RockyLinux 8 : libreswan (RLSA-2023:7052)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:7052 advisory. libreswan: Invalid IKEv2 REKEY proposal causes restart CVE-2023-38710 libreswan: Invalid IKEv1 Quick Mode ID causes restart CVE-2023-38711 libreswan:...

Unity Linux 20.1060e / 20.1070e Security Update: libupnp (UTSA-2026-016655)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016655 advisory. Portable UPnP SDK aka libupnp 1.12.1 and earlier allows remote attackers to cause a denial of service crash via a crafted SSDP message due to a NULL pointer...

Linux Distros Unpatched Vulnerability : CVE-2026-8843

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Creating a 2dspherebucket index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that...

Unity Linux 20.1060e / 20.1070e Security Update: gnome-autoar (UTSA-2026-016668)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016668 advisory. autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it...

Unity Linux 20.1060e / 20.1070e Security Update: gnome-autoar (UTSA-2026-016654)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016654 advisory. autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it...

Unity Linux 20.1070e Security Update: gnome-shell (UTSA-2026-016740)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016740 advisory. An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappea...

Unity Linux 20.1070e Security Update: cfitsio (UTSA-2026-016765)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016765 advisory. In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An...

RockyLinux 8 : grub2 (RLSA-2025:3367)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:3367 advisory. grub2: net: Out-of-bounds write in grubnetsearchconfigfile CVE-2025-0624 Tenable has extracted the preceding description block directly from the RockyLinux securi...

Linux Distros Unpatched Vulnerability : CVE-2026-44230

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux - Unknown description CVE-2026-44230 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenabl...

Unity Linux 20.1060e / 20.1070e Security Update: jackson (UTSA-2026-016674)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016674 advisory. A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus...

Linux Distros Unpatched Vulnerability : CVE-2026-6841

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Request Tracker is vulnerable to a reflected cross-site scripting XSS vulnerability via the Page parameter in GET requests. An attacker can craft a URL that, wh...

Unity Linux 20.1060e / 20.1070e Security Update: xmlbeans (UTSA-2026-016630)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016630 advisory. The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include...

Unity Linux 20.1060e / 20.1070e Security Update: avalon-framework (UTSA-2026-016662)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016662 advisory. Apache Log4j2 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 JNDI features used in configuration, log messages, and parameters do not...

Unity Linux 20.1060e / 20.1070e Security Update: grafana (UTSA-2026-016635)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016635 advisory. Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending ...

Unity Linux 20.1060e / 20.1070e Security Update: mutt (UTSA-2026-016642)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016642 advisory. Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate. Tenable has...

Linux Distros Unpatched Vulnerability : CVE-2026-45358

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, an off by one in the me...

Atlassian Jira Service Management Data Center and Server 11.2.0 < 11.3.5 (JSDSERVER-16576)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16576 advisory. - jackson-core contains core low-level incremental streaming parser and generator abstractions used by...

Keycloak < 26.6.2 Multiple Vulnerabilities

Keycloak versions installed prior to 26.6.2 are affected by multiple vulnerabilities, including: - A flaw was found in Keycloak's redirect URI validation logic. An attacker can bypass validation to redirect users to malicious sites, potentially leading to phishing attacks and credential theft...

Unity Linux 20.1060e / 20.1070e Security Update: nodejs-hosted-git-info (UTSA-2026-016626)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016626 advisory. The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS via regular expression shortcutMatch in the fromUrl function in...

Linux Distros Unpatched Vulnerability : CVE-2026-32740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap- buffer-overflow write vulnerability in the grid tile...

Unity Linux 20.1060e / 20.1070e Security Update: grafana (UTSA-2026-016682)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016682 advisory. Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who...

Unity Linux 20.1070e Security Update: log4j (UTSA-2026-016725)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016725 advisory. It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non- default configurations. This could allows attackers with...

Unity Linux 20.1070e Security Update: mysql-connector-java (UTSA-2026-016694)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016694 advisory. Vulnerability in the MySQL Connectors component of Oracle MySQL subcomponent: Connector/J. Supported versions that are affected are 8.0.15 and prior. Difficult to...

