Ubuntu 24.04 LTS / 25.10 : Kea DHCP vulnerability (USN-8403-1)

The remote Ubuntu 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8403-1 advisory. Ali Norouzi discovered that Kea DHCP did not properly handle maliciously crafted messages over configured API sockets and HA listeners. A remote attacker...

Ubuntu 20.04 LTS : Linux kernel (FIPS) vulnerabilities (USN-8098-6)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8098-6 advisory. Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these...

RHEL 10 : valkey (RHSA-2026:25216)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25216 advisory. Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists,...

RHEL 7 : rsync (RHSA-2026:25172)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:25172 advisory. The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only...

RHEL 10 : qt6-qtdeclarative (RHSA-2026:24987)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:24987 advisory. Qt6 - QtDeclarative component. Security Fixes: qt: Qt SVG: Arbitrary QML/JavaScript code injection via malicious SVG file CVE-2025-14576 For more...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : uriparser vulnerability (USN-8409-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8409-1 advisory. It was discovered that uriparser incorrectly handled certain URI strings. An attacker could possibly u...

Debian dsa-6337 : chromium - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6337 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6337-1 [email protected]...

Ubuntu 20.04 LTS : Linux kernel (GCP FIPS) vulnerabilities (USN-7516-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7516-2 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...

openSUSE 16 Security Update : chromium (openSUSE-SU-2026:20916-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20916-1 advisory. Changes in chromium: - Chromium 149 149.0.7827.53 stable boo1267706: CVE-2026-10881: Out of bounds read and write in ANGLE CVE-2026-10882: Use...

RockyLinux 10 : postgresql-jdbc (RLSA-2026:24348)

The remote RockyLinux 10 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2026:24348 advisory. jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication CVE-2026-42198 Tenable has extracted the preceding...

FreeBSD : FreeBSD -- Arbitrary file overwrite via the KTLS receive path (f2c4892a-6472-11f1-958d-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f2c4892a-6472-11f1-958d-bc241121aa0a advisory. The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data wer...

Linux Distros Unpatched Vulnerability : CVE-2025-55659

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A NULL pointer dereference in the cttsboxwrite function isomedia/boxcodebase.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplyi...

Linux Distros Unpatched Vulnerability : CVE-2026-44488

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size limit...

Ubuntu 20.04 LTS : Linux kernel (FIPS) vulnerabilities (USN-7701-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7701-2 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : haveged vulnerability (USN-8358-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8358-1 advisory. It was discovered that haveged incorrectly handled credential checks on its control socket. A local attacker could possibly use th...

Debian dsa-6338 : libdbi-perl - security update

The remote Debian 12 / 13 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-6338 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6338-1 [email protected]...

Ubuntu 20.04 LTS : Linux kernel (FIPS) vulnerabilities (USN-7874-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7874-2 advisory. Jean-Claude Graf, Sandro Regge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation betwee...

RockyLinux 8 : postgresql-jdbc (RLSA-2026:25030)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:25030 advisory. jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication CVE-2026-42198 Tenable has extracted the preceding...

openSUSE 16 Security Update : ffmpeg-4 (openSUSE-SU-2026:20914-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20914-1 advisory. Changes in ffmpeg-4: - CVE-2026-30997: avcodec/av1dec: check that primaryrefframe is within range bsc1262047 Tenable has extracted the preceding...

Linux Distros Unpatched Vulnerability : CVE-2026-48855

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh sshsftpd module allows File Discovery. The SSHFXPREADLINK handler in...

AlmaLinux 10 : kernel (ALSA-2026:25191)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:25191 advisory. kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service CVE-2026-31419 kernel: Linux kernel: Denial of Service in erofs...

Ubuntu 25.10 / 26.04 LTS : Cyborg vulnerabilities (USN-8413-1)

The remote Ubuntu 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8413-1 advisory. It was discovered that Cyborg did not properly enforce project ownership in the Accelerator Request ARQ API. An authenticated user could possibly...

Linux Distros Unpatched Vulnerability : CVE-2026-47162

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw...

Debian dsa-6336 : libjackson2-core-java - security update

The remote Debian 12 / 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-6336 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6336-1 [email protected] https://www.debian.org/security/...

EulerOS 2.0 SP13 : kernel (EulerOS-SA-2026-2363)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : xfrm: esp: avoid in-place decrypt on shared skb fragsCVE-2026-43284 Tenable has extracted the preceding description block directly from the EulerO...

openSUSE 16 Security Update : syft (openSUSE-SU-2026:20928-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20928-1 advisory. Changes in syft: - Update to version 1.45.0: Added Features - Add support for ZapAddOns as jar files 4654 4932 @douglasclarke - MySQL binary classifier...

openSUSE 16 Security Update : sshfs (openSUSE-SU-2026:20915-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20915-1 advisory. Changes in sshfs: - Update to 3.7.6: - Added new maintainer: abhinavagarwal07 Abhinav Agarwal - CVE-2026-47187: Fixed critical vulnerability -...

