Amazon Linux 2023 : squid (ALAS2023-2026-1858)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1858 advisory. Due to an Improper Input Validation bug, Squid is vulnerable toa Heap-based Buffer Overflow attack against cache digests. This problem allows a trusted server to perform a Heap-basedBuffer Overflow whe...

RHEL 8 : Red Hat OpenStack Platform 17.1 (python-urllib3) (RHSA-2026:28043)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:28043 advisory. Python HTTP module with connection pooling and file POST abilities. Security Fixes: urllib3: Unbounded decompression chain leads to resourc...

Amazon Linux 2023 : bpftool6.18, kernel6.18, kernel6.18-devel (ALAS2023-2026-1881)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1881 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: validate the whole DACL before rewriting it in cifsacl CVE-2026-31709 Tenable has extracted the preceding description...

Amazon Linux 2 : freerdp, --advisory ALAS2-2026-3356 (ALAS-2026-3356)

The version of freerdp installed on the remote host is prior to 2.11.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3356 advisory. FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to...

Amazon Linux 2 : ecs-service-connect-agent, --advisory ALAS2ECS-2026-126 (ALASECS-2026-126)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.34.13.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2026-126 advisory. A denial-of-service vulnerability was found in Envoy's HTTP/2 HPACK header compression implementation. A...

Amazon Linux 2023 : jq, jq-devel (ALAS2023-2026-1860)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1860 advisory. jq --rawfile invalid-state reuse after String too long causes heap-buffer-overflow CVE-2026-49839 Tenable has extracted the preceding description block directly from the tested product security advisor...

RHEL 10 : .NET 8.0 (RHSA-2026:28007)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:28007 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

Amazon Linux 2 : perl-HTML-Parser, --advisory ALAS2-2026-3357 (ALAS-2026-3357)

The version of perl-HTML-Parser installed on the remote host is prior to 3.71-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3357 advisory. HTML::Entities versions before 3.84 for Perl read freed heap memory in decodeentities. The XS routine backing...

Fedora 43 : python-scrapy (2026-9a7f59fa7c)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-9a7f59fa7c advisory. updated to latest version for F43 and F44 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Amazon Linux 2023 : python3.12-pip, python3.12-pip-wheel (ALAS2023-2026-1840)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1840 advisory. A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially...

Amazon Linux 2 : golist, --advisory ALAS2-2026-3382 (ALAS-2026-3382)

The version of golist installed on the remote host is prior to 0.10.1-10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3382 advisory. x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2026-108 (ALASKERNEL-5.15-2026-108)

The version of kernel installed on the remote host is prior to 5.15.204-143.229. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2026-108 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: drop extent cache when splitti...

Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2026-1880)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1880 advisory. Use After Free vulnerability in Apache HTTP Server with modldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrad...

Amazon Linux 2023 : mariadb-connector-c, mariadb-connector-c-config, mariadb-connector-c-devel (ALAS2023-2026-1873)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1873 advisory. An application that was taking non-validated user input, escaping it with mysqlrealescapestring and sending it to the database using text protocol and big5 character set was vulnerable to SQL injection...

Linux Distros Unpatched Vulnerability : CVE-2026-54278

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, during cleanup it is possible for a compressed request body to ...

Linux Distros Unpatched Vulnerability : CVE-2026-12804

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of...

SUSE SLES15 Security Update : openvswitch (SUSE-SU-2026:2463-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2463-1 advisory. This update for openvswitch fixes the following issues Update ovn to 25.03.3: - CVE-2026-5265: heap over-read in ICMP error respons...

Linux Distros Unpatched Vulnerability : CVE-2026-54274

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket frame payloads,...

RHEL 8 : Red Hat OpenStack Platform 17.1 (python-pyasn1) (RHSA-2026:28042)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28042 advisory. This is an implementation of ASN.1 types and codecs in the Python programming language. Security Fixes: pyasn1: Denial of Service due to memory...

RHEL 10 : memcached (RHSA-2026:27842)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27842 advisory. memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web...

Linux Distros Unpatched Vulnerability : CVE-2026-12549

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sen...

Amazon Linux 2023 : ansible-core, ansible-test (ALAS2023-2026-1849)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1849 advisory. A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument...

RHEL 9 : poppler (RHSA-2026:27723)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27723 advisory. Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: Integer overflow in Poppl...

Linux Distros Unpatched Vulnerability : CVE-2025-26240

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In JazzCore python-pdfkit 1.0.0, the fromstring method enables the execution of JavaScript code within the context of the server application and the exfiltratio...

Amazon Linux 2023 : python3-click (ALAS2023-2026-1854)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1854 advisory. Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands from an unprivileged account. CVE-2026-72...

