Oracle Linux 9 : unbound (ELSA-2026-18931)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-18931 advisory. 1.24.2-2 - Switch TLS configuration to follow TLS sockets by crypto-policy again RHEL-147860 - Change the default of tls-use-system-policy-versions at...

Linux Distros Unpatched Vulnerability : CVE-2026-50170

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.1...

Oracle E-Business Suite (June 2026 CSPU)

The versions of Oracle E-Business Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the June 2026 CSPU advisory. - Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite component: Core. Easily exploitable...

Oracle Linux 9 : crun (ELSA-2026-19178)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-19178 advisory. - fixes CVE-2026-30892 crun: crun: Privilege escalation due to incorrect parsing of the --user option rhel-9.8 Tenable has extracted the preceding description...

Linux Distros Unpatched Vulnerability : CVE-2026-54531

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loo...

Oracle Linux 9 : webkit2gtk3 (ELSA-2026-19206)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19206 advisory. 2.52.3-1 - Update to 2.52.3 2.50.4-1 - Update to 2.50.4 2.50.3-1 - Update to 2.50.3 2.50.1-1 - Update to 2.50.1 2.50.0-1 - Update to 2.50.0 2.48.5-1 -...

Oracle Linux 9 : NetworkManager (ELSA-2026-18597)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18597 advisory. - Fix CVE-2025-9615 RHEL-111783 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has no...

Carrier Corporation i-VU Incorrect Authorization (CVE-2024-5539)

CWE-863 Incorrect Authorization vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The system fails to perform adequate authorization checks, allowing an actor to perform actions or access resources without proper entitlement, leading to...

Vertiv Liebert SiteScan Cross-site Scripting (CVE-2024-5540)

CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products in versions older than 8.0. Untrusted data is included in web pages without proper validation, allowing...

Photon OS 5.0: Libxml2 PHSA-2026-5.0-0874

An update of the libxml2 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0874. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

RHEL 8 : samba (RHSA-2026:28058)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28058 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...

Linux Distros Unpatched Vulnerability : CVE-2026-50556

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.1...

Linux Distros Unpatched Vulnerability : CVE-2026-53550

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing b...

Linux Distros Unpatched Vulnerability : CVE-2026-12479

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A path traversal vulnerability exists in keras-team/keras version 3.14.0, specifically in the DiskIOStore.make method within the Keras 3 model saving and loadin...

Linux Distros Unpatched Vulnerability : CVE-2026-46417

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.12,...

Oracle Solaris Critical Patch Update : jun2026_SRU11_4_93_221_2

The version of Solaris installed on the remote host is prior to 11.4.93.221.2. It is, therefore, affected by multiple vulnerabilities as referenced in the solaris11jun2026SRU114932212 advisory. - Vulnerability in the Oracle Solaris product of Oracle Systems component: Remote Administration Daemon...

Linux Distros Unpatched Vulnerability : CVE-2026-50178

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. the client-side Angular Language Service VS Code...

RHEL 8 : samba (RHSA-2026:28056)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28056 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...

Debian dsa-6362 : gir1.2-gst-plugins-bad-1.0 - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6362 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6362-1 [email protected] https://www.debian.org/securit...

Linux Distros Unpatched Vulnerability : CVE-2026-50171

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.1...

Linux Distros Unpatched Vulnerability : CVE-2026-53655

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next head...

Oracle Linux 9 : freeipmi (ELSA-2026-19208)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19208 advisory. 1.6.17-1 - Update to 1.6.17, fixes CVE-2026-33554 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

Carrier Corporation i-VU Improper Validation of Array Index (CVE-2025-0657)

CWE-129 Improper Validation of Array Index vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. Software uses an array index that has not been properly validated to ensure it falls within valid array bounds. This can result in out-of-bounds access,...

RHEL 9 : samba (RHSA-2026:28053)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28053 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...

RHEL 9 : redis:7 (RHSA-2026:28142)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28142 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and...

Linux Distros Unpatched Vulnerability : CVE-2026-50555

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.1...

FreeBSD : podman -- files outside build context may be included via malicious Git repo or tar archive (fe2e8bdc-ff48-4166-b285-59822c7cf473)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fe2e8bdc-ff48-4166-b285-59822c7cf473 advisory. The Podman developers report: Building a Dockerfile using an ADD or COPY instruction accessing a...

