Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : ADSys vulnerabilities (USN-8430-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8430-1 advisory. It was discovered that ADSys did not properly handle certain HTTP/2 frames. A remote attacker could possibly...

Ubuntu 20.04 LTS / 24.04 LTS / 26.04 LTS : FastNetMon vulnerabilities (USN-8429-1)

The remote Ubuntu 20.04 LTS / 24.04 LTS / 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8429-1 advisory. It was discovered that FastNetMon incorrectly validated prefix lengths when decoding BGP NLRI data. A remote attacker could...

EulerOS Virtualization 2.11.1 : kernel (EulerOS-SA-2026-2425)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : xfrm: esp: avoid in-place decrypt on shared skb fragsCVE-2026-43284 crypto: algifaead - Revert to operating...

Mozilla Thunderbird < 152.0

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 152.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-60 advisory. - Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and...

RHEL 8 : mysql:8.4 (RHSA-2026:26180)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26180 advisory. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : Mesa vulnerability (USN-8427-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8427-1 advisory. It was discovered that Mesa did not properly validate memory allocation sizes in WebGPU under certain circumstances. An attacker could use thi...

RHEL 9 : hplip (RHSA-2026:26297)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:26297 advisory. The hplip packages contain the Hewlett-Packard Linux Imaging and Printing Project HPLIP, which provides drivers for Hewlett-Packard printer...

RHEL 9 : thunderbird (RHSA-2026:26269)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:26269 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Incorrect boundary conditions in the JavaScript...

MiracleLinux 8 : kernel-4.18.0-553.132.1.el8_10 (AXSA:2026-788:42)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-788:42 advisory. kernel: geneve: Fix use-after-free in genevefinddev. CVE-2025-21858 kernel: smc: Fix use-after-free in tcpwritetimerhandler CVE-2023-53781 kernel: nb...

AlmaLinux 8 : mysql:8.0 (ALSA-2026:25919)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:25919 advisory. mysql: InnoDB unspecified vulnerability CPU Apr 2026 CVE-2026-22004 mysql: Information Schema unspecified vulnerability CPU Apr 2026 CVE-2026-22001 mysql...

Linux Distros Unpatched Vulnerability : CVE-2026-47261

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36.0.10, and 44.0.2, when a filesystem preopen is given DirPerms::all and FilePerms::READ...

RHEL 8 : python3.11 (RHSA-2026:26187)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26187 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

Mozilla Firefox ESR < 140.12

The version of Firefox ESR installed on the remote Windows host is prior to 140.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-58 advisory. - Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some o...

Debian dla-4631 : asterisk - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4631 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4631-1 [email protected]...

AlmaLinux 8 : webkit2gtk3 (ALSA-2026:25918)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:25918 advisory. webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash CVE-2026-28946 webkitgtk: Processing maliciously crafted web...

Photon OS 5.0: Openssl PHSA-2026-5.0-0874

An update of the openssl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0874. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

RHEL 10 : hplip (RHSA-2026:26228)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:26228 advisory. The hplip packages contain the Hewlett-Packard Linux Imaging and Printing Project HPLIP, which provides drivers for Hewlett-Packard printe...

Mozilla Thunderbird < 140.12

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 140.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-61 advisory. - Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152,...

Mozilla Thunderbird < 152.0

The version of Thunderbird installed on the remote Windows host is prior to 152.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-60 advisory. - Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

Fedora 44 : ack (2026-bb708e11d7)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-bb708e11d7 advisory. Update to version 3.10.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested fo...

Fedora 44 : perl-Mojo-JWT (2026-80333f8f56)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-80333f8f56 advisory. This release of Mojo::JWT Improves the security of decode to prevent timing side-channel attacks in symmetric signatures Tenable has extracted the preceding...

Alibaba Cloud Linux 3 : 0156: unbound (ALINUX3-SA-2026:0156)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0156 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-42944: NLnet Labs Unbound 1.14.0 ...

EulerOS Virtualization 2.11.0 : kernel (EulerOS-SA-2026-2427)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : xfrm: esp: avoid in-place decrypt on shared skb fragsCVE-2026-43284 crypto: algifaead - Revert to operating...

RHEL 9 : libexif (RHSA-2026:26192)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:26192 advisory. The libexif packages provide a library for extracting extra information from image files. Security Fixes: libexif: libexif: Information...

Google Chrome < 149.0.7827.155 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 149.0.7827.155. It is, therefore, affected by multiple vulnerabilities as referenced in the 202606stable-channel-update-for-desktop01750511403 advisory. - Use after free in Extensions in Google Chrome prior to...

RHEL 8 : kernel-rt (RHSA-2026:26428)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26428 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...

