openSUSE 16 Security Update : perl-XML-LibXML (openSUSE-SU-2026:20908-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20908-1 advisory. This update for perl-XML-LibXML fixes the following issue - CVE-2026-8177: read out-of-bounds heap memory when parsing XML node names containing truncat...

RHEL 6 : rsync (RHSA-2026:25173)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:25173 advisory. The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only...

Google Chrome < 149.0.7827.114 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 149.0.7827.114. It is, therefore, affected by multiple vulnerabilities as referenced in the 202606stable-channel-update-for-desktop01962725236 advisory. - Use after free in Views in Google Chrome on Windows prior to...

RHEL 9 : containernetworking-plugins (RHSA-2026:25251)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:25251 advisory. The Container Network Interface CNI project consists of a specification and libraries for writing plug- ins for configuring network...

TencentOS Server 2: libxml2 (TSSA-2026:0497)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0497 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

MiracleLinux 8 : kernel-4.18.0-553.129.1.el8_10 (AXSA:2026-772:41)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-772:41 advisory. kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions CVE-2026-46243 Tenable has extracted the preceding description block directly fro...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : OpenJDK 21 vulnerabilities (USN-8328-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8328-1 advisory. Thomas Beckers discovered that the JAXP component of OpenJDK 21 did not correctly authenticate certain APIs. ...

FreeBSD : FreeBSD -- Missing permission check in thr_kill2(2) (91163897-6472-11f1-958d-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 91163897-6472-11f1-958d-bc241121aa0a advisory. When used to deliver a signal to a specific thread, thrkill22 called pcansignal to determine whether th...

Linux Distros Unpatched Vulnerability : CVE-2026-49760

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack-based Buffer Overflow vulnerability in Erlang OTP erlinterface allows Stack-based Buffer Overflow. This vulnerability is associated with program file...

Ubuntu 20.04 LTS : Linux kernel (FIPS) vulnerabilities (USN-7516-8)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7516-8 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Inetutils vulnerabilities (USN-8387-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8387-1 advisory. It was discovered that the Inetutils telnet daemon incorrectly handled th...

Linux Distros Unpatched Vulnerability : CVE-2026-46702

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.1, when SSH compression is enabled, russh accepted compressed packets...

aioHTTP < 3.14.0 Multiple Vulnerabilities

The version of aioHTTP installed on the remote host is prior to 3.14.0. It is, therefore, affected by multiple vulnerabilities: - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary...

EulerOS 2.0 SP13 : kernel (EulerOS-SA-2026-2364)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : xfrm: esp: avoid in-place decrypt on shared skb fragsCVE-2026-43284 Tenable has extracted the preceding description block directly from the EulerO...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : Netatalk vulnerabilities (USN-8395-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8395-1 advisory. Arjun Basnet discovered that Netatalk incorrectly sanitized user input in its MyS...

GitLab 15.9 < 18.10.8 / 18.11 < 18.11.5 / 19.0 < 19.0.2 (CVE-2026-9694)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions, could have allowed an...

RHEL 10 : .NET 10.0 (RHSA-2026:25115)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25115 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

Ubuntu 14.04 LTS : Linux kernel vulnerability (USN-8361-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8361-1 advisory. A security issue was discovered in the Linux kernel. An attacker could possibly use this to compromise the system. This update corrects flaws in the following...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : sslh vulnerability (USN-8360-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8360-1 advisory. It was discovered that sslh did not properly handle symbolic links when writing its PID file. ...

GitLab 15.10 < 18.10.8 / 18.11 < 18.11.5 / 19.0 < 19.0.2 (CVE-2026-6269)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an...

AlmaLinux 9 : redis (ALSA-2026:23229)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:23229 advisory. redis: RESTORE invalid memory access may allow remote code execution CVE-2026-25243 Tenable has extracted the preceding description block directly from the...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-11332)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-11332 advisory. - A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency...

Ubuntu 20.04 LTS : Linux kernel (Azure FIPS) vulnerabilities (USN-7939-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7939-2 advisory. Jean-Claude Graf, Sandro Regge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation betwee...

RHEL 8 : thunderbird (RHSA-2026:25014)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:25014 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Memory safety bugs fixed in Firefox ES...

Linux Distros Unpatched Vulnerability : CVE-2026-48734

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, a crafted MVG file coul...

Ubuntu 20.04 LTS : Linux kernel (FIPS) vulnerabilities (USN-7585-3)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7585-3 advisory. It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls...

RHEL 9 : libyang (RHSA-2026:25051)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:25051 advisory. Libyang is YANG data modeling language parser and toolkit written and providing API in C. Security Fixes: libyang: libyang: Denial of Service or...

