Linux Distros Unpatched Vulnerability : CVE-2026-54267

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, an...

Linux Distros Unpatched Vulnerability : CVE-2026-54268

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, an...

Photon OS 5.0: Linux PHSA-2026-5.0-0890

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0890. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Linux Distros Unpatched Vulnerability : CVE-2026-42127

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The public dashboard query endpoint does not limit request body size before processing, allowing unauthenticated attackers to trigger excessive memory allocatio...

Oracle Linux 9 : buildah (ELSA-2026-19186)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19186 advisory. - fixes CVE-2026-34986 - Rebuild for new golang to address CVE-2025-61726 Tenable has extracted the preceding description block directly from the Oracle Linux...

Linux Distros Unpatched Vulnerability : CVE-2026-49356

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Babel is a compiler for writing next generation JavaScript. Prior to 8.0.0-rc.6 and 7.29.6, @babel/core affected by an arbitrary file read via a sourceMappingUR...

Oracle Linux 9 : kernel (ELSA-2026-19225)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19225 advisory. - xfrm: esp: avoid in-place decrypt on shared skb frags Sabrina Dubroca RHEL-174563 CVE-2026-43284 - crypto: authencesn - Do not place hiseq at end of...

Oracle Linux 9 : openssh (ELSA-2026-19219)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19219 advisory. - CVE-2026-3497: Fix information disclosure or denial of service due to uninitialized variables in gssapi-keyex Resolves: RHEL-155825 - CVE-2025-61984...

Oracle Linux 9 : openssl (ELSA-2026-19218)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19218 advisory. - Fix CVE-2026-31790 Resolves: RHEL-161586 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

Oracle Linux 9 : bind (ELSA-2026-18786)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18786 advisory. - Prevent Denial of Service via maliciously crafted DNSSEC-validated zone CVE-2026-1519 - Prevent cache poisoning due to weak PRNG CVE-2025-40780 Tenable has...

Oracle Linux 9 : containernetworking-plugins (ELSA-2026-18913)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-18913 advisory. - Rebuild for new golang to address CVE-2025-61726 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Oracle Linux 9 : vim (ELSA-2026-19224)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19224 advisory. - RHEL-159630 CVE-2026-33412 vim: Vim: Arbitrary code execution via command injection in glob function - RHEL-155438 CVE-2026-28417 vim: Vim: Arbitrary code...

Oracle Linux 9 : systemd (ELSA-2026-19213)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19213 advisory. - coredump: use %d in kernel core pattern - CVE-2025-4598 Tenable has extracted the preceding description block directly from the Oracle Linux security advisor...

Oracle Linux 9 : firefox (ELSA-2026-19201)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19201 advisory. 140.10.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079773 - Add firefox-oracle-default-prefs.js and remove the corresponding R...

Oracle Linux 9 : mingw-glib2 (ELSA-2026-18705)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18705 advisory. 2.78.6-3 - Resolves: RHEL-131012 - CVE-2025-13601 mingw-glib2: Integer overflow in in gescapeuristring Tenable has extracted the preceding description block...

Oracle Linux 9 : mariadb:11.8 (ELSA-2026-19182)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19182 advisory. galera 26.4.25-1.0.1 - Drop nmap-ncat requirement. Orabug: 34116228 - Requirement to delete lp1184034 test case without using patches. 26.4.25-1 - Rebased to...

Oracle Linux 9 : sudo (ELSA-2026-19220)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19220 advisory. - CVE-2026-35535 sudo: Privilege escalation due to failure in privilege drop calls Resolves: RHEL-166069 Tenable has extracted the preceding description block...

Oracle Linux 9 : p11-kit (ELSA-2026-18599)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18599 advisory. 0.26.2-1 - Rebase to 0.26.2 Resolves: RHEL-147825 0.26.1-1 - Rebase to 0.26.1 Resolves: RHEL-139075, RHEL-118361, RHEL-126132 0.25.10-1 - Update to new upstrea...

Oracle Linux 9 : python-tornado (ELSA-2026-19189)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-19189 advisory. 6.5.5-1 - Update to 6.5.5 Resolves: RHEL-160942 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...

Oracle Linux 9 : unbound (ELSA-2026-18931)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-18931 advisory. 1.24.2-2 - Switch TLS configuration to follow TLS sockets by crypto-policy again RHEL-147860 - Change the default of tls-use-system-policy-versions at...

Oracle Linux 9 : webkit2gtk3 (ELSA-2026-19206)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19206 advisory. 2.52.3-1 - Update to 2.52.3 2.50.4-1 - Update to 2.50.4 2.50.3-1 - Update to 2.50.3 2.50.1-1 - Update to 2.50.1 2.50.0-1 - Update to 2.50.0 2.48.5-1 -...

Oracle Linux 9 : podman (ELSA-2026-19173)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19173 advisory. - fixes CVE-2026-34986 go-jose: Go JOSE Denial of Service via crafted JWE Tenable has extracted the preceding description block directly from the Oracle Linux...

