338202 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-49388
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - netatalk - None Ubuntu Linux - Unknown description CVE-2026-49388 Note that Nessus relies on the presence of the package as reported by the vendo...
RHEL 10 : go-fdo-client and go-fdo-server (RHSA-2026:22141)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22141 advisory. This package provides a server-side implementation of the FIDO Device Onboard FDO specification, written in Go. FDO is an open standard fo...
openSUSE 16 Security Update : localsearch (openSUSE-SU-2026:20821-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20821-1 advisory. - CVE-2026-1764: Fixed a heap buffer overflow leads to denial of service or information disclosure when parsing MP3 files. bsc1257606 -...
RockyLinux 10 : libsndfile (RLSA-2026:19560)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19560 advisory. libsndfile: integer overflow in imareaderinit CVE-2026-37555 Tenable has extracted the preceding description block directly from the RockyLinux security advisor...
Debian dsa-6315 : cyborg-agent - security update
The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6315 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6315-1 [email protected] https://www.debian.org/securit...
RHEL 8 : resource-agents (RHSA-2026:22132)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:22132 advisory. The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several servic...
openSUSE 16 Security Update : python-Pillow (openSUSE-SU-2026:20831-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20831-1 advisory. This update for python-Pillow fixes the following issues - CVE-2026-42308: integer overflow in font processing can lead to denial of service...
Fedora 44 : suricata (2026-53a00bb643)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-53a00bb643 advisory. Upstream bugfix/security release Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : QtSvg vulnerabilities (USN-8337-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8337-1 advisory. It was discovered that QtSvg incorrectly handled certain SVG images. An attacker could possibly use this issue to cau...
Fedora 43 : chromium (2026-c004108bb8)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-c004108bb8 advisory. Update to 148.0.7778.215 CVE-2026-9872: Out of bounds write in GPU CVE-2026-9873: Use after free in Network CVE-2026-9874: Use after free in Dawn...
Linux Distros Unpatched Vulnerability : CVE-2024-13745
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - edk2 - None Ubuntu Linux - Unknown description CVE-2024-13745 Note that Nessus relies on the presence of the package as reported by the vendor...
SUSE SLED15 / SLES15 Security Update : python-urllib3 (SUSE-SU-2026:2119-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2119-1 advisory. This update for python-urllib3 fixes the following issue - CVE-2026-44431: sensitive information disclosure due to...
RHEL 8 : java-1.8.0-ibm (RHSA-2026:22139)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22139 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. Security Fixes: openjdk: OpenJDK...
Debian dla-4611 : keystone - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4611 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4611-1 [email protected]...
openSUSE 16 Security Update : hauler (openSUSE-SU-2026:20838-1)
The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20838-1 advisory. Changes in hauler: - update x/crypto to 0.52.0 bsc1266167, CVE-2026-39827, CVE-2026-39834,CVE-2026-39828,CVE-2026-39829,CVE-2026-39831,...
Ubuntu 16.04 LTS : CableSwig vulnerabilities (USN-8316-1)
The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8316-1 advisory. It was discovered that Expat, vendored in CableSwig, incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or...
Debian dsa-6316 : chromium - security update
The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6316 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6316-1 [email protected]...
RHEL 8 : resource-agents (RHSA-2026:22131)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:22131 advisory. The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several servic...
Linux Distros Unpatched Vulnerability : CVE-2026-42250
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bzip2 contains an offbyone error in the bzip2recover utility. When processing a specially crafted file, the application performs an outofbounds write to a globa...
SUSE SLES15 Security Update : podman (SUSE-SU-2026:2107-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2107-1 advisory. This update for podman rebuilds it against the current go security release. Tenable has extracted the preceding description block directly...
SUSE SLES15 Security Update : docker-stable (SUSE-SU-2026:2120-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2120-1 advisory. This update for docker-stable fixes the following issues - CVE-2026-33747: github.com/moby/buildkit: malicious frontends can craft...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : OpenJDK 25 vulnerabilities (USN-8339-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8339-1 advisory. Thomas Beckers discovered that the JAXP component of OpenJDK 25 did not correctly authenticate certain APIs. A remote...
Linux Distros Unpatched Vulnerability : CVE-2025-26843
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - znuny - None Ubuntu Linux - Unknown description CVE-2025-26843 Note that Nessus relies on the presence of the package as reported by the vendor...
Fedora 43 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2026-dd9cd16b18)
The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-dd9cd16b18 advisory. nginx-mod-brotli: - Rebuild for 1.30.2 nginx-mod-fancyindex: - Rebuild for 1.30.2 nginx-mod-naxsi: - Rebuild for 1.30.2 nginx-mod-headers-more: - Rebuild for...
Linux Distros Unpatched Vulnerability : CVE-2026-45076
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : QT WebEngine vulnerability (USN-8347-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8347-1 advisory. It was discovered that the vendored LibTIFF in QT WebEngine incorrectly handled memory when parsing malformed TIFF...
