SUSE SLES15 Security Update : rootlesskit (SUSE-SU-2026:2452-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2452-1 advisory. This update for rootlesskit rebuilds it against the current go security release. Tenable has extracted the preceding description block...

SUSE SLED15 / SLES15 Security Update : rustup (SUSE-SU-2026:2441-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2441-1 advisory. This update for rustup fixes the following issues - CVE-2026-25727: time: parsing of user-provided input by the RFC 282...

SUSE SLES15 Security Update : container-suseconnect (SUSE-SU-2026:2420-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2420-1 advisory. This update for container-suseconnect rebuilds it against the current go security release. Tenable has extracted the preceding description...

SUSE SLES15 Security Update : ffmpeg-4 (SUSE-SU-2026:2444-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2444-1 advisory. This update for ffmpeg-4 fixes the following issues Update to version 4.4.7: - CVE-2023-6601: HLS Unsafe File Extension Bypass...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Config-IniFiles vulnerability (USN-8445-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8445-1 advisory. It was discovered that Config-IniFiles incorrectly handled the -file argument in certain situations. An attacker could possibly us...

Linux Distros Unpatched Vulnerability : CVE-2026-55204

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validat...

RHCOS 4 : OpenShift Container Platform 4.16.64 (RHSA-2026:25043)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:25043 advisory. - net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 Note that Nessus has not tested for this issue but has instead...

SUSE SLES12 Security Update : perl-XML-LibXML (SUSE-SU-2026:2402-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:2402-1 advisory. This update for perl-XML-LibXML fixes the following issue - CVE-2026-8177: read out-of-bounds heap memory when parsing XML node names containing...

Linux Distros Unpatched Vulnerability : CVE-2026-55200

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2transportread that fails to enforce upper bounds on...

FreeBSD : jenkins -- multiple vulnerabilities (35598415-56de-4562-959c-11fb1fd2d995)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 35598415-56de-4562-959c-11fb1fd2d995 advisory. Jenkins Security Advisory 2026-06-10: Tenable has extracted the preceding description block...

Linux Distros Unpatched Vulnerability : CVE-2026-56211

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC...

RockyLinux 10 : 389-ds-base (RLSA-2026:26456)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:26456 advisory. 389-ds-base: 389-ds-base: unbounded LDAP controls count in getldapmessagecontrolsext causes CPU and heap amplification remote DoS CVE-2026-9064 Bug Fixes and...

SUSE SLES12 Security Update : perl-HTTP-Daemon (SUSE-SU-2026:2408-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:2408-1 advisory. - CVE-2026-8450: Fixed OS command injection via sendfile bsc1266370. Tenable has extracted the preceding description block directly from the SUSE...

Photon OS 5.0: Samba PHSA-2026-5.0-0886

An update of the samba package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0886. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Linux Distros Unpatched Vulnerability : CVE-2026-12505

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a...

SUSE SLES15 Security Update : openssl-3 (SUSE-SU-2026:2393-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2393-1 advisory. This update for openssl-3 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String...

RockyLinux 9 : dracut (RLSA-2026:26533)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:26533 advisory. dracut: dracut: Root code execution via DHCP options command injection CVE-2026-6893 Tenable has extracted the preceding description block directly from the...

SUSE SLED15 / SLES15 Security Update : xwayland (SUSE-SU-2026:2426-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2426-1 advisory. - CreateSaverWindow Use-After-Free Information Disclosure. bsc1266301 - Font Alias Stack-based Buffer Overflow...

Linux Distros Unpatched Vulnerability : CVE-2026-43994

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decodeoauthtokengcm. A uint16t...

Linux Distros Unpatched Vulnerability : CVE-2026-9679

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: undici's cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00, %3B, and %3D into the...