE-ID: CVE-2025-64505 BDU-ID: 2026-02923 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the pngdoquantize function of the pngrtran.c component of the PNG Libpng bitmap graphics libra...

Advisory ROSA-SA-2026-3215

software: tomcat 9.0.37 WASP: ROSA-CHROME unaffected versions = tomcat-9.0.37-15 affected versions tomcat-9.0.37-15 CVE-ID: CVE-2025-55752 BDU-ID: 2025-13742 CVE-Crit: HIGH CVE-DESC.: An Apache Tomcat application server vulnerability involves relative path traversal. Exploitation of the...

Fedora: Security Advisory (FEDORA-2026-2fef29d32a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2026-4428

A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate revocation checks. To remediate this issue, users should upgrade to AWS-LC 1.71.0 or...

Fedora 43 : bpfman (2026-2fef29d32a)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-2fef29d32a advisory. Fix CVE-2026-31812: Bump quinn-proto to 0.11.14 - Closes rhbz2446359 Tenable has extracted the preceding description block directly from the Fedora security...

Fedora 42 : kiss-fft (2026-aeb63d9dfb)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-aeb63d9dfb advisory. Update to 131.2.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

Fedora 44 : polkit (2026-d4bdf7108e)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-d4bdf7108e advisory. backport of significant upstream patches Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

Medium: libsodium

Issue Overview: libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group...

Fedora 44 : chromium (2026-b7d2936de3)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-b7d2936de3 advisory. Update to 146.0.7680.80 CVE-2026-3909: Out of bounds write in Ski Tenable has extracted the preceding description block directly from the Fedora...

Ubuntu: Security Advisory (USN-8097-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2026-1641)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Slackware: Security Advisory (SSA:2026-077-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 10 : yggdrasil (ELSA-2026-5146)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-5146 advisory. 0.4.8-3 - Bump release for rebuild Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

MiracleLinux 9 : libvpx-1.9.0-10.el9_7 (AXSA:2026-324:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-324:02 advisory. libvpx: Heap buffer overflow in libvpx CVE-2026-2447 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...