Oracle Linux 9 : systemd (ELSA-2026-19213)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19213 advisory. - coredump: use %d in kernel core pattern - CVE-2025-4598 Tenable has extracted the preceding description block directly from the Oracle Linux security advisor...

Linux Distros Unpatched Vulnerability : CVE-2026-50557

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.1...

Ubuntu 26.04 LTS : Linux kernel (Azure) vulnerabilities (USN-8461-1)

The remote Ubuntu 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8461-1 advisory. It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. ...

Oracle Linux 9 : p11-kit (ELSA-2026-18599)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18599 advisory. 0.26.2-1 - Rebase to 0.26.2 Resolves: RHEL-147825 0.26.1-1 - Rebase to 0.26.1 Resolves: RHEL-139075, RHEL-118361, RHEL-126132 0.25.10-1 - Update to new upstrea...

RHEL 8 : webkit2gtk3 (RHSA-2026:28114)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28114 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously...

RHEL 9 : webkit2gtk3 (RHSA-2026:28148)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28148 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously...

Ubuntu 20.04 LTS : Linux kernel (Oracle) vulnerabilities (USN-8462-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8462-1 advisory. It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A...

RHEL 9 : webkit2gtk3 (RHSA-2026:28146)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28146 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously...

Oracle Linux 9 : podman (ELSA-2026-19173)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19173 advisory. - fixes CVE-2026-34986 go-jose: Go JOSE Denial of Service via crafted JWE Tenable has extracted the preceding description block directly from the Oracle Linux...

IBM WebSphere eXtreme Scale 8.6.1.0 < 8.6.1.6 (7277387)

The version of IBM WebSphere eXtreme Scale installed on the remote host is prior to 8.6.1.6. It is, therefore, affected by multiple vulnerabilities as referenced in the 7277387 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of...

RHEL 7 : samba (RHSA-2026:28132)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28132 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...

Carrier Corporation i-VU Storing Passwords in a Recoverable Format (CVE-2025-14295)

CWE-257 Storing Passwords in a Recoverable Format vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. An attacker with elevated access can retrieve passwords stored in a recoverable format, potentially compromising credentials and neighboring...

Automated Logic WebCTRL Open Redirect (CVE-2024-8527)

CWE-601 URL Redirection to Untrusted Site 'Open Redirect' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. The application accepts a user-supplied URL and redirects without proper validation, allowing attackers to exploit user sessions through ...

Oracle Linux 9 : sudo (ELSA-2026-19220)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19220 advisory. - CVE-2026-35535 sudo: Privilege escalation due to failure in privilege drop calls Resolves: RHEL-166069 Tenable has extracted the preceding description block...

Linux Distros Unpatched Vulnerability : CVE-2026-49460

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes...

Automated Logic WebCTRL Cross-site Scripting (CVE-2024-8528)

CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. User input is not properly sanitized, allowing injection of malicious scripts into web pages viewed by...

Linux Distros Unpatched Vulnerability : CVE-2026-54651

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.13.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loo...

Oracle Linux 9 : gstreamer1-plugins-bad-free, / gstreamer1-plugins-base, / gstreamer1-plugins-good, / and / gstreamer1-plugins-ugly-free (ELSA-2026-19180)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19180 advisory. gstreamer1-plugins-bad-free 1.22.12-7 - Rebuild to fix missing binaries due to buildsystem oversight 1.22.12-6 - Rebuild for z-stream Resolves:...

Linux Distros Unpatched Vulnerability : CVE-2026-55655

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by...

Oracle Linux 9 : python-tornado (ELSA-2026-19189)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-19189 advisory. 6.5.5-1 - Update to 6.5.5 Resolves: RHEL-160942 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...

Oracle Linux 9 : mariadb:11.8 (ELSA-2026-19182)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19182 advisory. galera 26.4.25-1.0.1 - Drop nmap-ncat requirement. Orabug: 34116228 - Requirement to delete lp1184034 test case without using patches. 26.4.25-1 - Rebased to...

Oracle WebLogic Server (June 2026 CSPU)

The 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the June 2026 CSPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core...

Oracle Linux 9 : luksmeta (ELSA-2026-18824)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18824 advisory. 10-1 - New upstream release v10 Resolves: RHEL-122139 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...