Bosch Security Systems IP Cameras Remote Code Execution (CVE-2018-19036)

An issue was discovered in several Bosch IP cameras running firmware 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface. This plugin only works with Tenable.ot. Please visit...

Oracle Linux 8 : opencryptoki (ELSA-2026-26352)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-26352 advisory. 3.22.0-3.3 - Resolves: RHEL-171558, Fix possible out-of-bounds access in BER decode functions Tenable has extracted the preceding description block directly fr...

Bosch Security Systems IP Cameras NXP Chip Side-Channel Key Extraction (CVE-2021-3011)

Several Bosch IP cameras are built on a hardware platform that uses an NXP SmartMX/P5x secure element affected by an electromagnetic-wave side-channel vulnerability. An attacker with extended physical access to the device could recover the ECDSA private key and clone the device. The issue resides...

Linux Distros Unpatched Vulnerability : CVE-2026-53614

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - util-linux - None Ubuntu Linux - Local Privilege Escalation via LIBMOUNTFORCEMOUNT2 Environment Variable - nosuid/noexec Bypass in SUID mount8...

Photon OS 4.0: Openssl PHSA-2026-4.0-1031

An update of the openssl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1031. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Fedora 43 : openslide (2026-3c93ea23b5)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3c93ea23b5 advisory. Fix arbitrary memory write with crafted Ventana BIF file CVE-2026-48977. Tenable has extracted the preceding description block directly from the Fedora...

Linux Distros Unpatched Vulnerability : CVE-2026-12319

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. CVE-2026-12319 Note that Nessus relie...

Oracle Linux 8 : openssl (ELSA-2026-26275)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-26275 advisory. - Fix CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify Resolves: RHEL-180978 Tenable has extracted the preceding description block directly...

Fedora 43 : ack (2026-45190a3b6b)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-45190a3b6b advisory. Update to version 3.10.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested fo...

Linux Distros Unpatched Vulnerability : CVE-2026-6009

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution RCE, potentially allowing code execution on the affected system...

MinIO RELEASE.2022-07-24T01-54-52Z < RELEASE.2026-04-14T21-32-45Z Path Traversal (CVE-2026-42600)

The version of MinIO installed on the remote host is RELEASE.2022-07-24T01-54-52Z or later but prior to RELEASE.2026-04-14T21-32-45Z. It is, therefore, affected by a path traversal vulnerability: - A path traversal vulnerability in MinIO's ReadMultiple internode storage-REST endpoint allows a...

Linux Distros Unpatched Vulnerability : CVE-2026-46448

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation. CVE-2026-46448 Note...

openSUSE 16 Security Update : libXpm (openSUSE-SU-2026:20953-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20953-1 advisory. This update for libXpm fixes the following issue: - CVE-2026-4367: out-of-bounds read in xpmNextWord bsc1260928. Tenable has extracted the preceding...

MiracleLinux 8 : postfix-3.5.8-8.el8_10 (AXSA:2026-789:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-789:01 advisory. postfix: buffer over-read via malformed enhanced status code CVE-2026-43964 Tenable has extracted the preceding description block directly from the MiracleLin...

Fortra GoAnywhere Managed File Transfer (MFT) < 7.10.0 Multiple Vulnerabilities

According to its self-reported version, the instance of Fortra GoAnywhere Managed File Transfer MFT running on the remote host is prior to 7.10.0. It is, therefore, affected by multiple vulnerabilities, including: - The login limit is not enforced on the SFTP service if the Web User is configured...

Traefik 2.x < 2.11.48 / 3.x < 3.6.19 / 3.7.x < 3.7.3 Authentication Bypass (CVE-2026-48020)

The version of Traefik installed on the remote macOS host is 2.x prior to 2.11.48, 3.x prior to 3.6.19, or 3.7.x prior to 3.7.3. It is, therefore, affected by an authentication bypass vulnerability: - The StripPrefix middleware allows unauthenticated attackers to bypass route-level authentication...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : FreeRDP vulnerabilities (USN-8432-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8432-1 advisory. It was discovered that FreeRDP incorrectly handled memory under certain circumstances, which could lead to...

Linux Distros Unpatched Vulnerability : CVE-2026-8484

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap buffer overflow vulnerability exists in the Jansi JNI ioctl wrapper due to a lack of size verification for the argument array before the system call. Thi...

Hitachi Energy RTU500 NULL Pointer Dereference (CVE-2026-8479)

IEC 60870-5-104 used in bidirectional mode is vulnerable to a NULL pointer dereference; if a specially crafted sequence of messages is sent for a certain time, this causes Denial of Service impact. Product is only affected if IEC 60870-5-104 functionality in bidirectional mode BCI is configured...

PT-2026-50464

Dell PowerFlex Manager, versions Versions, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection...