RockyLinux 8 : freeradius:3.0 (RLSA-2023:2870)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2870 advisory. freeradius: Information leakage in EAP-PWD CVE-2022-41859 freeradius: Crash on unknown option in EAP-SIM CVE-2022-41860 freeradius: Crash on invalid...

SUSE SLED15: libblkid-devel / libblkid-devel-static / libblkid1 / etc (SUSE-SU-2026:2485-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2485-1 advisory. This update for util-linux fixes the following issue - CVE-2026-27456: TOCTOU in the mount program when setting up loop...

Photon OS 5.0: Nodejs PHSA-2026-5.0-0895

An update of the nodejs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0895. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

RockyLinux 8 : python27:2.7 (RLSA-2023:2860)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:2860 advisory. Python: CPU denial of service via inefficient IDNA decoder CVE-2022-45061 Tenable has extracted the preceding description block directly from the RockyLinux...

RHEL 7 : compat-poppler022 (RHSA-2026:29952)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:29952 advisory. Compatibility package with poppler 0.22 libraries. Security Fixes: poppler: Integer overflow in Poppler SplashOutputDev::tilingPatternFill leads to...

RHEL 7 : poppler (RHSA-2026:30044)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:30044 advisory. Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: Integer overflow in Poppl...

SUSE SLES12: libblkid-devel / libblkid1 / libblkid1-32bit / libfdisk1 / etc (SUSE-SU-2026:2492-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:2492-1 advisory. This update for util-linux fixes the following issue - CVE-2026-27456: TOCTOU in the mount program when setting up loop devices bsc1261606. Tenable has...

Debian dla-4650 : giflib-tools - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4650 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4650-1 [email protected]...

SUSE SLED15 / SLES15 Security Update : apache-commons-configuration2, apache-commons-text (SUSE-SU-2026:2642-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2642-1 advisory. This update for apache-commons-configuration2, apache-commons-text fixes the following issues - CVE-2026-45205:...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : containerd vulnerabilities (USN-8471-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8471-1 advisory. It was discovered that containerd incorrectly handled HTTP/2 SETTINGS frames. A remote attack...

Oracle Linux 9 : frr (ELSA-2026-24371)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-24371 advisory. 8.5.3-13 - Resolves: RHEL-174677 - denial of service via crafted FlowSpec component Tenable has extracted the preceding description block directly from the...

SUSE SLES15 Security Update : openssl-1_1-livepatches (SUSE-SU-2026:2621-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:2621-1 advisory. This update for openssl-11-livepatches fixes the following issues - CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify bsc1266357. Tenable has...

Oracle Linux 8 : openssl (ELSA-2026-50323)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50323 advisory. - Fix CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify Resolves: RHEL-180978 - Fix CVE-2024-4741: Use After Free with SSLfreebuffers Resolve...

Oracle Linux 9 : openssl (ELSA-2026-25239)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-25239 advisory. - Fix CVE-2026-7383, CVE-2026-9076, CVE-2026-34180, CVE-2026-34181, CVE-2026-34183, CVE-2026-42764, CVE-2026-42766, CVE-2026-42767, CVE-2026-42768,...

SUSE SLES15 Security Update : nodejs24 (SUSE-SU-2026:2633-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2633-1 advisory. This update for nodejs24 fixes the following issues Update to 24.17.0: - CVE-2026-2581: undici: Undici: Denial of Service due to...

Oracle Linux 9 : frr10 (ELSA-2026-24370)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-24370 advisory. 10.4.3-3 - Resolves: RHEL-174696 - denial of service via crafted BGP UPDATE message 10.4.3-2 - Resolves: RHEL-174678 - denial of service via crafted...

SUSE SLES15: libopenssl-1_1-devel / libopenssl-1_1-devel-32bit / libopenssl1_1 / etc (SUSE-SU-2026:2614-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2614-1 advisory. - CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify bsc1266357. - CVE-2026-42766: Possible NULL Dereference in...

