Amazon Linux 2 : containerd, --advisory ALAS2DOCKER-2026-130 (ALASDOCKER-2026-130)

The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-130 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsi...

Amazon Linux 2 : runfinch-finch, --advisory ALAS2DOCKER-2026-132 (ALASDOCKER-2026-132)

The version of runfinch-finch installed on the remote host is prior to 1.17.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-132 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680...

Amazon Linux 2 : containerd, --advisory ALAS2NITRO-ENCLAVES-2026-111 (ALASNITRO-ENCLAVES-2026-111)

The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-111 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-256...

Amazon Linux 2023 : runfinch-finch (ALAS2023-2026-1886)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1886 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an...

Amazon Linux 2023 : ImageMagick, ImageMagick-c++, ImageMagick-c++-devel (ALAS2023-2026-1826)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1826 advisory. When writing an IPTC output file a malicious input file could cause an out of bounds read of a single byte. as per:...

RHEL 10 : openssl-fips-provider (RHSA-2026:27746)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27746 advisory. This package provides a custom build of the OpenSSL FIPS module that has been submitted to NIST for certification. Security Fixes: openssl: openssl...

RHEL 10 : openssl-fips-provider (RHSA-2026:27745)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27745 advisory. This package provides a custom build of the OpenSSL FIPS module that has been submitted to NIST for certification. Security Fixes: openssl: openssl...

RHEL 9 : openssl-fips-provider (RHSA-2026:27744)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27744 advisory. This package provides a custom build of the OpenSSL FIPS module that has been submitted to NIST for certification. Security Fixes: openssl: openssl:...

Amazon Linux 2023 : compat-poppler22, compat-poppler22-cpp (ALAS2023-2026-1851)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1851 advisory. A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the...

RHEL 9 : poppler (RHSA-2026:27722)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27722 advisory. Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: Integer overflow in Poppl...

Amazon Linux 2 : lcms2, --advisory ALAS2-2026-3359 (ALAS-2026-3359)

The version of lcms2 installed on the remote host is prior to 2.6-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3359 advisory. Little CMS lcms2 through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the...

Fedora 43 : prometheus (2026-dfc0e362e6)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-dfc0e362e6 advisory. Update to 3.12.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

Amazon Linux 2023 : cargo-c (ALAS2023-2026-1872)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1872 advisory. gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled...

Cisco Umbrella Virtual Appliance < 3.8.5 Privilege Escalation (cisco-sa-umbrella-priv-esc-F4wJB7AU)

According to its self-reported version, Cisco Umbrella Insights Virtual Appliance is affected by a vulnerability. - A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability i...

RHEL 8 : poppler (RHSA-2026:27725)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27725 advisory. Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: Integer overflow in Poppl...

Amazon Linux 2 : python-pip, --advisory ALAS2-2026-3358 (ALAS-2026-3358)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3358 advisory. A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially...

RHEL 7 / 8 : Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP4 (RHSA-2026:27200)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27200 advisory. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTT...

Fedora 44 : python-scrapy (2026-bdf3581452)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-bdf3581452 advisory. updated to latest version for F43 and F44 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2026-105 (ALASKERNEL-5.15-2026-105)

The version of kernel installed on the remote host is prior to 5.15.206-144.236. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.15-2026-105 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego...

Amazon Linux 2 : libusbx, --advisory ALAS2-2026-3360 (ALAS-2026-3360)

The version of libusbx installed on the remote host is prior to 1.0.21-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3360 advisory. libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by...

RHEL 10 : poppler (RHSA-2026:27720)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27720 advisory. Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: Integer overflow in...

Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2026-1862)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1862 advisory. Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip...

Amazon Linux 2 : perl-DBI, --advisory ALAS2-2026-3361 (ALAS-2026-3361)

The version of perl-DBI installed on the remote host is prior to 1.627-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3361 advisory. DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The...

Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1894)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1894 advisory. In the Linux kernel, the following vulnerability has been resolved: xfrm: hold dev ref until after transportfinish NFHOOK CVE-2026-31663 In the Linux kernel, the following vulnerability has be...

Amazon Linux 2 : httpd, --advisory ALAS2-2026-3379 (ALAS-2026-3379)

The version of httpd installed on the remote host is prior to 2.4.68-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3379 advisory. Use After Free vulnerability in Apache HTTP Server with modldap in per-directory configuration This issue affects Apache HT...

Amazon Linux 2 : libnfs, --advisory ALAS2-2026-3367 (ALAS-2026-3367)

The version of libnfs installed on the remote host is prior to 1.11.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3367 advisory. libnfs through 6.0.2 before 55c18ea does not validate a string size, leading to an integer overflow during a connection to a crafte...

Amazon Linux 2023 : perl-HTML-Parser, perl-HTML-Parser-tests (ALAS2023-2026-1836)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1836 advisory. HTML::Entities versions before 3.84 for Perl read freed heap memory in decodeentities. The XS routine backing HTML::Entities::decodeentities cached a pointer repl into the entity-value SV returned by...

Amazon Linux 2023 : clamav1.5, clamav1.5-data, clamav1.5-devel (ALAS2023-2026-1870)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1870 advisory. rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it as the in/out...

