SUSE SLES16 Security Update : kernel (SUSE-SU-2026:21845-1)

The remote SUSE Linux SLES16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21845-1 advisory. The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-2058:...

Linux Distros Unpatched Vulnerability : CVE-2026-46309

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/xe/uapi: Reject cohnone PAT index for CPU cached memory in madvise Add validation in xevmmadviseioctl to reject PAT indices with XECOHNONE coherency mode wh...

Amazon Linux 2023 : libnvsdm, libnvsdm-devel (ALAS2023NVIDIA-2026-290)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2026-290 advisory. NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successfu...

Amazon Linux 2023 : tomcat10, tomcat10-admin-webapps, tomcat10-el-5.0-api (ALAS2023-2026-1776)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1776 advisory. Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from...

TencentOS Server 4: giflib (TSSA-2026:0421)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0421 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 4: postgresql (TSSA-2026:0343)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0343 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Debian dsa-6329 : libtomcat11-embed-java - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6329 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6329-1 [email protected] https://www.debian.org/securit...

Amazon Linux 2023 : nvidia-xconfig (ALAS2023NVIDIA-2026-282)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2026-282 advisory. NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successfu...

SUSE SLES15 Security Update : csync2 (SUSE-SU-2026:2116-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:2116-1 advisory. This update for csync2 fixes the following issue - CVE-2026-41051: uses insecure temporary directories when compiled with C99 or later bsc1262472...

RHEL 9 : .NET 8.0 (RHSA-2026:24334)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:24334 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

Amazon Linux 2023 : mariadb1011, mariadb1011-backup, mariadb1011-client-utils (ALAS2023-2026-1811)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1811 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable...

TencentOS Server 4: python-ply (TSSA-2026:0434)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0434 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Apache 2.4.x < 2.4.68 Multiple Vulnerabilities

The version of Apache httpd installed on the remote host is prior to 2.4.68. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.68 advisory. - CVE-2026-49975, also known as HTTP/2 Bomb, is a remote denial-of-service exploit against most major web servers, including:...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : YARD vulnerability (USN-8394-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8394-1 advisory. It was discovered that YARD incorrectly sanitized paths in its built-in documentation server. An...

RHEL 8 : libssh (RHSA-2026:24349)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:24349 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Incorrect...

Amazon Linux 2023 : nvidia-fabric-manager-devel, nvidia-fabricmanager (ALAS2023NVIDIA-2026-289)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2026-289 advisory. NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successfu...

TencentOS Server 4: nodejs20 (TSSA-2026:0304)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0304 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Amazon Linux 2 : unbound, --advisory ALAS2-2026-3322 (ALAS-2026-3322)

The version of unbound installed on the remote host is prior to 1.7.3-15. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3322 advisory. NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables...

Amazon Linux 2023 : aspnetcore-runtime-8.0, aspnetcore-runtime-dbg-8.0, aspnetcore-targeting-pack-8.0 (ALAS2023-2026-1804)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1804 advisory. Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. CVE-2026-32177 Loop with unreachable exit condition 'infinite loop' in ASP.NET Core allows an...

Linux Distros Unpatched Vulnerability : CVE-2026-46279

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/alloctag: clear codetag for pages allocated before pageext initialization Due to initialization ordering, pageext is allocated and initialized relatively lat...

Amazon Linux 2 : perl-libwww-perl, --advisory ALAS2-2026-3325 (ALAS-2026-3325)

The version of perl-libwww-perl installed on the remote host is prior to 6.05-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3325 advisory. LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross- origin redirects...

Linux Distros Unpatched Vulnerability : CVE-2026-46312

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: videobuf2: Set vmaflags in vb2dmasgmmap vb2dmacontig sets VMA flags VMDONTEXPAND and VMDONTDUMP and I do not see a reason why vb2dmasg should behave...

Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1816)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1816 advisory. In the Linux kernel, the following vulnerability has been resolved: bonding: fix use-after-free due to enslave fail after slave array update CVE-2026-23171 In the Linux kernel, the following...

Amazon Linux 2023 : perl-Template-Toolkit (ALAS2023-2026-1797)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1797 advisory. emplate::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The htmlfilter function did not escape single quotes. HTML attributes inside of single quotes could be...

Amazon Linux 2023 : aspnetcore-runtime-10.0, aspnetcore-runtime-dbg-10.0, aspnetcore-targeting-pack-10.0 (ALAS2023-2026-1803)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1803 advisory. Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. CVE-2026-32177 Loop with unreachable exit condition 'infinite loop' in ASP.NET Core allows an...

