Newest Plugins from Tenable https://www.tenable.com/plugins/feeds?sort=newest&type= Get the latest plugin updates from Tenable Tue, 14 Apr 2026 16:25:17 GMT https://validator.w3.org/feed/docs/rss2.html Tenable Plugins Newest Plugins from Tenable https://www.tenable.com/themes/custom/tenable/img/favicons/apple-touch-icon.png https://www.tenable.com/plugins/feeds?sort=newest&type= Copyright 2026 Tenable, Inc. All rights reserved. <![CDATA[Siemens (CVE-2020-26145)]]> https://www.tenable.com/plugins/ot/505319 https://www.tenable.com/plugins/ot/505319 Tue, 14 Apr 2026 00:00:00 GMT Tenable OT Security Plugin ID 505319 with Medium Severity

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Read more at https://www.tenable.com/plugins/ot/505319

]]> <![CDATA[RHEL 10 : golang-github-openprinting-ipp-usb (RHSA-2026:7992)]]> https://www.tenable.com/plugins/nessus/306360 https://www.tenable.com/plugins/nessus/306360 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306360 with High Severity

Synopsis

The remote Red Hat host is missing a security update for golang-github-openprinting-ipp-usb.

Description

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:7992 advisory.

 HTTP reverse proxy, backed by IPP-over-USB connection to device. It enables driverless support for USB devices capable of using IPP-over-USB protocol.

 Security Fix(es):

 * net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL golang-github-openprinting-ipp-usb package based on the guidance in RHSA-2026:7992.

Read more at https://www.tenable.com/plugins/nessus/306360

]]> <![CDATA[Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Redis, Lua vulnerabilities (USN-8169-1)]]> https://www.tenable.com/plugins/nessus/306359 https://www.tenable.com/plugins/nessus/306359 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306359 with Critical Severity

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8169-1 advisory.

 It was discovered that Redis incorrectly handled certain specially crafted Lua scripts. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue was only addressed in lua5.1 on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2025-49844)

 It was discovered that Redis incorrectly handled certain specially crafted Lua scripts. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue was only addressed in lua-bitop on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS and in redis on Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-31449)

 Seiya Nakata and Yudai Fujiwara discovered that Redis incorrectly handled certain specially crafted Lua scripts. An attacker could possibly use this issue to cause heap corruption and execute arbitrary code.
 This issue was only addressed in lua-cjson on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-24834)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306359

]]> <![CDATA[RockyLinux 8 : perl-XML-Parser (RLSA-2026:7681)]]> https://www.tenable.com/plugins/nessus/306358 https://www.tenable.com/plugins/nessus/306358 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306358 with Critical Severity

Synopsis

The remote RockyLinux host is missing one or more security updates.

Description

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:7681 advisory.

 * perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files (CVE-2006-10003)

 * perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input (CVE-2006-10002)

Tenable has extracted the preceding description block directly from the RockyLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected perl-XML-Parser, perl-XML-Parser-debuginfo and / or perl-XML-Parser-debugsource packages.

Read more at https://www.tenable.com/plugins/nessus/306358

]]> <![CDATA[Photon OS 5.0: Libtiff PHSA-2026-5.0-0794]]> https://www.tenable.com/plugins/nessus/306357 https://www.tenable.com/plugins/nessus/306357 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306357 with High Severity

Synopsis

The remote PhotonOS host is missing multiple security updates.

Description

An update of the libtiff package has been released.

Solution

Update the affected Linux packages.

Read more at https://www.tenable.com/plugins/nessus/306357

]]> <![CDATA[Photon OS 4.0: Libtiff PHSA-2025-4.0-0870]]> https://www.tenable.com/plugins/nessus/306356 https://www.tenable.com/plugins/nessus/306356 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306356 with Medium Severity

Synopsis

The remote PhotonOS host is missing multiple security updates.

Description

An update of the libtiff package has been released.

Solution

Update the affected Linux packages.

