Fedora: Security Advisory (FEDORA-2026-178c482e71)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 42 : mingw-binutils (2026-fe96f3532b)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-fe96f3532b advisory. Backport fixes for multiple CVEs. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Apple Will Push Out Rare ‘Backported’ Patches to Protect iOS 18 Users From DarkSword Hacking Tool

As DarkSword spreads, Apple tells WIRED it will enable iOS 18-specific fixes for millions of iPhone owners who remain on that iOS version rather than force them to update to iOS 26...

freerdp security update

2:2.11.7-1.3 - Backport several CVE fixes Resolves: RHEL-151988, RHEL-152215...

PT-2026-27282

Name of the Vulnerable Software and Affected Versions Briefcase versions 0.3.0 through 0.3.25 Description Briefcase, a tool for converting Python projects into standalone native applications, has an issue where the installation process for Windows MSI installers, when set to install for All Users...

DEBIAN-CVE-2026-33243

barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were verified as part of a...

EUVD-2026-11160

Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x8664 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. The nscd client in the...

DEBIAN-CVE-2026-3904

Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x8664 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. The nscd client in the...

CVE-2026-3904

Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x8664 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. The nscd client in the...

CVE-2026-3904

Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x8664 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. The nscd client in the...

CVE-2026-3904

The CVE-2026-3904 issue affects the GNU C Library (GLIBC) v2.36 on x86_64 where memcmp, used by an NSS-backed path accessing nscd client code, may operate on inputs concurrently modified by other threads. This undefined behavior could crash the nscd client and dependent applications. The vulnerab...

CVE-2026-3904

Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x8664 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. The nscd client in the...

PT-2026-24675

Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x86 64 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. The nscd client in th...

EUVD-2025-208322

Ubuntu Linux 6.8 GA retains the legacy AFUNIX garbage collector but backports upstream commit 8594d9b85c07 "afunix: Don’t call skbget for OOB skb". When orphaned MSGOOB sockets hit unixgc, the garbage collector still calls kfreeskb as if OOB SKBs held two references; on Ubuntu Linux 6.8 Noble...

Fedora 42 : python-pillow (2026-0d673fa503)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-0d673fa503 advisory. Backport fix for CVE-2026-25990. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Rancher's restricted PodSecurityPolicy does not prevent containers from running as a privileged user

Impact The restricted pod security policy PSP, provided in Rancher versions from 2.0 up to and including 2.6.3, has a deviation from the upstream restricted policy provided in Kubernetes, in which Rancher's PSP has runAsUser set to runAsAny, while upstream has runAsUser set to MustRunAsNonRoot...

Oracle Linux 8 : freerdp (ELSA-2026-3334)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-3334 advisory. 2:2.11.7-3 - Backport several CVE fixes Resolves: RHEL-148825, RHEL-148865, RHEL-148982 Tenable has extracted the preceding description block directly...

Fedora 42 : mingw-libsoup (2026-07b73214fc)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-07b73214fc advisory. Backport fixes for CVE-2026-0716, CVE-2026-0719. Tenable has extracted the preceding description block directly from the Fedora security advisory...

freerdp security update

2:2.11.7-2 - Backport several CVE fixes Resolves: RHEL-142417, RHEL-142401, RHEL-142385, RHEL-142369, RHEL-142353 Resolves: RHEL-142337, RHEL-142321...

Oracle Linux 8 : freerdp (ELSA-2026-2081)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-2081 advisory. 2:2.11.7-2 - Backport several CVE fixes Resolves: RHEL-142417, RHEL-142401, RHEL-142385, RHEL-142369, RHEL-142353 Resolves: RHEL-142337, RHEL-142321...