SUSE SLES15 Security Update : openssl-1_1-livepatches (SUSE-SU-2026:2410-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:2410-1 advisory. This update for openssl-11-livepatches fixes the following issues - CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify bsc1266357. Tenable has...

Photon OS 5.0: Libpng PHSA-2026-5.0-0883

An update of the libpng package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0883. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Linux Distros Unpatched Vulnerability : CVE-2026-48615

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js proxy tunnel error handling could expose proxy credentials in ERRPROXYTUNNEL error messages. When proxy credentials are embedded in the proxy...

Linux Distros Unpatched Vulnerability : CVE-2026-43915

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting XSS vulnerability in the...

Linux Distros Unpatched Vulnerability : CVE-2026-48617

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypas...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Vim vulnerabilities (USN-8451-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8451-1 advisory. Srinivas Piskala Ganesh Babu discovered that Vim incorrectly handled...

Linux Distros Unpatched Vulnerability : CVE-2026-55199

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSHMSGEXTINFO handler in src/packet.c that...

RockyLinux 10 : postfix (RLSA-2026:25930)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:25930 advisory. postfix: buffer over-read via malformed enhanced status code CVE-2026-43964 Tenable has extracted the preceding description block directly from the RockyLinux...

FreeBSD : Routinator -- CWE-20 Improper Input Validation (40edfb37-6a59-11f1-bf61-3c7c3fba4204)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 40edfb37-6a59-11f1-bf61-3c7c3fba4204 advisory. https://www.nlnetlabs.nl/downloads/routinator/CVE-2026-49234.txt reports: When sending a specifically...

RHEL 8 : kernel (RHSA-2026:26535)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26535 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: geneve: Fix use-after-free in...

Linux Distros Unpatched Vulnerability : CVE-2026-44663

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11...

SUSE SLES15 Security Update : buildah (SUSE-SU-2026:2415-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2415-1 advisory. This update for buildah rebuilds it against the current go security release. Tenable has extracted the preceding description block directly...

Fedora 44 : ocserv (2026-28036f36d5)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-28036f36d5 advisory. fix pam-guard-page test Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

Fedora 43 : perl-GD (2026-63831abaee)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-63831abaee advisory. This update fixes a command injection issue resulting from the use of the 2-argument form of open CVE-2026-11526. Tenable has extracted the preceding...

Photon OS 5.0: Ruby PHSA-2026-5.0-0882

An update of the ruby package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0882. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

RockyLinux 10 : rsync (RLSA-2026:26332)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26332 advisory. rsync: rsync: Remote memory disclosure via integer overflow in compressed-token decoding CVE-2026-43618 rsync: TOCTOU symlink race condition allowing...

Linux Distros Unpatched Vulnerability : CVE-2026-48933

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js WebCrypto implementation can crash the process if the input of subtle.encrypt is a multiple of 2GiB. This vulnerability affects all supported...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-8441-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8441-1 advisory. It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A...

MiracleLinux 8 : libxslt-1.1.32-6.4.el8_10 (AXSA:2026-796:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-796:02 advisory. libxslt: use-after-free with key data stored cross-RVT CVE-2025-10911 Tenable has extracted the preceding description block directly from the MiracleLinux...

Linux Distros Unpatched Vulnerability : CVE-2026-48937

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a GOAWAY frame. This vulnerability affects two supported release...