338622 matches found
Fedora 42 : valkey (2026-114b1e5d3a)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-114b1e5d3a advisory. Version 8.0.9 Security fixes - CVE-2026-23479 Use-After-Free in unblock client flow - CVE-2026-25243 Invalid Memory Access in RESTORE command -...
Photon OS 4.0: Protobuf PHSA-2026-4.0-1019
An update of the protobuf package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1019. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Fedora 44 : chromium (2026-885a3f8c70)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-885a3f8c70 advisory. Update to 148.0.7778.167 CVE-2026-8509: Heap buffer overflow in WebML CVE-2026-8510: Integer overflow in Skia CVE-2026-8511: Use after free in UI...
Fedora 44 : libgit2_1.8 (2026-a4d5162b52)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-a4d5162b52 advisory. Update to version 1.8.5. Release notes: https://github.com/libgit2/libgit2/releases/tag/v1.8.5 Tenable has extracted the preceding description block directly...
Linux Distros Unpatched Vulnerability : CVE-2026-8507
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds OOB write flaws. When parsing a PKCS12 file, with a = 1 GiB OCTET STRING or BIT STRING...
Fedora 44 : coturn (2026-3b3139882c)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3b3139882c advisory. Coturn 4.11.0 - Fix prometheus response memory leak introduced in 4.10.0 - Use constant-time compare for STUN MESSAGE-INTEGRITY HMAC - Fix format-string...
Fedora 44 : valkey (2026-3e31dafe5c)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3e31dafe5c advisory. Version 9.0.4 Security fixes - CVE-2026-23479 Use-After-Free in unblock client flow - CVE-2026-25243 Invalid Memory Access in RESTORE command -...
Photon OS 4.0: Expat PHSA-2026-4.0-1013
An update of the expat package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1013. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Fedora 42 : pgbouncer (2026-cf2ba5b766)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-cf2ba5b766 advisory. Update to 1.25.2. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...
Fedora 44 : python-jupytext (2026-301cbbe347)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-301cbbe347 advisory. This update contains upgrades to various npm packages used during the build to address CVEs, namely: - CVE-2025-69873 ajv - CVE-2026-0540 DOMPurify ...
Fedora 42 : apptainer (2026-db5621b65e)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-db5621b65e advisory. Update to upstream 1.5.0, fix CVE-2026-32285 and CVE-2026-34986 ---- Update to upstream 1.5.0-rc.2 ---- Update to upstream 1.5.0-rc.1 Tenable has...
Fedora 44 : apptainer (2026-d516d12934)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d516d12934 advisory. Update to upstream 1.5.0, fix CVE-2026-32285 and CVE-2026-34986 ---- Update to upstream 1.5.0-rc.2 ---- Update to upstream 1.5.0-rc.1 Tenable has...
Fedora 43 : apptainer (2026-6c547e9f64)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-6c547e9f64 advisory. Update to upstream 1.5.0, fix CVE-2026-32285 and CVE-2026-34986 ---- Update to upstream 1.5.0-rc.2 ---- Update to upstream 1.5.0-rc.1 Tenable has...
Linux Distros Unpatched Vulnerability : CVE-2026-31236
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command- line argument. This argument is intended to allow use...
AlmaLinux 8 : gimp:2.8 (ALSA-2026:17533)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:17533 advisory. gimp: GIMP:Memory disclosure and denial of service via specially crafted PCX image CVE-2026-4887 gimp: GIMP: Remote Code Execution via XPM File Parsing...
Linux Distros Unpatched Vulnerability : CVE-2026-44310
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify in...
Amazon Linux 2023 : libgcrypt, libgcrypt-devel (ALAS2023-2026-1705)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1705 advisory. Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcrypkdecrypt. CVE-2026-41989 Tenable has extracted the preceding description...
Linux Distros Unpatched Vulnerability : CVE-2026-44699
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LibJWT is a C JSON Web Token Library. From 3.0.0 to 3.3.2, libjwt accepts an RSA JWK that does not contain an alg parameter as the verification key for an...
Photon OS 5.0: Chromium PHSA-2026-5.0-0850
An update of the chromium package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0850. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Amazon Linux 2023 : python3-pip, python3-pip-wheel (ALAS2023-2026-1689)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1689 advisory. pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferr...
openSUSE 16 Security Update : trivy (openSUSE-SU-2026:20720-1)
The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20720-1 advisory. Changes in trivy: - update go-git to 5.18.0 bsc1264873, CVE-2026-41506 Tenable has extracted the preceding description block directly from the SUSE...
Amazon Linux 2023 : socat (ALAS2023-2026-1701)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1701 advisory. readline.sh in socat through 1.8.0.1 relies on the /tmp/$USER/stderr2 file. CVE-2024-54661 Tenable has extracted the preceding description block directly from the tested product security advisory. Note...
SUSE SLED15 / SLES15 Security Update : Mesa (SUSE-SU-2026:1839-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1839-1 advisory. This update for Mesa fixes the following issue: - CVE-2026-40393: out-of-bounds memory access can occur in WebGPU becau...
Linux Distros Unpatched Vulnerability : CVE-2026-42266
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the...
SUSE SLES15 Security Update : python-Mako (SUSE-SU-2026:1820-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1820-1 advisory. This update for python-Mako fixes the following issue: - CVE-2026-41205: Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path...
SUSE SLES16 Security Update : ongres-scram, ongres-stringprep, plexus-testing, maven, maven-doxia, mojo-parent, sisu (SUSE-SU-2026:21608-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:21608-1 advisory. Changes in ongres-scram: - Version 3.2 Fix Timing Attack Vulnerability in SCRAM Authentication bsc1250399, CVE-2025-59432 Updated...
