RHEL 9 : kernel (RHSA-2026:26515)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26515 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net: use dstdevrcu in...

RHEL 8 : postgresql:15 (RHSA-2026:26561)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26561 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Operating system accou...

openSUSE 16 Security Update : cyrus-imapd (openSUSE-SU-2026:20962-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20962-1 advisory. Changes in cyrus-imapd: - cyrus-imapd don't start because of missing Requires=var-run.mount from systemd bsc1251788 Remove var-run.mount from...

Linux Distros Unpatched Vulnerability : CVE-2026-12438

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process t...

Debian dsa-6348 : gsasl - security update

The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6348 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6348-1 [email protected] https://www.debian.org/security/ Moritz...

Fedora 44 : ldns (2026-1c6479b257)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-1c6479b257 advisory. Update to 1.9.2 for CVE-2026-10846 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Linux Distros Unpatched Vulnerability : CVE-2026-12465

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Object lifecycle issue in Metrics in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially...

Linux Distros Unpatched Vulnerability : CVE-2026-12451

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially...

RockyLinux 8 : redis:6 (RLSA-2026:26008)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:26008 advisory. redis: RESTORE invalid memory access may allow remote code execution CVE-2026-25243 Tenable has extracted the preceding description block directly from the...

Hitachi Energy RTU500 Infinite Loop (CVE-2026-32777)

libexpat before 2.7.5 allows an infinite loop while parsing DTD content, causing Denial of Service impact. Product is only affected if IEC 61850 functionality is configured. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Linux Distros Unpatched Vulnerability : CVE-2026-36849

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - tiff - None Ubuntu Linux - Denial of Service via large SamplesPerPixel tag CVE-2026-36849 Note that Nessus relies on the presence of the package ...

RHEL 9 : postgresql:16 (RHSA-2026:26524)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26524 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Operating system accou...

Linux Distros Unpatched Vulnerability : CVE-2026-12460

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in File System Access. CVE-2026-12460 Note that Nessus relies on the presence of the package as reported by the vendor...

Linux Distros Unpatched Vulnerability : CVE-2026-53613

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - upstream upgrade with security fixes: - CVE-2026-53612 - libmount: TOCTOU attack via ancestor directory swap during mount - CVE-2026-53613 - libmount: SUID bypa...

RHEL 7 : dovecot (RHSA-2026:26564)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26564 advisory. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3...

openSUSE 16 Security Update : neonmodem (openSUSE-SU-2026:20963-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20963-1 advisory. Changes in neonmodem: - Update golang.org/x/net dependency to v0.55.0 due to bsc1267193 - Update golang.org/x/image dependency to v0.38.0 due to...

Fedora 44 : vorbis-tools (2026-884a9f0fc3)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-884a9f0fc3 advisory. CVE-2026-34253 - fix arbitrary code execution via buffer underflow Tenable has extracted the preceding description block directly from the Fedora security...

Linux Distros Unpatched Vulnerability : CVE-2026-12446

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2026-12300

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152. CVE-2026-12300 Note that Nessus relies on the presence ...

Linux Distros Unpatched Vulnerability : CVE-2026-12316

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. CVE-2026-12316 Note that Nessus relies on the...

Python Library OpenEXR 3.4.x < 3.4.12 Multiple Vulnerabilities

The version of the OpenEXR Python package installed on the remote host is 3.4.x prior to 3.4.12. It is, therefore, affected by multiple vulnerabilities: - An integer overflow in htundoimpl in src/lib/OpenEXRCore/internalht.cpp leads to a heap-buffer-overflow when decoding a crafted HTJ2K-compress...

Fedora 44 : librabbitmq (2026-7174ee9a91)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-7174ee9a91 advisory. Version 0.16.0 - 2026-06-08 Security - Fix out-of-bounds read via undersized frames in amqphandleinput GHSA-9mmv-r8g3-qp46, 878 - Fix client crash when serve...

Bosch Security Systems IP Cameras Improper Access Control (CVE-2022-41677)

An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information like capabilities about the device itself and network settings of the device, disclosing possibly internal network settings if the device is connected to...

Bosch Security Systems IP Cameras NXP Chip Side-Channel Key Extraction (CVE-2021-3011)

Several Bosch IP cameras are built on a hardware platform that uses an NXP SmartMX/P5x secure element affected by an electromagnetic-wave side-channel vulnerability. An attacker with extended physical access to the device could recover the ECDSA private key and clone the device. The issue resides...

