RHEL 8 : kernel (RHSA-2026:27355)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27355 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net/sched: actpedit: extend the writab...

Fedora 44 : python3.13 (2026-dfc9182263)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-dfc9182263 advisory. New Python version including bugfixes and security fixes. Tenable has extracted the preceding description block directly from the Fedora security...

Fedora 43 : python3.13 (2026-2deb979d80)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-2deb979d80 advisory. New Python release including bugfixes and security fixes. Tenable has extracted the preceding description block directly from the Fedora security...

Linux Distros Unpatched Vulnerability : CVE-2026-9375

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API preloadcontent=False when using Brotli support. The issue arises due to...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.5.1.8)

The version of AOS installed on the remote host is prior to 7.5.1.8. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.5.1.8 advisory. - A flaw was found in GLib Gnome Lib. This vulnerability allows a remote attacker to cause heap corruption, leading to a deni...

Debian dsa-6356 : imagemagick - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6356 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6356-1 [email protected] https://www.debian.org/securit...

Photon OS 5.0: Freetype2 PHSA-2026-5.0-0884

An update of the freetype2 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0884. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Fedora 43 : erlang-cowboy / erlang-cowlib / erlang-gun (2026-2aa86d411f)

The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-2aa86d411f advisory. Gun ver. 2.4.1 and its dependencies ---- New erlang-gun Tenable has extracted the preceding description block directly from the Fedora security...

Linux Distros Unpatched Vulnerability : CVE-2026-49342

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the...

Fedora 44 : kubernetes1.34 (2026-eee09dc43b)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-eee09dc43b advisory. - Update to release v1.34.9 - Resolves: rhbz2467605 - Upstream fixes Tenable has extracted the preceding description block directly from the Fedora security...

Fedora 44 : xdg-desktop-portal (2026-d8f8abf763)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d8f8abf763 advisory. Update to 1.22.1 It fixes CVE-2026-55888 and CVE-2026-55889. Tenable has extracted the preceding description block directly from the Fedora security...

Linux Distros Unpatched Vulnerability : CVE-2025-70102

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd 10.3.0 while parsing configuration options. In parseoption src/if-options.c:1886, t...

Fedora 44 : chromium (2026-650bd96540)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-650bd96540 advisory. Update to 149.0.7827.155 CVE-2026-12437: Use after free in WebShare CVE-2026-12438: Inappropriate implementation in WebView CVE-2026-12439: Use afte...

Linux Distros Unpatched Vulnerability : CVE-2026-56406

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libexpat before 2.8.2 has an integer overflow in XMLParseBuffer because it lacked a check that was present in XMLParse. CVE-2026-56406 Note that Nessus relies o...

Linux Distros Unpatched Vulnerability : CVE-2026-56405

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libexpat before 2.8.2 has an integer overflow in getAttributeId. CVE-2026-56405 Note that Nessus relies on the presence of the package as reported by the vendor...

Linux Distros Unpatched Vulnerability : CVE-2026-49337

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes...

Linux Distros Unpatched Vulnerability : CVE-2026-56410

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId. CVE-2026-56410 Note that Nessus relies on the presence of the package as reported by...

Debian dsa-6360 : squid - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6360 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6360-1 [email protected] https://www.debian.org/securit...

Fedora 43 : openssl (2026-840334a045)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-840334a045 advisory. Rebase to OpenSSL 3.5.7 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

Fedora 43 : webkitgtk (2026-1557aaef26)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-1557aaef26 advisory. Add support for half-width fonts. Improve content filter compilation by avoiding file copies. Improve handling of out of disk space conditions when...

Fedora 43 : perl-Config-IniFiles (2026-3cce371bdf)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3cce371bdf advisory. Update to 3.001000, fixes CVE-2026-11527 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

Fedora 45 : moby-engine (2026-d8b527c6c7)

The remote Fedora 45 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d8b527c6c7 advisory. Automatic update for moby-engine-29.6.0-1.fc45. Changelog Fri Jun 19 2026 Bradley G Smith - 29.6.0-1 - Update to release v29.6.0 - Resolves:...

RHEL 8 : kernel (RHSA-2026:27353)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27353 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Use-after-free ...

Debian dsa-6355 : ata-modules-6.12.90+deb13-armmp-di - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6355 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6355-1 [email protected] https://www.debian.org/securit...

RHEL 8 : kernel-rt (RHSA-2026:27354)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27354 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...

Oracle Linux 8 : redis:6 (ELSA-2026-26008)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-26008 advisory. 6.2.22-1.0.1 - Build with 64k pages to support redis on both UEK6 and UEK7 on aarch64 6.2.22-1 - rebase to 6.2.22 for CVE-2026-25243 Tenable has extracted the...

