Amazon Linux 2 : vim, --advisory ALAS2-2026-3368 (ALAS-2026-3368)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3368 advisory. Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin...

RHEL 8 : firefox (RHSA-2026:27717)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:27717 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

RHEL 9 : redis (RHSA-2026:27716)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27716 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2026-108 (ALASKERNEL-5.15-2026-108)

The version of kernel installed on the remote host is prior to 5.15.204-143.229. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2026-108 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: drop extent cache when splitti...

RHEL 8 : libxml2 (RHSA-2026:27736)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27736 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: buffer over-read in...

Debian dla-4639 : libhttp-daemon-perl - security update

The remote Debian 11 / 12 host has a package installed that is affected by a vulnerability as referenced in the dla-4639 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4639-1 [email protected]...

Amazon Linux 2023 : aspnetcore-runtime-9.0, aspnetcore-runtime-dbg-9.0, aspnetcore-targeting-pack-9.0 (ALAS2023-2026-1868)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1868 advisory. Improper authorization in .NET allows an authorized attacker to elevate privileges locally. CVE-2026-45490 Improper link resolution before file access 'link following' in .NET allows an...

Linux Distros Unpatched Vulnerability : CVE-2026-54276

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, DigestAuthMiddleware can send an authentication response after...

Linux Distros Unpatched Vulnerability : CVE-2026-54280

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, payload resources are not closed correctly when a client...

Oracle WebCenter Sites (June 2026 CSPU)

The 12.2.1.4.0 and 14.1.2.0.0 versions of WebCenter Sites installed on the remote host are affected by multiple vulnerabilities as referenced in the June 2026 CSPU advisory. - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: WebCenter Sites. Supported...

Amazon Linux 2023 : perl-Unicode-LineBreak (ALAS2023-2026-1831)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1831 advisory. Text::LineFold versions through 2019.001 for Perl duplicate the output based on the number of special break characters. Text::LineFold splits the input string by specific line break characters such as...

Amazon Linux 2023 : aspnetcore-runtime-10.0, aspnetcore-runtime-dbg-10.0, aspnetcore-targeting-pack-10.0 (ALAS2023-2026-1867)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1867 advisory. Improper authorization in .NET allows an authorized attacker to elevate privileges locally. CVE-2026-45490 Improper link resolution before file access 'link following' in .NET allows an...

Linux Distros Unpatched Vulnerability : CVE-2026-6653

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use After Free in libxml2's xmlParseInternalSubset from GNOME libxml2 version 2.9.11 to 2.11.0 allows a remote attacker to cause a denial-of-service via...

RHEL 8 : libxml2 (RHSA-2026:27739)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27739 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: buffer over-read in...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2026-122 (ALASKERNEL-5.10-2026-122)

The version of kernel installed on the remote host is prior to 5.10.255-253.1013. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.10-2026-122 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2026-125 (ALASKERNEL-5.4-2026-125)

The version of kernel installed on the remote host is prior to 5.4.302-224.474. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.4-2026-125 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego...

Amazon Linux 2023 : perl-GD (ALAS2023-2026-1890)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1890 advisory. command injection via 2-arg open in makefilehandle CVE-2026-11526 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus has not test...

Linux Distros Unpatched Vulnerability : CVE-2026-54283

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starlette is a lightweight ASGI framework/toolkit. From 0.4.1 until 1.3.1, request.form accepts maxfields and maxpartsize to bound resource consumption while...

Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1863)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1863 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions CVE-2026-46243 In the Linux kernel, the following vulnerability has...

RHEL 9 : .NET 8.0 (RHSA-2026:28011)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28011 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

Fedora 44 : thorvg (2026-3d1fcd4ffc)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3d1fcd4ffc advisory. Update to 1.0.6 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

RHEL 10 : osbuild-composer (RHSA-2026:27711)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27711 advisory. A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for...

RHEL 9 : crun (RHSA-2026:28036)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:28036 advisory. crun is a OCI runtime Security Fixes: crun: crun: Privilege escalation due to incorrect parsing of the --user option CVE-2026-30892 For more details...

Amazon Linux 2 : ecs-service-connect-agent, --advisory ALAS2ECS-2026-126 (ALASECS-2026-126)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.34.13.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2026-126 advisory. A denial-of-service vulnerability was found in Envoy's HTTP/2 HPACK header compression implementation. A...

SUSE SLED15 / SLES15 Security Update : apache-sshd, jpgpj (SUSE-SU-2026:2472-1)

"The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2472-1 advisory. This update for apache-sshd, jpgpj fixes the following issues - CVE-2020-36843: no check performed on scalar ...

RHEL 9 : Red Hat OpenStack Platform 17.1 (golang-uber-multierr) (RHSA-2026:28046)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28046 advisory. Security Fixes: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-32282 For more details about the security issues,...

