Fedora 43 : pacemaker (2026-6a4bfb1309)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-6a4bfb1309 advisory. Wed Jun 17 2026 Klaus Wenninger - 3.0.2-3 - fix CVE-2026-10649: Fix integer overflows in remote message code Tenable has extracted the preceding description...

SUSE SLED15 / SLES15 Security Update : exiv2 (SUSE-SU-2026:2584-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2584-1 advisory. This update for exiv2 fixes the following issues - CVE-2021-34334: DoS due to integer overflow in loop counter...

Fedora 44 : pacemaker (2026-2c31df81dc)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-2c31df81dc advisory. Wed Jun 17 2026 Klaus Wenninger - 3.0.2-3 - fix CVE-2026-10649: Fix integer overflows in remote message code Tenable has extracted the preceding description...

RockyLinux 8 : freeradius:3.0 (RLSA-2023:2870)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2870 advisory. freeradius: Information leakage in EAP-PWD CVE-2022-41859 freeradius: Crash on unknown option in EAP-SIM CVE-2022-41860 freeradius: Crash on invalid...

Oracle Linux 9 : nginx:1.26 (ELSA-2026-19372)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19372 advisory. - Resolves: RHEL-176218 - nginx:1.26/nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 - CVE-2026-32647 nginx:1.26/nginx: NGINX: Denial of...

RHEL 9 : libxslt (RHSA-2026:29807)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:29807 advisory. libxslt is a library for transforming XML files into other textual formats including HTML, plain text, and other XML representations of the underlyi...

Oracle Linux 9 : mysql (ELSA-2026-23332)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-23332 advisory. 8.0.46-1 - Rebase to 8.0.46 8.0.45-2 - Revert to soft static allocation of MariaDB and MySQL sysusers.d files Tenable has extracted the preceding...

Oracle Linux 9 : .NET / 9.0 (ELSA-2026-21296)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-21296 advisory. 9.0.118-1.0.1 - Add support for Oracle Linux 9.0.118-1 - Update to .NET SDK 9.0.118 and Runtime 9.0.17 - Resolves: RHEL-181553 9.0.117-1 - Update to .NET SDK...

Fedora 43 : rsync (2026-a04e445b3f)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-a04e445b3f advisory. New version 3.4.4 with multiple regression fixes. This update also fixes the following CVEs: CVE-2026-29518 CVE-2026-43617 CVE-2026-43618...

Curl 8.15.0 < 8.21.0 SASL Double-Free

The version of curl installed on the remote host is 8.15.0 prior to 8.21.0. It is, therefore, affected by a double-free vulnerability: - The curl logic that works with SASL authentication could end up cleaning up the GSASL context twice without clearing the pointer in between, making it free the...

RockyLinux 8 : libfastjson (RLSA-2023:6976)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:6976 advisory. json-c, libfastjson: integer overflow and out-of-bounds write via a large JSON file CVE-2020-12762 Tenable has extracted the preceding description block directly...

Oracle Linux 9 : redis (ELSA-2026-23229)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-23229 advisory. 6.2.22-1 - rebase to 6.2.22 for CVE-2026-25243 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note tha...

Oracle Linux 9 : mod_http2 (ELSA-2026-22551)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-22551 advisory. - Resolves: RHEL-182417 - modhttp2: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVE-2026-49975 Tenable has extracted the...

Fedora 43 : tinyproxy (2026-77f1ca9c8f)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-77f1ca9c8f advisory. Backport upstream fixes for CVE-2026-54387 and CVE-2026-54388. Tenable has extracted the preceding description block directly from the Fedora securi...

SUSE SLES15: docker-stable / docker-stable-bash-completion / etc (SUSE-SU-2026:2579-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2579-1 advisory. - CVE-2026-33997: Fixed privilege validation bypass during plugin bsc1265907. - CVE-2026-34040: Fixed Authz zero length regression...

Fedora 44 : tinyproxy (2026-efbe094630)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-efbe094630 advisory. Backport upstream fixes for CVE-2026-54387 and CVE-2026-54388. Tenable has extracted the preceding description block directly from the Fedora securi...

Fedora 43 : openbao (2026-da7e499416)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-da7e499416 advisory. Update to upstream 2.5.5. Also fixes CVE-2026-55770, CVE-2026-55774, CVE-2026-55775, and CVE-2026-55776. Tenable has extracted the preceding...

SUSE SLES15: libopenvswitch-3_1-0 / libovn-23_03-0 / openvswitch3 / etc (SUSE-SU-2026:2476-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2476-1 advisory. This update for openvswitch3 fixes the following issues - CVE-2026-5265: heap over-read in ICMP error response generation bsc126249...

Oracle Linux 9 : libpng (ELSA-2026-28255)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-28255 advisory. - fix CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE RHEL-161448 Tenable has extracted the preceding description blo...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : xrdp vulnerabilities (USN-8476-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8476-1 advisory. It was discovered that xrdp incorrectly handled bounds checking when processing user domain information durin...