Debian dla-4648 : libtext-csv-xs-perl - security update

The remote Debian 11 / 12 host has a package installed that is affected by a vulnerability as referenced in the dla-4648 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4648-1 [email protected]...

Oracle Linux 9 : glib2 (ELSA-2026-19361)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19361 advisory. 2.68.4-19.1 - Add patch for CVE-2025-14087 and CVE-2025-14512 Tenable has extracted the preceding description block directly from the Oracle Linux...

RockyLinux 9 : python-wheel (RLSA-2023:6712)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:6712 advisory. python-wheel: remote attackers can cause denial of service via attacker controlled input to wheel cli CVE-2022-40898 Tenable has extracted the preceding descripti...

Oracle Linux 8 : postgresql:13 (ELSA-2026-28208)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-28208 advisory. - Backport fix for CVE-2026-6478 from PostgreSQL 14.23 - Backport fixes for CVE-2026-6637, CVE-2026-6477, CVE-2026-6475, CVE-2026-6473 - fix CVE-2026-2004...

Oracle Linux 9 : gnutls (ELSA-2026-20612)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-20612 advisory. - Fix CVE-2026-33846 DTLS fragment reassembly, High, heap overwrite - Fix CVE-2026-42009 DTLS fragment reassembly, High, undefined behaviour - Fix...

SUSE SLED15 / SLES15 Security Update : python-PyJWT (SUSE-SU-2026:2627-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2627-1 advisory. This update for python-PyJWT fixes the following issues - CVE-2026-48522: PyJWKClient passes URI arguments...

Fedora 44 : perl-Socket (2026-91d6cb99f7)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-91d6cb99f7 advisory. 2.041- BUGFIXES - Fix reuse of STRLEN len variable in packipmreqsource Tenable has extracted the preceding description block directly from the Fedora securit...

Oracle Linux 9 : postgresql:15 (ELSA-2026-28037)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-28037 advisory. pgaudit 1.7.0-1 - Initial import for postgresql 15 module - Update to 1.7.0 - Support postgresql 15 - Related: 2128410 pgrepack 1.4.8-2 - Add new buil...

SUSE SLES15 Security Update : graphite2 (SUSE-SU-2026:2477-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2477-1 advisory. This update for graphite2 fixes the following issue: - CVE-2026-50593: Out-of-bounds write via Graphite actions bsc1267733. Tenable has...

libcurl 7.69.0 < 8.21.0 SSH Improper Host Validation

The version of libcurl installed on the remote host is 7.69.0 prior to 8.21.0. It is, therefore, affected by an improper host validation vulnerability: - When a libcurl-based application performs transfers via SCP or SFTP and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an...

SUSE SLED15 / SLES15 Security Update : libarchive (SUSE-SU-2026:2490-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2490-1 advisory. This update for libarchive fixes the following issues - CVE-2025-60753: bsdtar hangs and OOMs with zero-length...

SUSE SLES12: MozillaFirefox / MozillaFirefox-devel / etc (SUSE-SU-2026:2583-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2583-1 advisory. Update to Firefox 140.12.0 ESR MFSA 2026-58, bsc1268071: - CVE-2026-12289: Privilege escalation in the Graphics: WebRender component. -...

RHEL 9 : perl-IO-Compress (RHSA-2026:30085)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:30085 advisory. This distribution provides a Perl interface to allow reading and writing of compressed data created with the zlib and bzip2 libraries. IO-Compress...

Curl 8.18.0 < 8.21.0 QUIC Zero-Length UDP Datagrams DoS

The version of curl installed on the remote host is 8.18.0 prior to 8.21.0. It is, therefore, affected by a denial of service vulnerability: - An issue in curl's QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service by continuously streaming empty...

Oracle Linux 9 : libxslt (ELSA-2026-28243)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-28243 advisory. - Fix CVE-2025-10911 RHEL-171991 - Fix upgrade path for CVE-2023-40403 RHEL-82213 - Fix CVE-2023-40403 RHEL-82213 - Fix CVE-2024-55549 RHEL-83514 Tenable has...

