RockyLinux 9 : opentelemetry-collector (RLSA-2026:19353)

The remote RockyLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2026:19353 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go:...

ImageMagick < 6.9.13-48 / 7.x < 7.1.2-22 Vulnerability

The remote host has a version of ImageMagick installed that is prior to 6.9.13-48 or 7.x prior 7.1.2-22. It is, therefore, affected by a vulnerability. — An invalid connected-components:keep-top value could result in a heap buffer over-read when performing the connected components operation...

SUSE SLED15 / SLES15 Security Update : python-urllib3_1 (SUSE-SU-2026:2067-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2067-1 advisory. This update for python-urllib31 fixes the following issue - CVE-2026-44431: sensitive information disclosure due to...

SUSE SLES12 Security Update : postgresql16 (SUSE-SU-2026:2084-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2084-1 advisory. This update for postgresql16 fixes the following issues Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema...

SUSE SLES12 Security Update : python-urllib3 (SUSE-SU-2026:2065-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2065-1 advisory. This update for python-urllib3 fixes the following issue - CVE-2026-44431: sensitive information disclosure due to sensitive headers being...

openSUSE 16 Security Update : alloy (openSUSE-SU-2026:20816-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20816-1 advisory. This update for alloy fixes the following issues - CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing encrypted key...

MiracleLinux 8 : gnutls-3.6.16-8.el8_10.6.ML.1 (AXSA:2026-729:16)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-729:16 advisory. gnutls: Add more checks to DTLS reassembly CVE-2026-33846 gnutls: Fix qsort comparator in DTLS reassembly CVE-2026-42009 gnutls: Fix crashing on an...

Linux Distros Unpatched Vulnerability : CVE-2026-46113

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: x86: Fix shadow paging use-after-free due to unexpected GFN The shadow MMU computes GFNs for direct shadow pages using sp-gfn plus the SPTE index. This...

Linux Distros Unpatched Vulnerability : CVE-2026-46229

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure KFD VRAM allocations set AMDGPUGEMCREATEVRAMWIPEONRELEASE but not AMDGPUGEMCREATEVRAMCLEARED...

Linux Distros Unpatched Vulnerability : CVE-2026-10013

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in WebCodecs in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML pag...

Linux Distros Unpatched Vulnerability : CVE-2026-9917

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uninitialized Use in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from proces...

Linux Distros Unpatched Vulnerability : CVE-2026-9954

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in TabStrip in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to...

Linux Distros Unpatched Vulnerability : CVE-2026-9975

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read and write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially...

Linux Distros Unpatched Vulnerability : CVE-2026-9892

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Skia in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to...

Linux Distros Unpatched Vulnerability : CVE-2026-46143

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ASoC: qcom: q6apm-lpass-dai: Fix multiple graph opens As prepare can be called mulitple times, this can result in multiple graph opens for playback path. This...

Fedora 43 : mingw-qt6-qtsvg (2026-b63645cad6)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-b63645cad6 advisory. Backport fix for CVE-2026-6210. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

SUSE SLES15 / openSUSE 15 Security Update : samba (SUSE-SU-2026:2074-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2074-1 advisory. This update for samba fixes the following issues - CVE-2026-2340: vfsworm does not block directory modification...

Linux Distros Unpatched Vulnerability : CVE-2026-9885

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in UI in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer...

Linux Distros Unpatched Vulnerability : CVE-2026-46186

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: virtiobt: validate rx pkttype header length virtbtrxhandle reads the leading pkttype byte from the RX skb and forwards the remainder to hcirecvframe...

Linux Distros Unpatched Vulnerability : CVE-2026-9968

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2026-9944

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uninitialized Use in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data...

Linux Distros Unpatched Vulnerability : CVE-2026-9934

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Aura in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Postorius vulnerability (USN-8323-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8323-1 advisory. It was discovered that Postorius did not properly escape HTML in message subjects when rendering the Held...

Linux Distros Unpatched Vulnerability : CVE-2026-48095

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 7-Zip is a file archiver with a high compression ratio. Versions 26.00 and prior contain a heap buffer overflow vulnerability caused by an under-allocation in t...

Alibaba Cloud Linux 3 : 0140: cloud-kernel bugfix, enhancement and (ALINUX3-SA-2026:0140)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0140 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-46333: In the Linux kernel, the following...

