Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : .NET vulnerability (USN-8298-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8298-1 advisory. Muhammad Abdul Rehman discovered that .NET incorrectly handled certain network requests, leading to a loop with an unreachable exi...

Linux Distros Unpatched Vulnerability : CVE-2026-48851

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and...

Fedora 43 : bind / bind-dyndb-ldap (2026-b626e83a45)

The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-b626e83a45 advisory. Update to 9.18.49 rhbz2480121 Security Fixes: - Limit resolver server list size. CVE-2026-3592 - Fix GSS-API resource leak. CVE-2026-3039 - Disable...

Amazon Linux 2023 : openexr, openexr-devel, openexr-libs (ALAS2023-2026-1713)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1713 advisory. OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to...

SUSE SLES15 Security Update : postgresql-jdbc (SUSE-SU-2026:2028-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2028-1 advisory. This update for postgresql-jdbc fixes the following issue - CVE-2026-42198: client-side denial of service via malicious SCRAM-SHA-256...

TencentOS Server 3: gdk-pixbuf2 (TSSA-2025:1014)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:1014 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 3: bind (TSSA-2026:0362)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0362 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

HP LaserJet Printers Missing Authorization (CVE-2013-4807)

Unspecified vulnerability on the HP LaserJet Pro P1102w, P1606dn, M1212nf MFP, M1213nf MFP, M1214nfh MFP, M1216nfh MFP, M1217nfw MFP, M1218nfs MFP, and CP1025nw with firmware before 20130703 allows remote attackers to modify data via unknown vectors. This plugin only works with Tenable.ot. Please...

SUSE SLES15 Security Update : distribution (SUSE-SU-2026:2032-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2032-1 advisory. This update for distribution rebuilds it against the current go security release. Tenable has extracted the preceding description block...

RHEL 9 : python-tornado (RHSA-2026:20810)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:20810 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

TencentOS Server 3: fontforge (TSSA-2026:0357)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0357 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: tigervnc (TSSA-2025:1016)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:1016 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

HP LaserJet Printers Denial of Service (CVE-2012-5215)

Unspecified vulnerability on the HP LaserJet Pro M1212nf, M1213nf, M1214nfh, M1216nfh, M1217nfw, and M1219nf, and HotSpot LaserJet Pro M1218nfs, with firmware before 20130211; LaserJet Pro CP1025nw with firmware before 20130212; and LaserJet Pro P1102w and P1606dn with firmware before 20130213...

RHEL 8 : thunderbird (RHSA-2026:20586)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:20586 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Memory safety bugs fixed in Firefox ES...

SUSE SLES15 Security Update : rootlesskit (SUSE-SU-2026:2045-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2045-1 advisory. This update for rootlesskit rebuilds it against the current go security release. Tenable has extracted the preceding description block...

Amazon Linux 2023 : perl-Net-CIDR-Lite (ALAS2023-2026-1732)

"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1732 advisory. Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. Inputs containing a trailing newline or non-ASCII digi...

Linux Distros Unpatched Vulnerability : CVE-2026-45836

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: L2CAP: Fix null-ptr-deref in l2capsockgetsndtimeocb Add the same NULL guard already present in l2capsockresumecb and l2capsockreadycb. CVE-2026-45836...

RHEL 9 : xorg-x11-server-Xwayland (RHSA-2026:20562)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:20562 advisory. Xwayland is an X server for running X clients under Wayland. Security Fixes: xorg: xwayland: X.Org X server: Denial of Service via integer...

Amazon Linux 2023 : bind, bind-chroot, bind-devel (ALAS2023-2026-1755)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1755 advisory. Fix GSS-API resource leak CVE-2026-3039 Limit resolver server list size CVE-2026-3592 An unauthenticated remote attacker can crash any affected named instance with a single crafted DNS message...

TencentOS Server 3: nghttp2 (TSSA-2026:0385)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0385 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Linux Distros Unpatched Vulnerability : CVE-2026-3238

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Samba's WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types di...

SUSE SLES12 Security Update : rsync (SUSE-SU-2026:2048-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2048-1 advisory. This update for rsync fixes the following issues - CVE-2026-29518: Symlink-Race TOCTOU in Daemon bsc1264511. - CVE-2026-43617: Authorization...

