Amazon Linux 2 : ImageMagick, --advisory ALAS2-2026-3373 (ALAS-2026-3373)

The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3373 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions...

Amazon Linux 2 : cni-plugins, --advisory ALAS2-2026-3386 (ALAS-2026-3386)

The version of cni-plugins installed on the remote host is prior to 1.7.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3386 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Tenable has...

RHEL 8 : kernel (RHSA-2026:27811)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27811 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: selinux: fix overlayfs mmap and mprote...

RHEL 8 : webkit2gtk3 (RHSA-2026:27804)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27804 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously...

Amazon Linux 2 : containerd, --advisory ALAS2DOCKER-2026-130 (ALASDOCKER-2026-130)

The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-130 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsi...

Amazon Linux 2 : runfinch-finch, --advisory ALAS2DOCKER-2026-132 (ALASDOCKER-2026-132)

The version of runfinch-finch installed on the remote host is prior to 1.17.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-132 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680...

Amazon Linux 2 : containerd, --advisory ALAS2NITRO-ENCLAVES-2026-111 (ALASNITRO-ENCLAVES-2026-111)

The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-111 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-256...

Amazon Linux 2 : soci-snapshotter, --advisory ALAS2DOCKER-2026-131 (ALASDOCKER-2026-131)

The version of soci-snapshotter installed on the remote host is prior to 0.14.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-131 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-2568...

Amazon Linux 2023 : runfinch-finch (ALAS2023-2026-1886)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1886 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an...

Amazon Linux 2023 : ImageMagick, ImageMagick-c++, ImageMagick-c++-devel (ALAS2023-2026-1826)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1826 advisory. When writing an IPTC output file a malicious input file could cause an out of bounds read of a single byte. as per:...

Oracle Linux 8 : firefox (ELSA-2026-27717)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-27717 advisory. 140.12.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079789 - diable wasisdk to prevent build failure with newer llvm 140.12.0 -...

RHEL 10 : openssl-fips-provider (RHSA-2026:27746)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27746 advisory. This package provides a custom build of the OpenSSL FIPS module that has been submitted to NIST for certification. Security Fixes: openssl: openssl...

RHEL 10 : openssl-fips-provider (RHSA-2026:27745)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27745 advisory. This package provides a custom build of the OpenSSL FIPS module that has been submitted to NIST for certification. Security Fixes: openssl: openssl...

RHEL 10 : firefox (RHSA-2026:27733)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:27733 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

RHEL 9 : openssl-fips-provider (RHSA-2026:27744)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27744 advisory. This package provides a custom build of the OpenSSL FIPS module that has been submitted to NIST for certification. Security Fixes: openssl: openssl:...

RHEL 9 : firefox (RHSA-2026:27734)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27734 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

RHEL 8 : firefox (RHSA-2026:27717)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:27717 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

Amazon Linux 2023 : compat-poppler22, compat-poppler22-cpp (ALAS2023-2026-1851)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1851 advisory. A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the...

RHEL 9 : poppler (RHSA-2026:27722)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27722 advisory. Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: Integer overflow in Poppl...

Amazon Linux 2 : lcms2, --advisory ALAS2-2026-3359 (ALAS-2026-3359)

The version of lcms2 installed on the remote host is prior to 2.6-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3359 advisory. Little CMS lcms2 through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the...

Fedora 43 : prometheus (2026-dfc0e362e6)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-dfc0e362e6 advisory. Update to 3.12.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

Amazon Linux 2023 : cargo-c (ALAS2023-2026-1872)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1872 advisory. gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled...

Cisco Umbrella Virtual Appliance < 3.8.5 Privilege Escalation (cisco-sa-umbrella-priv-esc-F4wJB7AU)

According to its self-reported version, Cisco Umbrella Insights Virtual Appliance is affected by a vulnerability. - A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability i...

RHEL 8 : poppler (RHSA-2026:27725)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27725 advisory. Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: Integer overflow in Poppl...

Amazon Linux 2 : python-pip, --advisory ALAS2-2026-3358 (ALAS-2026-3358)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3358 advisory. A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially...

RHEL 7 / 8 : Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP4 (RHSA-2026:27200)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27200 advisory. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTT...

Fedora 44 : python-scrapy (2026-bdf3581452)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-bdf3581452 advisory. updated to latest version for F43 and F44 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2026-105 (ALASKERNEL-5.15-2026-105)

The version of kernel installed on the remote host is prior to 5.15.206-144.236. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.15-2026-105 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego...

