Amazon Linux 2023 : graphite2, graphite2-devel (ALAS2023-2026-1856)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1856 advisory. Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the allowed slot-map range. CVE-2026-5059...

Linux Distros Unpatched Vulnerability : CVE-2026-12805

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library ofstd/libsrc/ofxml.cc. Executing a...

Amazon Linux 2 : libinput, --advisory ALAS2-2026-3370 (ALAS-2026-3370)

The version of libinput installed on the remote host is prior to 1.8.4-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3370 advisory. A flaw was found in libinput. A local attacker with access to /dev/uinput can inject arbitrary udev properties through th...

RHEL 7 : kernel (RHSA-2026:27729)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27729 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Denial of servi...

RHEL 8 : kernel (RHSA-2026:27811)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27811 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: selinux: fix overlayfs mmap and mprote...

Linux Distros Unpatched Vulnerability : CVE-2026-54273

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined requests that...

Fedora 43 : vips (2026-3b2ddea116)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3b2ddea116 advisory. - update to v8.18.3 - enable uhdr - fix several security issues Tenable has extracted the preceding description block directly from the Fedora...

Amazon Linux 2023 : tigervnc, tigervnc-icons, tigervnc-license (ALAS2023-2026-1892)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1892 advisory. A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer...

RHEL 10 : openssl-fips-provider (RHSA-2026:27746)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27746 advisory. This package provides a custom build of the OpenSSL FIPS module that has been submitted to NIST for certification. Security Fixes: openssl: openssl...

RHEL 8 : libxml2 (RHSA-2026:27737)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27737 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: buffer over-read in...

Amazon Linux 2023 : perl-DBI, perl-DBI-tests (ALAS2023-2026-1850)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1850 advisory. DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of t...

Amazon Linux 2023 : aspnetcore-runtime-8.0, aspnetcore-runtime-dbg-8.0, aspnetcore-targeting-pack-8.0 (ALAS2023-2026-1869)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1869 advisory. Improper authorization in .NET allows an authorized attacker to elevate privileges locally. CVE-2026-45490 Improper link resolution before file access 'link following' in .NET allows an...

RHEL 6 : kernel (RHSA-2026:27719)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27719 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ip6tunnel: clear skb2-cb in...

Amazon Linux 2023 : python3.13-pip, python3.13-pip-wheel (ALAS2023-2026-1841)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1841 advisory. A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially...

Amazon Linux 2023 : openssl, openssl-devel, openssl-fips-provider-latest (ALAS2023-2026-1853)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1853 advisory. Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitiveelement whose content exceeds 2 gigabytes in length may cause a heap bufferover-read on 64-bit Unix and Unix-like...

Cisco Umbrella Virtual Appliance < 3.8.5 Privilege Escalation (cisco-sa-umbrella-priv-esc-F4wJB7AU)

According to its self-reported version, Cisco Umbrella Insights Virtual Appliance is affected by a vulnerability. - A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability i...

Amazon Linux 2023 : giflib, giflib-devel, giflib-utils (ALAS2023-2026-1883)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1883 advisory. Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validati...

Amazon Linux 2023 : python3.14-pip, python3.14-pip-wheel (ALAS2023-2026-1838)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1838 advisory. A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially...

Amazon Linux 2023 : libnetapi, libnetapi-devel, libsmbclient (ALAS2023-2026-1895)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1895 advisory. unauthenticated udp packet crashes AD DC nbt server CVE-2026-3238 Samba file servers and classic non-AD domain controllers offer theSamValidatePasswordChange and SamValidatePasswordReset RPC...

Amazon Linux 2023 : perl-Sereal-Decoder (ALAS2023-2026-1830)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1830 advisory. Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srldecoder.c, srlreadobject and srlreadhash process a COPY tag, a back-reference whose...

RHEL 10 : postgresql18 (RHSA-2026:27742)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27742 advisory. PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that...

RHEL 8 : poppler (RHSA-2026:27724)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27724 advisory. Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: Integer overflow in Poppl...

Amazon Linux 2023 : poppler, poppler-cpp, poppler-cpp-devel (ALAS2023-2026-1852)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1852 advisory. A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the...

RHEL 10 : postgresql16 (RHSA-2026:27718)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27718 advisory. PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that...

Amazon Linux 2 : openssl-snapsafe, --advisory ALAS2OPENSSL-SNAPSAFE-2026-011 (ALASOPENSSL-SNAPSAFE-2026-011)

The version of openssl-snapsafe installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2OPENSSL-SNAPSAFE-2026-011 advisory. Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitiveelement whose conte...

Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1894)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1894 advisory. In the Linux kernel, the following vulnerability has been resolved: xfrm: hold dev ref until after transportfinish NFHOOK CVE-2026-31663 In the Linux kernel, the following vulnerability has be...

