RHEL 9 : thunderbird (RHSA-2026:26174)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:26174 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Incorrect boundary conditions in the JavaScript...

Linux Distros Unpatched Vulnerability : CVE-2026-54411

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in...

RHEL 9 : tomcat (RHSA-2026:26323)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26323 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat: Certificate...

Debian dla-4632 : atril - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dla-4632 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4632-1 [email protected] https://www.debian.org/lts/security/...

RHEL 8 : kernel (RHSA-2026:26427)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26427 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: mptcp: fix slab-use-after-fre...

RHEL 9 : fence-agents (RHSA-2026:26206)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26206 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable...

RockyLinux 10 : fence-agents (RLSA-2026:25902)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:25902 advisory. python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens CVE-2026-48526 Tenable has extracted the preceding description block directly from the...

AlmaLinux 9 : webkit2gtk3 (ALSA-2026:25927)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:25927 advisory. webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash CVE-2026-28946 webkitgtk: Processing maliciously crafted web...

RHEL 9 : postgresql:18 (RHSA-2026:26204)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26204 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Operating system accou...

Photon OS 5.0: Linux PHSA-2026-5.0-0837

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0837. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

RHEL 9 : rsync (RHSA-2026:26410)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26410 advisory. The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because...

RHEL 9 : libexif (RHSA-2026:26224)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26224 advisory. The libexif packages provide a library for extracting extra information from image files. Security Fixes: libexif: libexif: Information...

Photon OS 5.0: Linux PHSA-2026-5.0-0878

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0878. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

RHEL 8 : thunderbird (RHSA-2026:26270)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:26270 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Incorrect boundary conditions in the JavaScript...

RHEL 9 : podman (RHSA-2026:26447)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26447 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use...

RHEL 9 : libexif (RHSA-2026:26276)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:26276 advisory. The libexif packages provide a library for extracting extra information from image files. Security Fixes: libexif: libexif: Information...

RHEL 10 : libexif (RHSA-2026:26274)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26274 advisory. The libexif packages provide a library for extracting extra information from image files. Security Fixes: libexif: libexif: Denial of Service and...

RHEL 9 : redis (RHSA-2026:26233)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26233 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and...

RHEL 9 : redis:7 (RHSA-2026:26306)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26306 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, set...

RHEL 8 : libexif (RHSA-2026:26191)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:26191 advisory. The libexif packages provide a library for extracting extra information from image files. Security Fixes: libexif: libexif: Information...

RockyLinux 8 : postgresql:15 (RLSA-2026:26181)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26181 advisory. postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison CVE-2026-6478 postgresql: integer overflow can cause an...

Fedora 43 : perl-Mojo-JWT (2026-1da54e6cb8)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-1da54e6cb8 advisory. This release of Mojo::JWT Improves the security of decode to prevent timing side-channel attacks in symmetric signatures Tenable has extracted the preceding...

Alibaba Cloud Linux 3 : 0155: postgresql-jdbc (ALINUX3-SA-2026:0155)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0155 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-42198: pgjdbc is an open source postgresql...

Alibaba Cloud Linux 3 : 0160: frr (ALINUX3-SA-2026:0160)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0160 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-37457: An off-by-one out-of-bounds write...

Linux Distros Unpatched Vulnerability : CVE-2025-61971

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to modify MMIO routing configurations, potentially resulting in los...

RHEL 9 : postfix (RHSA-2026:26205)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26205 advisory. The postfix packages provide a Mail Transport Agent MTA, which supports protocols like LDAP, SMTP AUTH SASL, and TLS. Security Fixes: postfix: buffe...

Alibaba Cloud Linux 3 : 0154: libexif (ALINUX3-SA-2026:0154)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0154 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-40385: In libexif through 0.6.25,...

RHEL 8 : rsync (RHSA-2026:26408)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26408 advisory. The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because...

Oracle Linux 8 : post (ELSA-2026-25932)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-25932 advisory. 2:3.5.8-8 - Fix for CVE-2026-43964: buffer over-read via malformed enhanced status code. Resolves: RHEL-176548 Tenable has extracted the preceding description...