Oracle Linux 8 : postgresql:12 (ELSA-2026-28999)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-28999 advisory. - Add backport of CVE-2025-8714 Orabug: 38667546 - Fix CVE-2026-2004 CVE-2026-2005 CVE-2026-2006 - Backport CVE-2025-8715 - Fix backport for...

SUSE SLES16 Security Update : xwayland (SUSE-SU-2026:22180-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:22180-1 advisory. - CreateSaverWindow Use-After-Free Information Disclosure. bsc1266301 - Font Alias Stack-based Buffer Overflow. bsc1266294 - GLX...

Photon OS 5.0: Mariadb PHSA-2026-5.0-0895

An update of the mariadb package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0895. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Oracle Linux 9 : krb5 (ELSA-2026-19357)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19357 advisory. 1.21.1-10.0.1 - Fixed race condition in krb5setpassword Orabug: 33609767 1.21.1-10 - Fix NegoEx parsing vulnerabilities CVE-2026-40355, CVE-2026-40356...

SUSE SLES12 Security Update : graphite2 (SUSE-SU-2026:2474-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:2474-1 advisory. This update for graphite2 fixes the following issue - CVE-2026-50593: Out-of-bounds write via Graphite actions bsc1267733. Tenable has extracted the...

Oracle Linux 9 : opencryptoki (ELSA-2026-28256)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-28256 advisory. - Resolves: RHEL-171562, Fix CVE-2026-40253, possible out-of-bounds access in BER decode functions Tenable has extracted the preceding description block direct...

SUSE SLES16: WebKitGTK-4.1-lang / WebKitGTK-6.0-lang / etc (SUSE-SU-2026:22212-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22212-1 advisory. This update for webkit2gtk3 fixes the following issues Update to version 2.52.4: - CVE-2026-28847: processing maliciously crafted...

Oracle Linux 9 : runc (ELSA-2026-29702)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-29702 advisory. - Rebuild for CVE-2026-25679 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus...

SUSE SLES16 Security Update : libcaca (SUSE-SU-2026:22175-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:22175-1 advisory. This update for libcaca fixes the following issue - CVE-2026-42046: an integer overflow vulnerability in libcaca's canvas import...

Oracle Linux 9 : valkey (ELSA-2026-25925)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-25925 advisory. 8.0.9-1 - Rebase to 8.0.9 for CVE-2026-23479 CVE-2026-25243 CVE-2026-23631 Tenable has extracted the preceding description block directly from the...

Apache Camel 4.14.x < 4.14.6 / 4.15.x < 4.18.1 RCE (CVE-2026-33453)

The version of Apache Camel on the remote host is 4.14.x prior to 4.14.6 or 4.15.x through 4.18.x prior to 4.18.1. It is, therefore, affected by a remote code execution vulnerability: - The camel-coap component maps incoming CoAP request URI query parameters directly into Camel Exchange In messag...

RHEL 10 : nginx (RHSA-2026:29874)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:29874 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : xrdp vulnerabilities (USN-8476-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8476-1 advisory. It was discovered that xrdp incorrectly handled bounds checking when processing user domain information durin...

Oracle Linux 9 : libpng (ELSA-2026-28255)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-28255 advisory. - fix CVE-2026-33416: use-after-free via pointer aliasing in pngsettRNS and pngsetPLTE RHEL-161448 Tenable has extracted the preceding description blo...

Oracle Linux 9 : bind (ELSA-2026-24367)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-24367 advisory. - Fix GSS-API resource leak CVE-2026-3039 - Invalid handling of CLASS != IN CVE-2026-5946 Tenable has extracted the preceding description block direct...

Photon OS 4.0: Mariadb PHSA-2026-4.0-1041

An update of the mariadb package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1041. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

AlmaLinux 9 : python3.14-urllib3 (ALSA-2026:28157)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:28157 advisory. urllib3: urllib3: Denial of Service due to excessive HTTP response decompression CVE-2026-44432 urllib3: urllib3: Information disclosure via cross-origin...

Photon OS 5.0: Linux PHSA-2026-5.0-0895

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0895. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...