Read more at https://www.tenable.com/plugins/nessus/306356

]]> <![CDATA[Photon OS 4.0: Libtiff PHSA-2026-4.0-0995]]> https://www.tenable.com/plugins/nessus/306355 https://www.tenable.com/plugins/nessus/306355 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306355 with Medium Severity

Synopsis

The remote PhotonOS host is missing multiple security updates.

Description

An update of the libtiff package has been released.

Solution

Update the affected Linux packages.

Read more at https://www.tenable.com/plugins/nessus/306355

]]> <![CDATA[Photon OS 4.0: Libpng PHSA-2026-4.0-0994]]> https://www.tenable.com/plugins/nessus/306354 https://www.tenable.com/plugins/nessus/306354 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306354 with High Severity

Synopsis

The remote PhotonOS host is missing multiple security updates.

Description

An update of the libpng package has been released.

Solution

Update the affected Linux packages.

Read more at https://www.tenable.com/plugins/nessus/306354

]]> <![CDATA[Photon OS 4.0: Nginx PHSA-2026-4.0-0994]]> https://www.tenable.com/plugins/nessus/306353 https://www.tenable.com/plugins/nessus/306353 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306353 with High Severity

Synopsis

The remote PhotonOS host is missing multiple security updates.

Description

An update of the nginx package has been released.

Solution

Update the affected Linux packages.

Read more at https://www.tenable.com/plugins/nessus/306353

]]> <![CDATA[Photon OS 4.0: Linux PHSA-2026-4.0-0959]]> https://www.tenable.com/plugins/nessus/306352 https://www.tenable.com/plugins/nessus/306352 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306352 with High Severity

Synopsis

The remote PhotonOS host is missing multiple security updates.

Description

An update of the linux package has been released.

Solution

Update the affected Linux packages.

Read more at https://www.tenable.com/plugins/nessus/306352

]]> <![CDATA[Photon OS 4.0: Libtiff PHSA-2026-4.0-0984]]> https://www.tenable.com/plugins/nessus/306351 https://www.tenable.com/plugins/nessus/306351 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306351 with High Severity

Synopsis

The remote PhotonOS host is missing multiple security updates.

Description

An update of the libtiff package has been released.

Solution

Update the affected Linux packages.

Read more at https://www.tenable.com/plugins/nessus/306351

]]> <![CDATA[Photon OS 5.0: Docker PHSA-2026-5.0-0809]]> https://www.tenable.com/plugins/nessus/306350 https://www.tenable.com/plugins/nessus/306350 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306350 with Medium Severity

Synopsis

The remote PhotonOS host is missing multiple security updates.

Description

An update of the docker package has been released.

Solution

Update the affected Linux packages.

Read more at https://www.tenable.com/plugins/nessus/306350

]]> <![CDATA[Photon OS 5.0: Sudo PHSA-2026-5.0-0815]]> https://www.tenable.com/plugins/nessus/306349 https://www.tenable.com/plugins/nessus/306349 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306349 with High Severity

Synopsis

The remote PhotonOS host is missing multiple security updates.

Description

An update of the sudo package has been released.

Solution

Update the affected Linux packages.

Read more at https://www.tenable.com/plugins/nessus/306349

]]> <![CDATA[Photon OS 5.0: Libtiff PHSA-2026-5.0-0815]]> https://www.tenable.com/plugins/nessus/306348 https://www.tenable.com/plugins/nessus/306348 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306348 with Medium Severity

Synopsis

The remote PhotonOS host is missing multiple security updates.

Description

An update of the libtiff package has been released.

Solution

Update the affected Linux packages.

Read more at https://www.tenable.com/plugins/nessus/306348

]]> <![CDATA[Photon OS 5.0: Python3 PHSA-2026-5.0-0813]]> https://www.tenable.com/plugins/nessus/306347 https://www.tenable.com/plugins/nessus/306347 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306347 with High Severity

Synopsis

The remote PhotonOS host is missing multiple security updates.

Description

An update of the python3 package has been released.

Solution

Update the affected Linux packages.

