SUSE SLED15 / SLES15 Security Update : LibVNCServer (SUSE-SU-2026:2427-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2427-1 advisory. - CVE-2026-44988: Fixed missing validation of rectangle width in tight gradient decoding can lead to server-triggered...

AlmaLinux 9 : dracut (ALSA-2026:26533)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:26533 advisory. dracut: dracut: Root code execution via DHCP options command injection CVE-2026-6893 Tenable has extracted the preceding description block directly from the...

Linux Distros Unpatched Vulnerability : CVE-2026-53489

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux - Unknown description CVE-2026-53489 Note that Nessus relies on the presence of the package as reported by the vendor. C Tenable, Inc...

Debian dsa-6351 : chromium - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6351 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6351-1 [email protected]...

Linux Distros Unpatched Vulnerability : CVE-2026-46977

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: VMSVGA device. The supported version that is affected is 7.2.8. Easily...

Debian dsa-6353 : gstreamer1.0-libav - security update

The remote Debian 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-6353 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6353-1 [email protected] https://www.debian.org/security/ Moritz...

Debian dsa-6354 : libconfig-inifiles-perl - security update

The remote Debian 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-6354 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6354-1 [email protected] https://www.debian.org/security/...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : libheif vulnerabilities (USN-8454-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8454-1 advisory. Elhanan Haenel discovered that libheif incorrectly handled certain malformed HEIF sequence files...

Linux Distros Unpatched Vulnerability : CVE-2026-48779

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to but not including 5.2.5, from 6.0.0 up to 6.2.4, from 7.0.0 up to...

Linux Distros Unpatched Vulnerability : CVE-2026-44691

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files e.g. .theia/tasks.json, .vscode/tasks.json could be executed without...

SUSE SLES16 Security Update : opensc (SUSE-SU-2026:22126-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22126-1 advisory. - CVE-2025-49010: stack-buffer-overflow via crafted smart card or USB device responses bsc1261214. - CVE-2025-66037: crafted input...

Linux Distros Unpatched Vulnerability : CVE-2026-48822

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting XSS vulnerability in the Markdown-to-HTML conversion...

Fedora 44 : util-linux (2026-c70cb96ff1)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-c70cb96ff1 advisory. upstream upgrade with security fixes: - CVE-2026-53612 - libmount: TOCTOU attack via ancestor directory swap during mount - CVE-2026-53613 - libmoun...

SUSE SLES12 Security Update : qemu (SUSE-SU-2026:2406-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2406-1 advisory. - CVE-2023-1544: pvrdma: out-of-bounds read in pvrdmaringnextelemread bsc1209554. - CVE-2025-11234: qemu-kvm: use-after-free in websocket...

Photon OS 5.0: Ruby PHSA-2026-5.0-0882

An update of the ruby package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0882. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Linux Distros Unpatched Vulnerability : CVE-2026-43915

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting XSS vulnerability in the...

Linux Distros Unpatched Vulnerability : CVE-2026-45696

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11...

Linux Distros Unpatched Vulnerability : CVE-2026-9697

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection...

Linux Distros Unpatched Vulnerability : CVE-2026-48937

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a GOAWAY frame. This vulnerability affects two supported release...

MiracleLinux 8 : xorg-x11-server-1.20.11-28.el8_10.2 (AXSA:2026-803:05)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-803:05 advisory. xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch...

Oracle Linux 8 : xorg-x11-server (ELSA-2026-26709)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-26709 advisory. 1.20.11-28.2 - Other security related fixes Resolves: https://redhat.atlassian.net/browse/RHEL-184289 1.20.11-28.1 - CVE fix for: CVE-2026-50256,...

RockyLinux 9 : xorg-x11-server-Xwayland (RLSA-2026:26590)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26590 advisory. xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch...

RockyLinux 8 : xorg-x11-server-Xwayland (RLSA-2026:26562)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26562 advisory. xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch...

RockyLinux 8 : xorg-x11-server (RLSA-2026:26709)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26709 advisory. xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch...

RockyLinux 9 : xorg-x11-server (RLSA-2026:26610)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26610 advisory. xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch...

MiracleLinux 8 : xorg-x11-server-Xwayland-21.1.3-20.el8_10.2 (AXSA:2026-805:03)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-805:03 advisory. xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch...