Amazon Linux 2 : libusbx, --advisory ALAS2-2026-3360 (ALAS-2026-3360)

The version of libusbx installed on the remote host is prior to 1.0.21-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3360 advisory. libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by...

RHEL 10 : poppler (RHSA-2026:27720)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27720 advisory. Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: Integer overflow in...

Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2026-1862)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1862 advisory. Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip...

Amazon Linux 2 : perl-DBI, --advisory ALAS2-2026-3361 (ALAS-2026-3361)

The version of perl-DBI installed on the remote host is prior to 1.627-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3361 advisory. DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The...

Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1894)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1894 advisory. In the Linux kernel, the following vulnerability has been resolved: xfrm: hold dev ref until after transportfinish NFHOOK CVE-2026-31663 In the Linux kernel, the following vulnerability has be...

Amazon Linux 2 : httpd, --advisory ALAS2-2026-3379 (ALAS-2026-3379)

The version of httpd installed on the remote host is prior to 2.4.68-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3379 advisory. Use After Free vulnerability in Apache HTTP Server with modldap in per-directory configuration This issue affects Apache HT...

Amazon Linux 2 : libnfs, --advisory ALAS2-2026-3367 (ALAS-2026-3367)

The version of libnfs installed on the remote host is prior to 1.11.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3367 advisory. libnfs through 6.0.2 before 55c18ea does not validate a string size, leading to an integer overflow during a connection to a crafte...

Amazon Linux 2023 : compat-golang-github-cpuguy83-md2man-2-devel, golang-github-cpuguy83-md2man, golang-github-cpuguy83-md2man-devel (ALAS2023-2026-1875)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1875 advisory. x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, . to execute repeatedly on the same...

Amazon Linux 2023 : perl-HTML-Parser, perl-HTML-Parser-tests (ALAS2023-2026-1836)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1836 advisory. HTML::Entities versions before 3.84 for Perl read freed heap memory in decodeentities. The XS routine backing HTML::Entities::decodeentities cached a pointer repl into the entity-value SV returned by...

Amazon Linux 2023 : clamav1.5, clamav1.5-data, clamav1.5-devel (ALAS2023-2026-1870)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1870 advisory. rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it as the in/out...

SUSE SLES15 Security Update : strongswan (SUSE-SU-2026:2459-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2459-1 advisory. This update for strongswan fixes the following issues - CVE-2026-35328: infinite loop when handling supported versions TLS extensio...

Fedora 44 : erlang (2026-ef630b13b0)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-ef630b13b0 advisory. Fix for CVE-2026-48855 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

Amazon Linux 2023 : python3-rrdtool, rrdtool, rrdtool-devel (ALAS2023-2026-1823)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1823 advisory. A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This...

Amazon Linux 2023 : giflib, giflib-devel, giflib-utils (ALAS2023-2026-1883)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1883 advisory. Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validati...

Amazon Linux 2 : perl-GD, --advisory ALAS2-2026-3387 (ALAS-2026-3387)

The version of perl-GD installed on the remote host is prior to 2.49-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3387 advisory. command injection via 2-arg open in makefilehandle CVE-2026-11526 Tenable has extracted the preceding description block directly fro...

Amazon Linux 2023 : python3.13-pip, python3.13-pip-wheel (ALAS2023-2026-1841)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1841 advisory. A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially...

Debian dsa-6361 : ffmpeg - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6361 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6361-1 [email protected] https://www.debian.org/securit...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2026-106 (ALASKERNEL-5.15-2026-106)

The version of kernel installed on the remote host is prior to 5.15.208-145.238. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.15-2026-106 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Prevent improper isolation of...

Fedora 43 : vips (2026-3b2ddea116)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3b2ddea116 advisory. - update to v8.18.3 - enable uhdr - fix several security issues Tenable has extracted the preceding description block directly from the Fedora...

Amazon Linux 2023 : perl-DBI, perl-DBI-tests (ALAS2023-2026-1850)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1850 advisory. DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of t...

Amazon Linux 2023 : perl-CryptX, perl-CryptX-tests (ALAS2023-2026-1834)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1834 advisory. CryptX versions before 0.088001 for Perl have a stack buffer overflow in four AEAD decryptverify helpers. The gcmdecryptverify, ccmdecryptverify, chacha20poly1305decryptverify and eaxdecryptverify XS...

Oracle WebCenter Sites (June 2026 CSPU)

The 12.2.1.4.0 and 14.1.2.0.0 versions of WebCenter Sites installed on the remote host are affected by multiple vulnerabilities as referenced in the June 2026 CSPU advisory. - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: WebCenter Sites. Supported...