Fedora 43 : 7zip (2026-f36864b408)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f36864b408 advisory. - Fixes CVE-2026-48092: Information disclosure in 32-bit builds - Fixes CVE-2026-48095: Arbitrary code execution in NTFS handler - Fixes...

AlmaLinux 8 : postfix (ALSA-2026:25932)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:25932 advisory. postfix: buffer over-read via malformed enhanced status code CVE-2026-43964 Tenable has extracted the preceding description block directly from the AlmaLinux...

RockyLinux 9 : postgresql:16 (RLSA-2026:26203)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26203 advisory. postgresql: PostgreSQL: Operating system account hijack via symlink following in pgbasebackup and pgrewind CVE-2026-6475 postgresql: PostgreSQL libpq:...

EulerOS Virtualization 2.11.0 : qemu (EulerOS-SA-2026-2428)

According to the versions of the qemu packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service DoS attack via improper synchronization during...

Linux Distros Unpatched Vulnerability : CVE-2026-10649

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the remote message decompression process. By...

RHEL 8 : libpng12 (RHSA-2026:26348)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:26348 advisory. The libpng12 package provides libpng 1.2, which is the previous version of the libpng library for manipulating PNG Portable Network Graphics image...

Ubuntu 26.04 LTS : tmux vulnerability (USN-8428-1)

The remote Ubuntu 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8428-1 advisory. It was discovered that tmux incorrectly handled image cleanup, leading to a use-after-free vulnerability. A local attacker could possibly use this issue to cause...

RHEL 9 : postgresql:16 (RHSA-2026:26203)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26203 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Operating system accou...

SQLite < 3.53.2 Multiple Heap Buffer Overflows

The version of SQLite installed on the remote host is prior to 3.53.2. It is, therefore, affected by multiple vulnerabilities: - A heap-based buffer overflow vulnerability in the FTS5 full-text search extension allows attackers to cause a crash or execute arbitrary code by supplying a crafted...

Ubuntu 20.04 LTS / 24.04 LTS / 26.04 LTS : FastNetMon vulnerabilities (USN-8429-1)

The remote Ubuntu 20.04 LTS / 24.04 LTS / 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8429-1 advisory. It was discovered that FastNetMon incorrectly validated prefix lengths when decoding BGP NLRI data. A remote attacker could...

EulerOS Virtualization 2.11.1 : kernel (EulerOS-SA-2026-2425)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : xfrm: esp: avoid in-place decrypt on shared skb fragsCVE-2026-43284 crypto: algifaead - Revert to operating...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : Mesa vulnerability (USN-8427-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8427-1 advisory. It was discovered that Mesa did not properly validate memory allocation sizes in WebGPU under certain circumstances. An attacker could use thi...

RHEL 9 : hplip (RHSA-2026:26297)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:26297 advisory. The hplip packages contain the Hewlett-Packard Linux Imaging and Printing Project HPLIP, which provides drivers for Hewlett-Packard printer...

RHEL 9 : thunderbird (RHSA-2026:26269)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:26269 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Incorrect boundary conditions in the JavaScript...

MiracleLinux 8 : kernel-4.18.0-553.132.1.el8_10 (AXSA:2026-788:42)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-788:42 advisory. kernel: geneve: Fix use-after-free in genevefinddev. CVE-2025-21858 kernel: smc: Fix use-after-free in tcpwritetimerhandler CVE-2023-53781 kernel: nb...

Linux Distros Unpatched Vulnerability : CVE-2026-47261

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36.0.10, and 44.0.2, when a filesystem preopen is given DirPerms::all and FilePerms::READ...

RHEL 8 : python3.11 (RHSA-2026:26187)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26187 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

Debian dla-4631 : asterisk - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4631 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4631-1 [email protected]...

AlmaLinux 8 : webkit2gtk3 (ALSA-2026:25918)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:25918 advisory. webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash CVE-2026-28946 webkitgtk: Processing maliciously crafted web...

Photon OS 5.0: Openssl PHSA-2026-5.0-0874

An update of the openssl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0874. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

RHEL 10 : hplip (RHSA-2026:26228)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:26228 advisory. The hplip packages contain the Hewlett-Packard Linux Imaging and Printing Project HPLIP, which provides drivers for Hewlett-Packard printe...