Bosch Security Systems IP Cameras Remote Code Execution (CVE-2018-19036)

An issue was discovered in several Bosch IP cameras running firmware 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface. This plugin only works with Tenable.ot. Please visit...

RockyLinux 9 : postfix (RLSA-2026:26205)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:26205 advisory. postfix: buffer over-read via malformed enhanced status code CVE-2026-43964 Tenable has extracted the preceding description block directly from the RockyLinux...

Linux Distros Unpatched Vulnerability : CVE-2026-12294

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and...

Hitachi Energy RTU500 Infinite Loop (CVE-2026-32777)

libexpat before 2.7.5 allows an infinite loop while parsing DTD content, causing Denial of Service impact. Product is only affected if IEC 61850 functionality is configured. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Bosch Security Systems IP Cameras Reflected Cross-site Scripting (CVE-2021-23854)

An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting XSS in the web-based interface. This issue only affects versions 7.7x and 7.6x. All other versions are not affected. This plugin only works with Tenable.ot. Please visit...

Linux Distros Unpatched Vulnerability : CVE-2026-12302

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and...

Linux Distros Unpatched Vulnerability : CVE-2026-12297

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sandbox escape due to incorrect boundary conditions in the Networking component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR...

RockyLinux 9 : hplip (RLSA-2026:26297)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26297 advisory. HPLIP: HPLIP: Privilege escalation and arbitrary code execution via operating system command injection CVE-2026-8632 HPLIP: HPLIP: Arbitrary code...

RHEL 9 : firefox (RHSA-2026:26492)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26492 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

Linux Distros Unpatched Vulnerability : CVE-2026-12321

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. CVE-2026-12321 Note that Nessus...

Linux Distros Unpatched Vulnerability : CVE-2026-12328

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidenc...

RHEL 9 : 389-ds-base (RHSA-2026:26452)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26452 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server a...

Bosch Security Systems IP Cameras Improper Access Control (CVE-2022-41677)

An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information like capabilities about the device itself and network settings of the device, disclosing possibly internal network settings if the device is connected to...

Fedora 44 : librabbitmq (2026-7174ee9a91)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-7174ee9a91 advisory. Version 0.16.0 - 2026-06-08 Security - Fix out-of-bounds read via undersized frames in amqphandleinput GHSA-9mmv-r8g3-qp46, 878 - Fix client crash when serve...

Oracle Linux 8 : libpng15 (ELSA-2026-26347)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-26347 advisory. 1.5.30-9 - fix CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE RHEL-161346 Tenable has extracted the preceding description blo...

Linux Distros Unpatched Vulnerability : CVE-2026-12306

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

RockyLinux 8 : openssl (RLSA-2026:26275)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26275 advisory. openssl: Use After Free with SSLfreebuffers CVE-2024-4741 openssl: Heap Use-After-Free in OpenSSL PKCS7verify CVE-2026-45447 Tenable has extracted the...

Debian dsa-6348 : gsasl - security update

The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6348 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6348-1 [email protected] https://www.debian.org/security/ Moritz...

Photon OS 5.0: Coredns PHSA-2026-5.0-0869

An update of the coredns package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0869. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Linux Distros Unpatched Vulnerability : CVE-2026-12291

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and...