Fedora 44 : chromium (2026-a688180654)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-a688180654 advisory. Update to 148.0.7778.215 CVE-2026-9872: Out of bounds write in GPU CVE-2026-9873: Use after free in Network CVE-2026-9874: Use after free in Dawn...
openSUSE 16 Security Update : vim (openSUSE-SU-2026:20828-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20828-1 advisory. This update for vim fixes the following issues - CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary file reads and...
RockyLinux 9 : php:8.2 (RLSA-2026:22143)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:22143 advisory. PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7258 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : OpenJDK 11 vulnerabilities (USN-8331-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8331-1 advisory. Thomas Beckers discovered that the JAXP component of OpenJDK 11 did not correctly authenticate...
Debian dsa-6314 : python3-swift - security update
The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6314 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6314-1 [email protected] https://www.debian.org/security/ Moritz...
SUSE SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2026:2110-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2110-1 advisory. This update for java-180-ibm fixes the following issues - CVE-2026-22007: APIs in the specified component can lead to an unauthoriz...
openSUSE 16 Security Update : python-mistune (openSUSE-SU-2026:20827-1)
The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20827-1 advisory. This update for python-mistune fixes the following issues - CVE-2026-33079: ReDoS in LINKTITLERE can lead to denial of service via a crafted...
Debian dla-4613 : python-aiohttp-doc - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4613 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4613-1 [email protected]...
Fedora 44 : objfw (2026-f9938a84c7)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-f9938a84c7 advisory. Update to 1.5.4. Fixes a buffer overflow caused by integer promotion rules in OFBMPImageFormatHandler and OFQOIImageFormatHandler. ---- Update to 1.5.3 Tenab...
SUSE SLES15 Security Update : postgresql14 (SUSE-SU-2026:2117-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2117-1 advisory. This update for postgresql14 fixes the following issues Update to version 14.23. Security issues: - CVE-2026-6472: ensure the user...
RockyLinux 9 : php:8.3 (RLSA-2026:22142)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:22142 advisory. PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7258 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting...
Fedora 44 : perl-Crypt-PasswdMD5 (2026-30d86fe986)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-30d86fe986 advisory. This update uses a cryptographically strong random number source rather than perl's rand function to generate random salt values when required CVE-2026-6659...
Linux Distros Unpatched Vulnerability : CVE-2026-10194
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A weakness has been identified in OFFIS DCMTK 3.7.0. This affects the function DcmQueryRetrieveIndexDatabaseHandle::deleteOldestImages of the file...
Fedora 43 : perl-Crypt-PasswdMD5 (2026-96c8ae7dbe)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-96c8ae7dbe advisory. This update uses a cryptographically strong random number source rather than perl's rand function to generate random salt values when required CVE-2026-6659...
Ubuntu 25.10 / 26.04 LTS : CRaC JDK 21 vulnerabilities (USN-8333-1)
The remote Ubuntu 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8333-1 advisory. Thomas Beckers discovered that the JAXP component of CRaC JDK 21 did not correctly authenticate certain APIs. A remote unauthenticated attacker...
RHEL 7 : webkitgtk4 (RHSA-2026:22136)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22136 advisory. WebKitGTK+ is port of the WebKit portable web rendering engine to the GTK+ platform. These packages provide WebKitGTK+ for GTK+ 3. Security...
Ubuntu 14.04 LTS / 16.04 LTS : GDAL vulnerability (USN-8345-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8345-1 advisory. It was discovered that the vendored LibTIFF in GDAL incorrectly handled memory when parsing malformed TIFF image metadata. An attacker could possibly...
Linux Distros Unpatched Vulnerability : CVE-2026-45149
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS : Vim vulnerability (USN-8342-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8342-1 advisory. It was discovered that Vim did not properly handle backticks in tag filenames. An attacker could possibly use this issue to...
Linux Distros Unpatched Vulnerability : CVE-2026-47759
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via unsanitized data-mce- attributes...
RockyLinux 8 : php:8.2 (RLSA-2026:22305)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:22305 advisory. PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7258 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting...
SUSE SLES12 Security Update : postgresql14 (SUSE-SU-2026:2086-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2086-1 advisory. This update for postgresql14 fixes the following issues Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema...
openSUSE 16 Security Update : apptainer (openSUSE-SU-2026:20834-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20834-1 advisory. Changes in apptainer: - Fix CVE-2026-39827, CVE-2026-39834, CVE-2026-39828, CVE-2026-39829, CVE-2026-39831, CVE-2026-42508, CVE-2026-39833,...
openSUSE 16 Security Update : trivy (openSUSE-SU-2026:20833-1)
The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20833-1 advisory. Changes in trivy: - update x/crypto to 0.52.0 bsc1266075, CVE-2026-39827, CVE-2026-39834,CVE-2026-39828,CVE-2026-39829,CVE-2026-39831,...