openSUSE 16 Security Update : openjpeg2 (openSUSE-SU-2026:20842-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20842-1 advisory. This update for openjpeg2 fixes the following issue - CVE-2025-54874: openjpeg: missing error check can lead to the use of an uninitialized pointer and...

RockyLinux 9 : vim (RLSA-2026:19224)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19224 advisory. vim: arbitrary command execution via modeline sandbox bypass CVE-2026-34982 Tenable has extracted the preceding description block directly from the RockyLinux...

TencentOS Server 2: glib2 (TSSA-2026:0420)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0420 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

Linux Distros Unpatched Vulnerability : CVE-2026-10275

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw has been found in OpenSC up to 0.26.1. This affects the function testkpgencertwrite of the file src/tools/pkcs11-tool.c of the component pkcs11-tool Key...

Fedora 43 : perl-Catalyst-Plugin-Authentication (2026-af4f5feae8)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-af4f5feae8 advisory. Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks since these versions use Perl's built-in eq comparison...

Linux Distros Unpatched Vulnerability : CVE-2026-45104

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls SLDApplyRuleValuespsRule, psLayer...

Ubuntu 24.04 LTS : FFmpeg vulnerability (USN-8329-1)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8329-1 advisory. It was discovered that the FFmpeg CAF decoder incorrectly handled certain file size calculations. An attacker could possibly use this issue to cause FFmpeg to...

Linux Distros Unpatched Vulnerability : CVE-2026-10200

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Assimp up to 6.0.4. This affects the function glTFCommon::CopyValue in the library glTFCommon.h of the component 4x4 Matrix Parser...

Ubuntu 25.10 / 26.04 LTS : OpenJDK 26 vulnerabilities (USN-8341-1)

The remote Ubuntu 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8341-1 advisory. Thomas Beckers discovered that the JAXP component of OpenJDK 26 did not correctly authenticate certain APIs. A remote unauthenticated attacker...

Linux Distros Unpatched Vulnerability : CVE-2026-48827

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload- pack, git-receive-pack, and other git operations allows...

Linux Distros Unpatched Vulnerability : CVE-2025-60486

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap use-after-free in the dasherprocess function /filters/dasher.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS vi...

SUSE SLES15 Security Update : kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:2189-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2189-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.34 fixes various security issues The following security issues were fixed: -...

openSUSE 16 Security Update : roundcubemail (openSUSE-SU-2026:20852-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20852-1 advisory. Changes in roundcubemail: - update to 1.6.16 - Fix potential too long value in IMAP ID command 10136 - Security: Fix stored XSS/HTML/CSS injecti...

SUSE SLES15 Security Update : kernel (Live Patch 40 for SUSE Linux Enterprise 15 SP4) (SUSE-SU-2026:2141-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2141-1 advisory. This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.164 fixes various security issues The following security issues were fixed: ...

SUSE SLES15 Security Update : kernel RT (Live Patch 0 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:2134-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2134-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.5 fixes various security issues The following security issues were fixed: -...

Linux Distros Unpatched Vulnerability : CVE-2026-41436

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Exim vulnerability (USN-8353-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8353-1 advisory. Warisjeet Singh discovered that Exim with SUPPORTPROXY enabled did not properly handle memory before SMTP authentication. A remote...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-25680)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-25680 advisory. - Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service...

openSUSE 16 Security Update : evince (openSUSE-SU-2026:20850-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20850-1 advisory. Changes in evince: - Update to version 48.2 bsc1265880 CVE-2026-46529: - shell: Quote strings in arguments used when calling evspawn - Update to version...

Ubuntu 25.10 / 26.04 LTS : LibreOffice vulnerability (USN-8352-1)

The remote Ubuntu 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8352-1 advisory. Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched encryption salt parameters in crafted OOXML documents. An attacker could use thi...

SUSE SLES15 Security Update : strongswan (SUSE-SU-2026:2197-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2197-1 advisory. - CVE-2026-35328: infinite loop when handling supported versions TLS extension bsc1261712. - CVE-2026-35329: null pointer dereferen...

AlmaLinux 9 : php:8.2 (ALSA-2026:22143)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:22143 advisory. PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7258 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting...

IBM WebSphere Application Server 8.5.x < 8.5.5.30 / 9.x < 9.0.5.29 Identity Spoofing (7274740)

The version of IBM WebSphere Application Server running on the remote host is affected by an identity spoofing vulnerability as referenced in the 7274740 advisory. - IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing. CVE-2026-8644 Note that Nessus has not tested for...

SUSE SLES15 Security Update : kernel (Live Patch 50 for SUSE Linux Enterprise 15 SP4) (SUSE-SU-2026:2191-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2191-1 advisory. This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.200 fixes various security issues The following security issues were fixed: ...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-46598)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-46598 advisory. - For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes...