Linux Distros Unpatched Vulnerability : CVE-2026-48589

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Shiro's Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login. In affected versions, insufficient validati...

TencentOS Server 3: krb5 (TSSA-2026:0386)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0386 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

RHEL 10 : wireshark (RHSA-2026:20600)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20600 advisory. The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Security...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : NLTK vulnerabilities (USN-8302-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8302-1 advisory. It was discovered that NLTK incorrectly validated file paths when opening files...

Linux Distros Unpatched Vulnerability : CVE-2026-41470

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens...

Atlassian Confluence 8.9.0 < 9.2.20 / 9.3.1 < 10.2.11 (CONFSERVER-103708)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-103708 advisory. - This Improper Encoding or Escaping of Output vulnerability allows an unauthenticated attacker to potentially disclose sensitive information via t...

Linux Distros Unpatched Vulnerability : CVE-2026-42506

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications...

openSUSE 16 Security Update : perl-HTTP-Tiny (openSUSE-SU-2026:20792-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20792-1 advisory. Changes in perl-HTTP-Tiny: - updated to 0.094 0.094 - No changes from 0.093-TRIAL 0.093 - fix to prevent invalid characters in all headers, and prevent...

RHEL 8 : firefox (RHSA-2026:20566)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:20566 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

Amazon Linux 2023 : python3.14-pip, python3.14-pip-wheel (ALAS2023-2026-1718)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1718 advisory. pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : ngtcp2 vulnerability (USN-8300-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8300-1 advisory. Zou Dikai discovered that ngtcp2 serialized peer transport parameters into a fixed 1024-byte stack buffer without bounds checking...

RHEL 9 : gimp (RHSA-2026:20691)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20691 advisory. The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox,...

RHEL 8 : ruby:3.3 (RHSA-2026:20614)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:20614 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management task...

Photon OS 4.0: Wireshark PHSA-2026-4.0-1023

An update of the wireshark package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1023. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

RHEL 10 : glibc (RHSA-2026:20594)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:20594 advisory. The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cac...

TencentOS Server 3: libcap (TSSA-2026:0353)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0353 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 3: perl-XML-Parser (TSSA-2026:0356)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0356 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

RHEL 10 : python-markdown (RHSA-2026:20677)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:20677 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic...

Linux Distros Unpatched Vulnerability : CVE-2026-2340

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Samba's vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a...

RHEL 8 : gimp:2.8 (RHSA-2026:20552)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20552 advisory. The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox,...

RHEL 8 : glibc (RHSA-2026:20587)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:20587 advisory. The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cach...

SUSE SLES15 Security Update : openssh (SUSE-SU-2026:2024-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2024-1 advisory. This update for openssh fixes the following issues Tenable has extracted the preceding description block directly from the SUSE...

RHEL 9 : xorg-x11-server-Xwayland (RHSA-2026:20547)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:20547 advisory. Xwayland is an X server for running X clients under Wayland. Security Fixes: xorg: xwayland: X.Org X server: Denial of Service via integer...

Joomla 3.0.x < 5.4.6 / 6.0.x < 6.1.1 Joomla 6.1.1 & 5.4.6 Security & Bugfix Release (5954-joomla-6-1-1-5-4-6-security-bugfix-release)

According to its self-reported version, the instance of Joomla! running on the remote web server is 3.0.x prior to 5.4.6 or 6.0.x prior to 6.1.1. It is, therefore, affected by a vulnerability. - Lack of input filtering leads to an XSS vector in the HTML filter code. CVE-2026-48905 Note that Nessu...

TencentOS Server 3: webkit2gtk3 (TSSA-2026:0393)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0393 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: libsoup (TSSA-2026:0368)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0368 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 3: python3.11 (TSSA-2026:0375)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0375 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Slackware Linux 15.0 / current kernel-generic Multiple Vulnerabilities (SSA:2026-144-01)

The version of kernel-generic installed on the remote host is prior to 5.15.208 / 5.15.208smp / 6.12.91 / 6.18.33. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2026-144-01 advisory. New kernel packages are available for Slackware 15.0 and -current to fix a...