RHEL 8 : samba (RHSA-2026:28056)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28056 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...

RHEL 8 : samba (RHSA-2026:28058)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28058 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...

Oracle Linux 9 : buildah (ELSA-2026-19186)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19186 advisory. - fixes CVE-2026-34986 - Rebuild for new golang to address CVE-2025-61726 Tenable has extracted the preceding description block directly from the Oracle Linux...

Oracle Linux 9 : NetworkManager (ELSA-2026-18597)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18597 advisory. - Fix CVE-2025-9615 RHEL-111783 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has no...

Oracle Linux 9 : gstreamer1-plugins-bad-free, / gstreamer1-plugins-base, / gstreamer1-plugins-good, / and / gstreamer1-plugins-ugly-free (ELSA-2026-19180)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19180 advisory. gstreamer1-plugins-bad-free 1.22.12-7 - Rebuild to fix missing binaries due to buildsystem oversight 1.22.12-6 - Rebuild for z-stream Resolves:...

Oracle Linux 9 : luksmeta (ELSA-2026-18824)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18824 advisory. 10-1 - New upstream release v10 Resolves: RHEL-122139 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...

Oracle Linux 9 : containernetworking-plugins (ELSA-2026-18913)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-18913 advisory. - Rebuild for new golang to address CVE-2025-61726 Tenable has extracted the preceding description block directly from the Oracle Linux security...

RHEL 8 : postgresql:13 (RHSA-2026:28208)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28208 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Credential recovery via covert...

RockyLinux 8 : postgresql:13 (RLSA-2026:28208)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:28208 advisory. postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison CVE-2026-6478 Tenable has extracted the preceding description...

RockyLinux 8 : postgresql:16 (RLSA-2026:28143)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:28143 advisory. postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison CVE-2026-6478 postgresql: integer overflow can cause an...

RHEL 8 : postgresql:16 (RHSA-2026:28143)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28143 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Credential recovery vi...

RHEL 9 : redis:7 (RHSA-2026:28142)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28142 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and...

RockyLinux 9 : postgresql:15 (RLSA-2026:28037)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:28037 advisory. postgresql: PostgreSQL: Operating system account hijack via symlink following in pgbasebackup and pgrewind CVE-2026-6475 postgresql: PostgreSQL libpq:...

RHEL 9 : postgresql:15 (RHSA-2026:28037)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28037 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Operating system accou...

RHEL 9 : redis (RHSA-2026:28139)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28139 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and...

Linux Distros Unpatched Vulnerability : CVE-2026-53538

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, QuerystringParser treated ; as a field separator in...

Oracle Linux 9 : systemd (ELSA-2026-19213)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19213 advisory. - coredump: use %d in kernel core pattern - CVE-2025-4598 Tenable has extracted the preceding description block directly from the Oracle Linux security advisor...

Oracle Linux 9 : crun (ELSA-2026-19178)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-19178 advisory. - fixes CVE-2026-30892 crun: crun: Privilege escalation due to incorrect parsing of the --user option rhel-9.8 Tenable has extracted the preceding description...

Debian dsa-6362 : gir1.2-gst-plugins-bad-1.0 - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6362 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6362-1 [email protected] https://www.debian.org/securit...

Linux Distros Unpatched Vulnerability : CVE-2026-53537

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, parseoptionsheader parsed Content-Disposition and Content-Type headers with...

Linux Distros Unpatched Vulnerability : CVE-2026-53540

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.31, parseform did not validate the Content-Length header before using it to bound its...

Linux Distros Unpatched Vulnerability : CVE-2026-50178

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. the client-side Angular Language Service VS Code...

Oracle Linux 9 : mariadb:11.8 (ELSA-2026-19182)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19182 advisory. galera 26.4.25-1.0.1 - Drop nmap-ncat requirement. Orabug: 34116228 - Requirement to delete lp1184034 test case without using patches. 26.4.25-1 - Rebased to...

Oracle Linux 9 : freeipmi (ELSA-2026-19208)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19208 advisory. 1.6.17-1 - Update to 1.6.17, fixes CVE-2026-33554 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

Oracle Linux 9 : vim (ELSA-2026-19224)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19224 advisory. - RHEL-159630 CVE-2026-33412 vim: Vim: Arbitrary code execution via command injection in glob function - RHEL-155438 CVE-2026-28417 vim: Vim: Arbitrary code...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : Netatalk vulnerabilities (USN-8455-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8455-1 advisory. Arjun Basnet discovered that Netatalk improperly validated inputs when...