Amazon Linux 2 : python-pip, --advisory ALAS2-2026-3358 (ALAS-2026-3358)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3358 advisory. A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially...

RHEL 8 : poppler (RHSA-2026:27725)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27725 advisory. Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: Integer overflow in Poppl...

Fedora 44 : python-scrapy (2026-bdf3581452)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-bdf3581452 advisory. updated to latest version for F43 and F44 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

RHEL 8 : redis:6 (RHSA-2026:27787)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27787 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and...

Amazon Linux 2023 : libinput, libinput-devel, libinput-test (ALAS2023-2026-1857)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1857 advisory. A flaw was found in libinput. A local attacker with access to /dev/uinput can inject arbitrary udev properties through the libinput-device-group helper. This injection can lead to root code...

Amazon Linux 2023 : mariadb1011, mariadb1011-backup, mariadb1011-client-utils (ALAS2023-2026-1844)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1844 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable...

SUSE SLES15 Security Update : ldns (SUSE-SU-2026:2461-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2461-1 advisory. This update for ldns fixes the following issue - CVE-2026-10846: When ldns is used by applications for stub resolving, it does not...

Autodesk Revit 2024 < 2024.3.5 / 2025 < 2025.4.5 / 2026 < 2026.4.1 / 2027 < 2027.1 DoS (adsk-sa-2026-0007)

The version of Autodesk Revit installed on the remote host is 2024 prior to 2024.3.5, 2025 prior to 2025.4.5, 2026 prior to 2026.4.1, or 2027 prior to 2027.1. It is, therefore, affected by a denial of service vulnerability: - A maliciously crafted RFA file, when converted to FormIt via 'Convert R...

RHEL 10 : golang-github-openprinting-ipp-usb (RHSA-2026:27740)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:27740 advisory. HTTP reverse proxy, backed by IPP-over-USB connection to device. It enables driverless support for USB devices capable of using IPP-over-USB...

Amazon Linux 2023 : perl-CryptX, perl-CryptX-tests (ALAS2023-2026-1834)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1834 advisory. CryptX versions before 0.088001 for Perl have a stack buffer overflow in four AEAD decryptverify helpers. The gcmdecryptverify, ccmdecryptverify, chacha20poly1305decryptverify and eaxdecryptverify XS...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2026-106 (ALASKERNEL-5.15-2026-106)

The version of kernel installed on the remote host is prior to 5.15.208-145.238. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.15-2026-106 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Prevent improper isolation of...

Amazon Linux 2 : perl-GD, --advisory ALAS2-2026-3387 (ALAS-2026-3387)

The version of perl-GD installed on the remote host is prior to 2.49-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3387 advisory. command injection via 2-arg open in makefilehandle CVE-2026-11526 Tenable has extracted the preceding description block directly fro...

Amazon Linux 2023 : python3-rrdtool, rrdtool, rrdtool-devel (ALAS2023-2026-1823)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1823 advisory. A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This...

RHEL 9 : openssl-fips-provider (RHSA-2026:27744)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27744 advisory. This package provides a custom build of the OpenSSL FIPS module that has been submitted to NIST for certification. Security Fixes: openssl: openssl:...

Linux Distros Unpatched Vulnerability : CVE-2026-54293

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language...

Debian dsa-6361 : ffmpeg - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6361 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6361-1 [email protected] https://www.debian.org/securit...

Fedora 44 : erlang (2026-ef630b13b0)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-ef630b13b0 advisory. Fix for CVE-2026-48855 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

Amazon Linux 2023 : clamav1.5, clamav1.5-data, clamav1.5-devel (ALAS2023-2026-1870)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1870 advisory. rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it as the in/out...

RHEL 10 : kernel (RHSA-2026:27731)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27731 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Use-after-free...

SUSE SLES15 Security Update : strongswan (SUSE-SU-2026:2459-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2459-1 advisory. This update for strongswan fixes the following issues - CVE-2026-35328: infinite loop when handling supported versions TLS extensio...

Amazon Linux 2023 : ImageMagick, ImageMagick-c++, ImageMagick-c++-devel (ALAS2023-2026-1826)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1826 advisory. When writing an IPTC output file a malicious input file could cause an out of bounds read of a single byte. as per:...

Amazon Linux 2023 : squid (ALAS2023-2026-1858)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1858 advisory. Due to an Improper Input Validation bug, Squid is vulnerable toa Heap-based Buffer Overflow attack against cache digests. This problem allows a trusted server to perform a Heap-basedBuffer Overflow whe...

RHEL 8 : poppler (RHSA-2026:27727)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27727 advisory. Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: Integer overflow in Poppl...

Fedora 44 : vips (2026-b9f00ad1b7)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-b9f00ad1b7 advisory. - update to v8.18.3 - enable uhdr - fix several security issues Tenable has extracted the preceding description block directly from the Fedora...