SUSE SLES15 Security Update : python39 (SUSE-SU-2026:1818-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1818-1 advisory. Security issues fixed: - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969. - CVE-2026-3446: base6...
Linux Distros Unpatched Vulnerability : CVE-2026-8704
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified. CVE-2026-8704 Note that Nessus relies on the presence of the...
Amazon Linux 2023 : ImageMagick, ImageMagick-c++, ImageMagick-c++-devel (ALAS2023-2026-1704)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1704 advisory. Stack buffer overflow in XTileImage CVE-2026-42050 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus has not tested for this iss...
Microsoft Edge (Chromium) < 148.0.3967.70 Multiple Vulnerabilities
The version of Microsoft Edge installed on the remote Windows host is prior to 148.0.3967.70. It is, therefore, affected by multiple vulnerabilities as referenced in the May 15, 2026 advisory. - Microsoft Edge Chromium-based Remote Code Execution Vulnerability CVE-2026-45495 - Improper input...
SUSE SLES12 Security Update : Mesa (SUSE-SU-2026:1844-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:1844-1 advisory. This update for Mesa fixes the following issue: - CVE-2026-40393: out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated...
SUSE SLES15 Security Update : python-Pillow (SUSE-SU-2026:1842-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:1842-1 advisory. This update for python-Pillow fixes the following issue - CVE-2026-42310: infinite loop and resource exhaustion when processing specially crafted PDFs...
Amazon Linux 2023 : perl-Text-CSV_XS (ALAS2023-2026-1697)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1697 advisory. CSVXS versions before 1.62 for Perl have a use-after-free whenregistered callbacks extend the Perl argument stack, which may enabletype confusion or memory corruption. CVE-2026-7111 Tenable has extract...
SUSE SLES15 Security Update : firebird (SUSE-SU-2026:1868-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1868-1 advisory. This update for firebird fixes the following issues - CVE-2025-65104: Information leak vulnerability in firebird3 client when used with newer =...
SUSE SLES16 Security Update : MozillaFirefox (SUSE-SU-2026:21607-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21607-1 advisory. This update for MozillaFirefox fixes the following issues Updated to Firefox Extended Support Release 140.10.2 ESR bsc1264378,MFSA...
Fedora 42 : libgit2_1.8 (2026-bb6bb5d1e4)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-bb6bb5d1e4 advisory. Update to version 1.8.5. Release notes: https://github.com/libgit2/libgit2/releases/tag/v1.8.5 Tenable has extracted the preceding description block directly...
openSUSE 16 Security Update : kdenlive (openSUSE-SU-2026:20723-1)
The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20723-1 advisory. Changes in kdenlive: - CVE-2026-45184: Fixed a remote code execution through opening a malicious project file boo1264711. Tenable has extracted the...
SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2026:1830-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1830-1 advisory. This update for MozillaFirefox fixes the following issues Updated to Firefox Extended Support Release 140.10.2 ESR bsc1264378,MFSA 2026-41: -...
Fedora 43 : yelp (2026-7c3b91a2bc)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-7c3b91a2bc advisory. Yelp 49.1, fixing: Flatpak applications are able to exfiltrate host files due to yelp's CSP being too permissive Tenable has extracted the preceding...
Fedora 43 : pypy (2026-3505a95524)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3505a95524 advisory. Security fix for CVE-2026-3219 in the bundled pip wheel Tenable has extracted the preceding description block directly from the Fedora security advisory. Not...
SUSE SLES16 Security Update : ImageMagick (SUSE-SU-2026:21615-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:21615-1 advisory. This update for ImageMagick fixes the following issue - CVE-2026-31853: heap buffer overflow leads to crash in the SFW decoder of 32-bit...
Amazon Linux 2023 : nspr, nspr-devel, nss (ALAS2023-2026-1703)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1703 advisory. Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. CVE-2026-6766 Other...
Linux Distros Unpatched Vulnerability : CVE-2026-46433
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lldpd is an implementation of IEEE 802.1ab LLDP. Prior to version 1.0.22, lldpddecode in src/daemon/lldpd.c strips 802.1Q VLAN tags from received Ethernet frame...
Amazon Linux 2023 : glslang, glslang-devel (ALAS2023-2026-1707)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1707 advisory. A vulnerability, which was classified as problematic, has been found in Khronos Group glslang 15.1.0. Affected by this issue is the function glslang::TIntermediate::isConversionAllowed of the file...
Amazon Linux 2023 : ruby3.4, ruby3.4-bundled-gems, ruby3.4-default-gems (ALAS2023-2026-1690)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1690 advisory. ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB...
Linux Distros Unpatched Vulnerability : CVE-2026-44309
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-enco...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : mozjs115 (SUSE-SU-2026:1870-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1870-1 advisory. This update for mozjs115 fixes the following issues - CVE-2026-32776: libexpat: NULL pointer...
SUSE SLED15 / SLES15 Security Update : mozjs60 (SUSE-SU-2026:1817-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1817-1 advisory. This update for mozjs60 fixes the following issues - CVE-2026-32776: libexpat: NULL pointer dereference when...
SUSE SLED15 / SLES15 Security Update : Mesa (SUSE-SU-2026:1845-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1845-1 advisory. This update for Mesa fixes the following issue: - CVE-2026-40393: out-of-bounds memory access can occur in WebGPU becau...
openSUSE 16 Security Update : chromium (openSUSE-SU-2026:20727-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20727-1 advisory. Changes in chromium: - Chromium 148.0.7778.167 boo1265159 - Chromium 148 148.0.7778.96 promoted to stable boo1264175 CVE-2026-7896: Integer...