Amazon Linux 2023 : aspnetcore-runtime-10.0, aspnetcore-runtime-dbg-10.0, aspnetcore-targeting-pack-10.0 (ALAS2023-2026-1867)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1867 advisory. Improper authorization in .NET allows an authorized attacker to elevate privileges locally. CVE-2026-45490 Improper link resolution before file access 'link following' in .NET allows an...

RHEL 8 : Red Hat OpenStack Platform 17.1 (python-urllib3) (RHSA-2026:28043)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:28043 advisory. Python HTTP module with connection pooling and file POST abilities. Security Fixes: urllib3: Unbounded decompression chain leads to resourc...

Amazon Linux 2 : poppler, --advisory ALAS2-2026-3362 (ALAS-2026-3362)

The version of poppler installed on the remote host is prior to 0.26.5-43. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3362 advisory. A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file...

Amazon Linux 2023 : libnetapi, libnetapi-devel, libsmbclient (ALAS2023-2026-1895)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1895 advisory. unauthenticated udp packet crashes AD DC nbt server CVE-2026-3238 Samba file servers and classic non-AD domain controllers offer theSamValidatePasswordChange and SamValidatePasswordReset RPC...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2026-107 (ALASKERNEL-5.15-2026-107)

The version of kernel installed on the remote host is prior to 5.15.209-147.245. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2026-107 advisory. In the Linux kernel, the following vulnerability has been resolved: blk-mq: use quiesced elevator switch...

Amazon Linux 2023 : aspnetcore-runtime-8.0, aspnetcore-runtime-dbg-8.0, aspnetcore-targeting-pack-8.0 (ALAS2023-2026-1869)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1869 advisory. Improper authorization in .NET allows an authorized attacker to elevate privileges locally. CVE-2026-45490 Improper link resolution before file access 'link following' in .NET allows an...

Fedora 44 : erlang (2026-ef630b13b0)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-ef630b13b0 advisory. Fix for CVE-2026-48855 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

Fedora 43 : prometheus (2026-dfc0e362e6)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-dfc0e362e6 advisory. Update to 3.12.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2026-1882)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1882 advisory. In the Linux kernel, the following vulnerability has been resolved: arm64: mm: fix VA-range sanity check CVE-2023-53989 In the Linux kernel, the following vulnerability has been resolved:...

RHEL 10 : python3.14-urllib3 (RHSA-2026:27929)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:27929 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

Amazon Linux 2 : python3-urllib3, --advisory ALAS2-2026-3376 (ALAS-2026-3376)

The version of python3-urllib3 installed on the remote host is prior to 1.25.6-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3376 advisory. urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-leve...

Amazon Linux 2023 : python3-jwt, python3-jwt+crypto (ALAS2023-2026-1842)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1842 advisory. PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate u...

CentOS 9 : python-urllib3-1.26.5-8.el9

The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the python-urllib3-1.26.5-8.el9 build changelog. - urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API v...

RHEL 9 : kernel (RHSA-2026:27789)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27789 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: isotp: fix tx.buf...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2026-123 (ALASKERNEL-5.10-2026-123)

The version of kernel installed on the remote host is prior to 5.10.258-257.1041. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2026-123 advisory. In the Linux kernel, the following vulnerability has been resolved: mm: fix zswap writeback race...

TencentOS Server 2: compat-libtiff3 (TSSA-2026:0537)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0537 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

Amazon Linux 2 : python, --advisory ALAS2-2026-3366 (ALAS-2026-3366)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3366 advisory. http.cookies.Morsel.jsoutput returns an inline snippet and only escapes for JavaScript string context. It does not neutralize the...

Amazon Linux 2023 : jq, jq-devel (ALAS2023-2026-1860)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1860 advisory. jq --rawfile invalid-state reuse after String too long causes heap-buffer-overflow CVE-2026-49839 Tenable has extracted the preceding description block directly from the tested product security advisor...

Amazon Linux 2023 : aspnetcore-runtime-9.0, aspnetcore-runtime-dbg-9.0, aspnetcore-targeting-pack-9.0 (ALAS2023-2026-1868)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1868 advisory. Improper authorization in .NET allows an authorized attacker to elevate privileges locally. CVE-2026-45490 Improper link resolution before file access 'link following' in .NET allows an...

Amazon Linux 2023 : python3-urllib3 (ALAS2023-2026-1843)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1843 advisory. urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen..., assertsamehost=False still...