SUSE SLES12 Security Update : openssh (SUSE-SU-2026:2395-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2395-1 advisory. This update for openssh fixes the following issues - CVE-2026-3497: information disclosure or denial of service due to uninitialized variables...

Linux Distros Unpatched Vulnerability : CVE-2026-22551

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs witho...

RockyLinux 10 : yggdrasil-worker-package-manager (RLSA-2026:25999)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:25999 advisory. golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-32282 Tenable has extracted the preceding description block directly from...

AlmaLinux 8 : xorg-x11-server (ALSA-2026:26709)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:26709 advisory. xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch...

RHEL 8 : dracut (RHSA-2026:26534)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26534 advisory. The dracut packages contain an event-driven initial RAM file system initramfs generator infrastructure based on the udev device manager. The virtual...

SUSE SLED15 / SLES15 Security Update : rustup (SUSE-SU-2026:2441-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2441-1 advisory. This update for rustup fixes the following issues - CVE-2026-25727: time: parsing of user-provided input by the RFC 282...

Linux Distros Unpatched Vulnerability : CVE-2026-50195

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux - Unknown description CVE-2026-50195 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenabl...

Linux Distros Unpatched Vulnerability : CVE-2026-54387

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbati...

Linux Distros Unpatched Vulnerability : CVE-2026-55203

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Net::CIDR::Lite vulnerabilities (USN-8453-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8453-1 advisory. It was discovered that Net::CIDR::Lite incorrectly validated IP address and CIDR mask...

SUSE SLES15 Security Update : helm (SUSE-SU-2026:2439-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2439-1 advisory. This update for helm rebuilds it against the current go security release. Tenable has extracted the preceding description block directly fro...

RockyLinux 8 : kernel (RLSA-2026:26427)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26427 advisory. kernel: mptcp: fix slab-use-after-free in inetlookupestablished CVE-2026-31669 kernel: xen/privcmd: fix double free via VMA splitting CVE-2026-31787...

Photon OS 5.0: Linux PHSA-2026-5.0-0888

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0888. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

AlmaLinux 9 : podman (ALSA-2026:26447)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:26447 advisory. crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation CVE-2026-32281 crypto/tls: golang: Go crypto/tls:...

FreeBSD : Routinator -- CWE-755 Improper Handling of Exceptional Conditions (b1c6c691-6a57-11f1-bf61-3c7c3fba4204)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b1c6c691-6a57-11f1-bf61-3c7c3fba4204 advisory. https://www.nlnetlabs.nl/downloads/routinator/CVE-2026-49232.txt reports: Routinator exits on any error...

SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2026:2453-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2453-1 advisory. This update for java-180-ibm fixes the following issues - CVE-2026-22007: APIs in the specified component can lead to an unauthorized read acce...

Linux Distros Unpatched Vulnerability : CVE-2026-46768

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: VMSVGA device. The supported version that is affected is 7.2.8. Easily...

MiracleLinux 8 : libxml2-2.9.7-21.el8_10.5 (AXSA:2026-795:03)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-795:03 advisory. libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c CVE-2024-34459 Tenable has extracted the preceding description block directly from the...

Linux Distros Unpatched Vulnerability : CVE-2026-9675

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: The undici WebSocket client enforces maxPayloadSize per-frame but does not enforce the cumulative size of fragmented uncompressed messages. A malicious...

Linux Distros Unpatched Vulnerability : CVE-2026-55204

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validat...