Read more at https://www.tenable.com/plugins/nessus/306347

]]> <![CDATA[Photon OS 5.0: Perl PHSA-2026-5.0-0812]]> https://www.tenable.com/plugins/nessus/306346 https://www.tenable.com/plugins/nessus/306346 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306346 with Critical Severity

Synopsis

The remote PhotonOS host is missing multiple security updates.

Description

An update of the perl package has been released.

Solution

Update the affected Linux packages.

Read more at https://www.tenable.com/plugins/nessus/306346

]]> <![CDATA[Photon OS 5.0: Vim PHSA-2026-5.0-0812]]> https://www.tenable.com/plugins/nessus/306345 https://www.tenable.com/plugins/nessus/306345 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306345 with High Severity

Synopsis

The remote PhotonOS host is missing multiple security updates.

Description

An update of the vim package has been released.

Solution

Update the affected Linux packages.

Read more at https://www.tenable.com/plugins/nessus/306345

]]> <![CDATA[Photon OS 5.0: Libtiff PHSA-2025-5.0-0620]]> https://www.tenable.com/plugins/nessus/306344 https://www.tenable.com/plugins/nessus/306344 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306344 with Medium Severity

Synopsis

The remote PhotonOS host is missing multiple security updates.

Description

An update of the libtiff package has been released.

Solution

Update the affected Linux packages.

Read more at https://www.tenable.com/plugins/nessus/306344

]]> <![CDATA[Photon OS 5.0: Nginx PHSA-2026-5.0-0811]]> https://www.tenable.com/plugins/nessus/306343 https://www.tenable.com/plugins/nessus/306343 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306343 with High Severity

Synopsis

The remote PhotonOS host is missing multiple security updates.

Description

An update of the nginx package has been released.

Solution

Update the affected Linux packages.

Read more at https://www.tenable.com/plugins/nessus/306343

]]> <![CDATA[Photon OS 5.0: Systemd PHSA-2026-5.0-0819]]> https://www.tenable.com/plugins/nessus/306342 https://www.tenable.com/plugins/nessus/306342 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306342 with Medium Severity

Synopsis

The remote PhotonOS host is missing multiple security updates.

Description

An update of the systemd package has been released.

Solution

Update the affected Linux packages.

Read more at https://www.tenable.com/plugins/nessus/306342

]]> <![CDATA[MiracleLinux 8 : vim-8.0.1763-22.el8_10.1.ML.1 (AXSA:2026-423:06)]]> https://www.tenable.com/plugins/nessus/306341 https://www.tenable.com/plugins/nessus/306341 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306341 with High Severity

Synopsis

The remote MiracleLinux host is missing one or more security updates.

Description

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-423:06 advisory.

 * vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin (CVE-2026-28417)
 * vim: Vim: Denial of service and information disclosure via crafted swap file (CVE-2026-28421)
 * vim: Vim: Arbitrary code execution via command injection in glob() function (CVE-2026-33412)

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306341

]]> <![CDATA[Fedora 43 : chromium (2026-952f3c3d9e)]]> https://www.tenable.com/plugins/nessus/306340 https://www.tenable.com/plugins/nessus/306340 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306340 with Critical Severity

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-952f3c3d9e advisory.