RockyLinux 9 : unbound (RLSA-2026:24369)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:24369 advisory. unbound: Heap overflow and crash with multiple nsid, cookie, padding EDNS options CVE-2026-42944 unbound: Unbound DNSSEC Validator Denial of Service via...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS : QEMU vulnerabilities (USN-8412-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8412-1 advisory. Felipe Franciosi, Raphael Norwitz, and Peter Turschmid discovered that the iSCSI block driver in QEMU incorrectly...

RHEL 9 : redis:7 (RHSA-2026:25219)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25219 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, set...

RockyLinux 9 : bind (RLSA-2026:24367)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:24367 advisory. bind: BIND 9 server memory exhaustion during GSS-API TKEY negotiation CVE-2026-3039 bind: BIND: Denial of Service via specially crafted DNS messages...

Linux Distros Unpatched Vulnerability : CVE-2025-52293

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A segmentation violaton in the gfhevcreadspsbsinternal function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via...

AlmaLinux 8 : .NET 8.0 (ALSA-2026:25110)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:25110 advisory. dotnet: .NET: Local file tampering via link following vulnerability CVE-2026-45491 dotnet: ASP.NET Core: Denial of Service via uncontrolled resource...

Linux Distros Unpatched Vulnerability : CVE-2026-42189

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of- service vulnerability exists in the server's...

RockyLinux 9 : bind9.18 (RLSA-2026:24368)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:24368 advisory. bind: BIND 9 server memory exhaustion during GSS-API TKEY negotiation CVE-2026-3039 bind: BIND: Denial of Service via specially crafted DNS messages...

RHEL 8 : libsndfile (RHSA-2026:25227)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:25227 advisory. libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Security Fixes: libsndfile: integer...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : CUPS vulnerabilities (USN-8405-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8405-1 advisory. Ariel Silver discovered that CUPS incorrectly handled username comparisons during authorization checks. A local attacker...

GitLab 12.10 < 18.10.8 / 18.11 < 18.11.5 / 19.0 < 19.0.2 (CVE-2026-7250)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Net::CIDR::Lite vulnerabilities (USN-8406-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8406-1 advisory. Dave Rolsky discovered that Net::CIDR::Lite did not properly handle extraneous zero...

Photon OS 4.0: Linux PHSA-2026-4.0-1030

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1030. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

RockyLinux 10 : cockpit-image-builder (RLSA-2026:24331)

The remote RockyLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2026:24331 advisory. lodash: prototype pollution in .unset and .omit functions CVE-2025-13465 lodash: lodash: Arbitrary code execution via untrusted input in template impor...

Oracle Linux 8 : .NET / 9.0 (ELSA-2026-25113)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-25113 advisory. 9.0.118-1.0.1 - Add support for Oracle Linux 9.0.118-1 - Update to .NET SDK 9.0.118 and Runtime 9.0.17 - Resolves: RHEL-181550 9.0.116-2 - Update to...

Ubuntu 18.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : shell-quote vulnerability (USN-8410-1)

The remote Ubuntu 18.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8410-1 advisory. Akshat Sinha discovered that shell-quote improperly validated object-token inputs. An attacker could possibly use this...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : Qt Declarative vulnerability (USN-8357-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8357-1 advisory. It was discovered that Qt Declarative did not properly validate the width and height attributes of image tags in the Text component of Qt...

FreeBSD : tree-sitter-cli -- Always-Incorrect Control Flow Implementation in wasmtime crate (36ec75da-633d-11f1-9dbc-28d2443e6cfa)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 36ec75da-633d-11f1-9dbc-28d2443e6cfa advisory. https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-q49f-xg75-m9xw reports: Wasmtime ...

FreeBSD : p5-ack -- Multiple issues (7ce71561-64c7-11f1-99fc-40b034429ecf)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 7ce71561-64c7-11f1-99fc-40b034429ecf advisory. Ack project reports: CVE-2026-49147: filename ANSI escape sequences CVE-2026-49146: project...

Photon OS 4.0: Linux PHSA-2026-4.0-1029

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1029. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

AlmaLinux 10 : .NET 9.0 (ALSA-2026:25112)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:25112 advisory. dotnet: .NET: Local file tampering via link following vulnerability CVE-2026-45491 dotnet: ASP.NET Core: Denial of Service via uncontrolled resource...

AlmaLinux 8 : .NET 9.0 (ALSA-2026:25113)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:25113 advisory. dotnet: .NET: Local file tampering via link following vulnerability CVE-2026-45491 dotnet: ASP.NET Core: Denial of Service via uncontrolled resource...

RHEL 8 : rsync (RHSA-2026:25190)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:25190 advisory. The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only...