Oracle Linux 9 : freeipmi (ELSA-2026-19208)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19208 advisory. 1.6.17-1 - Update to 1.6.17, fixes CVE-2026-33554 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

Oracle Linux 9 : gdk-pixbuf2 (ELSA-2026-19210)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19210 advisory. - Backport fixes for CVE-2026-5201 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has...

Oracle Linux 9 : corosync (ELSA-2026-19200)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19200 advisory. - totemsrp: Return error if sanity check fails fixes CVE-2026-35091 - totemsrp: Fix integer overflow in membjoinsanity fixes CVE-2026-35092 Tenable ha...

Linux Distros Unpatched Vulnerability : CVE-2026-54266

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, an...

Oracle Linux 9 : linux-sgx (ELSA-2026-18868)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-18868 advisory. 2.26-7 - Fix pccs npm security flaws 2.26-6 - Port to pycryptography and pyasn1 and make keyring optional 2.26-5 - Sync specfile changes from Fedora...

Linux Distros Unpatched Vulnerability : CVE-2026-53538

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, QuerystringParser treated ; as a field separator in...

Linux Distros Unpatched Vulnerability : CVE-2026-53537

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, parseoptionsheader parsed Content-Disposition and Content-Type headers with...

Linux Distros Unpatched Vulnerability : CVE-2026-53540

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.31, parseform did not validate the Content-Length header before using it to bound its...

Oracle WebLogic Server (June 2026 CSPU)

The 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the June 2026 CSPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core...

Amazon Linux 2 : kernel, --advisory ALAS2-2026-3380 (ALAS-2026-3380)

The version of kernel installed on the remote host is prior to 4.14.355-284.735. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3380 advisory. In the Linux kernel, the following vulnerability has been resolved: rtnetlink: add missing netlinknscapable check for peer...

Amazon Linux 2 : python-urllib3, --advisory ALAS2-2026-3377 (ALAS-2026-3377)

The version of python-urllib3 installed on the remote host is prior to 1.25.9-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3377 advisory. urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level...

Amazon Linux 2023 : bpftool6.18, kernel6.18, kernel6.18-devel (ALAS2023-2026-1866)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1866 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf: fix end-of-list detection in cgroupstoragegetnextkey CVE-2026-45838 In the Linux kernel, the following vulnerability ha...

Amazon Linux 2023 : python3-urllib3 (ALAS2023-2026-1843)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1843 advisory. urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen..., assertsamehost=False still...

Amazon Linux 2023 : tigervnc, tigervnc-icons, tigervnc-license (ALAS2023-2026-1892)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1892 advisory. A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer...

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2026-1882)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1882 advisory. In the Linux kernel, the following vulnerability has been resolved: arm64: mm: fix VA-range sanity check CVE-2023-53989 In the Linux kernel, the following vulnerability has been resolved:...

RHEL 10 : python-urllib3 (RHSA-2026:28000)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:28000 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

Amazon Linux 2 : amazon-cloudwatch-agent, --advisory ALAS2-2026-3389 (ALAS-2026-3389)

The version of amazon-cloudwatch-agent installed on the remote host is prior to 1.300067.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3389 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service...

Amazon Linux 2 : python3-urllib3, --advisory ALAS2-2026-3376 (ALAS-2026-3376)

The version of python3-urllib3 installed on the remote host is prior to 1.25.6-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3376 advisory. urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-leve...

Oracle Linux 8 : kernel (ELSA-2026-27353)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-27353 advisory. - net/sched: fix pedit partial COW leading to page cache corruption Ivan Vecera RHEL-177582 CVE-2026-46331 - net/sched: actpedit: free pedit keys on...

RHEL 9 : evince (RHSA-2026:27819)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27819 advisory. The evince packages provide a simple multi-page document viewer for Portable Document Format PDF, PostScript PS, Encapsulated PostScript EPS files,...

RHEL 9 : kernel (RHSA-2026:27789)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27789 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: isotp: fix tx.buf...

AlmaLinux 8 : kernel (ALSA-2026:27353)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:27353 advisory. kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service CVE-2026-31419 kernel: drm/amd/display: Do not skip unrelated mode...

SUSE SLED15 / SLES15 Security Update : python313 (SUSE-SU-2026:2464-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2464-1 advisory. This update for python313 fixes the following issues Security issues: - CVE-2026-1502: HTTP client proxy tunne...

RHEL 9 : kernel (RHSA-2026:27708)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27708 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: smc: Fix use-after-free in...

RHEL 10 : osbuild-composer (RHSA-2026:27711)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27711 advisory. A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for...

RHEL 10 : golang-github-openprinting-ipp-usb (RHSA-2026:27740)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:27740 advisory. HTTP reverse proxy, backed by IPP-over-USB connection to device. It enables driverless support for USB devices capable of using IPP-over-USB...

RHEL 10 : postgresql18 (RHSA-2026:27742)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27742 advisory. PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that...

RHEL 10 : xorg-x11-server-Xwayland (RHSA-2026:26566)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26566 advisory. Xwayland is an X server for running X clients under Wayland. Security Fixes: xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server:...