FreeBSD : Erlang/OTP -- httpc leaks authentication headers on cross-host redirect (d87e2466-64d4-11f1-ab11-4c526214c986)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d87e2466-64d4-11f1-ab11-4c526214c986 advisory. https://github.com/erlang/otp/security/advisories/GHSA-m75x-4vwg-ggjh reports: The HTTP client httpc in...

Linux Distros Unpatched Vulnerability : CVE-2026-48110

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.0, several russh client and server message handlers decoded...

AlmaLinux 9 : bind (ALSA-2026:24367)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:24367 advisory. bind: BIND 9 server memory exhaustion during GSS-API TKEY negotiation CVE-2026-3039 bind: BIND: Denial of Service via specially crafted DNS messages...

FreeBSD : Erlang/OTP -- FTP passive-mode client does not validate server response IP (d87e0681-64d4-11f1-ab11-4c526214c986)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d87e0681-64d4-11f1-ab11-4c526214c986 advisory. https://github.com/erlang/otp/security/advisories/GHSA-24cv-hwgr-37fq reports: The FTP client in passiv...

openSUSE 16 Security Update : postgresql18 (openSUSE-SU-2026:20901-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20901-1 advisory. This update for postgresql18 fixes the following issues Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema...

RHEL 9 : .NET 8.0 (RHSA-2026:25220)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25220 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

Linux Distros Unpatched Vulnerability : CVE-2026-45491

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper link resolution before file access 'link following' in .NET allows an unauthorized attacker to perform tampering locally. CVE-2026-45491 Note that Ness...

Linux Distros Unpatched Vulnerability : CVE-2026-46373

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.1.0, in deployments where untruste...

Fedora 44 : xmlstarlet (2026-dbf44e0b72)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-dbf44e0b72 advisory. Fixes XML external entity vulnerability. For more information, refer to . Tenable has extracted the preceding description block directly from the Fedora...

openSUSE 16 Security Update : polkit (openSUSE-SU-2026:20925-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20925-1 advisory. This update for polkit fixes the following issue: - CVE-2026-4897: Fixed possible OOM condition via specially crafted input to polkit-agent-helper-1...

MiracleLinux 8 : bind-9.11.36-16.el8_10.8 (AXSA:2026-775:05)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-775:05 advisory. bind: BIND 9 server memory exhaustion during GSS-API TKEY negotiation CVE-2026-3039 bind: BIND: Denial of Service via specially crafted DNS messages...

RHEL 8 : rsync (RHSA-2026:25149)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:25149 advisory. The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only...

RHEL 9 : bind9.18 (RHSA-2026:24934)

"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:24934 advisory. BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves...

FreeBSD : Erlang/OTP -- stack overflow in ei_s_print_term for very large integer terms (d87de755-64d4-11f1-ab11-4c526214c986)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d87de755-64d4-11f1-ab11-4c526214c986 advisory. https://github.com/erlang/otp/security/advisories/GHSA-xcxj-5pg2-v72j reports: Fixed a stack overflow i...

Ubuntu 20.04 LTS : Linux kernel (FIPS) vulnerabilities (USN-7990-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7990-2 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...

RHEL 8 : bind9.16 (RHSA-2026:25171)

"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:25171 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named %NASLMINLEVEL...

Ubuntu 20.04 LTS : Linux kernel (AWS FIPS) vulnerabilities (USN-7462-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7462-2 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...

RockyLinux 8 : kernel-rt (RLSA-2026:23259)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:23259 advisory. kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions CVE-2026-46243 Tenable has extracted the preceding description block directly from t...

FreeBSD : FreeBSD -- Insufficient response validation in the ldns stub resolver (fc0c7763-6477-11f1-958d-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fc0c7763-6477-11f1-958d-bc241121aa0a advisory. When used as a stub resolver over UDP, ldns failed to verify that a received response belonged to the...

RockyLinux 10 : libyang (RLSA-2026:24758)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:24758 advisory. libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob CVE-2026-44673 Tenable has extracted the preceding...

AlmaLinux 9 : unbound (ALSA-2026:24369)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:24369 advisory. unbound: Heap overflow and crash with multiple nsid, cookie, padding EDNS options CVE-2026-42944 unbound: Unbound DNSSEC Validator Denial of Service via...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Transmission vulnerability (USN-8404-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8404-1 advisory. It was discovered that Transmission had a clickjacking weakness in the browser-facing WebUI and RPC response paths. An attacker...

Ubuntu 20.04 LTS : Linux kernel (FIPS) vulnerabilities (USN-7408-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7408-2 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...