Oracle Linux 8 : xorg-x11-server-Xwayland (ELSA-2026-26562)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-26562 advisory. 21.1.3-20.2 - Other security related fixes Resolves: https://redhat.atlassian.net/browse/RHEL-184293 21.1.3-20.1 - CVE fix for: CVE-2026-50256,...

RHEL 9 : xorg-x11-server (RHSA-2026:26610)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26610 advisory. X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical us...

AlmaLinux 8 : xorg-x11-server (ALSA-2026:26709)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:26709 advisory. xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch...

Linux Distros Unpatched Vulnerability : CVE-2026-9679

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: undici's cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00, %3B, and %3D into the...

SUSE SLED15 / SLES15 Security Update : libcaca (SUSE-SU-2026:2423-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2423-1 advisory. This update for libcaca fixes the following issue - CVE-2026-42046: an integer overflow vulnerability in libcaca's canv...

Linux Distros Unpatched Vulnerability : CVE-2026-48933

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js WebCrypto implementation can crash the process if the input of subtle.encrypt is a multiple of 2GiB. This vulnerability affects all supported...

Photon OS 5.0: Jq PHSA-2026-5.0-0885

An update of the jq package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0885. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid321792...

Photon OS 5.0: Samba PHSA-2026-5.0-0886

An update of the samba package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0886. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

RHEL 8 / 9 : Satellite 6.16.9 Async Update (Important) (RHSA-2026:27076)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27076 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessi...

SUSE SLES15 Security Update : kernel (SUSE-SU-2026:2421-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2421-1 advisory. The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues The following security issues were fixed: -...

SUSE SLES15 Security Update : kubevirt-1.6 (SUSE-SU-2026:2401-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2401-1 advisory. This update for kubevirt-1.6 fixes the following issues Update to version 1.6.6, fixes various go embedded security issues: -...

SUSE SLES16 Security Update : google-guest-agent (SUSE-SU-2026:22128-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22128-1 advisory. Changes in google-guest-agent: Update to version 20260430.00 Update OWNERS 609 Update THIRDPARTYLICENSES to be package specific...

Photon OS 5.0: Dotnet PHSA-2026-5.0-0884

An update of the dotnet package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0884. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

SUSE SLES12 Security Update : openssh8.4 (SUSE-SU-2026:2430-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2430-1 advisory. This update for openssh8.4 fixes the following issues - CVE-2026-3497: Information disclosure or denial of service due to uninitialized variabl...

SUSE SLES16 Security Update : kernel (SUSE-SU-2026:22127-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22127-1 advisory. The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: -...

RHEL 8 : kernel (RHSA-2026:26535)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26535 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: geneve: Fix use-after-free in...

SUSE SLES12 Security Update : openssh (SUSE-SU-2026:2395-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2395-1 advisory. This update for openssh fixes the following issues - CVE-2026-3497: information disclosure or denial of service due to uninitialized variables...

SUSE SLES12 Security Update : frr (SUSE-SU-2026:2455-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2455-1 advisory. This update for frr fixes the following issues - CVE-2026-5107: Fixed an improper access controls in EVPN Type-2 Route Handler bsc1261013. -...

Photon OS 5.0: Linux PHSA-2026-5.0-0888

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0888. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

SUSE SLES15 Security Update : frr (SUSE-SU-2026:2454-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2454-1 advisory. This update for frr fixes the following issues Update to frr 8.5.7: - CVE-2026-5107: Fixed an improper access controls in EVPN Type...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : Go Cryptography vulnerabilities (USN-8447-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8447-1 advisory. It was discovered that Go Cryptography did not properly handle SSH global request responses. ...

SUSE SLES15 Security Update : openssl-1_0_0 (SUSE-SU-2026:2399-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2399-1 advisory. This update for openssl-100 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String...

Oracle Linux 7 : openssh (ELSA-2026-22468)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-22468 advisory. 7.4p1-23.0.5 - Fix privilege escalation via scp legacy protocol when not in preserving file mode CVE-2026-35385Orabug: 39480251 Tenable has extracted the...

Linux Distros Unpatched Vulnerability : CVE-2026-48617

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypas...