Linux Distros Unpatched Vulnerability : CVE-2026-56210

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding...

MiracleLinux 8 : webkit2gtk3-2.52.4-1.el8_10.ML.1 (AXSA:2026-799:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-799:03 advisory. webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash CVE-2026-28946 webkitgtk: Processing maliciously crafted...

Ubuntu 26.04 LTS : GStreamer Bad Plugins vulnerabilities (USN-8446-1)

The remote Ubuntu 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8446-1 advisory. It was discovered that GStreamer Bad Plugins incorrectly handled parsing H.266/VVC picture partition data. An attacker could use this issue to cause...

Fedora 44 : perl-GD (2026-263adf0222)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-263adf0222 advisory. This update fixes a command injection issue resulting from the use of the 2-argument form of open CVE-2026-11526. Tenable has extracted the preceding...

Linux Distros Unpatched Vulnerability : CVE-2026-12151

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of...

RockyLinux 9 : xorg-x11-server (RLSA-2026:26610)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26610 advisory. xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch...

Linux Distros Unpatched Vulnerability : CVE-2026-55748

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some...

SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2026:2453-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2453-1 advisory. This update for java-180-ibm fixes the following issues - CVE-2026-22007: APIs in the specified component can lead to an unauthorized read acce...

Linux Distros Unpatched Vulnerability : CVE-2026-55203

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as...

Linux Distros Unpatched Vulnerability : CVE-2026-55204

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validat...

Linux Distros Unpatched Vulnerability : CVE-2026-42055

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the...

Photon OS 5.0: Linux PHSA-2026-5.0-0888

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0888. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

SUSE SLES15 Security Update : wireshark (SUSE-SU-2026:2437-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2437-1 advisory. This update for wireshark fixes the following issues - CVE-2026-5405: RDP dissector crash bsc1263767. - CVE-2026-5656: Profile impo...

SUSE SLES15 Security Update : frr (SUSE-SU-2026:2454-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2454-1 advisory. This update for frr fixes the following issues Update to frr 8.5.7: - CVE-2026-5107: Fixed an improper access controls in EVPN Type...

Linux Distros Unpatched Vulnerability : CVE-2026-53489

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux - Unknown description CVE-2026-53489 Note that Nessus relies on the presence of the package as reported by the vendor. C Tenable, Inc...

Photon OS 5.0: Jq PHSA-2026-5.0-0885

An update of the jq package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0885. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid321792...

AlmaLinux 9 : dracut (ALSA-2026:26533)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:26533 advisory. dracut: dracut: Root code execution via DHCP options command injection CVE-2026-6893 Tenable has extracted the preceding description block directly from the...

Linux Distros Unpatched Vulnerability : CVE-2026-6733

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an...

Linux Distros Unpatched Vulnerability : CVE-2026-40510

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in pivprocesshistory in src/libopensc/card-piv.c that allows...

Fedora 45 : rust-bon / rust-bon-macros / rust-openssl / rust-openssl-sys / etc (2026-14941c1cf3)

The remote Fedora 45 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-14941c1cf3 advisory. - Update the openssl crate to version 0.10.81 and the openssl-sys crate to version 0.9.117. - Update the zeroize crate to version 1.9.0 and the zeroizederive...