MiracleLinux 8 : [security - high] postgresql:15, postgresql-15.18-1.module+el8+1991+27afe6d7 (AXSA:2026-811:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-811:01 advisory. postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison CVE-2026-6478 postgresql: integer overflow can cause...

Oracle Linux 8 : postgresql:15 (ELSA-2026-26181)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-26181 advisory. - Fix CVE-2026-6478 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...

Photon OS 5.0: Nano PHSA-2026-5.0-0886

An update of the nano package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0886. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

SUSE SLES15 Security Update : rootlesskit (SUSE-SU-2026:2451-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2451-1 advisory. This update for rootlesskit rebuilds it against the current go security release. Tenable has extracted the preceding description block...

Linux Distros Unpatched Vulnerability : CVE-2026-49268

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A remote attacker can inject LDAP special characters into the Distinguished Name DN construction in DefaultLdapRealm class. User-supplied username input is...

Linux Distros Unpatched Vulnerability : CVE-2026-48142

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both...

AlmaLinux 8 : dracut (ALSA-2026:26534)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:26534 advisory. dracut: dracut: Root code execution via DHCP options command injection CVE-2026-6893 Tenable has extracted the preceding description block directly from the...

Linux Distros Unpatched Vulnerability : CVE-2025-15661

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a...

SUSE SLED15 / SLES15 Security Update : docker (SUSE-SU-2026:2429-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2429-1 advisory. - Update to Docker 29.4.0. See upstream changelog online at - Update to buildx 0.33.0. See upstream changelog online at...

Linux Distros Unpatched Vulnerability : CVE-2026-52909

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ip6vti: set netnsimmutable on the fallback device. john1988 and Noam Rathaus reported that vti6initnet does not set the netnsimmutable flag on the per-netns...

SUSE SLES12 Security Update : openssl-1_0_0 (SUSE-SU-2026:2396-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2396-1 advisory. This update for openssl-100 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion...

SUSE SLES12 Security Update : libcaca (SUSE-SU-2026:2394-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:2394-1 advisory. This update for libcaca fixes the following issue - CVE-2026-42046: an integer overflow vulnerability in libcaca's canvas import functionality may allo...

SUSE SLES15 Security Update : kubevirt (SUSE-SU-2026:2400-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2400-1 advisory. Update to version 1.7.4, fixes various go embedded security issues: - CVE-2025-47911: golang.org/x/net/html: various algorithms wit...

FreeBSD : nginx -- multiple vulnerabilities (08b0c0f6-6a85-11f1-b8e5-3497f65b111b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 08b0c0f6-6a85-11f1-b8e5-3497f65b111b advisory. The nginx developers report: A use-after-free vulnerability when using HTTP/3 and processing a...

Fedora 43 : ongres-scram / ongres-stringprep (2026-3fd14ce272)

The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-3fd14ce272 advisory. Ongres Scram update and security fix. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...

SUSE SLES12 Security Update : glibc (SUSE-SU-2026:2440-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2440-1 advisory. - CVE-2026-5928: libio: Fix ungetwc operating on byte stream bsc1262464, BZ 33998 - CVE-2026-5450: stdio-common: Fix buffer overflow in scanf %...

SUSE SLES12 Security Update : dnsmasq (SUSE-SU-2026:2458-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2458-1 advisory. This update for dnsmasq fixes the following issues - CVE-2026-2291: VU471747: dnsmasq can be abused to record false cached data enabling DoS or...

Linux Distros Unpatched Vulnerability : CVE-2026-44688

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing...

SUSE SLES15 Security Update : openssl-1_1-livepatches (SUSE-SU-2026:2412-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:2412-1 advisory. This update for openssl-11-livepatches fixes the following issues - CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify bsc1266357. Tenable has...

Linux Distros Unpatched Vulnerability : CVE-2026-9678

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded qualified...

SUSE SLED15 / SLES15 Security Update : runc (SUSE-SU-2026:2414-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2414-1 advisory. This update for runc rebuilds it against the current go security release. Tenable has extracted the preceding descripti...

Fedora 43 : restic (2026-e6094447f0)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-e6094447f0 advisory. Update to 0.19.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

SUSE SLES15 Security Update : libcaca (SUSE-SU-2026:2424-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2424-1 advisory. This update for libcaca fixes the following issue - CVE-2026-42046: an integer overflow vulnerability in libcaca's canvas import functionali...

Linux Distros Unpatched Vulnerability : CVE-2026-12199

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in nltk.app.wordnetapp up to version 3.9.3 allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when started in its...