Linux Distros Unpatched Vulnerability : CVE-2026-41470

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens...

SUSE SLES12 Security Update : rsync (SUSE-SU-2026:2048-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2048-1 advisory. This update for rsync fixes the following issues - CVE-2026-29518: Symlink-Race TOCTOU in Daemon bsc1264511. - CVE-2026-43617: Authorization...

TencentOS Server 3: glib2 (TSSA-2026:0373)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0373 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

HP LaserJet Printers Multiple Vulnerabilities (CVE-2012-3273)

Multiple unspecified vulnerabilities on the HP LaserJet Pro 400 MFP M425 with firmware before 20120625 and LaserJet 400 M401 with firmware before 20120621 allow remote attackers to obtain sensitive information via unknown vectors. This plugin only works with Tenable.ot. Please visit...

TencentOS Server 3: freerdp (TSSA-2026:0388)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0388 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Photon OS 4.0: Wireshark PHSA-2026-4.0-1023

An update of the wireshark package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1023. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Amazon Linux 2023 : python3.14-pip, python3.14-pip-wheel (ALAS2023-2026-1718)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1718 advisory. pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as...

Linux Distros Unpatched Vulnerability : CVE-2026-2340

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Samba's vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a...

Linux Distros Unpatched Vulnerability : CVE-2026-48844

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection...

TencentOS Server 3: mingw-libtiff (TSSA-2025:1015)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:1015 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: libsoup (TSSA-2026:0368)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0368 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

HP LaserJet Printers Path Traversal (CVE-2010-4107)

The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers...

Linux Distros Unpatched Vulnerability : CVE-2026-43827

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Default configurations of Apache Shiro have a session fixation vulnerability. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are...

FreeBSD : gstreamer1 -- multiple vulnerabilities (ea4c5b9d-55f7-11f1-915c-8974b59277b5)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ea4c5b9d-55f7-11f1-915c-8974b59277b5 advisory. The GStreamer project reports multiple security vulnerabilities fixed in the 1.28.3 release: Six securi...

RHEL 10 : libpng (RHSA-2026:20551)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:20551 advisory. The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics PNG image format files. Security Fixes:...

openSUSE 16 Security Update : chromium (openSUSE-SU-2026:20775-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20775-1 advisory. Changes in chromium: - Chromium 148.0.7778.178 boo1265848 CVE-2026-9111: Use after free in WebRTC CVE-2026-9110: Inappropriate implementation in...

openSUSE 16 Security Update : python-PyPDF2 (openSUSE-SU-2026:20794-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20794-1 advisory. Changes in python-PyPDF2: - CVE-2026-41312: Fixed issue where crafed PDF can lead to resources exhaustion bsc1262675 - CVE-2026-41314: Fixed a...

Ubuntu Pro Realtime 22.04 LTS : Linux kernel (Intel IoTG Real-time) vulnerabilities (USN-8305-1)

The remote Ubuntu Pro Realtime 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8305-1 advisory. It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Co...

Linux Distros Unpatched Vulnerability : CVE-2026-48852

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PuTTY 0.71 before 0.84 has an assertion failure in ECDSA signature verification. CVE-2026-48852 Note that Nessus relies on the presence of the package as report...

TencentOS Server 3: libxml2 (TSSA-2025:1013)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:1013 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

RHEL 9 : python-tornado (RHSA-2026:20572)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:20572 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

TencentOS Server 3: tigervnc (TSSA-2026:0377)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0377 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Atlassian Confluence 9.1.0 < 9.2.20 / 9.3.1 < 10.2.11 (CONFSERVER-103709)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-103709 advisory. - This BASM Broken Authentication & Session Management vulnerability allows an unauthenticated attacker to perform actions as another user which ha...

Linux Distros Unpatched Vulnerability : CVE-2026-43828

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Default configurations of Apache Shiro send sensitive cookies in HTTPS session without 'Secure' attribute. This issue affects Apache Shiro from 1.0 to 2.1.0, an...

Linux Distros Unpatched Vulnerability : CVE-2026-48846

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var value in an e-mail...

Linux Distros Unpatched Vulnerability : CVE-2026-42502

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications...

SUSE SLES15 Security Update : helm (SUSE-SU-2026:2049-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2049-1 advisory. This update for helm fixes the following issues Security issues: - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2...

RHEL 9 : firefox (RHSA-2026:20574)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20574 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

SUSE SLES12 Security Update : openssh (SUSE-SU-2026:2025-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2025-1 advisory. This update for openssh fixes the following issues Tenable has extracted the preceding description block directly from the SUSE security...

Amazon Linux 2023 : openexr, openexr-devel, openexr-libs (ALAS2023-2026-1713)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1713 advisory. OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to...

RHEL 8 : thunderbird (RHSA-2026:20586)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:20586 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Memory safety bugs fixed in Firefox ES...

Linux Distros Unpatched Vulnerability : CVE-2026-4480

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the print command...

Debian dsa-6297 : ctdb - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6297 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6297-1 [email protected]...

RHEL 8 : gimp:2.8 (RHSA-2026:20553)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20553 advisory. The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox,...

RHEL 8 : squid:4 (RHSA-2026:20564)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20564 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fixes: squid: Squid: Deni...

Amazon Linux 2023 : gnutls, gnutls-c++, gnutls-dane (ALAS2023-2026-1757)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1757 advisory. GnuTLS didn't check that DTLS fragments claimed a consistent messagelength value. Additionally, a crucial array size check was missing, enabling an attacker to cause a heap overwrite...

RockyLinux 8 : ruby:3.3 (RLSA-2026:20614)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:20614 advisory. erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 Tenable has extracted the preceding description block directly from the RockyLinux...

SUSE SLED15 / SLES15 Security Update : busybox (SUSE-SU-2026:2054-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2054-1 advisory. This update for busybox fixes the following issue - CVE-2026-29004: Heap buffer overflow vulnerability in the DHCPv6...

RHEL 8 : ruby:3.3 (RHSA-2026:20614)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:20614 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management task...

RHEL 9 : gimp (RHSA-2026:20691)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20691 advisory. The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox,...

TencentOS Server 3: python3.11 (TSSA-2026:0375)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0375 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: .NET 8.0 (TSSA-2026:0355)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0355 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 3: java-17-openjdk (TSSA-2026:0363)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0363 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

RHEL 8 : git-lfs (RHSA-2026:20582)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:20582 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing t...

TencentOS Server 3: PackageKit (TSSA-2026:0354)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0354 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 3: java-1.8.0-openjdk (TSSA-2026:0365)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0365 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: firefox (TSSA-2026:0397)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0397 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: xorg-x11-server (TSSA-2026:0378)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0378 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

RHEL 8 : gimp:2.8 (RHSA-2026:20552)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20552 advisory. The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox,...

RHEL 7 : xorg-x11-server (RHSA-2026:20590)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20590 advisory. X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical us...