Amazon Linux 2023 : perl-Crypt-PBKDF2 (ALAS2023-2026-1891)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1891 advisory. Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlyin...

Amazon Linux 2023 : libnetapi, libnetapi-devel, libsmbclient (ALAS2023-2026-1895)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1895 advisory. unauthenticated udp packet crashes AD DC nbt server CVE-2026-3238 Samba file servers and classic non-AD domain controllers offer theSamValidatePasswordChange and SamValidatePasswordReset RPC...

Amazon Linux 2023 : clamav1.5, clamav1.5-data, clamav1.5-devel (ALAS2023-2026-1870)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1870 advisory. rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it as the in/out...

Linux Distros Unpatched Vulnerability : CVE-2026-54293

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language...

Amazon Linux 2 : kernel, --advisory ALAS2-2026-3374 (ALAS-2026-3374)

The version of kernel installed on the remote host is prior to 4.14.355-282.731. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3374 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions...

Linux Distros Unpatched Vulnerability : CVE-2026-54273

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined requests that...

RHEL 9 : openssl-fips-provider (RHSA-2026:27744)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27744 advisory. This package provides a custom build of the OpenSSL FIPS module that has been submitted to NIST for certification. Security Fixes: openssl: openssl:...

Amazon Linux 2023 : aspnetcore-runtime-8.0, aspnetcore-runtime-dbg-8.0, aspnetcore-targeting-pack-8.0 (ALAS2023-2026-1869)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1869 advisory. Improper authorization in .NET allows an authorized attacker to elevate privileges locally. CVE-2026-45490 Improper link resolution before file access 'link following' in .NET allows an...

Amazon Linux 2 : perl-GD, --advisory ALAS2-2026-3387 (ALAS-2026-3387)

The version of perl-GD installed on the remote host is prior to 2.49-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3387 advisory. command injection via 2-arg open in makefilehandle CVE-2026-11526 Tenable has extracted the preceding description block directly fro...

Fedora 43 : vips (2026-3b2ddea116)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3b2ddea116 advisory. - update to v8.18.3 - enable uhdr - fix several security issues Tenable has extracted the preceding description block directly from the Fedora...

Amazon Linux 2023 : perl-CryptX, perl-CryptX-tests (ALAS2023-2026-1834)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1834 advisory. CryptX versions before 0.088001 for Perl have a stack buffer overflow in four AEAD decryptverify helpers. The gcmdecryptverify, ccmdecryptverify, chacha20poly1305decryptverify and eaxdecryptverify XS...

Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1894)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1894 advisory. In the Linux kernel, the following vulnerability has been resolved: xfrm: hold dev ref until after transportfinish NFHOOK CVE-2026-31663 In the Linux kernel, the following vulnerability has be...

Linux Distros Unpatched Vulnerability : CVE-2026-54274

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket frame payloads,...

Amazon Linux 2 : httpd, --advisory ALAS2-2026-3379 (ALAS-2026-3379)

The version of httpd installed on the remote host is prior to 2.4.68-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3379 advisory. Use After Free vulnerability in Apache HTTP Server with modldap in per-directory configuration This issue affects Apache HT...

Linux Distros Unpatched Vulnerability : CVE-2026-12549

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sen...

RHEL 9 : crun (RHSA-2026:28036)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:28036 advisory. crun is a OCI runtime Security Fixes: crun: crun: Privilege escalation due to incorrect parsing of the --user option CVE-2026-30892 For more details...

RHEL 9 : .NET 8.0 (RHSA-2026:28011)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28011 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

Amazon Linux 2023 : squid (ALAS2023-2026-1858)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1858 advisory. Due to an Improper Input Validation bug, Squid is vulnerable toa Heap-based Buffer Overflow attack against cache digests. This problem allows a trusted server to perform a Heap-basedBuffer Overflow whe...

Fedora 43 : prometheus (2026-dfc0e362e6)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-dfc0e362e6 advisory. Update to 3.12.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

RHEL 8 : kernel (RHSA-2026:27707)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27707 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net/sched: actpedit: extend the writab...