 Update to 147.0.7727.55

 * Critical CVE-2026-5858: Heap buffer overflow in WebML
 * Critical CVE-2026-5859: Integer overflow in WebML
 * High CVE-2026-5860: Use after free in WebRTC
 * High CVE-2026-5861: Use after free in V8
 * High CVE-2026-5862: Inappropriate implementation in V8
 * High CVE-2026-5863: Inappropriate implementation in V8
 * High CVE-2026-5864: Heap buffer overflow in WebAudio
 * High CVE-2026-5865: Type Confusion in V8
 * High CVE-2026-5866: Use after free in Media
 * High CVE-2026-5867: Heap buffer overflow in WebML
 * High CVE-2026-5868: Heap buffer overflow in ANGLE
 * High CVE-2026-5869: Heap buffer overflow in WebML
 * High CVE-2026-5870: Integer overflow in Skia
 * High CVE-2026-5871: Type Confusion in V8
 * High CVE-2026-5872: Use after free in Blink
 * High CVE-2026-5873: Out of bounds read and write in V8
 * Medium CVE-2026-5874: Use after free in PrivateAI
 * Medium CVE-2026-5875: Policy bypass in Blink
 * Medium CVE-2026-5876: Side-channel information leakage in Navigation
 * Medium CVE-2026-5877: Use after free in Navigation
 * Medium CVE-2026-5878: Incorrect security UI in Blink
 * Medium CVE-2026-5879: Insufficient validation of untrusted input in ANGLE
 * Medium CVE-2026-5880: Incorrect security UI in browser UI
 * Medium CVE-2026-5881: Policy bypass in LocalNetworkAccess
 * Medium CVE-2026-5882: Incorrect security UI in Fullscreen
 * Medium CVE-2026-5883: Use after free in Media
 * Medium CVE-2026-5884: Insufficient validation of untrusted input in Media
 * Medium CVE-2026-5885: Insufficient validation of untrusted input in WebML
 * Medium CVE-2026-5886: Out of bounds read in WebAudio
 * Medium CVE-2026-5887: Insufficient validation of untrusted input in Downloads
 * Medium CVE-2026-5888: Uninitialized Use in WebCodecs
 * Medium CVE-2026-5889: Cryptographic Flaw in PDFium
 * Medium CVE-2026-5890: Race in WebCodecs
 * Medium CVE-2026-5891: Insufficient policy enforcement in browser UI
 * Medium CVE-2026-5892: Insufficient policy enforcement in PWAs
 * Medium CVE-2026-5893: Race in V8
 * Low CVE-2026-5894: Inappropriate implementation in PDF
 * Low CVE-2026-5895: Incorrect security UI in Omnibox
 * Low CVE-2026-5896: Policy bypass in Audio
 * Low CVE-2026-5897: Incorrect security UI in Downloads
 * Low CVE-2026-5898: Incorrect security UI in Omnibox
 * Low CVE-2026-5899: Incorrect security UI in History Navigation
 * Low CVE-2026-5900: Policy bypass in Downloads
 * Low CVE-2026-5901: Policy bypass in DevTools
 * Low CVE-2026-5902: Race in Media
 * Low CVE-2026-5903: Policy bypass in IFrameSandbox
 * Low CVE-2026-5904: Use after free in V8
 * Low CVE-2026-5905: Incorrect security UI in Permissions
 * Low CVE-2026-5906: Incorrect security UI in Omnibox
 * Low CVE-2026-5907: Insufficient data validation in Media
 * Low CVE-2026-5908: Integer overflow in Media
 * Low CVE-2026-5909: Integer overflow in Media
 * Low CVE-2026-5910: Integer overflow in Media
 * Low CVE-2026-5911: Policy bypass in ServiceWorkers
 * Low CVE-2026-5912: Integer overflow in WebRTC
 * Low CVE-2026-5913: Out of bounds read in Blink
 * Low CVE-2026-5914: Type Confusion in CSS
 * Low CVE-2026-5915: Insufficient validation of untrusted input in WebML
 * Low CVE-2026-5918: Inappropriate implementation in Navigation
 * Low CVE-2026-5919: Insufficient validation of untrusted input in WebSockets


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected chromium package.

Read more at https://www.tenable.com/plugins/nessus/306340

]]> <![CDATA[Fedora 43 : flatpak (2026-5286084b44)]]> https://www.tenable.com/plugins/nessus/306339 https://www.tenable.com/plugins/nessus/306339 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306339 with Critical Severity

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-5286084b44 advisory.

 Update to 1.16.6

 Fixes for CVE-2026-34078, CVE-2026-34079, GHSA-2fxp-43j9-pwvc and GHSA-89xm-3m96-w3jg


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected flatpak package.

