337440 matches found
Debian dla-4627 : kernel-wedge - security update
The remote Debian 12 host has a package installed that is affected by a vulnerability as referenced in the dla-4627 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4627-1 [email protected] https://www.debian.org/lts/security/ B...
RHEL 10 : yggdrasil-worker-package-manager (RHSA-2026:25999)
The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:25999 advisory. yggdrasil-worker-package-manager is a simple package manager yggd worker. It knows how to install and remove packages, add, remove, enable and...
Linux Distros Unpatched Vulnerability : CVE-2026-6045
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of...
RHEL 9 : gimp (RHSA-2026:25901)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25901 advisory. The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox,...
Linux Distros Unpatched Vulnerability : CVE-2026-52720
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap buffer overflow vulnerability was found in GStreamer's librfb RFB/VNC client. The rectangle bounds check incorrectly validates area rather than individua...
Microsoft Edge (Chromium) < 149.0.4022.68 Multiple Vulnerabilities
The version of Microsoft Edge installed on the remote Windows host is prior to 149.0.4022.68. It is, therefore, affected by multiple vulnerabilities as referenced in the June 15, 2026 advisory. - Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.103...
Linux Distros Unpatched Vulnerability : CVE-2026-52721
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries durin...
Linux Distros Unpatched Vulnerability : CVE-2026-6047
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LibreOffice can import documents in the OOXML format DOCX. A heap buffer overflow existed when replaying deferred parser events for a text box element. A handle...
RHEL 10 : postfix (RHSA-2026:25930)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:25930 advisory. The postfix packages provide a Mail Transport Agent MTA, which supports protocols like LDAP, SMTP AUTH SASL, and TLS. Security Fixes: postfix: buff...
Linux Distros Unpatched Vulnerability : CVE-2026-52718
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gstav1parserparsetilelistobu function passes a byte count to...
Oracle Linux 8 : webkit2gtk3 (ELSA-2026-25918)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-25918 advisory. 2.52.4-1 - Update to 2.52.4 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus h...
Linux Distros Unpatched Vulnerability : CVE-2026-46385
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro array and map decoders looped over an attacker-controlled block-count value without checking...
Linux Distros Unpatched Vulnerability : CVE-2026-8358
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for tw...
Linux Distros Unpatched Vulnerability : CVE-2026-8356
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LibreOffice can import presentations in the legacy binary PPT format. A stack buffer overflow existed when importing a colour-replacement record. Two fixed-size...
Qnap QTS and QuTS hero OS Command Injection (CVE-2026-24719)
A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...
RHEL 10 : kernel (RHSA-2026:25908)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25908 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net: afcan: do not leave a...
Oracle Linux 7 : firefox (ELSA-2026-22708)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-22708 advisory. - Update to 140.10.1 ESR Orabug: 39481850CVE-2026-7320CVE-2026-7321 CVE-2026-7322CVE-2026-7323 - Update to 140.10.0 ESR Orabug:...
Microsoft Edge (Chromium) < 149.0.4022.67 Multiple Vulnerabilities
The version of Microsoft Edge installed on the remote Windows host is prior to 149.0.4022.67. It is, therefore, affected by multiple vulnerabilities as referenced in the June 15, 2026 advisory. - Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.103...
Debian dsa-6346 : fonts-opensymbol - security update
The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6346 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6346-1 [email protected] https://www.debian.org/securit...
Linux Distros Unpatched Vulnerability : CVE-2026-53705
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer...
TencentOS Server 4: vim (TSSA-2026:0347)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0347 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
Linux Distros Unpatched Vulnerability : CVE-2026-12205
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce...
Linux Distros Unpatched Vulnerability : CVE-2026-46384
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, several Avro decoder paths read attacker- controlled 64-bit values from the wire format and either...
RHEL 9 : webkit2gtk3 (RHSA-2026:25927)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25927 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously...
Linux Distros Unpatched Vulnerability : CVE-2026-50538
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...
Linux Distros Unpatched Vulnerability : CVE-2026-52722
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer...
RHEL 10 : fence-agents (RHSA-2026:25902)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:25902 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachabl...
RHEL 8 : mysql:8.0 (RHSA-2026:25919)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25919 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and...
RockyLinux 8 : mysql:8.0 (RLSA-2026:25919)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25919 advisory. mysql: InnoDB unspecified vulnerability CPU Apr 2026 CVE-2026-22004 mysql: Information Schema unspecified vulnerability CPU Apr 2026 CVE-2026-22001 mysq...
SUSE SLES15 Security Update : libyang (SUSE-SU-2026:2335-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2335-1 advisory. This update for libyang fixes the following issues - CVE-2026-41401: use-after-free in lydparsersetdataflags when processing crafte...
