Fedora 43 : erlang (2026-e692d95607)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-e692d95607 advisory. Fix for CVE-2026-48855 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

Linux Distros Unpatched Vulnerability : CVE-2026-54275

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the serverhostname TLS SNI check can be bypassed when an existi...

Amazon Linux 2 : libnfs, --advisory ALAS2-2026-3367 (ALAS-2026-3367)

The version of libnfs installed on the remote host is prior to 1.11.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3367 advisory. libnfs through 6.0.2 before 55c18ea does not validate a string size, leading to an integer overflow during a connection to a crafte...

RHEL 8 : Red Hat OpenStack Platform 17.1 (python-pyasn1) (RHSA-2026:28042)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28042 advisory. This is an implementation of ASN.1 types and codecs in the Python programming language. Security Fixes: pyasn1: Denial of Service due to memory...

Fedora 44 : python3-docs / python3.14 (2026-a2c583a4ab)

The remote Fedora 44 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-a2c583a4ab advisory. New Python release including bugfixes and security fixes. Tenable has extracted the preceding description block directly from the Fedora security...

Cisco Umbrella Virtual Appliance < 3.8.5 Privilege Escalation (cisco-sa-umbrella-priv-esc-F4wJB7AU)

According to its self-reported version, Cisco Umbrella Insights Virtual Appliance is affected by a vulnerability. - A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability i...

Amazon Linux 2023 : poppler, poppler-cpp, poppler-cpp-devel (ALAS2023-2026-1852)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1852 advisory. A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the...

RHEL 10 : firefox (RHSA-2026:27715)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:27715 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

Linux Distros Unpatched Vulnerability : CVE-2026-54280

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, payload resources are not closed correctly when a client...

Linux Distros Unpatched Vulnerability : CVE-2026-54276

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, DigestAuthMiddleware can send an authentication response after...

SUSE SLES15 Security Update : ldns (SUSE-SU-2026:2461-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2461-1 advisory. This update for ldns fixes the following issue - CVE-2026-10846: When ldns is used by applications for stub resolving, it does not...

Linux Distros Unpatched Vulnerability : CVE-2026-54277

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, it is possible to bypass the maxlinesize check in parts of an...

SUSE SLED15 / SLES15 Security Update : apache-sshd, jpgpj (SUSE-SU-2026:2472-1)

"The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2472-1 advisory. This update for apache-sshd, jpgpj fixes the following issues - CVE-2020-36843: no check performed on scalar ...

RHEL 9 : Red Hat OpenStack Platform 17.1 (golang-uber-multierr) (RHSA-2026:28046)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28046 advisory. Security Fixes: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-32282 For more details about the security issues,...

Amazon Linux 2023 : aspnetcore-runtime-9.0, aspnetcore-runtime-dbg-9.0, aspnetcore-targeting-pack-9.0 (ALAS2023-2026-1868)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1868 advisory. Improper authorization in .NET allows an authorized attacker to elevate privileges locally. CVE-2026-45490 Improper link resolution before file access 'link following' in .NET allows an...

RHEL 10 : yggdrasil-worker-package-manager (RHSA-2026:27732)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:27732 advisory. yggdrasil-worker-package-manager is a simple package manager yggd worker. It knows how to install and remove packages, add, remove, enable and...

Amazon Linux 2023 : bpftool6.18, kernel6.18, kernel6.18-devel (ALAS2023-2026-1881)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1881 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: validate the whole DACL before rewriting it in cifsacl CVE-2026-31709 Tenable has extracted the preceding description...

RHEL 8 : Red Hat OpenStack Platform 17.1 (python-urllib3) (RHSA-2026:28043)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:28043 advisory. Python HTTP module with connection pooling and file POST abilities. Security Fixes: urllib3: Unbounded decompression chain leads to resourc...

Amazon Linux 2023 : perl-Sereal-Decoder (ALAS2023-2026-1830)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1830 advisory. Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srldecoder.c, srlreadobject and srlreadhash process a COPY tag, a back-reference whose...

Fedora 44 : ffmpeg (2026-bc8f441ba4)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-bc8f441ba4 advisory. The latest stable FFmpeg release from the 8.1 release branch. https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/n8.1.2:/Changelog Fixes CVE-2026-30999 . Tenable...