Read more at https://www.tenable.com/plugins/nessus/306339

]]> <![CDATA[SUSE SLES15 Security Update : kernel (Live Patch 19 for SUSE Linux Enterprise 15 SP6) (SUSE-SU-2026:1274-1)]]> https://www.tenable.com/plugins/nessus/306338 https://www.tenable.com/plugins/nessus/306338 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306338 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1274-1 advisory.

 This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.84 fixes various security issues

 The following security issues were fixed:

 - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
 - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
 - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
 - CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183).
 - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).

 The following non security issue was fixed:

 - Fix NULL pointer dereference in smb2_query_server_interfaces Livepatch for to restore a null check of server->ops->query_server_interfaces that was dropped by mistake. (bsc#1259896 bsc#1259962).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel-livepatch-6_4_0-150600_23_84-default package.

Read more at https://www.tenable.com/plugins/nessus/306338

]]> <![CDATA[SUSE SLES15 Security Update : kernel (Live Patch 37 for SUSE Linux Enterprise 15 SP4) (SUSE-SU-2026:1269-1)]]> https://www.tenable.com/plugins/nessus/306337 https://www.tenable.com/plugins/nessus/306337 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306337 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1269-1 advisory.

 This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.153 fixes various security issues

 The following security issues were fixed:

 - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036).
 - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689).
 - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
 - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
 - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
 - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel-livepatch-5_14_21-150400_24_153-default package.

Read more at https://www.tenable.com/plugins/nessus/306337

]]> <![CDATA[SUSE SLES15 Security Update : kernel (Live Patch 9 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:1262-1)]]> https://www.tenable.com/plugins/nessus/306336 https://www.tenable.com/plugins/nessus/306336 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306336 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1262-1 advisory.

 This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.31 fixes various security issues

 The following security issues were fixed:

 - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
 - CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183).
 - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).

 The following non security issue was fixed:

 - Fix NULL pointer dereference in smb2_query_server_interfaces Livepatch for to restore a null check of server->ops->query_server_interfaces that was dropped by mistake. (bsc#1259896 bsc#1259962).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel-livepatch-6_4_0-150700_53_31-default package.

Read more at https://www.tenable.com/plugins/nessus/306336

]]> <![CDATA[SUSE SLES15 Security Update : kernel (Live Patch 7 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:1284-1)]]> https://www.tenable.com/plugins/nessus/306335 https://www.tenable.com/plugins/nessus/306335 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306335 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1284-1 advisory.

 This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.25 fixes various security issues

 The following security issues were fixed:

 - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
 - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
 - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
 - CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183).
 - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel-livepatch-6_4_0-150700_53_25-default package.

Read more at https://www.tenable.com/plugins/nessus/306335

]]> <![CDATA[SUSE SLES12 Security Update : kernel (Live Patch 72 for SUSE Linux Enterprise 12 SP5) (SUSE-SU-2026:1298-1)]]> https://www.tenable.com/plugins/nessus/306334 https://www.tenable.com/plugins/nessus/306334 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306334 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1298-1 advisory.

 This update for the SUSE Linux Enterprise Kernel 4.12.14-122.272 fixes various security issues

 The following security issues were fixed:

 - CVE-2023-53794: cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1255235).
 - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036).
 - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689).
 - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
 - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
 - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
 - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kgraft-patch-4_12_14-122_272-default package.

Read more at https://www.tenable.com/plugins/nessus/306334

]]> <![CDATA[SUSE SLES15 Security Update : kernel (Live Patch 0 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:1283-1)]]> https://www.tenable.com/plugins/nessus/306333 https://www.tenable.com/plugins/nessus/306333 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306333 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1283-1 advisory.

 This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.60 fixes various security issues

 The following security issues were fixed:

 - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036).
 - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689).
 - CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404).
 - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
 - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
 - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
 - CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183).
 - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel-livepatch-6_4_0-150600_23_60-default and / or kernel-livepatch-6_4_0-150700_51-default packages.

