FreeBSD : caddy -- multiple vulnerabilities (94f93681-6775-11f1-8044-002590af0794)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 94f93681-6775-11f1-8044-002590af0794 advisory. Caddy project reports: Caddy 2.11.4 contains multiple security fixes. GitHub Security Advisory...

Fedora 44 : gh (2026-f07b3548d4)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f07b3548d4 advisory. Update to 2.94.0 ---- Update to 2.93.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

SUSE SLED15 / SLES15 Security Update : avahi (SUSE-SU-2026:2297-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2297-1 advisory. This update for avahi fixes the following issue: - CVE-2026-34933: Prior to version 0.9-rc4, any unprivileged local use...

SUSE SLED15 / SLES15 Security Update : cosign (SUSE-SU-2026:2365-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2365-1 advisory. This update for cosign fixes the following issue - CVE-2026-39395: Incorrect attestation verification due to malformed...

SUSE SLES15 Security Update : kubernetes1.24 (SUSE-SU-2026:2343-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2343-1 advisory. This update for kubernetes1.24 fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transpo...

SUSE SLES15 Security Update : python-Django (SUSE-SU-2026:2318-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2318-1 advisory. This update for python-Django fixes the following issues - CVE-2026-6873: signed cookie salt namespace collision in...

SUSE SLES12 Security Update : libyang (SUSE-SU-2026:2334-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2334-1 advisory. This update for libyang fixes the following issues - CVE-2026-41401: use-after-free in lydparsersetdataflags when processing crafted YANG XML...

openSUSE 16 Security Update : perl-YAML-Syck (openSUSE-SU-2026:20938-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20938-1 advisory. Changes in perl-YAML-Syck: - CVE-2026-5089: prevent buffer underflow in base60 sexagesimal parsing PR 133 bsc1265155. Tenable has extracted the precedin...

SUSE SLES15 Security Update : podofo (SUSE-SU-2026:2309-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:2309-1 advisory. This update for podofo fixes the following issue: - CVE-2026-44348: double-free in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp...

openSUSE 16 Security Update : python-Django (openSUSE-SU-2026:20937-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20937-1 advisory. Changes in python-Django: - CVE-2026-6873: Signed cookie salt namespace collision bsc1267578 - CVE-2026-7666: Potential unencrypted email...

SUSE SLES15 Security Update : webkit2gtk3 (SUSE-SU-2026:2378-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2378-1 advisory. This update for webkit2gtk3 fixes the following issues Update to version 2.52.4: - CVE-2026-28847: processing maliciously crafted w...

SUSE SLES15 Security Update : kubernetes1.27 (SUSE-SU-2026:2339-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2339-1 advisory. This update for kubernetes1.27 fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transpo...

SUSE SLED15 / SLES15 Security Update : go1.26 (SUSE-SU-2026:2327-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2327-1 advisory. This update for go1.26 fixes the following issues Update to go1.26.4 bsc1255111: - CVE-2026-27145: crypto/x509...

openSUSE 16 Security Update : java-17-openj9 (openSUSE-SU-2026:20943-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20943-1 advisory. Changes in java-17-openj9: - Make post scripts less noisy bsc1267355 - Use libalternatives instead of update-alternatives for distributions wher...

Linux Distros Unpatched Vulnerability : CVE-2026-54421

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Ironic through 35.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unredacted sensiti...

openSUSE 16 Security Update : enc (openSUSE-SU-2026:20948-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20948-1 advisory. Changes in enc: - CVE-2026-1229: Fix incorrect value bsc1265533 Bump circl to 1.6.3 - Update to 1.1.5: Update dependencies 10 - Update to 1.1.4: Update...

Linux Distros Unpatched Vulnerability : CVE-2026-11527

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in makefilehandle...

openSUSE 16 Security Update : grafana (openSUSE-SU-2026:20940-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20940-1 advisory. Changes in grafana: - CVE-2026-39821: Fix validation bypass and privilege escalation by updating golang.org/x/net to version 0.55.0 bsc1266600 -...

SUSE SLES15 Security Update : nginx (SUSE-SU-2026:2370-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2370-1 advisory. This update for nginx fixes the following issues - CVE-2026-9256: heap buffer overflow in the ngxhttprewritemodule when using a...

FreeBSD : traefik -- Multiple vulnerabilities (57e69b2c-67b2-11f1-b3b6-5404a68ad561)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 57e69b2c-67b2-11f1-b3b6-5404a68ad561 advisory. The traefik project releases a new version addressing multiple CVEs: Tenable has extracted the...

SUSE SLES12 Security Update : strongswan (SUSE-SU-2026:2312-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:2312-1 advisory. This update for strongswan fixes the following issue - CVE-2026-47895: double-free when destroying certain cloned identities bsc1266360. Tenable has...

SUSE SLES15 Security Update : strongswan (SUSE-SU-2026:2368-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2368-1 advisory. This update for strongswan fixes the following issues - CVE-2026-35328: infinite loop when handling supported versions TLS extensio...

SUSE SLES15 Security Update : GraphicsMagick (SUSE-SU-2026:2389-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:2389-1 advisory. This update for GraphicsMagick fixes the following issue - CVE-2026-42050: stack buffer overflow in XTileImage bsc1265048. Tenable has extracted the...