Security Updates for Microsoft Visual Studio Products (June 2026)

The Microsoft Visual Studio Products are missing a security update. It is, therefore, affected by a denial of service vulnerability: - Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network. CVE-2026-45591 Note that Nessus has not tested f...

Linux Distros Unpatched Vulnerability : CVE-2026-52717

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux - Unknown description CVE-2026-52717 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenabl...

RHEL 8 : openssl (RHSA-2026:26275)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26275 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

Alibaba Cloud Linux 3 : 0152: samba (ALINUX3-SA-2026:0152)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0152 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-3012: A flaw was found in Sambas...

Linux Distros Unpatched Vulnerability : CVE-2026-46655

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Red Hat Enterprise Linux - virtio-win: viosock.sys: integer overflow in VIOSockSelect leads to heap-based buffer overflow CVE-2026-46655 Note that Nessus relies...

Check Point Gaia Operating System (sk185033)

The version of Gaia Operating System installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the sk185033 advisory. - A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange...

Fedora 43 : hugo (2026-6f3d11bdc6)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-6f3d11bdc6 advisory. Update to 0.162.1 rhbz2455512 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not test...

Apache CXF < 4.1.7 / 4.2.x < 4.2.2 Multiple Vulnerabilities

The version of Apache CXF installed on the remote host is prior to 4.1.7 or 4.2.x prior to 4.2.2. It is, therefore, affected by multiple vulnerabilities, including: - A JNDI Injection vulnerability in the JCA integration module allows code execution if an attacker can manipulate the JCA deploymen...

Ubuntu 16.04 LTS / 18.04 LTS : Ruby vulnerabilities (USN-8431-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8431-1 advisory. It was discovered that Ruby's Net::IMAP library did not properly verify that Transport Layer Security TLS encryption was started after issuin...

Oracle Linux 8 : kernel (ELSA-2026-25121)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-25121 advisory. - ip6tunnel: clear skb2-cb in ip4ip6err Guillaume Nault RHEL-172640 CVE-2026-43037 - dlm: fix buffer overflow from negative len in dlmsearchrsbtree...

Linux Distros Unpatched Vulnerability : CVE-2026-46331

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/sched: fix pedit partial COW leading to page cache corruption tcfpeditact computes the COW range for skbensurewritable once before the key loop using...

RHEL 8 : libxml2 (RHSA-2026:26354)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26354 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: buffer over-read in...

RHEL 8 : libexif (RHSA-2026:26292)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:26292 advisory. The libexif packages provide a library for extracting extra information from image files. Security Fixes: libexif: libexif: Information...

Alibaba Cloud Linux 3 : 0153: compat-openssl10 (ALINUX3-SA-2026:0153)

The remote Alibaba Cloud Linux 3 host has a package installed that is affected by a vulnerability as referenced in the ALINUX3-SA-2026:0153 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-28390: Issue summary: During processing of...

RHEL 7 : gimp (RHSA-2026:26168)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26168 advisory. The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox,...

Mozilla Firefox < 152.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 152.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-57 advisory. - Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbir...

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50318)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50318 advisory. - net/tls: fix use-after-free in -EBUSY error path of tlsdoencryption Muhammad Alifa Ramdhan Orabug: 39543209 CVE-2026-31533 - net: fix fanout UAF...

RHEL 8 : postgresql:15 (RHSA-2026:26181)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26181 advisory. PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL: Credential recovery vi...

RHEL 8 : opencryptoki (RHSA-2026:26352)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26352 advisory. The opencryptoki packages contain version 2.11 of the PKCS11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These...

RockyLinux 8 : mysql:8.4 (RLSA-2026:26180)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26180 advisory. mysql: InnoDB unspecified vulnerability CPU Apr 2026 CVE-2026-22004 mysql: Information Schema unspecified vulnerability CPU Apr 2026 CVE-2026-22001 mysq...

RHEL 10 : ncurses (RHSA-2026:26357)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26357 advisory. The ncurses new curses library routines are a terminal-independent method of updating character screens with reasonable optimization. The ncurses...

Fedora 44 : 7zip (2026-4be7569210)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-4be7569210 advisory. - Fixes CVE-2026-48092: Information disclosure in 32-bit builds - Fixes CVE-2026-48095: Arbitrary code execution in NTFS handler - Fixes...

Linux Distros Unpatched Vulnerability : CVE-2026-44188

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access t...

RockyLinux 9 : postgresql:18 (RLSA-2026:26204)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26204 advisory. postgresql: PostgreSQL: Operating system account hijack via symlink following in pgbasebackup and pgrewind CVE-2026-6475 postgresql: PostgreSQL libpq:...