Fedora 45 : docker-buildx (2026-33cccee12b)

The remote Fedora 45 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-33cccee12b advisory. Automatic update for docker-buildx-0.35.0-1.fc45. Changelog Thu Jun 18 2026 Bradley G Smith - 0.35.0-1 - Update to release v0.35.0 - Resolves:...

SUSE SLES16 Security Update : google-guest-agent (SUSE-SU-2026:22128-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22128-1 advisory. Changes in google-guest-agent: Update to version 20260430.00 Update OWNERS 609 Update THIRDPARTYLICENSES to be package specific...

Linux Distros Unpatched Vulnerability : CVE-2026-48934

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation. This vulnerability affects all supported release lines: Node.j...

Linux Distros Unpatched Vulnerability : CVE-2026-48618

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver an...

SUSE SLES15 Security Update : kubevirt-1.6 (SUSE-SU-2026:2401-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2401-1 advisory. This update for kubevirt-1.6 fixes the following issues Update to version 1.6.6, fixes various go embedded security issues: -...

Linux Distros Unpatched Vulnerability : CVE-2026-48930

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings...

Linux Distros Unpatched Vulnerability : CVE-2026-9679

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: undici's cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00, %3B, and %3D into the...

SUSE SLED15 / SLES15 Security Update : docker (SUSE-SU-2026:2429-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2429-1 advisory. - Update to Docker 29.4.0. See upstream changelog online at - Update to buildx 0.33.0. See upstream changelog online at...

Linux Distros Unpatched Vulnerability : CVE-2026-48928

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release line...

RHEL 8 / 9 : Satellite 6.16.9 Async Update (Important) (RHSA-2026:27076)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27076 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessi...

Linux Distros Unpatched Vulnerability : CVE-2026-48615

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js proxy tunnel error handling could expose proxy credentials in ERRPROXYTUNNEL error messages. When proxy credentials are embedded in the proxy...

Linux Distros Unpatched Vulnerability : CVE-2026-48619

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client. This...

Linux Distros Unpatched Vulnerability : CVE-2026-11525

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather than the...

SUSE SLES15 Security Update : kubevirt (SUSE-SU-2026:2400-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2400-1 advisory. Update to version 1.7.4, fixes various go embedded security issues: - CVE-2025-47911: golang.org/x/net/html: various algorithms wit...

Linux Distros Unpatched Vulnerability : CVE-2026-9678

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded qualified...

Linux Distros Unpatched Vulnerability : CVE-2026-12151

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : pbkdf2 vulnerability (USN-8452-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8452-1 advisory. Nikita Skovoroda discovered that pbkdf2 did not properly validate certain algorithm names. An attacker could possibly use this...

Linux Distros Unpatched Vulnerability : CVE-2026-44942

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A path traversal in handling the path component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by...

Linux Distros Unpatched Vulnerability : CVE-2026-48931

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerability affects al...

Linux Distros Unpatched Vulnerability : CVE-2026-48937

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a GOAWAY frame. This vulnerability affects two supported release...

Linux Distros Unpatched Vulnerability : CVE-2026-48779

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to but not including 5.2.5, from 6.0.0 up to 6.2.4, from 7.0.0 up to...

Linux Distros Unpatched Vulnerability : CVE-2026-48617

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypas...

Linux Distros Unpatched Vulnerability : CVE-2026-48935

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability...

Linux Distros Unpatched Vulnerability : CVE-2026-48933

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js WebCrypto implementation can crash the process if the input of subtle.encrypt is a multiple of 2GiB. This vulnerability affects all supported...

Linux Distros Unpatched Vulnerability : CVE-2026-6733

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an...

MiracleLinux 8 : libxslt-1.1.32-6.4.el8_10 (AXSA:2026-796:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-796:02 advisory. libxslt: use-after-free with key data stored cross-RVT CVE-2025-10911 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 8 : dotnet10.0-10.0.109-1.el8_10 (AXSA:2026-791:11)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-791:11 advisory. dotnet: .NET: Local file tampering via link following vulnerability CVE-2026-45491 dotnet: ASP.NET Core: Denial of Service via uncontrolled resource...

Microsoft Edge (Chromium) < 149.0.4022.80 (CVE-2026-32208)

The version of Microsoft Edge installed on the remote Windows host is prior to 149.0.4022.80. It is, therefore, affected by a vulnerability as referenced in the June 18, 2026 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported...

Oracle Enterprise Manager Cloud Control (June 2026 CSPU)

The 13.5 and 24.1 versions of Enterprise Manager Base Platform installed on the remote host are affected by multiple vulnerabilities as referenced in the June 2026 CSPU advisory. - Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Target...

EulerOS Virtualization 2.10.1 : kernel (EulerOS-SA-2026-2429)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : xfrm: esp: avoid in-place decrypt on shared skb fragsCVE-2026-43284 crypto: algifaead - Revert to operating...

