Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : YARD vulnerability (USN-8394-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8394-1 advisory. It was discovered that YARD incorrectly sanitized paths in its built-in documentation server. An...

RHEL 9 : .NET 8.0 (RHSA-2026:24335)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:24335 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

Amazon Linux 2 : containerd, --advisory ALAS2NITRO-ENCLAVES-2026-109 (ALASNITRO-ENCLAVES-2026-109)

The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-109 advisory. An authenticated SSH client that repeatedly opened channels which were rejected by the server caused...

Amazon Linux 2023 : aspnetcore-runtime-8.0, aspnetcore-runtime-dbg-8.0, aspnetcore-targeting-pack-8.0 (ALAS2023-2026-1804)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1804 advisory. Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. CVE-2026-32177 Loop with unreachable exit condition 'infinite loop' in ASP.NET Core allows an...

Amazon Linux 2023 : rclone (ALAS2023-2026-1810)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1810 advisory. Parsing a malicious font file can cause excessive memory allocation. CVE-2026-33812 An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbound...

Amazon Linux 2023 : libnvsdm, libnvsdm-devel (ALAS2023NVIDIA-2026-290)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2026-290 advisory. NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successfu...

Amazon Linux 2023 : gnutls, gnutls-c++, gnutls-dane (ALAS2023-2026-1808)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1808 advisory. Permitted name constraints were wrongfully ignored when prior CAs only had excluded name constraints, resulting in a name constraint bypass. The issue was reported in the issue tracker as 1824...

RHEL 8 : libssh (RHSA-2026:24349)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:24349 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Incorrect...

TencentOS Server 4: libvncserver (TSSA-2026:0246)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0246 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 4: giflib (TSSA-2026:0421)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0421 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Amazon Linux 2023 : kmod-nvidia-latest-dkms (ALAS2023NVIDIA-2026-294)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2026-294 advisory. NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successfu...

Amazon Linux 2023 : libnvidia-nscq (ALAS2023NVIDIA-2026-291)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2026-291 advisory. NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successfu...

TencentOS Server 4: postgresql (TSSA-2026:0343)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0343 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Amazon Linux 2023 : nvidia-xconfig (ALAS2023NVIDIA-2026-282)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2026-282 advisory. NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successfu...

Linux Distros Unpatched Vulnerability : CVE-2026-44171

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8...

Fedora 44 : perl-CryptX (2026-2158c96917)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-2158c96917 advisory. Fixes CVE-2026-41565 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for th...

Linux Distros Unpatched Vulnerability : CVE-2025-15646

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - libhtml-gumbo-perl - None Ubuntu Linux - Unknown description CVE-2025-15646 Note that Nessus relies on the presence of the package as reported by...

FreeBSD : Gitlab -- vulnerabilities (9b94eb13-6159-11f1-be36-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 9b94eb13-6159-11f1-be36-2cf05da270f3 advisory. Gitlab reports: Improper Access Control issue in Duo AI workflow runners impacts GitLab EE...

Linux Distros Unpatched Vulnerability : CVE-2026-44168

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8...

Linux Distros Unpatched Vulnerability : CVE-2026-48163

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8...

Linux Distros Unpatched Vulnerability : CVE-2026-44172

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it...

Fedora 43 : keylime (2026-513c495139)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-513c495139 advisory. Updating for Keylime release v7.14.2: - This includes the fix for CVE-2026-6420. - Update keylime-selinux policy to the latest version 44.1.0 Tenable has...

Linux Distros Unpatched Vulnerability : CVE-2026-49261

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through...

Linux Distros Unpatched Vulnerability : CVE-2026-44173

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8...

Debian dla-4620 : apache2 - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4620 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4620-1 [email protected] https://www.debian.org/lts/security/...

Linux Distros Unpatched Vulnerability : CVE-2026-44170

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8...

Fedora 43 : libssh2 (2026-1b9134cdc9)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-1b9134cdc9 advisory. This update addresses CVE-2026-7598, a potential heap buffer overflow, which could be triggered remotely by supplying very long username and/or password...

AlmaLinux 9 : kernel (ALSA-2026:21556)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:21556 advisory. kernel: proc: use the same treatment to check proclseek as ones for procreaditer et.al CVE-2025-38653 kernel: ima: don't clear IMADIGSIG flag when settin...

Fedora 44 : nasm (2026-eaae48ece0)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-eaae48ece0 advisory. Fix for CVE-2026-6067 . Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Linux Distros Unpatched Vulnerability : CVE-2026-48165

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8...

Fedora 43 : perl-CryptX (2026-2ef4c0c642)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-2ef4c0c642 advisory. Fixes CVE-2026-41565 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for th...

Linux Distros Unpatched Vulnerability : CVE-2025-68616

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery SSRF protection bypass exists in WeasyPrint's...

Linux Distros Unpatched Vulnerability : CVE-2026-44169

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting EXECUT...

Fedora 44 : keylime (2026-9064cdf8ef)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-9064cdf8ef advisory. Updating for Keylime release v7.14.2: - This includes the fix for CVE-2026-6420. - Update keylime-selinux policy to the latest version 44.1.0 Tenable has...

EulerOS Virtualization 2.13.0 : libxml2 (EulerOS-SA-2026-2178)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for use...

RHEL 8 : thunderbird (RHSA-2026:22643)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:22643 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Incorrect boundary conditions in the JavaScript...

EulerOS Virtualization 2.10.1 : sssd (EulerOS-SA-2026-2037)

According to the versions of the sssd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default...

RHEL 10 : openssl (RHSA-2026:22314)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:22314 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

RHEL 10 : php8.4 (RHSA-2026:22649)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22649 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also...

EulerOS Virtualization 2.13.1 : glibc (EulerOS-SA-2026-2127)

According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Passing too large an alignment to the memalign suite of functions memalign, posixmemalign, alignedalloc in the GNU C Library version...

EulerOS Virtualization 2.10.0 : expat (EulerOS-SA-2026-2045)

According to the versions of the expat package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data.CVE-2026-24515 In libexpat...

EulerOS Virtualization 2.10.0 : libsodium (EulerOS-SA-2026-2053)

According to the versions of the libsodium package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to...

EulerOS Virtualization 2.10.0 : nghttp2 (EulerOS-SA-2026-2057)

According to the versions of the nghttp2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops...

Slackware Linux 15.0 / current xorg-server Vulnerability (SSA:2026-154-04)

The version of xorg-server installed on the remote host is prior to 1.20.14 / 21.1.23 / 21.1.4 / 24.1.12. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-154-04 advisory. New xorg-server packages are available for Slackware 15.0 and -current to fix security issues...

EulerOS Virtualization 2.13.1 : sssd (EulerOS-SA-2026-2152)

According to the versions of the sssd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default...

RHCOS 4 : OpenShift Container Platform 4.18.43 (RHSA-2026:21655)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:21655 advisory. - net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 - crypto/x509: crypto/tls: golang: Go: Denial of Servi...

EulerOS Virtualization 2.12.1 : vim (EulerOS-SA-2026-2091)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style...

EulerOS Virtualization 2.12.0 : protobuf (EulerOS-SA-2026-2109)

According to the versions of the protobuf packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit...

RHCOS 4 : OpenShift Container Platform 4.20.24 (RHSA-2026:21701)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:21701 advisory. - golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 - kernel: Read root-owned files as an...

RHEL 9 : openssh (RHSA-2026:22648)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22648 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files...