SUSE SLED15: ImageMagick / ImageMagick-config-7-SUSE / etc (SUSE-SU-2026:2580-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2580-1 advisory. This update for ImageMagick fixes the following issues This update for ImageMagick fixes the following issues ...

SUSE SLED15 / SLES15 Security Update : exiv2 (SUSE-SU-2026:2584-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2584-1 advisory. This update for exiv2 fixes the following issues - CVE-2021-34334: DoS due to integer overflow in loop counter...

Ubuntu 25.10 / 26.04 LTS : containerd-stable vulnerabilities (USN-8473-1)

The remote Ubuntu 25.10 / 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8473-1 advisory. It was discovered that containerd incorrectly handled HTTP/2 SETTINGS frames. A remote attacker could possibly use this issue to cause containerd...

Oracle Linux 9 : python3.14 (ELSA-2026-28247)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-28247 advisory. - Security fix for CVE-2026-6019 Resolves: RHEL-180642 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Oracle Linux 9 : glib2 (ELSA-2026-19361)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19361 advisory. 2.68.4-19.1 - Add patch for CVE-2025-14087 and CVE-2025-14512 Tenable has extracted the preceding description block directly from the Oracle Linux...

Oracle Linux 9 : .NET / 10.0 (ELSA-2026-21297)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-21297 advisory. 10.0.109-1.0.1 - Add support for Oracle Linux 10.0.109-1 - Update to .NET SDK 10.0.109 and Runtime 10.0.9 - Resolves: RHEL-181558 10.0.108-1 - Update to .NET S...

SUSE SLES16 Security Update : python-aiohttp (SUSE-SU-2026:22173-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22173-1 advisory. This update for python-aiohttp fixes the following issues - CVE-2026-22815: insufficient header/trailer handling can cause a denia...

Fedora 43 : openbao (2026-da7e499416)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-da7e499416 advisory. Update to upstream 2.5.5. Also fixes CVE-2026-55770, CVE-2026-55774, CVE-2026-55775, and CVE-2026-55776. Tenable has extracted the preceding...

RockyLinux 10 : nginx (RLSA-2026:29874)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:29874 advisory. nginx: ngxhttprewritemodule: code execution and denial of service CVE-2026-9256 Tenable has extracted the preceding description block directly from the RockyLin...

SUSE SLED15 / SLES15 Security Update : graphite2 (SUSE-SU-2026:2478-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2478-1 advisory. This update for graphite2 fixes the following issue: - CVE-2026-50593: Out-of-bounds write via Graphite actions...

Oracle Linux 8 : postgresql:12 (ELSA-2026-28999)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-28999 advisory. - Add backport of CVE-2025-8714 Orabug: 38667546 - Fix CVE-2026-2004 CVE-2026-2005 CVE-2026-2006 - Backport CVE-2025-8715 - Fix backport for...

Fedora 44 : lighttpd (2026-1907dd9339)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-1907dd9339 advisory. 1.4.84 ---- 1.4.83 https://wiki.lighttpd.net/Release-1483 Tenable has extracted the preceding description block directly from the Fedora security advisory...

SUSE SLES15 Security Update : kernel (Live Patch 18 for SUSE Linux Enterprise 15 SP6) (SUSE-SU-2026:2588-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2588-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.81 fixes various security issues The following security issues were fixed: -...

PT-2026-52944

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the usb typec ps883x component where a kernel NULL pointer dereference occurs during device unbinding. This happens because the ps883x retimer remove function attempts...

AlmaLinux 9 : python3.14 (ALSA-2026:28247)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:28247 advisory. python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open API CVE-2026-4786 python: Python: Cross-Site Scripting XSS...

Fedora 44 : tinyproxy (2026-efbe094630)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-efbe094630 advisory. Backport upstream fixes for CVE-2026-54387 and CVE-2026-54388. Tenable has extracted the preceding description block directly from the Fedora securi...

SUSE SLES12 Security Update : kernel (Live Patch 69 for SUSE Linux Enterprise 12 SP5) (SUSE-SU-2026:2494-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2494-1 advisory. This update for the SUSE Linux Enterprise Kernel 4.12.14-122.261 fixes various security issues The following security issues were fixed: -...

PT-2026-53001

Summary The global policy read endpoint GET /api/latest/fleet/policies/policy id performs authorization against an empty fleet.Policy struct with nil TeamID, then fetches any policy by ID from the database without verifying the fetched policy actually belongs to the global scope. This allows a us...

Oracle Linux 9 : podman (ELSA-2026-26445)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-26445 advisory. - Rebuild for CVE-2026-32283 - Rebuild for CVE-2026-25679 Tenable has extracted the preceding description block directly from the Oracle Linux security advisor...

AlmaLinux 9 : opencryptoki (ALSA-2026:28256)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:28256 advisory. openCryptoki: openCryptoki: Information disclosure and Denial of Service via malformed BER-encoded cryptographic objects CVE-2026-40253 Tenable has extracted the...