Photon OS 4.0: Gnutls PHSA-2026-4.0-1016

An update of the gnutls package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1016. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

F5 Networks BIG-IP : iControl REST vulnerability (K000158070)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4. It is, therefore, affected by a vulnerability as referenced in the K000158070 advisory. When BIG-IP DNS is provisioned, a vulnerability exists in thegtmaddandbigipaddiControl REST commands that return...

Linux Distros Unpatched Vulnerability : CVE-2026-45069

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - symfony - None Ubuntu Linux - Unknown description CVE-2026-45069 Note that Nessus relies on the presence of the package as reported by the vendor...

F5 Networks BIG-IP : iControl REST and tmsh vulnerability (K000160788)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0.1. It is, therefore, affected by a vulnerability as referenced in the K000160788 advisory. When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS...

Fedora 42 : kernel (2026-32ae3b7199)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-32ae3b7199 advisory. The 6.19.14-107 update contains a fix for a SKBFLSHAREDFRAG page-cache corruption vulnerability. Tenable has extracted the preceding description block direct...

F5 Networks BIG-IP : BIG-IP Advanced WAF and ASM vulnerability (K000160727)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0.1. It is, therefore, affected by a vulnerability as referenced in the K000160727 advisory. When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed...

RockyLinux 8 : libsndfile (RLSA-2026:19559)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19559 advisory. libsndfile: integer overflow in imareaderinit CVE-2026-37555 Tenable has extracted the preceding description block directly from the RockyLinux security advisory...

TencentOS Server 4: gdk-pixbuf2 (TSSA-2026:0321)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0321 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Linux Distros Unpatched Vulnerability : CVE-2020-37239

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in...

MiracleLinux 9 : nginx:1.26 (AXSA:2026-705:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-705:01 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the MiracleLinux...

Linux Distros Unpatched Vulnerability : CVE-2026-3073

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.6 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have...

Linux Distros Unpatched Vulnerability : CVE-2026-9126

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in DOM in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

F5 Networks BIG-IP : iControl SOAP vulnerability (K000160973)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160973 advisory. A vulnerability exists in iControl SOAP where an authenticated attacker with the Resource Administrato...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2026-50281)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-50281 advisory. - ptrace: slightly saner 'getdumpable' logic Linus Torvalds Orabug: 39391459 CVE-2026-46333 - scsi: target: iscsi: Fix use-after-free in...

Ubuntu 24.04 LTS : Linux kernel (NVIDIA) vulnerabilities (USN-8289-1)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8289-1 advisory. It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A...

Debian dsa-6286 : evince - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6286 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6286-1 [email protected] https://www.debian.org/security/...

Linux Distros Unpatched Vulnerability : CVE-2026-43422

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: usb: legacy: ncm: Fix NPE in gncmbind Commit 56a512a9b410 usb: gadget: fncm: align netdevice...

Splunk Universal Forwarder 9.4.0 < 9.4.11 (SVD-2026-0506)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0506 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

RHEL 9 : nginx:1.26 (RHSA-2026:19372)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19372 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...

FreeBSD : MySQL -- Multiple vulnerabilities (f69dbfcc-535b-11f1-8b62-8447094a420f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the f69dbfcc-535b-11f1-8b62-8447094a420f advisory. Oracle reports: See linked CVE's for details. Tenable has extracted the preceding description...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021587)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021587 advisory. In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Defer probe of clients after smmu device bound Null pointer dereference occurs du...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021635)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021635 advisory. In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix steering rules cleanup vport's mc, uc and multicast rules are not deleted in teardo...

Oracle Linux 9 : nginx (ELSA-2026-18029)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18029 advisory. - Resolves: RHEL-176230 - nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 - Resolves: RHEL-159557 - CVE-2026-27654 nginx: NGINX: Denial of...

Amazon Linux 2023 : python3.13-lxml (ALAS2023-2026-1679)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1679 advisory. lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input t...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021577)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021577 advisory. In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: enhanced error handling for tightly received RTS messages in xtprxrtssessionnew...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021533)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021533 advisory. In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix pci device refcount leak in pprnotifier As comment of pcigetdomainbusandslot says,...

Linux Distros Unpatched Vulnerability : CVE-2026-8430

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing...

Fedora 43 : python-django5 (2026-4d1404fc5d)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-4d1404fc5d advisory. - Fixes CVE-2026-5766: Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass - Fixes CVE-2026-35192: Session...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021558)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021558 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix ib block iterator counter overflow When registering a new DMA MR after selecting t...

Linux Distros Unpatched Vulnerability : CVE-2026-42396

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail CVE-2026-42396 Note that Nessus relies on the presence of the package as...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021648)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021648 advisory. In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Limit packet length to skb-len Packet length retrieved from descriptor may be...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021616)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021616 advisory. In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket BUG: KASAN: slab-use-after-free in...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021525)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021525 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix a race condition between loginwork and the login thread In case a...

Linux Distros Unpatched Vulnerability : CVE-2026-8212

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021651)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021651 advisory. In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix a deadlock problem when config TC during resetting When config TC during the reset...

Fedora 43 : freerdp (2026-dfde5fc92a)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-dfde5fc92a advisory. Update to 3.26.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

Linux Distros Unpatched Vulnerability : CVE-2026-43412

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start During ADSP stop and start, the kernel crashes due to the order in which ASoC components...

Fedora 43 : python-dotenv (2026-20312e36a8)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-20312e36a8 advisory. Update to 1.2.2, security fix for CVE-2026-28684. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021532)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021532 advisory. In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix warning - do not call blocking ops when !TASKRUNNING vub300enablesdioirq works...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021562)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021562 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential memory leaks When the driver hits -ENOMEM at allocating a URB or a...

RHEL 9 : thunderbird (RHSA-2026:19468)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:19468 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021652)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021652 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a deadlock in dma buf fence polling Introduce a version of the fence ops that on...

FreeBSD : nginx-devel -- multiple vulnerabilities (1ed77d8e-53bb-11f1-b339-3497f65b111b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 1ed77d8e-53bb-11f1-b339-3497f65b111b advisory. The nginx project reports: nginx 1.31.0 fixes multiple security issues affecting HTTP/2...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021615)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021615 advisory. In the Linux kernel, the following vulnerability has been resolved: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data In case the non-paged data...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-8273-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8273-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021596)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021596 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: dax: fix overflowing extents beyond inode size when partially writing The daxiomaprw does t...

Linux Distros Unpatched Vulnerability : CVE-2026-43619

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir,...

RHEL 9 : giflib update (Important) (RHSA-2026:19367)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19367 advisory. Please update Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory. Note that Nessus h...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021611)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021611 advisory. In the Linux kernel, the following vulnerability has been resolved: net/sched: accept TCASTAB only for root qdisc Most qdiscs maintain their backlog using...

RHEL 8 : python3 (RHSA-2026:19590)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19590 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...