Linux Distros Unpatched Vulnerability : CVE-2026-48858

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Server-Side Request Forgery SSRF vulnerability in Erlang/OTP ftp ftpinternal module allows FTP bounce attacks and SSRF via an unvalidated PASV response IP...

Linux Distros Unpatched Vulnerability : CVE-2026-44288

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs includes a minimal UTF-8 decoder that accepted...

FreeBSD : FreeBSD -- Multiple vulnerabilities in the sound(4) mmap path (253188dd-6473-11f1-958d-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 253188dd-6473-11f1-958d-bc241121aa0a advisory. The sound4 driver contained two memory-safety errors in its mmap2 support. First, dspmmapsingl...

FreeBSD : FreeBSD -- sigqueue(2) missing capability mode restriction (94f20492-6473-11f1-958d-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 94f20492-6473-11f1-958d-bc241121aa0a advisory. sigqueue2 was marked as permitted in capability mode with the introduction of Capsicum in 2011, but the...

FreeBSD : FreeBSD -- Use-after-free bug in the IPV6_MSFILTER socket option handler (c5b7ac13-6473-11f1-958d-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c5b7ac13-6473-11f1-958d-bc241121aa0a advisory. The kernel handler for IPV6MSFILTER dropped a serializing lock in order to copy the source-filter list...

RockyLinux 9 : frr10 (RLSA-2026:24370)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:24370 advisory. frr: denial of service via crafted FlowSpec component CVE-2026-37457 frr: denial of service via crafted BGP UPDATE message CVE-2026-37459 Tenable has...

RHEL 9 : openssl (RHSA-2026:25239)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25239 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

AlmaLinux 10 : openssl (ALSA-2026:25237)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:25237 advisory. openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing CVE-2026-7383 openssl: OpenSSL: Denial of Service due to...

RockyLinux 10 : frr (RLSA-2026:24347)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:24347 advisory. frr: denial of service via crafted FlowSpec component CVE-2026-37457 frr: denial of service via crafted BGP UPDATE message CVE-2026-37459 Tenable has...

RockyLinux 9 : frr (RLSA-2026:24371)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:24371 advisory. frr: denial of service via crafted FlowSpec component CVE-2026-37457 Tenable has extracted the preceding description block directly from the RockyLinux security...

RHEL 10 : openssl (RHSA-2026:25237)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25237 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

FreeBSD : OpenSSL -- Multiple vulnerabilities (259b562f-64ab-11f1-8607-8447094a420f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 259b562f-64ab-11f1-8607-8447094a420f advisory. The OpenSSL project reports: Eighteen vulnerabilities in OpenSSL library. Highest classificati...

RockyLinux 8 : frr (RLSA-2026:24340)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:24340 advisory. frr: denial of service via crafted FlowSpec component CVE-2026-37457 Tenable has extracted the preceding description block directly from the RockyLinux security...

FreeBSD : FreeBSD -- Multiple vulnerabilities in OpenSSL (a57fe2c1-6476-11f1-958d-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the a57fe2c1-6476-11f1-958d-bc241121aa0a advisory. Multiple issues have been reported as part of this advisory with different issues affecting...

FreeBSD : FreeBSD-kernel -- ASLR bypass for setuid executables via procctl(2) (7e61007e-6474-11f1-958d-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7e61007e-6474-11f1-958d-bc241121aa0a advisory. The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code th...

FreeBSD : FreeBSD -- Integer overflow in vt(4) CONS_HISTORY ioctl (71036b90-6476-11f1-958d-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 71036b90-6476-11f1-958d-bc241121aa0a advisory. The CONSHISTORY ioctl handler did not adequately validate the requested history size. A large value...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : OpenSSL vulnerabilities (USN-8414-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8414-1 advisory. Frank Buss discovered that OpenSSL had a heap buffer over-read in ASN.1 content parsing. An attacker could possibly use...

AlmaLinux 9 : samba (ALSA-2026:25049)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:25049 advisory. samba: Missing access check on reparse point operations CVE-2026-1933 samba: vfsworm does not block directory modification CVE-2026-2340 samba: group...

AlmaLinux 10 : poppler (ALSA-2026:24985)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:24985 advisory. poppler: Integer overflow in Poppler SplashOutputDev::tilingPatternFill leads to heap buffer overflow via unchecked dimension multiplication CVE-2026-10118 Tenab...

RockyLinux 10 : samba (RLSA-2026:22963)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:22963 advisory. samba: Missing access check on reparse point operations CVE-2026-1933 samba: vfsworm does not block directory modification CVE-2026-2340 samba: group...

MiracleLinux 8 : poppler-20.11.0-14.el8_10 (AXSA:2026-780:03)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-780:03 advisory. poppler: Integer overflow in Poppler SplashOutputDev::tilingPatternFill leads to heap buffer overflow via unchecked dimension multiplication CVE-2026-10118...

RHEL 10 : poppler (RHSA-2026:24985)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:24985 advisory. Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: Integer overflow in...

Oracle Linux 8 : poppler (ELSA-2026-24984)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-24984 advisory. - Fix integer overflow in tilingPatternFill CVE-2026-10118 Tenable has extracted the preceding description block directly from the Oracle Linux security...

RHEL 9 : poppler (RHSA-2026:25058)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:25058 advisory. Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: Integer overflow in Poppl...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : poppler vulnerability (USN-8400-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8400-1 advisory. It was discovered that poppler incorrectly handled certain malformed PDF tiling patterns in the Splash backend. An attacker could...

RHEL 7 : compat-libtiff3 (RHSA-2026:24992)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:24992 advisory. The libtiff3 package provides libtiff 3, an older version of libtiff library for manipulating TIFF Tagged Image File Format image format files. This...

AlmaLinux 9 : poppler (ALSA-2026:25058)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:25058 advisory. poppler: Integer overflow in Poppler SplashOutputDev::tilingPatternFill leads to heap buffer overflow via unchecked dimension multiplication CVE-2026-10118 Tenabl...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS : Apache HTTP Server vulnerabilities (USN-8396-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8396-1 advisory. It was discovered that the Apache HTTP Server modrewrite module incorrectly handled certain privileges. A local...

AlmaLinux 8 : poppler (ALSA-2026:24984)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:24984 advisory. poppler: Integer overflow in Poppler SplashOutputDev::tilingPatternFill leads to heap buffer overflow via unchecked dimension multiplication CVE-2026-10118 Tenabl...

RHEL 8 : poppler (RHSA-2026:24984)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:24984 advisory. Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: Integer overflow in Poppl...

Linux Distros Unpatched Vulnerability : CVE-2026-53465

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, a crafted multi-frame can result in a...

openSUSE 16 Security Update : erlang (openSUSE-SU-2026:20907-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20907-1 advisory. This update for erlang fixes the following issues - CVE-2025-4748: improper limitation of a pathname may lead to path traversal bsc1244642. -...

Ubuntu 20.04 LTS : Linux kernel (FIPS) vulnerabilities (USN-7495-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7495-2 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...

RockyLinux 8 : unbound (RLSA-2026:24365)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:24365 advisory. unbound: Heap overflow and crash with multiple nsid, cookie, padding EDNS options CVE-2026-42944 unbound: Unbound DNSSEC Validator Denial of Service via...

Ubuntu 20.04 LTS : Linux kernel (FIPS) vulnerabilities (USN-7408-3)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7408-3 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...

Linux Distros Unpatched Vulnerability : CVE-2026-45591

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network. CVE-2026-45591 Note that Nessus relies on the...

RockyLinux 8 : bind (RLSA-2026:24339)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:24339 advisory. bind: BIND 9 server memory exhaustion during GSS-API TKEY negotiation CVE-2026-3039 bind: BIND: Denial of Service via specially crafted DNS messages...

AlmaLinux 10 : podman (ALSA-2026:24470)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:24470 advisory. crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation CVE-2026-32281 crypto/tls: golang: Go crypto/tls:...

Ubuntu 20.04 LTS : Linux kernel (AWS FIPS) vulnerabilities (USN-7392-4)

"The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7392-4 advisory. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cau...

Linux Distros Unpatched Vulnerability : CVE-2026-48733

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, an infinite loop in the...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : strongSwan vulnerability (USN-8407-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8407-1 advisory. Elliott Childre discovered that strongSwan incorrectly handled the cloning of certain identities. A remote attacker could use this...

openSUSE 16 Security Update : apache-pdfbox (openSUSE-SU-2026:20923-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20923-1 advisory. Update to version 2.0.36. Security issues fixed: - CVE-2026-33929: path traversal in the ExtractEmbeddedFiles example code can lead to arbitrary...

Fedora 43 : rust (2026-d7436d12ae)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d7436d12ae advisory. Update to Rust 1.96.0: New Range types Assert matching patterns Changes to WebAssembly targets Stabilized APIs Cargo CVE-2026-5222 and CVE-2026-5223...

MiracleLinux 8 : libyang-1.0.184-2.el8_10.ML.1 (AXSA:2026-777:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2026-777:01 advisory. libyang: libyang: Denial of Service or arbitrary code execution via maliciously crafted LYB binary blob CVE-2026-44673 Tenable has extracted the preceding...

Ubuntu 20.04 LTS : Linux kernel (Azure FIPS) vulnerabilities (USN-8098-8)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8098-8 advisory. Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Tomcat vulnerabilities (USN-8417-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8417-1 advisory. It was discovered that Tomcat did not properly limit the size of WebDAV LOCK and PROPFIND request...

openSUSE 16 Security Update : agama-web-ui (openSUSE-SU-2026:20919-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20919-1 advisory. This update for agama-web-ui fixes the following issues - CVE-2025-7339: on-headers: incorrect array handling may lead to HTTP response header...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : nginx vulnerability (USN-8398-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8398-1 advisory. It was discovered that nginx incorrectly handled certain cookie headers in the HTTP/2 implementation. A remote attacker could...

Photon OS 5.0: Linux PHSA-2026-5.0-0874

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0874. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

RockyLinux 10 : yggdrasil (RLSA-2026:24716)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:24716 advisory. crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation CVE-2026-32281 golang: internal/syscall/unix:...