Linux Distros Unpatched Vulnerability : CVE-2026-41437

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

Linux Distros Unpatched Vulnerability : CVE-2026-43958

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending a...

SUSE SLES16 Security Update : vim (SUSE-SU-2026:21859-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21859-1 advisory. This update for vim fixes the following issues - CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary fil...

AlmaLinux 8 : php:8.2 (ALSA-2026:22305)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:22305 advisory. PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7258 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : nginx vulnerabilities (USN-8354-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8354-1 advisory. It was discovered that nginx did not properly validate source addresses in the HTTP/3 QUIC module. A remote attacker coul...

CentOS 9 : kernel-5.14.0-710.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the kernel-5.14.0-710.el9 build changelog. - In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proclseek as ones for procreaditer et....

Linux Distros Unpatched Vulnerability : CVE-2026-44825

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hardcoded credentials in the Basic Authentication setup tool bin/solr auth enable in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attack...

SUSE SLES12 Security Update : kernel (Live Patch 75 for SUSE Linux Enterprise 12 SP5) (SUSE-SU-2026:2148-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2148-1 advisory. This update for the SUSE Linux Enterprise Kernel 4.12.14-122.283 fixes various security issues The following security issues were fixed: -...

SUSE SLES15 Security Update : kernel (Live Patch 8 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:2181-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2181-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.28 fixes various security issues The following security issues were fixed: -...

SUSE SLES15 Security Update : kernel (Live Patch 17 for SUSE Linux Enterprise 15 SP6) (SUSE-SU-2026:2199-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2199-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.78 fixes various security issues The following security issues were fixed: -...

Linux Distros Unpatched Vulnerability : CVE-2026-10232

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A weakness has been identified in Assimp up to 6.0.4. Affected by this vulnerability is the function aiNode::aiNode of the file scene.cpp of the component ASE...

SUSE SLES16 Security Update : python-mistune (SUSE-SU-2026:21858-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21858-1 advisory. This update for python-mistune fixes the following issues - CVE-2026-33079: ReDoS in LINKTITLERE can lead to denial of service via...

Linux Distros Unpatched Vulnerability : CVE-2026-10118

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers ...

SUSE SLES16 Security Update : kernel (SUSE-SU-2026:21860-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21860-1 advisory. The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: -...

Oracle Linux 8 : httpd:2.4 (ELSA-2026-22140)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-22140 advisory. - Resolves: RHEL-166277 - httpd:2.4/httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase CVE-2025-53020 modmd Tenable has extracted the preceding...

RockyLinux 8 : httpd:2.4 (RLSA-2026:22140)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:22140 advisory. httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase CVE-2025-53020 httpd: modproxyajp: heap-based buffer over-read and memory disclosure in...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-39828)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-39828 advisory. - When an SSH server authentication callback returned PartialSuccessError with non-nil...

Linux Distros Unpatched Vulnerability : CVE-2026-10233

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security vulnerability has been detected in Assimp up to 6.0.4. Affected by this issue is the function HL1MDLLoader::readsequenceinfos of the file...

Fedora 44 : suricata (2026-53a00bb643)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-53a00bb643 advisory. Upstream bugfix/security release Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

RHEL 7 : webkitgtk4 (RHSA-2026:22136)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22136 advisory. WebKitGTK+ is port of the WebKit portable web rendering engine to the GTK+ platform. These packages provide WebKitGTK+ for GTK+ 3. Security...

Ubuntu 14.04 LTS / 16.04 LTS : GDAL vulnerability (USN-8345-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8345-1 advisory. It was discovered that the vendored LibTIFF in GDAL incorrectly handled memory when parsing malformed TIFF image metadata. An attacker could possibly...

Ubuntu 25.10 / 26.04 LTS : CRaC JDK 21 vulnerabilities (USN-8333-1)

The remote Ubuntu 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8333-1 advisory. Thomas Beckers discovered that the JAXP component of CRaC JDK 21 did not correctly authenticate certain APIs. A remote unauthenticated attacker...

Linux Distros Unpatched Vulnerability : CVE-2026-10194

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A weakness has been identified in OFFIS DCMTK 3.7.0. This affects the function DcmQueryRetrieveIndexDatabaseHandle::deleteOldestImages of the file...

Fedora 44 : perl-Crypt-PasswdMD5 (2026-30d86fe986)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-30d86fe986 advisory. This update uses a cryptographically strong random number source rather than perl's rand function to generate random salt values when required CVE-2026-6659...

SUSE SLES15 Security Update : postgresql14 (SUSE-SU-2026:2117-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2117-1 advisory. This update for postgresql14 fixes the following issues Update to version 14.23. Security issues: - CVE-2026-6472: ensure the user...