TencentOS Server 4: tomcat (TSSA-2026:0247)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0247 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Amazon Linux 2023 : libsolv, libsolv-demo, libsolv-devel (ALAS2023-2026-1798)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1798 advisory. A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffe...

Amazon Linux 2023 : perl-XML-LibXML, perl-XML-LibXML-tests (ALAS2023-2026-1795)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1795 advisory. XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8...

TencentOS Server 4: httpd (TSSA-2026:0309)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0309 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 3: kernel (TSSA-2026:0419)

"The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0419 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilitie...

Amazon Linux 2 : libpq, --advisory ALAS2POSTGRESQL14-2026-023 (ALASPOSTGRESQL14-2026-023)

The version of libpq installed on the remote host is prior to 14.23-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL14-2026-023 advisory. Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64,...

Amazon Linux 2023 : perl, perl-Attribute-Handlers, perl-AutoLoader (ALAS2023-2026-1819)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1819 advisory. Buffer overflow in Perlstudychunk CVE-2026-8376 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus has not tested for this issue...

Debian dsa-6331 : keystone - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6331 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6331-1 [email protected]...

Amazon Linux 2023 : nvidia-persistenced (ALAS2023NVIDIA-2026-283)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2026-283 advisory. NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successfu...

Linux Distros Unpatched Vulnerability : CVE-2026-46276

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdgpu: fix zero-size GDS range init on RDNA4 RDNA4 GFX 12 hardware removes the GDS, GWS, and OA on- chip memory resources. The gfxv120 initialisation code...

Amazon Linux 2023 : kmod-nvidia-open-dkms (ALAS2023NVIDIA-2026-293)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2026-293 advisory. NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successfu...

Fedora 44 : chromium (2026-15e444c3bb)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-15e444c3bb advisory. Update to 149.0.7827.53 fix 429 CVEs CVE-2026-10881 through CVE-2026-11309 Tenable has extracted the preceding description block directly from the...

Amazon Linux 2 : perl, --advisory ALAS2-2026-3352 (ALAS-2026-3352)

The version of perl installed on the remote host is prior to 5.16.3-299. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3352 advisory. Buffer overflow in Perlstudychunk CVE-2026-8376 Tenable has extracted the preceding description block directly from the tested...

Linux Distros Unpatched Vulnerability : CVE-2026-46286

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - leds: qcom-lpg: Check for array overflow when selecting the high resolution When selecting the high resolution values from the array, FIELDGET is used to pull...

Amazon Linux 2 : capstone, --advisory ALAS2-2026-3351 (ALAS-2026-3351)

The version of capstone installed on the remote host is prior to 3.0.5-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3351 advisory. Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, an unchecked vsnprintf return in SStreamconcat lets a...

Amazon Linux 2 : bind, --advisory ALAS2-2026-3321 (ALAS-2026-3321)

The version of bind installed on the remote host is prior to 9.11.4-26.P2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3321 advisory. Fix GSS-API resource leak CVE-2026-3039 An unauthenticated remote attacker can crash any affected named instance with a...

Linux Distros Unpatched Vulnerability : CVE-2026-46274

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - io-wq: check that the predecessor is hashed in iowqremovepending iowqremovepending needs to fix up wq-hashtail if the cancelled work was the tail of its hash...

Amazon Linux 2023 : xorg-x11-server-Xwayland, xorg-x11-server-Xwayland-devel (ALAS2023-2026-1789)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1789 advisory. A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer...

TencentOS Server 4: wireshark (TSSA-2026:0340)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0340 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Amazon Linux 2023 : postgresql15, postgresql15-contrib, postgresql15-llvmjit (ALAS2023-2026-1768)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1768 advisory. Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to...

TencentOS Server 4: php (TSSA-2026:0342)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0342 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

RHEL 9 : frr10 (RHSA-2026:24370)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:24370 advisory. FRRouting is free software that manages TCP/IP based routing protocols. It takes a multi-server and multi- threaded approach to resolve the...

RHEL 8 : firefox (RHSA-2026:24516)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:24516 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

RHEL 8 : firefox (RHSA-2026:24345)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:24345 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

Amazon Linux 2023 : memcached, memcached-devel, memcached-selinux (ALAS2023-2026-1781)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1781 advisory. In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by...