Linux Distros Unpatched Vulnerability : CVE-2026-46147

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: arm64: Fix pin leak and publication ordering in pkvminitvcpu Two bugs exist in the vCPU initialisation path: 1. If a check fails after hyppinsharedmem...

SUSE SLED15 / SLES15 Security Update : bubblewrap (SUSE-SU-2026:2094-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2094-1 advisory. This update for bubblewrap fixes the following issue - CVE-2026-41163: improper process attachment via ptrace can lead ...

AlmaLinux 8 : firefox (ALSA-2026:21382)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:21382 advisory. firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component...

Linux Distros Unpatched Vulnerability : CVE-2026-48155

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory...

Linux Distros Unpatched Vulnerability : CVE-2026-10011

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak...

Linux Distros Unpatched Vulnerability : CVE-2026-9880

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in WebGL in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process ...

RockyLinux 8 : unbound (RLSA-2025:11884)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:11884 advisory. unbound: Unbound Cache poisoning CVE-2025-5994 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. Note that...

Linux Distros Unpatched Vulnerability : CVE-2026-46228

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - spi: ch341: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tied to the interface rather than...

Linux Distros Unpatched Vulnerability : CVE-2026-46235

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: saa7164: add ioremap return checks and cleanups Add checks for ioremap return values in saa7164devsetup. If ioremap for BAR0 or BAR2 fails, release the...

RHEL 10 : flatpak (RHSA-2026:21757)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:21757 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak:...

Linux Distros Unpatched Vulnerability : CVE-2026-46179

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ASoC: SOF: Don't allow pointer operations on unconfigured streams When reporting the pointer for a compressed stream we report the current I/O frame position by...

RockyLinux 9 : corosync (RLSA-2026:19200)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19200 advisory. corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet CVE-2026-35091 corosync: Corosync: Denial of Service via integer...

Linux Distros Unpatched Vulnerability : CVE-2026-9883

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Base in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security...

RockyLinux 8 : libexif (RLSA-2026:20929)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:20929 advisory. libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling CVE-2026-40385 libexif: libexif: Denial of Service...

Fedora 43 : perl-Sereal / perl-Sereal-Decoder / perl-Sereal-Encoder (2026-49c4be8260)

The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-49c4be8260 advisory. This update includes a security fix to make sure that COPY tags cannot be used to read past end of the buffer. Tenable has extracted the preceding descriptio...

Linux Distros Unpatched Vulnerability : CVE-2026-46158

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mptcp: pm: ADDADDR rtx: always decrease sk refcount When an ADDADDR is retransmitted, the sk is held in skresettimer. It should then be released in all cases at...

Linux Distros Unpatched Vulnerability : CVE-2026-46149

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: target: configfs: Bound snprintf return in tgptgpmembersshow targettgptgpmembersshow formats LUN paths with snprintf into a 256-byte stack buffer, then wi...

SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2026:2076-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2076-1 advisory. This update for samba fixes the following issues Security issues: - CVE-2026-1933: Missing access check on...

Linux Distros Unpatched Vulnerability : CVE-2026-9961

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in SurfaceCapture in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...

Linux Distros Unpatched Vulnerability : CVE-2026-46238

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - batman-adv: stop caching unowned originator pointers in BAT IV BAT IV keeps the last-hop neighbor address in each neighnode, but some paths also cache an...

Linux Distros Unpatched Vulnerability : CVE-2026-42790

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeycert and publickey modules allows a DNS nameConstraints bypass via subject CommonNam...

Linux Distros Unpatched Vulnerability : CVE-2026-49127

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Music Player Daemon MPD before version 0.24.11 contains a stack buffer overflow vulnerability in the pcmunpack24be function in src/pcm/Pack.cxx that allows...

Linux Distros Unpatched Vulnerability : CVE-2026-9881

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to...

Linux Distros Unpatched Vulnerability : CVE-2026-46133

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/rxe: Reject unknown opcodes before ICRC processing Even after applying commit 7244491dab34 RDMA/rxe: Validate pad and ICRC before payloadsize in rxercv, a...

Linux Distros Unpatched Vulnerability : CVE-2026-9924

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to...