Fedora 43 : vim (2026-ef37069261)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-ef37069261 advisory. The newest upstream commit Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

Linux Distros Unpatched Vulnerability : CVE-2026-42784

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - rust-sequoia-openpgp - None Ubuntu Linux - openpgp: Don't imply missing key flags from key type CVE-2026-42784 Note that Nessus relies on the...

Unity Linux 20.1060e / 20.1070e Security Update: junit (UTSA-2026-016613)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016613 advisory. In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's...

Unity Linux 20.1060e / 20.1070e Security Update: grafana (UTSA-2026-016665)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016665 advisory. Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user...

Unity Linux 20.1060e / 20.1070e Security Update: bouncycastle (UTSA-2026-016627)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016627 advisory. Bouncy Castle BC Java before 1.66, BC C .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library...

Unity Linux 20.1070e Security Update: infinispan (UTSA-2026-016716)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016716 advisory. It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker cou...

RockyLinux 10 : systemd (RLSA-2026:13651)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:13651 advisory. systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data CVE-2026-29111 Tenable has extracted the preceding description...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: xmlrpc (UTSA-2026-016592)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016592 advisory. An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC aka ws-xmlrpc library. A malicious...

Unity Linux 20.1070e Security Update: jgroups (UTSA-2026-016753)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016753 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a...

Linux Distros Unpatched Vulnerability : CVE-2026-44231

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - request-tracker4 - None request-tracker5 - None Ubuntu Linux - Unknown description CVE-2026-44231 Note that Nessus relies on the presence of the...

Linux Distros Unpatched Vulnerability : CVE-2026-45066

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux - Unknown description CVE-2026-45066 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenabl...

Unity Linux 20.1060e / 20.1070e Security Update: wildfly-common (UTSA-2026-016679)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016679 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...

Mattermost Server 11.4.x <= 11.4.3 / 11.5.x <= 11.5.1 Origin Validation Error (MMSA-2026-00636)

The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2026-00636 advisory. - Mattermost versions 11.5.x = 11.5.1, 11.4.x = 11.4.3 fail to validate the X-Requested-With header on the burn-on-read reveal endpoint which allows an...

NVIDIA Windows GPU Display Driver (May 2026)

A display driver installed on the remote Windows host is affected by multiple vulnerabilities: - A vulnerability exists in the kernel mode layer, where an attacker could leverage improper access to GPU resources, potentially leading to code execution, denial of service, escalation of privileges,...

Unity Linux 20.1060e / 20.1070e Security Update: wildfly-security-manager (UTSA-2026-016673)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016673 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...

Unity Linux 20.1070e Security Update: gd (UTSA-2026-016717)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016717 advisory. gdImageGd2Ptr in gdgd2.c in the GD Graphics Library aka LibGD through 2.3.2 has a double free. NOTE: the vendor's position is The GD2 image format is a proprietary...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-bottle (UTSA-2026-016605)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016605 advisory. Bottle before 0.12.20 mishandles errors during early request binding. Tenable has extracted the preceding description block directly from the Unity Linux security...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: spice (UTSA-2026-016604)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016604 advisory. Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE clie...

Unity Linux 20.1060e / 20.1070e Security Update: grafana (UTSA-2026-016672)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016672 advisory. Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attacke...

Unity Linux 20.1050e / 20.1070e Security Update: perl-Net-CIDR-Lite (UTSA-2026-016598)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016598 advisory. The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which in some...

Unity Linux 20.1070e Security Update: datanucleus-rdbms (UTSA-2026-016692)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016692 advisory. Apache Log4j2 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 JNDI features used in configuration, log messages, and parameters do not...

Linux Distros Unpatched Vulnerability : CVE-2026-6883

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allow...

Unity Linux 20.1070e Security Update: mx4j (UTSA-2026-016714)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016714 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: spice (UTSA-2026-016591)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016591 advisory. A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service CPU consumption by performing...

Unity Linux 20.1060e / 20.1070e Security Update: ant (UTSA-2026-016617)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016617 advisory. When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even f...

Linux Distros Unpatched Vulnerability : CVE-2026-43502

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/rds: handle zerocopy send cleanup before the message is queued A zerocopy send can fail after user pages have been pinned but before the message is attached...

Unity Linux 20.1060e / 20.1070e Security Update: cifs-utils (UTSA-2026-016660)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016660 advisory. A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host...