Python Library Tornado < 6.5.6 Multiple Vulnerabilities

The version of the Tornado Python library installed on the remote host is prior to 6.5.6. It is, therefore, affected by multiple vulnerabilities: - When SimpleAsyncHTTPClient follows a 3xx redirect, it shallow-copies the original HTTPRequest, rewrites the URL, decrements maxredirects, and removes...

Photon OS 4.0: Bindutils PHSA-2026-4.0-1035

An update of the bindutils package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1035. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Slackware Linux 15.0 / current openssl Multiple Vulnerabilities (SSA:2026-168-05)

The version of openssl installed on the remote host is prior to 1.1.1zh / 3.5.7. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2026-168-05 advisory. New openssl packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted t...

Lexmark Printers Missing Authentication for Critical Function (CVE-2019-9934)

Various Lexmark products have Incorrect Access Control issue 1 of 2. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid505493; scriptversion"1.3";...

Dell iDRAC Tools < 11.4.1.0 Improper Link Resolution (DSA-2026-239)

According to its self-reported version, the Dell iDRAC Tools installation on the remote host is affected by a link following vulnerability. Dell iDRAC Tools, versions prior to 11.4.1.0, contains an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attack...

Lexmark Printers Improper Access Control (CVE-2019-10058)

Various Lexmark products have Incorrect Access Control. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid505497; scriptversion"1.3";...

EulerOS Virtualization 2.10.0 : kernel (EulerOS-SA-2026-2430)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : xfrm: esp: avoid in-place decrypt on shared skb fragsCVE-2026-43284 crypto: algifaead - Revert to operating...

Fedora 45 : maradns (2026-b67348bd21)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-b67348bd21 advisory. Automatic update for maradns-3.5.0037-1.fc45. Changelog Mon Jun 15 2026 Tomasz Torcz - 3.5.0037-1 - update to 3.5.0037, fixing DNS-over-TCP bug rhbz2488786...

Lexmark Printers Cross-site Scripting (CVE-2019-18791)

Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. The vulnerability can be exploited to expose session credentials and other information via the users web browser. This plugin only works with Tenable.ot. Please visit...

Fedora 45 : nginx / nginx-mod-brotli / nginx-mod-fancyindex / etc (2026-e212182e6e)

The remote Fedora 45 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-e212182e6e advisory. nginx-mod-brotli: - Rebuild for 1.30.3 nginx-mod-fancyindex: - Rebuild for 1.30.3 nginx-mod-modsecurity: - Rebuild for 1.30.3 nginx-mod-headers-more...

Oracle MySQL Server 9.x < 9.7.1 (June 2026 CPU)

The versions of MySQL Server installed on the remote host are affected by a vulnerability as referenced in the June 2026 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Connection Handling. Supported versions that are affected are 8.4.0-8.4.9 and...

Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2026-168-04)

The version of mozilla-thunderbird installed on the remote host is prior to 140.12.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2026-168-04 advisory. New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues...

Lexmark Printers Cross-site Scripting (CVE-2020-10093)

A cross-site scripting XSS vulnerability in Lexmark Pro910 series inkjet and other discontinued products. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

Oracle MySQL Cluster 8.0.x < 8.0.47 (June 2026 CPU)

The versions of MySQL Cluster installed on the remote host are affected by multiple vulnerabilities as referenced in the June 2026 CPU advisory. - Vulnerability in the MySQL NDB Cluster product of Oracle MySQL component: Cluster: NDB Operator. Supported versions that are affected are 8.0.11-8.0.4...

RHEL 8 : xorg-x11-server (RHSA-2026:26709)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26709 advisory. X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical us...

nginx 1.31.x < 1.31.2 Use-After-Free Vulnerability

The installed version of nginx is 1.31.x prior to 1.31.2. It is, therefore, affected by the following vulnerability: - NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along...

Oracle MySQL Cluster 9.x < 9.7.1 (June 2026 CPU)

The versions of MySQL Cluster installed on the remote host are affected by multiple vulnerabilities as referenced in the June 2026 CPU advisory. - Vulnerability in the MySQL NDB Cluster product of Oracle MySQL component: Cluster: NDB Operator. Supported versions that are affected are 8.0.11-8.0.4...

MiracleLinux 8 : libpng15-1.5.30-9.el8_10 (AXSA:2026-794:03)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2026-794:03 advisory. libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 Tenable has extracted the preceding description block directly fro...

Oracle MySQL Cluster 8.4.x < 8.4.10 (June 2026 CPU)

The versions of MySQL Cluster installed on the remote host are affected by multiple vulnerabilities as referenced in the June 2026 CPU advisory. - Vulnerability in the MySQL NDB Cluster product of Oracle MySQL component: Cluster: NDB Operator. Supported versions that are affected are 8.0.11-8.0.4...

Oracle MySQL Server 8.4.x < 8.4.10 (June 2026 CPU)

The versions of MySQL Server installed on the remote host are affected by a vulnerability as referenced in the June 2026 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Connection Handling. Supported versions that are affected are 8.4.0-8.4.9 and...