Amazon Linux 2 : kernel, --advisory ALAS2-2026-3374 (ALAS-2026-3374)

The version of kernel installed on the remote host is prior to 4.14.355-282.731. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3374 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions...

RHEL 8 : libpq (RHSA-2026:27738)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27738 advisory. The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. Security Fixes:...

RHEL 8 : Red Hat OpenStack Platform 17.1 (python-urllib3) (RHSA-2026:28043)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:28043 advisory. Python HTTP module with connection pooling and file POST abilities. Security Fixes: urllib3: Unbounded decompression chain leads to resourc...

RHEL 10 : yggdrasil-worker-package-manager (RHSA-2026:27732)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:27732 advisory. yggdrasil-worker-package-manager is a simple package manager yggd worker. It knows how to install and remove packages, add, remove, enable and...

Oracle Linux 8 : kernel (ELSA-2026-27353)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-27353 advisory. - net/sched: fix pedit partial COW leading to page cache corruption Ivan Vecera RHEL-177582 CVE-2026-46331 - net/sched: actpedit: free pedit keys on...

Amazon Linux 2023 : amazon-ssm-agent (ALAS2023-2026-1879)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1879 advisory. go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during...

Amazon Linux 2023 : bpftool6.18, kernel6.18, kernel6.18-devel (ALAS2023-2026-1866)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1866 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf: fix end-of-list detection in cgroupstoragegetnextkey CVE-2026-45838 In the Linux kernel, the following vulnerability ha...

Amazon Linux 2023 : python3-urllib3 (ALAS2023-2026-1843)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1843 advisory. urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen..., assertsamehost=False still...

Amazon Linux 2 : freerdp, --advisory ALAS2-2026-3356 (ALAS-2026-3356)

The version of freerdp installed on the remote host is prior to 2.11.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3356 advisory. FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2026-105 (ALASKERNEL-5.15-2026-105)

The version of kernel installed on the remote host is prior to 5.15.206-144.236. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.15-2026-105 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego...

Amazon Linux 2023 : mariadb114, mariadb114-backup, mariadb114-client-utils (ALAS2023-2026-1845)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1845 advisory. During the SST the donor node is interpolating parameters that the joiner sent into the command line. Not all parameters were properly validated which could allow a malicious joiner to execute...

Fedora 44 : ffmpeg (2026-bc8f441ba4)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-bc8f441ba4 advisory. The latest stable FFmpeg release from the 8.1 release branch. https://git.ffmpeg.org/gitweb/ffmpeg.git/blob/n8.1.2:/Changelog Fixes CVE-2026-30999 . Tenable...

Amazon Linux 2023 : perl-Crypt-PBKDF2 (ALAS2023-2026-1891)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1891 advisory. Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlyin...

Amazon Linux 2 : poppler, --advisory ALAS2-2026-3362 (ALAS-2026-3362)

The version of poppler installed on the remote host is prior to 0.26.5-43. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3362 advisory. A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file...

Oracle Linux 8 : firefox (ELSA-2026-27717)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-27717 advisory. 140.12.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079789 - diable wasisdk to prevent build failure with newer llvm 140.12.0 -...

RHEL 8 : kernel-rt (RHSA-2026:27812)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27812 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements...

RHEL 10 : firefox (RHSA-2026:27715)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:27715 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

Linux Distros Unpatched Vulnerability : CVE-2026-54277

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, it is possible to bypass the maxlinesize check in parts of an...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2026-123 (ALASKERNEL-5.10-2026-123)

The version of kernel installed on the remote host is prior to 5.10.258-257.1041. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2026-123 advisory. In the Linux kernel, the following vulnerability has been resolved: mm: fix zswap writeback race...

SUSE SLED15 / SLES15 Security Update : ldns (SUSE-SU-2026:2462-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2462-1 advisory. This update for ldns fixes the following issue - CVE-2026-10846: When ldns is used by applications for stub resolving, ...

Amazon Linux 2 : kernel, --advisory ALAS2-2026-3380 (ALAS-2026-3380)

The version of kernel installed on the remote host is prior to 4.14.355-284.735. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3380 advisory. In the Linux kernel, the following vulnerability has been resolved: rtnetlink: add missing netlinknscapable check for peer...

Amazon Linux 2023 : libusbx, libusbx-devel, libusbx-tests-examples (ALAS2023-2026-1848)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1848 advisory. libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claim...

Amazon Linux 2023 : freerdp, freerdp-devel, freerdp-libs (ALAS2023-2026-1822)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1822 advisory. FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because...

Amazon Linux 2023 : mod_http2 (ALAS2023-2026-1859)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1859 advisory. Use After Free vulnerability in Apache HTTP Server module modhttp2 when file handles are already exhausted. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.67. CVE-2026-48913...