Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : ca-certificates update (USN-8436-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8436-1 advisory. The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained...

openSUSE 16 Security Update : python-python-dotenv (openSUSE-SU-2026:20952-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20952-1 advisory. This update for python-python-dotenv fixes the following issue: - CVE-2026-28684: Prior to version 1.2.2, setkey and unsetkey in python-dotenv follow...

Fedora 43 : bird (2026-564680920c)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-564680920c advisory. BIRD 3.3.1 2026-06-09 BGP: Fix crash when incoming connection for disabled protocol arrives BGP: Fix parsing labelled NLRIs with no next hop BGP: Fix cork...

Fedora 43 : perl-Protocol-HTTP2 (2026-4c8da3ad64)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-4c8da3ad64 advisory. This release fixes CVE-2026-10725 exhausting memory when decompressing request headers. It also improves examples. Tenable has extracted the precedi...

Linux Distros Unpatched Vulnerability : CVE-2026-48853

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers t...

Photon OS 5.0: Libssh PHSA-2026-5.0-0782

An update of the libssh package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0782. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Linux Distros Unpatched Vulnerability : CVE-2026-12317

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152. CVE-2026-12317 Note that Nessus relies on the...

RockyLinux 8 : opencryptoki (RLSA-2026:26352)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:26352 advisory. openCryptoki: openCryptoki: Information disclosure and Denial of Service via malformed BER-encoded cryptographic objects CVE-2026-40253 Tenable has extracted the...

Bosch Security Systems IP Cameras Improper Access Control (CVE-2022-41677)

An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information like capabilities about the device itself and network settings of the device, disclosing possibly internal network settings if the device is connected to...

Oracle Linux 8 : libpng15 (ELSA-2026-26347)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-26347 advisory. 1.5.30-9 - fix CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE RHEL-161346 Tenable has extracted the preceding description blo...

Fedora 44 : librabbitmq (2026-7174ee9a91)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-7174ee9a91 advisory. Version 0.16.0 - 2026-06-08 Security - Fix out-of-bounds read via undersized frames in amqphandleinput GHSA-9mmv-r8g3-qp46, 878 - Fix client crash when serve...

Python Library OpenEXR 3.4.x < 3.4.12 Multiple Vulnerabilities

The version of the OpenEXR Python package installed on the remote host is 3.4.x prior to 3.4.12. It is, therefore, affected by multiple vulnerabilities: - An integer overflow in htundoimpl in src/lib/OpenEXRCore/internalht.cpp leads to a heap-buffer-overflow when decoding a crafted HTJ2K-compress...

Linux Distros Unpatched Vulnerability : CVE-2026-12300

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152. CVE-2026-12300 Note that Nessus relies on the...

Fedora 44 : vorbis-tools (2026-884a9f0fc3)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-884a9f0fc3 advisory. CVE-2026-34253 - fix arbitrary code execution via buffer underflow Tenable has extracted the preceding description block directly from the Fedora security...

Photon OS 5.0: Nginx PHSA-2026-5.0-0857

An update of the nginx package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0857. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Fedora 43 : tig (2026-28df92c223)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-28df92c223 advisory. Fix editor command injection vulnerability only affectsversion 2.6.0. 1432 https://github.com/jonas/tig/issues/1432 Tenable has extracted the preceding...

Linux Distros Unpatched Vulnerability : CVE-2025-56814

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A code injection vulnerability in the wxExecute function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding shell metacharacters...

Photon OS 5.0: Coredns PHSA-2026-5.0-0869

An update of the coredns package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0869. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Linux Distros Unpatched Vulnerability : CVE-2026-12293

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. CVE-2026-12293 Note that Nessus relies on the...

Bosch Security Systems IP Cameras Reflected Cross-site Scripting (CVE-2021-23854)

An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting XSS in the web-based interface. This issue only affects versions 7.7x and 7.6x. All other versions are not affected. This plugin only works with Tenable.ot. Please visit...