SUSE SLES12 Security Update : gnutls (SUSE-SU-2026:2367-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2367-1 advisory. This update for gnutls fixes the following issues - CVE-2026-33845: buffers: switch from endoffset over to fraglength bsc1263704. -...

Fedora 44 : bind9-next (2026-dbb0776ac5)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-dbb0776ac5 advisory. Update to 9.21.22 rhbz2480122 Security Fixes: - Limit resolver server list size. CVE-2026-3592 - Fix GSS-API resource leak. CVE-2026-3039 - Disable...

SUSE SLES12 Security Update : gnutls (SUSE-SU-2026:2366-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2366-1 advisory. This update for gnutls fixes the following issues - CVE-2026-33845: buffers: switch from endoffset over to fraglength bsc1263704. -...

Fedora 43 : bind9-next (2026-ec095a4675)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ec095a4675 advisory. Update to 9.21.22 rhbz2480122 Security Fixes: - Limit resolver server list size. CVE-2026-3592 - Fix GSS-API resource leak. CVE-2026-3039 - Disable...

SUSE SLES15 Security Update : postgresql17 (SUSE-SU-2026:2303-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2303-1 advisory. This update for postgresql17 fixes the following issues Update to version 17.10. Security issues: - CVE-2026-6472: ensure the user...

SUSE SLES15 Security Update : python (SUSE-SU-2026:2387-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2387-1 advisory. This update for python fixes the following issues - CVE-2026-1703: files may be extracted outside the installation directory when installing an...

SUSE SLES12 Security Update : google-osconfig-agent (SUSE-SU-2026:2347-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2347-1 advisory. This update for google-osconfig-agent fixes the following issue - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improp...

SUSE SLES12 Security Update : tomcat (SUSE-SU-2026:2299-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2299-1 advisory. This update for tomcat fixes the following issues Update to Tomcat 9.0.118: - CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handli...

SUSE SLES15 Security Update : tomcat11 (SUSE-SU-2026:2374-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2374-1 advisory. This update for tomcat11 fixes the following issues Update to Tomcat 11.0.22: - CVE-2026-41284: Unbounded read in WebDAV LOCK and...

SUSE SLES15 Security Update : tomcat10 (SUSE-SU-2026:2377-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2377-1 advisory. This update for tomcat10 fixes the following issues Update to Tomcat 10.1.55: - CVE-2026-41284: Unbounded read in WebDAV LOCK and...

openSUSE 16 Security Update : mariadb (openSUSE-SU-2026:20933-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20933-1 advisory. This update for mariadb fixes the following issues Update to 11.8.8: - CVE-2026-3494: audit plugin comment handling bypass bsc1259176. -...

SUSE SLES15 Security Update : mariadb (SUSE-SU-2026:2330-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2330-1 advisory. - CVE-2026-3494: audit plugin comment handling bypass bsc1259176. - CVE-2026-34303: mysql: optimizer unspecified vulnerability...

SUSE SLES15 Security Update : nginx (SUSE-SU-2026:2307-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2307-1 advisory. This update for nginx fixes the following issue - CVE-2026-9256: heap buffer overflow in the ngxhttprewritemodule when using a configuration...

SUSE SLES15 Security Update : kubernetes1.23 (SUSE-SU-2026:2315-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2315-1 advisory. This update for kubernetes1.23 fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transpo...

SUSE SLES15 Security Update : kubernetes1.25 (SUSE-SU-2026:2345-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2345-1 advisory. Security fixes: - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE...

SUSE SLES15 Security Update : google-cloud-sap-agent (SUSE-SU-2026:2372-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2372-1 advisory. This update for google-cloud-sap-agent fixes the following issue - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport...

SUSE SLES15 Security Update : kubernetes (SUSE-SU-2026:2342-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2342-1 advisory. This update for kubernetes fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport...

Photon OS 4.0: Python3 PHSA-2026-4.0-1032

An update of the python3 package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1032. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Linux Distros Unpatched Vulnerability : CVE-2025-55649

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A NULL pointer dereference in the gfmediamapesd function mediatools/isomtools.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via...

Linux Distros Unpatched Vulnerability : CVE-2025-55644

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap use-after-free in the gfnodegettag function scenegraph/basescenegraph.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplyi...

Linux Distros Unpatched Vulnerability : CVE-2025-55662

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

Linux Distros Unpatched Vulnerability : CVE-2025-55647

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An Out-of-Memory in the mp4muxcencinsertpssh function filters/muxisom.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a...

Linux Distros Unpatched Vulnerability : CVE-2026-1836

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return...

Linux Distros Unpatched Vulnerability : CVE-2026-42306

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version...

Linux Distros Unpatched Vulnerability : CVE-2025-55641

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A NULL pointer dereference in the gfisomcopysampleinfo function isomedia/isomwrite.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via...

Linux Distros Unpatched Vulnerability : CVE-2025-55648

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap buffer overflow in the gfopusparsepacketheader function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via...

Linux Distros Unpatched Vulnerability : CVE-2025-55663

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A segmentation violation in the TrackSetStreamDescriptor function isomedia/track.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via...