AlmaLinux 8 : dracut (ALSA-2026:26534)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:26534 advisory. dracut: dracut: Root code execution via DHCP options command injection CVE-2026-6893 Tenable has extracted the preceding description block directly from the...

Linux Distros Unpatched Vulnerability : CVE-2026-49268

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A remote attacker can inject LDAP special characters into the Distinguished Name DN construction in DefaultLdapRealm class. User-supplied username input is...

SUSE SLES15 Security Update : rootlesskit (SUSE-SU-2026:2451-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2451-1 advisory. This update for rootlesskit rebuilds it against the current go security release. Tenable has extracted the preceding description block...

FreeBSD : nginx -- multiple vulnerabilities (08b0c0f6-6a85-11f1-b8e5-3497f65b111b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 08b0c0f6-6a85-11f1-b8e5-3497f65b111b advisory. The nginx developers report: A use-after-free vulnerability when using HTTP/3 and processing a...

Ubuntu 26.04 LTS : Tomcat vulnerabilities (USN-8450-1)

The remote Ubuntu 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8450-1 advisory. It was discovered that Tomcat did not properly limit the size of WebDAV LOCK and PROPFIND request bodies. A remote attacker could possibly use this issue...

SUSE SLES15 Security Update : libcaca (SUSE-SU-2026:2424-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2424-1 advisory. This update for libcaca fixes the following issue - CVE-2026-42046: an integer overflow vulnerability in libcaca's canvas import functionali...

SUSE SLES12 Security Update : dnsmasq (SUSE-SU-2026:2458-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2458-1 advisory. This update for dnsmasq fixes the following issues - CVE-2026-2291: VU471747: dnsmasq can be abused to record false cached data enabling DoS or...

Fedora 43 : ongres-scram / ongres-stringprep (2026-3fd14ce272)

The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-3fd14ce272 advisory. Ongres Scram update and security fix. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...

SUSE SLES12 Security Update : glibc (SUSE-SU-2026:2440-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2440-1 advisory. - CVE-2026-5928: libio: Fix ungetwc operating on byte stream bsc1262464, BZ 33998 - CVE-2026-5450: stdio-common: Fix buffer overflow in scanf %...

Fedora 43 : restic (2026-e6094447f0)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-e6094447f0 advisory. Update to 0.19.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

Fedora 43 : vorbis-tools (2026-cbf4cd18d1)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-cbf4cd18d1 advisory. CVE-2026-34253 - fix arbitrary code execution via buffer underflow Tenable has extracted the preceding description block directly from the Fedora security...

Linux Distros Unpatched Vulnerability : CVE-2026-9697

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection...

Linux Distros Unpatched Vulnerability : CVE-2025-15661

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a...

Photon OS 5.0: Rsync PHSA-2026-5.0-0885

An update of the rsync package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0885. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Linux Distros Unpatched Vulnerability : CVE-2026-9678

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded qualified...

Photon OS 5.0: Nano PHSA-2026-5.0-0886

An update of the nano package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0886. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

SUSE SLES15 Security Update : kubevirt (SUSE-SU-2026:2400-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2400-1 advisory. Update to version 1.7.4, fixes various go embedded security issues: - CVE-2025-47911: golang.org/x/net/html: various algorithms wit...

SUSE SLED15 / SLES15 Security Update : runc (SUSE-SU-2026:2414-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2414-1 advisory. This update for runc rebuilds it against the current go security release. Tenable has extracted the preceding descripti...

Linux Distros Unpatched Vulnerability : CVE-2026-48988

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - markdown-it is a Markdown parser. Versions 14.1.1 and below contain a denial-of-service vulnerability when typographer: true is enabled, due to quadratic On^2...

Linux Distros Unpatched Vulnerability : CVE-2026-44688

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing...