MiracleLinux 8 : firefox-140.10.1-1.el8_10.ML.1 (AXSA:2026-744:11)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-744:11 advisory. firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1 CVE-2026-7323 firefox: thunderbird: Information disclosure...

Linux Distros Unpatched Vulnerability : CVE-2026-37711

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the...

Siemens SENTRON PAC Out-of-bounds Write (CVE-2020-17437)

The TCP/IP stack uIP in affected devices is vulnerable to out-of-bounds write when processing TCP packets with urgent pointer URG where the location of the TCP data payload is calculated improperly. An attacker located in the same network could trigger a Denial-of-Service condition on the device ...

Linux Distros Unpatched Vulnerability : CVE-2026-48019

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - php-laravel-framework - None CVE-2026-48019 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900...

Linux Distros Unpatched Vulnerability : CVE-2026-42507

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When returning errors, functions in the net/textproto package would include its input as part of the error. This might allow an attacker to inject misleading...

RockyLinux 10 : python3.12 (RLSA-2026:19064)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19064 advisory. expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375...

Linux Distros Unpatched Vulnerability : CVE-2026-46145

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/mana: Validate rxhashkeylen Sashiko points out that rxhashkeylen comes from a uAPI structure and is blindly passed to memcpy, allowing the userspace to tra...

AlmaLinux 8 : httpd:2.4 (ALSA-2026:22140)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:22140 advisory. httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase CVE-2025-53020 httpd: modproxyajp: heap-based buffer over-read and memory disclosure in...

Linux Distros Unpatched Vulnerability : CVE-2026-3276

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating...

TencentOS Server 3: httpd:2.4 (TSSA-2026:0425)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0425 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

SUSE SLES15 Security Update : kernel (SUSE-SU-2026:2195-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2195-1 advisory. The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: -...

Linux Distros Unpatched Vulnerability : CVE-2026-45849

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: mscc: ocelot: add missing lock protection in ocelotportxmitinj ocelotportxmitinj calls ocelotcaninject and ocelotportinjectframe without holding the...

Debian dla-4606 : ata-modules-5.10.0-43-armmp-di - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4606 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4606-1 [email protected]...

Linux Distros Unpatched Vulnerability : CVE-2026-44740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed...

IBM WebSphere Application Server 8.5.x < 8.5.5.30 / 9.x < 9.0.5.29 RCE (7274733)

The version of IBM WebSphere Application Server running on the remote host is affected by a remote code execution vulnerability as referenced in the 7274733 advisory. - IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls...

Fedora 44 : postfix (2026-5cf8cc5f32)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-5cf8cc5f32 advisory. This is an update fixing CVE-2026-43964. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

openSUSE 16 Security Update : putty (openSUSE-SU-2026:20851-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20851-1 advisory. Changes in putty: - Update to release 0.84 Fixed a remotely triggerable double-free in RSA key exchange. Fixed a remotely triggerable crash assertion...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : PHP vulnerabilities (USN-8336-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8336-1 advisory. Aleksey Solovev and Nikita Sveshnikov discovered that PHP improperly handled NUL bytes when preparing SQL queries in the...

SUSE SLES15 Security Update : kernel RT (Live Patch 10 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:2131-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2131-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.34 fixes various security issues The following security issues were fixed: -...

SUSE SLES15 Security Update : wireshark (SUSE-SU-2026:2203-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2203-1 advisory. This update for wireshark fixes the following issues - CVE-2026-5401: AFP dissector crash bsc1263756. - CVE-2026-5403: SBC audio...

MiracleLinux 8 : freeipmi-1.6.17-1.el8_10 (AXSA:2026-742:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-742:02 advisory. freeipmi: buffer overflows on response messages via ipmi-oem CVE-2026-33554 Tenable has extracted the preceding description block directly from the MiracleLin...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-42502)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-42502 advisory. - Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML...

SUSE SLES16 Security Update : alloy (SUSE-SU-2026:21852-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21852-1 advisory. This update for alloy fixes the following issues - CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing...

Linux Distros Unpatched Vulnerability : CVE-2026-10230

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was identified in Assimp up to 6.0.4. This impacts the function Assimp::MDL::HalfLife::HL1MDLLoader::readanimations of the file HL1MDLLoader.cpp...

Linux Distros Unpatched Vulnerability : CVE-2026-46605

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incomplete authorization by Apache ActiveMQ server before versions v6.2.6 and v5.19.7 allows authenticated connections to remove existing destinations with prop...

Linux Distros Unpatched Vulnerability : CVE-2026-44518

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has...