Amazon Linux 2023 : jxl-pixbuf-loader, libjxl, libjxl-devel (ALAS2023-2026-1828)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1828 advisory. Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras::DecodeImagePNM function in file lib/extras/dec/pnm.cc. CVE-2025-70103 Tenable has extracted the preceding...

Fedora 44 : prometheus (2026-ebaf2bfd71)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ebaf2bfd71 advisory. Update to 3.12.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

Fedora 43 : erlang (2026-e692d95607)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-e692d95607 advisory. Fix for CVE-2026-48855 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

RHEL 6 : kernel (RHSA-2026:27719)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27719 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ip6tunnel: clear skb2-cb in...

RHEL 7 : webkitgtk4 (RHSA-2026:27728)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27728 advisory. WebKitGTK+ is port of the WebKit portable web rendering engine to the GTK+ platform. These packages provide WebKitGTK+ for GTK+ 3. Security...

RHEL 7 : kernel (RHSA-2026:27729)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27729 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Denial of servi...

RHEL 8 : webkit2gtk3 (RHSA-2026:27785)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27785 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously...

SUSE SLES15 Security Update : kubernetes-old (SUSE-SU-2026:2460-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2460-1 advisory. - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265747. -...

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2026-1865)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1865 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions CVE-2026-46243 In the Linux kernel, the following vulnerability has...

Amazon Linux 2 : webkitgtk4, --advisory ALAS2-2026-3381 (ALAS-2026-3381)

The version of webkitgtk4 installed on the remote host is prior to 2.52.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3381 advisory. The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7....

Amazon Linux 2023 : ImageMagick, ImageMagick-c++, ImageMagick-c++-devel (ALAS2023-2026-1861)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1861 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, an infinite loop in the subimage-search operation can...

Amazon Linux 2 : rclone, --advisory ALAS2-2026-3384 (ALAS-2026-3384)

The version of rclone installed on the remote host is prior to 1.55.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3384 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Tenable has extracted...

Amazon Linux 2023 : git-lfs (ALAS2023-2026-1889)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1889 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Tenable has extracted the preceding description block directly from the tested product...

Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1863)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1863 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions CVE-2026-46243 In the Linux kernel, the following vulnerability has...

Amazon Linux 2023 : mariadb1011, mariadb1011-backup, mariadb1011-client-utils (ALAS2023-2026-1844)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1844 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable...

Amazon Linux 2023 : openssl, openssl-devel, openssl-fips-provider-latest (ALAS2023-2026-1853)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1853 advisory. Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitiveelement whose content exceeds 2 gigabytes in length may cause a heap bufferover-read on 64-bit Unix and Unix-like...

Amazon Linux 2 : openssl-snapsafe, --advisory ALAS2OPENSSL-SNAPSAFE-2026-011 (ALASOPENSSL-SNAPSAFE-2026-011)

The version of openssl-snapsafe installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2OPENSSL-SNAPSAFE-2026-011 advisory. Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitiveelement whose conte...

Amazon Linux 2 : edk2, --advisory ALAS2-2026-3363 (ALAS-2026-3363)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3363 advisory. Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitiveelement whose content exceeds 2 gigabytes in length may cause a heap bufferover-read on 64-bit Unix and Unix-like...

Amazon Linux 2 : cri-tools, --advisory ALAS2-2026-3385 (ALAS-2026-3385)

The version of cri-tools installed on the remote host is prior to 1.32.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3385 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Tenable has extract...

Amazon Linux 2 : openssl11, --advisory ALAS2-2026-3364 (ALAS-2026-3364)

The version of openssl11 installed on the remote host is prior to 1.1.1zh-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3364 advisory. Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitiveelement whose content exceeds 2 gigabytes...

Amazon Linux 2023 : perl-IO-Compress, perl-IO-Compress-tests (ALAS2023-2026-1825)

"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1825 advisory. IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward compares length $offset the digit count of the offset, 1 to 19...

Amazon Linux 2023 : cni-plugins (ALAS2023-2026-1888)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1888 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Tenable has extracted the preceding description block directly from the tested product...

RHEL 8 : kernel-rt (RHSA-2026:27812)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27812 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements...

Amazon Linux 2023 : bpftool6.18, kernel6.18, kernel6.18-devel (ALAS2023-2026-1864)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1864 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions CVE-2026-46243 In the Linux kernel, the following vulnerability has...

Amazon Linux 2 : openssl, --advisory ALAS2-2026-3365 (ALAS-2026-3365)

The version of openssl installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3365 advisory. Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitiveelement whose content exceeds 2 gigabytes i...