RHEL 8 : redhat-ds:11 (RHSA-2026:26461)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26461 advisory. Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol LDAP...

RHEL 9 : firefox (RHSA-2026:26491)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26491 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

RHEL 9 : 389-ds-base (RHSA-2026:26464)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26464 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server a...

Fedora 43 : openslide (2026-3c93ea23b5)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3c93ea23b5 advisory. Fix arbitrary memory write with crafted Ventana BIF file CVE-2026-48977. Tenable has extracted the preceding description block directly from the Fedora...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 24.04 LTS / 26.04 LTS : OpenImageIO vulnerabilities (USN-8438-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8438-1 advisory. It was discovered that OpenImageIO incorrectly performed bounds checking when processing SGI files. An...

Fedora 43 : tig (2026-28df92c223)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-28df92c223 advisory. Fix editor command injection vulnerability only affectsversion 2.6.0. 1432 https://github.com/jonas/tig/issues/1432 Tenable has extracted the preceding...

Linux Distros Unpatched Vulnerability : CVE-2026-12455

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Tab Strip in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to...

Linux Distros Unpatched Vulnerability : CVE-2025-56814

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A code injection vulnerability in the wxExecute function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding shell metacharacters...

Linux Distros Unpatched Vulnerability : CVE-2026-12322

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. CVE-2026-12322 Note that Nessus relies on the...

Linux Distros Unpatched Vulnerability : CVE-2026-12442

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Passwords in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2026-53614

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - util-linux - None Ubuntu Linux - Local Privilege Escalation via LIBMOUNTFORCEMOUNT2 Environment Variable - nosuid/noexec Bypass in SUID mount8...

Linux Distros Unpatched Vulnerability : CVE-2026-12319

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. CVE-2026-12319 Note that Nessus relie...

RHEL 10 : thunderbird (RHSA-2026:26539)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:26539 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Incorrect boundary conditions in the JavaScript...

RHEL 10 : 389-ds-base (RHSA-2026:26456)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26456 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server...

FreeBSD : mail/mailpit -- Incomplete SSRF protection in Link Check API via uncovered IPv6 forms (44afeb08-6a18-11f1-9647-10ffe07f9334)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 44afeb08-6a18-11f1-9647-10ffe07f9334 advisory. Mailpit authorreports: The tools.IsInternalIP deny-list relies on Go's stdlib classification helpers...

Fedora 45 : krita (2026-4084e20f7e)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-4084e20f7e advisory. Automatic update for krita-6.0.2.1-1.fc45. Changelog Wed Jun 17 2026 Than Ngo - 6.0.2.1-1 - Fix rhbz2481429, Update to 6.0.2.1 - Fix rhbz2476570,...

RockyLinux 8 : postfix (RLSA-2026:25932)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:25932 advisory. postfix: buffer over-read via malformed enhanced status code CVE-2026-43964 Tenable has extracted the preceding description block directly from the RockyLinux...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : rabbitmq-c vulnerabilities (USN-8437-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8437-1 advisory. It was discovered that rabbitmq-c exposed credentials in command-line arguments under certain circumstances. A local...

ImageMagick < 6.9.13-49 / 7.x < 7.1.2-24 Multiple Vulnerabilities

The remote host has a version of ImageMagick installed that is prior to 6.9.13-49 or 7.x prior to 7.1.2-24. It is, therefore, affected by multiple vulnerabilities: - A crafted MVG file could result in a stack overflow due to a missing depth or visited-set check. CVE-2026-48734 - An infinite loop ...

Hitachi Energy RTU500 Integer Overflow or Wraparound (CVE-2026-25210)

In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation, primarily causing Denial of Service and potentially confidentiality and integrity impact to the product. Product is only...

Bosch Security Systems IP Cameras Improper Authentication (CVE-2021-23847)

A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. Only devices of the CPP6, CPP7 and CPP7.3 family with firmware 7.70, 7.72, and...

Linux Distros Unpatched Vulnerability : CVE-2026-12453

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Input. CVE-2026-12453 Note that Nessus relies on the presence of the package as reported by the vendor...

Linux Distros Unpatched Vulnerability : CVE-2026-12450

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Media. CVE-2026-12450 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C...

Photon OS 5.0: Ansible PHSA-2026-5.0-0855

An update of the ansible package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0855. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 5.0: Libssh PHSA-2026-5.0-0782

An update of the libssh package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0782. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

RHEL 9 : 389-ds-base (RHSA-2026:26465)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26465 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server a...