Photon OS 5.0: Libpng PHSA-2026-5.0-0883

An update of the libpng package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0883. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Linux Distros Unpatched Vulnerability : CVE-2026-48617

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypas...

Linux Distros Unpatched Vulnerability : CVE-2026-40528

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the dokeyvalue function in src/pkcs15init/profile.c tha...

RockyLinux 10 : dracut (RLSA-2026:26532)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:26532 advisory. dracut: dracut: Root code execution via DHCP options command injection CVE-2026-6893 Tenable has extracted the preceding description block directly from the...

SUSE SLES15 Security Update : frr (SUSE-SU-2026:2457-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2457-1 advisory. This update for frr fixes the following issue: - CVE-2026-5107: Fixed an improper access controls in EVPN Type-2 Route Handler...

Ubuntu 16.04 LTS : Dolibarr vulnerability (USN-8448-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8448-1 advisory. It was discovered that Dolibarr incorrectly handled user-supplied database name values during installation. A remote attacker could possibly use this issue to...

SUSE SLES15 Security Update : openssl-1_1-livepatches (SUSE-SU-2026:2410-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:2410-1 advisory. This update for openssl-11-livepatches fixes the following issues - CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify bsc1266357. Tenable has...

Oracle Linux 7 : openssh (ELSA-2026-22468)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-22468 advisory. 7.4p1-23.0.5 - Fix privilege escalation via scp legacy protocol when not in preserving file mode CVE-2026-35385Orabug: 39480251 Tenable has extracted the...

MiracleLinux 8 : dracut-049-244.git20260529.el8_10 (AXSA:2026-806:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-806:01 advisory. dracut: dracut: Root code execution via DHCP options command injection CVE-2026-6893 Tenable has extracted the preceding description block directly from the...

MiracleLinux 8 : libpng12-1.2.57-7.el8_10 (AXSA:2026-793:02)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2026-793:02 advisory. libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 Tenable has extracted the preceding description block directly fro...

SUSE SLED15 / SLES15 Security Update : libcaca (SUSE-SU-2026:2423-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2423-1 advisory. This update for libcaca fixes the following issue - CVE-2026-42046: an integer overflow vulnerability in libcaca's canv...

Linux Distros Unpatched Vulnerability : CVE-2026-56132

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there i...

Linux Distros Unpatched Vulnerability : CVE-2026-46815

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: VMSVGA device. The supported version that is affected is 7.2.8. Easily...

Linux Distros Unpatched Vulnerability : CVE-2026-55199

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSHMSGEXTINFO handler in src/packet.c that...

Linux Distros Unpatched Vulnerability : CVE-2026-48615

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js proxy tunnel error handling could expose proxy credentials in ERRPROXYTUNNEL error messages. When proxy credentials are embedded in the proxy...

Linux Distros Unpatched Vulnerability : CVE-2026-44663

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Vim vulnerabilities (USN-8451-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8451-1 advisory. Srinivas Piskala Ganesh Babu discovered that Vim incorrectly handled...

Linux Distros Unpatched Vulnerability : CVE-2026-56210

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding...

Debian dla-4636 : thunderbird - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4636 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4636-1 [email protected]...

SUSE SLES15 Security Update : distribution (SUSE-SU-2026:2413-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2413-1 advisory. This update for distribution rebuilds it against the current go security release. Tenable has extracted the preceding description block...