Ubuntu 20.04 LTS : Linux kernel (AWS FIPS) vulnerabilities (USN-7392-4)

"The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7392-4 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cau...

Linux Distros Unpatched Vulnerability : CVE-2026-48733

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, an infinite loop in the...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : strongSwan vulnerability (USN-8407-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8407-1 advisory. Elliott Childre discovered that strongSwan incorrectly handled the cloning of certain identities. A remote attacker could use this...

openSUSE 16 Security Update : apache-pdfbox (openSUSE-SU-2026:20923-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20923-1 advisory. Update to version 2.0.36. Security issues fixed: - CVE-2026-33929: path traversal in the ExtractEmbeddedFiles example code can lead to arbitrary...

Fedora 43 : rust (2026-d7436d12ae)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d7436d12ae advisory. Update to Rust 1.96.0: New Range types Assert matching patterns Changes to WebAssembly targets Stabilized APIs Cargo CVE-2026-5222 and CVE-2026-5223...

MiracleLinux 8 : libyang-1.0.184-2.el8_10.ML.1 (AXSA:2026-777:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2026-777:01 advisory. libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob CVE-2026-44673 Tenable has extracted the preceding...

Ubuntu 20.04 LTS : Linux kernel (Azure FIPS) vulnerabilities (USN-8098-8)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8098-8 advisory. Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Tomcat vulnerabilities (USN-8417-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8417-1 advisory. It was discovered that Tomcat did not properly limit the size of WebDAV LOCK and PROPFIND request...

openSUSE 16 Security Update : agama-web-ui (openSUSE-SU-2026:20919-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20919-1 advisory. This update for agama-web-ui fixes the following issues - CVE-2025-7339: on-headers: incorrect array handling may lead to HTTP response header...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : nginx vulnerability (USN-8398-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8398-1 advisory. It was discovered that nginx incorrectly handled certain cookie headers in the HTTP/2 implementation. A remote attacker could...

Photon OS 5.0: Linux PHSA-2026-5.0-0874

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0874. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

RockyLinux 10 : yggdrasil (RLSA-2026:24716)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:24716 advisory. crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation CVE-2026-32281 golang: internal/syscall/unix:...

Linux Distros Unpatched Vulnerability : CVE-2026-44490

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, axios exposes two read-side prototype-pollution gadgets. When...

FreeBSD : chromium -- security fixes (efa1873c-64a0-11f1-b189-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the efa1873c-64a0-11f1-b189-a8a1599412c6 advisory. Chrome Releases reports: This update includes 74 security fixes: Tenable has extracted the...

Linux Distros Unpatched Vulnerability : CVE-2026-46673

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe...

Fedora 45 : singularity-ce (2026-d32912dc74)

The remote Fedora 45 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d32912dc74 advisory. Automatic update for singularity-ce-4.4.2-1.fc45. Changelog Wed Jun 10 2026 David Trudgian - 4.4.2-1 - Upgrade to 4.4.2 upstream version. - Fix...

Linux Distros Unpatched Vulnerability : CVE-2026-52726

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5,...

Ubuntu 24.04 LTS / 25.10 / 26.04 LTS : SSSD vulnerability (USN-8355-1)

The remote Ubuntu 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8355-1 advisory. It was discovered that SSSD did not properly handle raw bytes in the PAM passkey responder. A local attacker could possibly use this issue to...

FreeBSD : FreeBSD -- Multiple vulnerabilities in unbound (b604d3e1-6474-11f1-958d-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b604d3e1-6474-11f1-958d-bc241121aa0a advisory. Multiple vulnerabilities have been reported in Unbound. Instead of listing detailed writeups f...

FreeBSD : Erlang/OTP -- TLS distribution check_ip flag does not enforce same-LAN constraint (d87e5fb4-64d4-11f1-ab11-4c526214c986)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d87e5fb4-64d4-11f1-ab11-4c526214c986 advisory. https://github.com/erlang/otp/security/advisories/GHSA-gp7x-mfv6-52cv reports: Erlang distribution over...

Linux Distros Unpatched Vulnerability : CVE-2026-9648

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names...

Linux Distros Unpatched Vulnerability : CVE-2026-48108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, russh did not enforce the SSH identification-string rules as...

AlmaLinux 8 : .NET 10.0 (ALSA-2026:25114)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:25114 advisory. dotnet: .NET: Local file tampering via link following vulnerability CVE-2026-45491 dotnet: ASP.NET Core: Denial of Service via uncontrolled resource...

Linux Distros Unpatched Vulnerability : CVE-2026-53460

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-50 and 7.1.2-25, a missing check for...