SUSE SLES15 Security Update : samba (SUSE-SU-2026:2108-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2108-1 advisory. This update for samba fixes the following issues - CVE-2026-2340: vfsworm does not block directory modification bsc1261158. -...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Texmaker vulnerabilities (USN-8346-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8346-1 advisory. It was discovered that the vendored LibTIFF in Texmaker incorrectly handled memory when parsing malformed TIFF image metadata...

RockyLinux 10 : openssh (RLSA-2026:19069)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19069 advisory. OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode CVE-2026-35385 OpenSSH: OpenSSH: Security bypass via...

openSUSE 16 Security Update : apache-commons-lang3, apache-commons-text, apache-commons-configuration2, apache-commons-cli, apache-commons-io, apache-commons-codec (openSUSE-SU-2026:20841-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20841-1 advisory. Changes in apache-commons-lang3: Update to 3.20.0 New features: - Add SystemProperties.getPathString, Supplier - Add JavaVersion.JAVA25 - Add...

SUSE SLES16 Security Update : python-Pillow (SUSE-SU-2026:21861-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21861-1 advisory. This update for python-Pillow fixes the following issues - CVE-2026-42308: integer overflow in font processing can lead to denial ...

Debian dsa-6317 : php-symfony - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6317 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6317-1 [email protected] https://www.debian.org/securit...

Linux Distros Unpatched Vulnerability : CVE-2026-10532

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection, albe...

Linux Distros Unpatched Vulnerability : CVE-2026-10154

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in Dolibarr ERP CRM 23.0.0/23.0.1/23.0.2. The affected element is an unknown function of the file htdocs/user/messaging.php. Such...

Fedora 44 : libsoup3 (2026-ce6cab40ac)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-ce6cab40ac advisory. Patch for CVE-2026-5119 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

Linux Distros Unpatched Vulnerability : CVE-2025-60483

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A NULL pointer dereference in the gfac4presb4backchannelspresent function /mediatools/avparsers.c of GPAC Project/MP4Box before 26.02.0 allows attackers to caus...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-39824)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-39824 advisory. - NewNTUnicodeString does not check for string length overflow. When provided with a string that...

Fedora 44 : mingw-objfw (2026-59c21cd48b)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-59c21cd48b advisory. Update to 1.5.4. Fixes a buffer overflow caused by integer promotion rules in OFBMPImageFormatHandler and OFQOIImageFormatHandler. ---- Update to 1.5.3 Tenab...

openSUSE 16 Security Update : libsoup (openSUSE-SU-2026:20845-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20845-1 advisory. This update for libsoup fixes the following issue - CVE-2026-4271: use-after-free in the HTTP/2 server when user signal handlers disconnect connections...

Linux Distros Unpatched Vulnerability : CVE-2026-46243

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority- bearing fields such as pid, uid, creduid, and upcalltarge...

Linux Distros Unpatched Vulnerability : CVE-2026-10201

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was determined in Assimp up to 6.0.4. This vulnerability affects the function FBXExporter::WriteObjects of the file FBXExporter.cpp of the...

Linux Distros Unpatched Vulnerability : CVE-2025-60495

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A segmentation violation in the gfmediagetcolorinfo function /mediatools/isomtools.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of...

Fedora 43 : objfw (2026-dd875b58bb)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-dd875b58bb advisory. Update to 1.5.4. Fixes a buffer overflow caused by integer promotion rules in OFBMPImageFormatHandler and OFQOIImageFormatHandler. ---- Update to 1.5.3 Tenab...

AlmaLinux 9 : php:8.3 (ALSA-2026:22142)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:22142 advisory. PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7258 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting...

Debian dsa-6313 : dovecot-auth-lua - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6313 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6313-1 [email protected]...

Linux Distros Unpatched Vulnerability : CVE-2026-45729

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - thorvg - Thor Vector Graphics ThorVG is a production-ready vector graphics engine. Prior to version 1.0.5, a null pointer dereference in...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-39827)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-39827 advisory. - An authenticated SSH client that repeatedly opened channels which were rejected by the server...

Linux Distros Unpatched Vulnerability : CVE-2025-60481

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A NULL pointer dereference in the gfodfac4cfgdsiv1 function /odf/descriptors.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Servi...

SUSE SLES15 Security Update : kernel (Live Patch 1 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:2176-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2176-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.70 fixes various security issues The following security issues were fixed: -...

Fedora 44 : perl-Catalyst-Plugin-Authentication (2026-26666575ae)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-26666575ae advisory. Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks since these versions use Perl's built-in eq comparison...