Read more at https://www.tenable.com/plugins/nessus/306333

]]> <![CDATA[SUSE SLES15 Security Update : kernel (Live Patch 41 for SUSE Linux Enterprise 15 SP4) (SUSE-SU-2026:1280-1)]]> https://www.tenable.com/plugins/nessus/306332 https://www.tenable.com/plugins/nessus/306332 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306332 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1280-1 advisory.

 This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.167 fixes various security issues

 The following security issues were fixed:

 - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036).
 - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689).
 - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
 - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
 - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
 - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel-livepatch-5_14_21-150400_24_167-default package.

Read more at https://www.tenable.com/plugins/nessus/306332

]]> <![CDATA[SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2026:1290-1)]]> https://www.tenable.com/plugins/nessus/306331 https://www.tenable.com/plugins/nessus/306331 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306331 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1290-1 advisory.

 - CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441).
 - CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442).
 - CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443).
 - CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306331

]]> <![CDATA[SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2026:1273-1)]]> https://www.tenable.com/plugins/nessus/306330 https://www.tenable.com/plugins/nessus/306330 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306330 with Critical Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1273-1 advisory.

 - Update to 149.0.2 and 140.9.1esr (bsc#1261663).
 - CVE-2026-5731: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2.
 - CVE-2026-5732: Incorrect boundary conditions, integer overflow in the Graphics: Text component.
 - CVE-2026-5734: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2.

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected MozillaFirefox, MozillaFirefox-devel and / or MozillaFirefox-translations-common packages.

Read more at https://www.tenable.com/plugins/nessus/306330

]]> <![CDATA[SUSE SLES15 Security Update : kernel (Live Patch 14 for SUSE Linux Enterprise 15 SP6) (SUSE-SU-2026:1271-1)]]> https://www.tenable.com/plugins/nessus/306329 https://www.tenable.com/plugins/nessus/306329 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306329 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1271-1 advisory.

 This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.65 fixes various security issues

 The following security issues were fixed:

 - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036).
 - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689).
 - CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404).
 - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
 - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
 - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
 - CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183).
 - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel-livepatch-6_4_0-150600_23_65-default package.

Read more at https://www.tenable.com/plugins/nessus/306329

]]> <![CDATA[SUSE SLES15 Security Update : nodejs24 (SUSE-SU-2026:1299-1)]]> https://www.tenable.com/plugins/nessus/306328 https://www.tenable.com/plugins/nessus/306328 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306328 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1299-1 advisory.

 - Update to 24.14.1
 - CVE-2026-21637: synchronous exceptions thrown during certain callbacks bypass the standard TLS error handling paths and can cause a denial of service (bsc#1256576).
 - CVE-2026-21710: uncaught TypeError exception can cause a denial of service (bsc#1260455).
 - CVE-2026-21712: malformed URL format can lead to a crash (bsc#1260460).
 - CVE-2026-21713: timing side-channel in HMAC verification via memcmp can lead to potential MAC forgery (bsc#1260463).
 - CVE-2026-21714: WINDOW_UPDATE frames on stream 0 can lead to memory leak (bsc#1260480).
 - CVE-2026-21715: permission model bypass in realpathSync.native can allow file existence disclosure (bsc#1260482).
 - CVE-2026-21716: promise-based FileHandle methods can be used to modify file permissions and ownership (bsc#1260462).
 - CVE-2026-21717: crafted request can lead to trivially predictable hash collisions (bsc#1260494).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected nodejs24, nodejs24-devel, nodejs24-docs and / or npm24 packages.

Read more at https://www.tenable.com/plugins/nessus/306328

]]> <![CDATA[SUSE SLES15 Security Update : kernel (Live Patch 9 for SUSE Linux Enterprise 15 SP6) (SUSE-SU-2026:1259-1)]]> https://www.tenable.com/plugins/nessus/306327 https://www.tenable.com/plugins/nessus/306327 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306327 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1259-1 advisory.