SUSE SLES15 Security Update : strongswan (SUSE-SU-2026:2459-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2459-1 advisory. This update for strongswan fixes the following issues - CVE-2026-35328: infinite loop when handling supported versions TLS extensio...

Fedora 44 : erlang (2026-ef630b13b0)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-ef630b13b0 advisory. Fix for CVE-2026-48855 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

Amazon Linux 2023 : python3-rrdtool, rrdtool, rrdtool-devel (ALAS2023-2026-1823)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1823 advisory. A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This...

Amazon Linux 2023 : giflib, giflib-devel, giflib-utils (ALAS2023-2026-1883)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1883 advisory. Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validati...

Amazon Linux 2 : perl-GD, --advisory ALAS2-2026-3387 (ALAS-2026-3387)

The version of perl-GD installed on the remote host is prior to 2.49-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3387 advisory. command injection via 2-arg open in makefilehandle CVE-2026-11526 Tenable has extracted the preceding description block directly fro...

Amazon Linux 2023 : python3.13-pip, python3.13-pip-wheel (ALAS2023-2026-1841)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1841 advisory. A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially...

Debian dsa-6361 : ffmpeg - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6361 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6361-1 [email protected] https://www.debian.org/securit...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2026-106 (ALASKERNEL-5.15-2026-106)

The version of kernel installed on the remote host is prior to 5.15.208-145.238. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.15-2026-106 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Prevent improper isolation of...

Fedora 43 : vips (2026-3b2ddea116)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3b2ddea116 advisory. - update to v8.18.3 - enable uhdr - fix several security issues Tenable has extracted the preceding description block directly from the Fedora...

Amazon Linux 2023 : perl-DBI, perl-DBI-tests (ALAS2023-2026-1850)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1850 advisory. DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of t...

Amazon Linux 2023 : perl-CryptX, perl-CryptX-tests (ALAS2023-2026-1834)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1834 advisory. CryptX versions before 0.088001 for Perl have a stack buffer overflow in four AEAD decryptverify helpers. The gcmdecryptverify, ccmdecryptverify, chacha20poly1305decryptverify and eaxdecryptverify XS...

Oracle WebCenter Sites (June 2026 CSPU)

The 12.2.1.4.0 and 14.1.2.0.0 versions of WebCenter Sites installed on the remote host are affected by multiple vulnerabilities as referenced in the June 2026 CSPU advisory. - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: WebCenter Sites. Supported...

Oracle Linux 8 : hplip (ELSA-2026-26335)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-26335 advisory. - OSH fixes after CVE-2026-8631 - CVE-2026-8631 hplip: Arbitrary code execution and privilege escalation via integer overflow in hpcups Tenable has...

AlmaLinux 8 : 389-ds:1.4 (ALSA-2026:26459)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:26459 advisory. 389-ds-base: 389-ds-base: unbounded LDAP controls count in getldapmessagecontrolsext causes CPU and heap amplification remote DoS CVE-2026-9064 Tenable has...

Amazon Linux 2023 : perl-Unicode-LineBreak (ALAS2023-2026-1831)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1831 advisory. Text::LineFold versions through 2019.001 for Perl duplicate the output based on the number of special break characters. Text::LineFold splits the input string by specific line break characters such as...

Amazon Linux 2023 : aspnetcore-runtime-10.0, aspnetcore-runtime-dbg-10.0, aspnetcore-targeting-pack-10.0 (ALAS2023-2026-1867)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1867 advisory. Improper authorization in .NET allows an authorized attacker to elevate privileges locally. CVE-2026-45490 Improper link resolution before file access 'link following' in .NET allows an...

Amazon Linux 2 : graphite2, --advisory ALAS2-2026-3369 (ALAS-2026-3369)

The version of graphite2 installed on the remote host is prior to 1.3.10-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3369 advisory. Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not...

Amazon Linux 2023 : libusbx, libusbx-devel, libusbx-tests-examples (ALAS2023-2026-1848)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1848 advisory. libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claim...

Linux Distros Unpatched Vulnerability : CVE-2026-12805

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library ofstd/libsrc/ofxml.cc. Executing a...

Amazon Linux 2 : libinput, --advisory ALAS2-2026-3370 (ALAS-2026-3370)

The version of libinput installed on the remote host is prior to 1.8.4-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3370 advisory. A flaw was found in libinput. A local attacker with access to /dev/uinput can inject arbitrary udev properties through th...

Amazon Linux 2 : squid, --advisory ALAS2-2026-3371 (ALAS-2026-3371)

The version of squid installed on the remote host is prior to 3.5.20-17. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3371 advisory. Due to an Improper Input Validation bug, Squid is vulnerable toa Heap-based Buffer Overflow attack against cache digests. This...

Amazon Linux 2 : mod_http2, --advisory ALAS2-2026-3372 (ALAS-2026-3372)

The version of modhttp2 installed on the remote host is prior to 2.0.42-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3372 advisory. Denial of service in HTTP/2 cookie request header counting CVE-2026-49975 Tenable has extracted the preceding description block...