RockyLinux 10 : python-jwcrypto (RLSA-2026:19042)

The remote RockyLinux 10 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2026:19042 advisory. JWCrypto: python-cryptography: python: JWCrypto: Memory exhaustion via crafted compressed JWE tokens CVE-2026-39373 Tenable has extracted the preceding...

Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.19.16 security, enhancement & bug fix update

Red Hat OpenShift Data Foundation 4.19.16 security, enhancement & bug fix update Red Hat OpenShift Data Foundation 4.19.16 security, enhancement & bug fix update FIXED BUGS: ========== DFBUGS-6482: Backport to odf-4.19.z ODF installation constantly fails with Assisted Installer CVEs: ==========...

CVE-2026-20188

Following the initial publication of the Security Advisory about a denial of service DoS condition in Cisco Crosswork Network Controller and Cisco Network Services Orchestrator NSO, additional information has been made available to the Cisco Product Security Incident Response Team PSIRT. Upon...

Medium: libXpm

Issue Overview: As per upstream advisory: libXpm Out-of-bounds read in xpmNextWord CVE-2026-4367 Affected Packages: libXpm Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correctio...

Important: kernel-livepatch-5.10.251-248.983

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags "Dirty Frag" and other issues in Amazon Linux kernels: https://aws.amazon.com/security/security-bulletins/2026-027-aws/ CVE-2026-43284 Affected Packages:...

Google Chrome < 147.0.7727.137 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 147.0.7727.137. It is, therefore, affected by multiple vulnerabilities as referenced in the 202604stable-channel-update-for-desktop28 advisory. - Use after free in Canvas in Google Chrome on Linux, ChromeOS prior to...

Oracle Linux 10 / 8 / 9 : java-21-openjdk (ELSA-2026-9689)

The remote Oracle Linux 10 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-9689 advisory. 1:21.0.11.0.10-1.0.1 - Add Oracle vendor bug URL Orabug: 34340155 1:21.0.11.0.10-1 - Update to jdk-21.0.11+10 GA - Update release notes to...

SUSE SLES15 / openSUSE 15 Security Update : google-cloud-sap-agent (SUSE-SU-2026:1194-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1194-1 advisory. This update for google-cloud-sap-agent fixes the following issue: Update to google-cloud-sap-agent 3.12 bsc1259816: -...

Fedora: Security Advisory (FEDORA-2026-49aedae50d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-8105-2: FreeRDP regression

USN-8105-1 fixed vulnerabilities in FreeRDP. The update introduced a regression which could cause FreeRDP to crash. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that FreeRDP incorrectly handled certain RDP packets. A remote attack...

SUSE SLES16 Security Update : go1.24 (SUSE-SU-2026:20429-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:20429-1 advisory. Update to version 1.24.13. Security issues fixed: - CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allow...

Medium: amazon-ecr-credential-helper

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

Amazon Linux 2 : fontforge, --advisory ALAS2-2026-3153 (ALAS-2026-3153)

The version of fontforge installed on the remote host is prior to 20120731b-13. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3153 advisory. FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote...

AlmaLinux 10 : glib2 (ALSA-2026:0975)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:0975 advisory. glib: Integer overflow in in gescapeuristring CVE-2025-13601 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory...

MiracleLinux 8 : go-toolset:rhel8 (AXSA:2024-8888:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8888:01 advisory. golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2025:4393-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4393-1 advisory. The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issu...

CVE-2025-40291

In the Linux kernel, the following vulnerability has been resolved: iouring: fix regbuf vector size truncation There is a report of ioestimatebvecsize truncating the calculated number of segments that leads to corruption issues. Check it doesn't overflow "int"s used later. Rough but simple, can b...

Ubuntu: Security Advisory (USN-7882-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

TencentOS Server 4: dpdk (TSSA-2025:0071)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0071 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Fedora 44 : kubernetes1.33 (2025-fe1d8025b0)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-fe1d8025b0 advisory. Automatic update for kubernetes1.33-1.33.6-1.fc44. Changelog Thu Nov 13 2025 Bradley G Smith - 1.33.6-1 - Update to release v1.33.6 - Resolves:...