SUSE SLES15 Security Update : strongswan (SUSE-SU-2026:2368-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2368-1 advisory. This update for strongswan fixes the following issues - CVE-2026-35328: infinite loop when handling supported versions TLS extensio...
SUSE SLES15 Security Update : python-Django (SUSE-SU-2026:2318-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2318-1 advisory. This update for python-Django fixes the following issues - CVE-2026-6873: signed cookie salt namespace collision in...
SUSE SLES15 Security Update : libyang (SUSE-SU-2026:2381-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2381-1 advisory. This update for libyang fixes the following issue - CVE-2026-44673: integer overflow in lybreadstring of src/parserlyb.c leads to heap buffe...
SUSE SLES15 Security Update : nginx (SUSE-SU-2026:2307-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2307-1 advisory. This update for nginx fixes the following issue - CVE-2026-9256: heap buffer overflow in the ngxhttprewritemodule when using a configuration...
SUSE SLED15 / SLES15 Security Update : avahi (SUSE-SU-2026:2297-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2297-1 advisory. This update for avahi fixes the following issue: - CVE-2026-34933: Prior to version 0.9-rc4, any unprivileged local use...
SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2026:2376-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2376-1 advisory. This update for webkit2gtk3 fixes the following issues Update to version 2.52.4: Security fixes: -...
SUSE SLES15 Security Update : openssh (SUSE-SU-2026:2375-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2375-1 advisory. This update for openssh fixes the following issues - CVE-2026-3497: information disclosure or denial of service due to uninitialize...
SUSE SLES15 Security Update : kernel (SUSE-SU-2026:2310-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2310-1 advisory. The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: -...
FreeBSD : caddy -- multiple vulnerabilities (94f93681-6775-11f1-8044-002590af0794)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 94f93681-6775-11f1-8044-002590af0794 advisory. Caddy project reports: Caddy 2.11.4 contains multiple security fixes. GitHub Security Advisory...
SUSE SLED15 / SLES15 Security Update : cosign (SUSE-SU-2026:2365-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2365-1 advisory. This update for cosign fixes the following issue - CVE-2026-39395: Incorrect attestation verification due to malformed...
SUSE SLES15 Security Update : postgresql17 (SUSE-SU-2026:2303-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2303-1 advisory. This update for postgresql17 fixes the following issues Update to version 17.10. Security issues: - CVE-2026-6472: ensure the user...
Fedora 44 : python-python-multipart (2026-104e079187)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-104e079187 advisory. 0.0.32 2026-06-04 Speed up partial-boundary scanning for CR/LF-dense part data. ---- 0.0.31 2026-06-04 Speed up multipart header parsing and callback dispatc...
FreeBSD : traefik -- Multiple vulnerabilities (57e69b2c-67b2-11f1-b3b6-5404a68ad561)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 57e69b2c-67b2-11f1-b3b6-5404a68ad561 advisory. The traefik project releases a new version addressing multiple CVEs: Tenable has extracted the...
SUSE SLES15 Security Update : GraphicsMagick (SUSE-SU-2026:2389-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:2389-1 advisory. This update for GraphicsMagick fixes the following issue - CVE-2026-42050: stack buffer overflow in XTileImage bsc1265048. Tenable has extracted the...
Fedora 44 : bind9-next (2026-dbb0776ac5)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-dbb0776ac5 advisory. Update to 9.21.22 rhbz2480122 Security Fixes: - Limit resolver server list size. CVE-2026-3592 - Fix GSS-API resource leak. CVE-2026-3039 - Disable...
SUSE SLES15 Security Update : qemu (SUSE-SU-2026:2386-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2386-1 advisory. - CVE-2025-14876: qemu-kvm: Unbounded allocation in virtio-crypto bsc1255400. - CVE-2026-0665: out-of-bounds heap access can lead t...
SUSE SLES15 Security Update : qemu (SUSE-SU-2026:2388-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2388-1 advisory. Security fixes: - CVE-2026-2243: incorrect bounds check leads to heap out-of-bounds read and a 12-byte information leak when...
SUSE SLES15 Security Update : unbound (SUSE-SU-2026:2369-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2369-1 advisory. This update for unbound fixes the following issues - CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. - CVE-2026-33278:...
SUSE SLES15 Security Update : xen (SUSE-SU-2026:2329-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2329-1 advisory. - CVE-2026-42487: x86 HVM I/O port list traversal bsc1266952. - CVE-2026-42488: x86: mismatched mapcache metadata bsc1266955. -...
SUSE SLES15 Security Update : xen (SUSE-SU-2026:2328-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2328-1 advisory. - CVE-2026-42487: x86 HVM I/O port list traversal bsc1266952. - CVE-2026-42488: x86: mismatched mapcache metadata bsc1266955. -...