TencentOS Server 4: storm (TSSA-2026:0414)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0414 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Amazon Linux 2023 : xorg-x11-server-common, xorg-x11-server-devel, xorg-x11-server-source (ALAS2023-2026-1790)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1790 advisory. A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer...

RHEL 10 : .NET 9.0 (RHSA-2026:24333)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:24333 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation...

RHEL 9 : firefox (RHSA-2026:24508)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:24508 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

RHEL 9 : bind (RHSA-2026:24367)

"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:24367 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named...

Amazon Linux 2023 : nvidia-libXNVCtrl, nvidia-libXNVCtrl-devel, nvidia-settings (ALAS2023NVIDIA-2026-286)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2026-286 advisory. NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successfu...

TencentOS Server 4: tigervnc (TSSA-2026:0412)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0412 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Amazon Linux 2023 : device-mapper-persistent-data (ALAS2023-2026-1791)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1791 advisory. An unsoundness issue RUSTSEC-2026-0097 was found in the bundled Rust rand crate used by device-mapper- persistent-data. ThreadRng methods use unsafe code that can create aliased mutable references when...

Amazon Linux 2023 : perl-HTTP-Daemon, perl-HTTP-Daemon-tests (ALAS2023-2026-1794)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1794 advisory. HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd...

Amazon Linux 2023 : jq, jq-devel (ALAS2023-2026-1815)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1815 advisory. jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad functions, where concatenating string...

TencentOS Server 4: opencryptoki (TSSA-2026:0401)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0401 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Amazon Linux 2023 : gstreamer1-plugins-good, gstreamer1-plugins-good-gtk (ALAS2023-2026-1787)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1787 advisory. An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxparsetrak function does not sufficiently validate atom data befor...

MiracleLinux 8 : firefox-140.10.2-1.el8_10.ML.1 (AXSA:2026-760:12)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-760:12 advisory. firefox: Other issue in the WebRTC component CVE-2026-8094 firefox: Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR 140.10.2 and Firefo...

TencentOS Server 4: nginx (TSSA-2026:0398)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0398 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Amazon Linux 2 : gstreamer1-plugins-good, --advisory ALAS2-2026-3328 (ALAS-2026-3328)

The version of gstreamer1-plugins-good installed on the remote host is prior to 1.18.4-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3328 advisory. An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the...

TencentOS Server 4: perl-Archive-Tar (TSSA-2026:0424)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0424 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Amazon Linux 2 : libvncserver, --advisory ALAS2-2026-3331 (ALAS-2026-3331)

The version of libvncserver installed on the remote host is prior to 0.9.9-14. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3331 advisory. LibVNCClient is a library for easy implementation of a VNC client. In 0.9.15 and earlier, LibVNCClient's Tight encoding decod...

Debian dsa-6326 : libnginx-mod-http-geoip - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6326 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6326-1 [email protected]...

RHEL 9 : .NET 9.0 (RHSA-2026:24336)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:24336 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation...

RHEL 9 : frr (RHSA-2026:24371)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:24371 advisory. FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP an...

RHEL 9 : rhc (RHSA-2026:24337)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:24337 advisory. rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management. Security...

Linux Distros Unpatched Vulnerability : CVE-2026-46285

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mtd: docg3: fix use-after-free in docg3release In docg3release, the docg3 pointer is obtained from cascade-floors0-priv before the loop that calls...

Linux Distros Unpatched Vulnerability : CVE-2026-46280

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lib: testhmm: evict device pages on file close to avoid use-after-free Patch series Minor hmmtest fixes and cleanups. Two bugfixes a cleanup for the HMM kernel...

TencentOS Server 4: xorg-x11-server-Xwayland (TSSA-2026:0402)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0402 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 4: vorbis-tools (TSSA-2026:0408)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0408 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 4: redis (TSSA-2026:0403)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0403 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2026-1773)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1773 advisory. NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-...