RHEL 10 : .NET 8.0 (RHSA-2026:25111)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25111 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

Ubuntu 20.04 LTS : Linux kernel (AWS FIPS) vulnerabilities (USN-7795-3)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7795-3 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...

AlmaLinux 10 : .NET 10.0 (ALSA-2026:25115)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:25115 advisory. dotnet: .NET: Local file tampering via link following vulnerability CVE-2026-45491 dotnet: ASP.NET Core: Denial of Service via uncontrolled resource...

Ubuntu 20.04 LTS : Linux kernel (FIPS) vulnerabilities (USN-7754-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7754-2 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...

openSUSE 16 Security Update : uriparser (openSUSE-SU-2026:20910-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20910-1 advisory. This update for uriparser fixes the following issue: - CVE-2025-67899: unbounded recursion and stack consumption bsc1255000. Tenable has extracted the...

AlmaLinux 10 : .NET 8.0 (ALSA-2026:25111)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:25111 advisory. dotnet: .NET: Local file tampering via link following vulnerability CVE-2026-45491 dotnet: ASP.NET Core: Denial of Service via uncontrolled resource...

Ubuntu 20.04 LTS : Linux kernel (FIPS) vulnerabilities (USN-7461-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7461-2 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...

Linux Distros Unpatched Vulnerability : CVE-2026-47167

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:stepmatch in the cucumber filetype plugin...

Debian dsa-6330 : charon-cmd - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6330 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6330-1 [email protected] https://www.debian.org/security/...

RHEL 8 : .NET 9.0 (RHSA-2026:25113)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25113 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

Linux Distros Unpatched Vulnerability : CVE-2026-53464

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, when providing invalid options to the...

openSUSE 16 Security Update : perl-XML-LibXML (openSUSE-SU-2026:20908-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20908-1 advisory. This update for perl-XML-LibXML fixes the following issue - CVE-2026-8177: read out-of-bounds heap memory when parsing XML node names containing truncat...

RHEL 6 : rsync (RHSA-2026:25173)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:25173 advisory. The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only...

Google Chrome < 149.0.7827.114 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 149.0.7827.114. It is, therefore, affected by multiple vulnerabilities as referenced in the 202606stable-channel-update-for-desktop01962725236 advisory. - Use after free in Views in Google Chrome on Windows prior to...

RHEL 9 : containernetworking-plugins (RHSA-2026:25251)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:25251 advisory. The Container Network Interface CNI project consists of a specification and libraries for writing plug- ins for configuring network...

TencentOS Server 2: libxml2 (TSSA-2026:0497)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0497 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

MiracleLinux 8 : kernel-4.18.0-553.129.1.el8_10 (AXSA:2026-772:41)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-772:41 advisory. kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions CVE-2026-46243 Tenable has extracted the preceding description block directly fro...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : OpenJDK 21 vulnerabilities (USN-8328-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8328-1 advisory. Thomas Beckers discovered that the JAXP component of OpenJDK 21 did not correctly authenticate certain APIs. ...

FreeBSD : FreeBSD -- Missing permission check in thr_kill2(2) (91163897-6472-11f1-958d-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 91163897-6472-11f1-958d-bc241121aa0a advisory. When used to deliver a signal to a specific thread, thrkill22 called pcansignal to determine whether th...

Linux Distros Unpatched Vulnerability : CVE-2026-49760

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack-based Buffer Overflow vulnerability in Erlang OTP erlinterface allows Stack-based Buffer Overflow. This vulnerability is associated with program file...

Ubuntu 20.04 LTS : Linux kernel (FIPS) vulnerabilities (USN-7516-8)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7516-8 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Inetutils vulnerabilities (USN-8387-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8387-1 advisory. It was discovered that the Inetutils telnet daemon incorrectly handled th...

Linux Distros Unpatched Vulnerability : CVE-2026-46702

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.1, when SSH compression is enabled, russh accepted compressed packets...

aioHTTP < 3.14.0 Multiple Vulnerabilities

The version of aioHTTP installed on the remote host is prior to 3.14.0. It is, therefore, affected by multiple vulnerabilities: - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary...

EulerOS 2.0 SP13 : kernel (EulerOS-SA-2026-2364)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : xfrm: esp: avoid in-place decrypt on shared skb fragsCVE-2026-43284 Tenable has extracted the preceding description block directly from the EulerO...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : Netatalk vulnerabilities (USN-8395-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8395-1 advisory. Arjun Basnet discovered that Netatalk incorrectly sanitized user input in its MyS...