Oracle Linux 9 : mingw-glib2 (ELSA-2026-18705)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18705 advisory. 2.78.6-3 - Resolves: RHEL-131012 - CVE-2025-13601 mingw-glib2: Integer overflow in in gescapeuristring Tenable has extracted the preceding description block...

Linux Distros Unpatched Vulnerability : CVE-2026-55655

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by...

Carrier Corporation i-VU Improper Validation of Array Index (CVE-2025-0657)

CWE-129 Improper Validation of Array Index vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. Software uses an array index that has not been properly validated to ensure it falls within valid array bounds. This can result in out-of-bounds access,...

Oracle WebLogic Server (June 2026 CSPU)

The 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the June 2026 CSPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core...

Linux Distros Unpatched Vulnerability : CVE-2026-49460

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes...

Automated Logic WebCTRL Premium Server URL Redirection to Untrusted Site (CVE-2024-8527)

CWE-601 URL Redirection to Untrusted Site 'Open Redirect' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The application accepts a user-supplied URL and redirects without proper validation, allowing attackers to exploit user sessions through ...

Automated Logic WebCTRL Storing Passwords in a Recoverable Format (CVE-2025-14295)

CWE-257 Storing Passwords in a Recoverable Format vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. An attacker with elevated access can retrieve passwords stored in a recoverable format, potentially compromising credentials and neighboring...

Automated Logic WebCTRL Premium Server Improper Neutralization of Input During Web Page Generation (CVE-2024-8528)

CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. User input is not properly sanitized, allowing injection of malicious scripts into web pages viewed by...

Linux Distros Unpatched Vulnerability : CVE-2026-50557

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.1...

Linux Distros Unpatched Vulnerability : CVE-2026-54651

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.13.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loo...

Linux Distros Unpatched Vulnerability : CVE-2026-50555

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.1...

Photon OS 5.0: Libxml2 PHSA-2026-5.0-0874

An update of the libxml2 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0874. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Linux Distros Unpatched Vulnerability : CVE-2026-54265

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, an...

Linux Distros Unpatched Vulnerability : CVE-2026-54268

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, an...

Carrier Corporation i-VU Storing Passwords in a Recoverable Format (CVE-2025-14295)

CWE-257 Storing Passwords in a Recoverable Format vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. An attacker with elevated access can retrieve passwords stored in a recoverable format, potentially compromising credentials and neighboring...

Oracle Linux 9 : kernel (ELSA-2026-19225)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19225 advisory. - xfrm: esp: avoid in-place decrypt on shared skb frags Sabrina Dubroca RHEL-174563 CVE-2026-43284 - crypto: authencesn - Do not place hiseq at end of...

Oracle Linux 9 : p11-kit (ELSA-2026-18599)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18599 advisory. 0.26.2-1 - Rebase to 0.26.2 Resolves: RHEL-147825 0.26.1-1 - Rebase to 0.26.1 Resolves: RHEL-139075, RHEL-118361, RHEL-126132 0.25.10-1 - Update to new upstrea...

Oracle Linux 9 : webkit2gtk3 (ELSA-2026-19206)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19206 advisory. 2.52.3-1 - Update to 2.52.3 2.50.4-1 - Update to 2.50.4 2.50.3-1 - Update to 2.50.3 2.50.1-1 - Update to 2.50.1 2.50.0-1 - Update to 2.50.0 2.48.5-1 -...

Photon OS 5.0: Linux PHSA-2026-5.0-0890

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0890. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Oracle Linux 9 : podman (ELSA-2026-19173)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19173 advisory. - fixes CVE-2026-34986 go-jose: Go JOSE Denial of Service via crafted JWE Tenable has extracted the preceding description block directly from the Oracle Linux...

Oracle Linux 9 : corosync (ELSA-2026-19200)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19200 advisory. - totemsrp: Return error if sanity check fails fixes CVE-2026-35091 - totemsrp: Fix integer overflow in membjoinsanity fixes CVE-2026-35092 Tenable ha...

Oracle Linux 9 : gdk-pixbuf2 (ELSA-2026-19210)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19210 advisory. - Backport fixes for CVE-2026-5201 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has...

Oracle E-Business Suite (June 2026 CSPU)

The versions of Oracle E-Business Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the June 2026 CSPU advisory. - Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite component: Core. Easily exploitable...

Oracle Linux 9 : sudo (ELSA-2026-19220)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19220 advisory. - CVE-2026-35535 sudo: Privilege escalation due to failure in privilege drop calls Resolves: RHEL-166069 Tenable has extracted the preceding description block...