Linux Distros Unpatched Vulnerability : CVE-2026-44587

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CarrierWave is a framework to upload files from Ruby applications. In versions prior to 2.2.7 and 3.1.3, the contenttypedenylist check fails to escape regex...

Linux Distros Unpatched Vulnerability : CVE-2026-46825

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: VMSVGA device. The supported version that is affected is 7.2.8. Easily...

Linux Distros Unpatched Vulnerability : CVE-2026-55766

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - php-guzzlehttp-psr7 - None CVE-2026-55766 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C...

Linux Distros Unpatched Vulnerability : CVE-2026-50190

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - shaarli - None Ubuntu Linux - Unknown description CVE-2026-50190 Note that Nessus relies on the presence of the package as reported by the vendor...

Fedora 44 : ocserv (2026-28036f36d5)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-28036f36d5 advisory. fix pam-guard-page test Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

SUSE SLES15 Security Update : buildah (SUSE-SU-2026:2416-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2416-1 advisory. This update for buildah rebuilds it against the current go security release. Tenable has extracted the preceding description block directly...

Fedora 43 : perl-GD (2026-63831abaee)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-63831abaee advisory. This update fixes a command injection issue resulting from the use of the 2-argument form of open CVE-2026-11526. Tenable has extracted the preceding...

SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2026:2405-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2405-1 advisory. - CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify bsc1266357. - CVE-2026-42766: Possible NULL Dereference in...

Linux Distros Unpatched Vulnerability : CVE-2026-55392

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfssbisvalid function fails to validate slogblocksize field in NILFS2 superblock before bit-shift...

RockyLinux 9 : dracut (RLSA-2026:26533)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:26533 advisory. dracut: dracut: Root code execution via DHCP options command injection CVE-2026-6893 Tenable has extracted the preceding description block directly from the...

SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2026:2404-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2404-1 advisory. - CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify bsc1266357. - CVE-2026-42766: Possible NULL Dereference in...

Linux Distros Unpatched Vulnerability : CVE-2026-42055

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the...

SUSE SLES15 Security Update : rootlesskit (SUSE-SU-2026:2451-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2451-1 advisory. This update for rootlesskit rebuilds it against the current go security release. Tenable has extracted the preceding description block...

AlmaLinux 8 : dracut (ALSA-2026:26534)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:26534 advisory. dracut: dracut: Root code execution via DHCP options command injection CVE-2026-6893 Tenable has extracted the preceding description block directly from the...

Linux Distros Unpatched Vulnerability : CVE-2026-49268

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A remote attacker can inject LDAP special characters into the Distinguished Name DN construction in DefaultLdapRealm class. User-supplied username input is...

Linux Distros Unpatched Vulnerability : CVE-2026-48142

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both...

SUSE SLED15 / SLES15 Security Update : runc (SUSE-SU-2026:2414-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2414-1 advisory. This update for runc rebuilds it against the current go security release. Tenable has extracted the preceding descripti...

Linux Distros Unpatched Vulnerability : CVE-2025-15661

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a...

Photon OS 5.0: Rsync PHSA-2026-5.0-0885

An update of the rsync package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0885. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

SUSE SLED15 / SLES15 Security Update : docker (SUSE-SU-2026:2429-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2429-1 advisory. - Update to Docker 29.4.0. See upstream changelog online at - Update to buildx 0.33.0. See upstream changelog online at...