Linux Distros Unpatched Vulnerability : CVE-2020-37248

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OfflineIMAP before 8.0.3 trusts the server with their STARTTLS capability prior to authentication, which allows STRIPTLS/man-in-the-middle attacks, taking over...

Amazon Linux 2023 : heif-pixbuf-loader, libheif, libheif-devel (ALAS2023-2026-1814)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1814 advisory. libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap- buffer-overflow write vulnerability in the grid tile compositing, allowing an attacker to...

TencentOS Server 2: kernel (TSSA-2026:0418)

"The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0418 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilitie...

Linux Distros Unpatched Vulnerability : CVE-2025-71315

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/vkms: Convert to DRM's vblank timer Replace vkms' vblank timer with the DRM implementation. The DRM code is identical in concept, but differs in...

RHEL 10 : podman (RHSA-2026:24386)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:24386 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods...

Amazon Linux 2 : qt5-qt3d, --advisory ALAS2-2026-3335 (ALAS-2026-3335)

The version of qt5-qt3d installed on the remote host is prior to 5.15.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3335 advisory. Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX Importer. The vulnerability occurs in...

AlmaLinux 8 : frr (ALSA-2026:24340)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:24340 advisory. frr: denial of service via crafted FlowSpec component CVE-2026-37457 Tenable has extracted the preceding description block directly from the AlmaLinux security...

Amazon Linux 2023 : rsync, rsync-daemon (ALAS2023-2026-1801)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1801 advisory. Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger...

Amazon Linux 2 : 389-ds-base, --advisory ALAS2-2026-3339 (ALAS-2026-3339)

The version of 389-ds-base installed on the remote host is prior to 1.3.10.2-17. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3339 advisory. A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound ...

Amazon Linux 2023 : libssh2, libssh2-devel (ALAS2023-2026-1779)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1779 advisory. A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauthpassword of the file src/userauth.c. Such manipulation of the argument...

RHEL 9 : bind9.18 (RHSA-2026:24368)

"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:24368 advisory. BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which...

Oracle Linux 7 : ImageMagick (ELSA-2026-17618)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-17618 advisory. - Fix CVE-2026-32636 Orabug: 39375225 - Fix CVE-2026-28691 and CVE-2026-28693 Orabug: 39174244 - Fixes Local File Disclosure via Path Traversal CVE-2026-25965...

Oracle Linux 8 : frr (ELSA-2026-24340)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-24340 advisory. - Fix off-by-one error in FlowSpec operator array bounds checking CVE-2026-37457 Tenable has extracted the preceding description block directly from the Oracle...

Amazon Linux 2023 : cuda-compat-13-2 (ALAS2023NVIDIA-2026-296)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2026-296 advisory. NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successfu...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2026-121 (ALASKERNEL-5.10-2026-121)

The version of kernel installed on the remote host is prior to 5.10.257-254.1015. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2026-121 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix a race...

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2026-1817)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1817 advisory. In the Linux kernel, the following vulnerability has been resolved: i40e: remove read access to debugfs files CVE-2025-39901 In the Linux kernel, the following vulnerability has been resolved:...

RHEL 9 : bind (RHSA-2026:24500)

"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:24500 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named %NASLMINLEVEL...

TencentOS Server 4: grafana (TSSA-2026:0295)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0295 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Amazon Linux 2023 : libssh, libssh-config, libssh-devel (ALAS2023-2026-1759)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1759 advisory. A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftpextensionsgetname/sftpextensionsgetdata of the file src/sftp.c of the component SFTP Extension Name...

TencentOS Server 4: freerdp (TSSA-2026:0435)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0435 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Debian dsa-6325 : chromium - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6325 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6325-1 [email protected]...

Amazon Linux 2023 : postgresql17, postgresql17-contrib, postgresql17-llvmjit (ALAS2023-2026-1766)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1766 advisory. Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to...

Linux Distros Unpatched Vulnerability : CVE-2026-47895

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - R. Elliott Childre reports: The clone method of the identificationt class doesn't correctly handle identities that have an empty but non-NULL encoding. Both...