 This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.42 fixes various security issues

 The following security issues were fixed:

 - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036).
 - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689).
 - CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404).
 - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
 - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
 - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
 - CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183).
 - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel-livepatch-6_4_0-150600_23_42-default package.

Read more at https://www.tenable.com/plugins/nessus/306327

]]> <![CDATA[SUSE SLES15 Security Update : kernel (Live Patch 46 for SUSE Linux Enterprise 15 SP4) (SUSE-SU-2026:1265-1)]]> https://www.tenable.com/plugins/nessus/306326 https://www.tenable.com/plugins/nessus/306326 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306326 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1265-1 advisory.

 This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.184 fixes various security issues

 The following security issues were fixed:

 - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
 - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
 - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
 - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel-livepatch-5_14_21-150400_24_184-default package.

Read more at https://www.tenable.com/plugins/nessus/306326

]]> <![CDATA[SUSE SLES15 Security Update : kernel (Live Patch 33 for SUSE Linux Enterprise 15 SP5) (SUSE-SU-2026:1270-1)]]> https://www.tenable.com/plugins/nessus/306325 https://www.tenable.com/plugins/nessus/306325 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306325 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1270-1 advisory.

 This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.130 fixes various security issues

 The following security issues were fixed:

 - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
 - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
 - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
 - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel-livepatch-5_14_21-150500_55_130-default package.

Read more at https://www.tenable.com/plugins/nessus/306325

]]> <![CDATA[SUSE SLES15 Security Update : kernel (Live Patch 38 for SUSE Linux Enterprise 15 SP4) (SUSE-SU-2026:1268-1)]]> https://www.tenable.com/plugins/nessus/306324 https://www.tenable.com/plugins/nessus/306324 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306324 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1268-1 advisory.

 This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.158 fixes various security issues

 The following security issues were fixed:

 - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036).
 - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689).
 - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
 - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
 - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
 - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel-livepatch-5_14_21-150400_24_158-default package.

Read more at https://www.tenable.com/plugins/nessus/306324

]]> <![CDATA[SUSE SLES15 Security Update : kernel (Live Patch 8 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:1279-1)]]> https://www.tenable.com/plugins/nessus/306323 https://www.tenable.com/plugins/nessus/306323 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306323 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1279-1 advisory.

 This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.28 fixes various security issues

 The following security issues were fixed:

 - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
 - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
 - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
 - CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183).
 - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel-livepatch-6_4_0-150700_53_28-default package.

Read more at https://www.tenable.com/plugins/nessus/306323

]]> <![CDATA[SUSE SLES12 Security Update : kernel (Live Patch 68 for SUSE Linux Enterprise 12 SP5) (SUSE-SU-2026:1285-1)]]> https://www.tenable.com/plugins/nessus/306322 https://www.tenable.com/plugins/nessus/306322 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306322 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1285-1 advisory.

 This update for the SUSE Linux Enterprise Kernel 4.12.14-122.258 fixes various security issues

 The following security issues were fixed:

 - CVE-2023-53794: cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1255235).
 - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036).
 - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689).
 - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
 - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
 - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
 - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kgraft-patch-4_12_14-122_258-default package.

Read more at https://www.tenable.com/plugins/nessus/306322

]]> <![CDATA[SUSE SLES15 Security Update : GraphicsMagick (SUSE-SU-2026:1300-1)]]> https://www.tenable.com/plugins/nessus/306321 https://www.tenable.com/plugins/nessus/306321 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306321 with Critical Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1300-1 advisory.

 - CVE-2026-26284: heap overflow in pcd decoder leads to out of bounds read (bsc#1258765).
 - CVE-2026-28690: missing bounds check in the MNG encoder can lead to a stack buffer overflow (bsc#1259456).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306321

]]> <![CDATA[SUSE SLES15 Security Update : kernel (Live Patch 42 for SUSE Linux Enterprise 15 SP4) (SUSE-SU-2026:1281-1)]]> https://www.tenable.com/plugins/nessus/306320 https://www.tenable.com/plugins/nessus/306320 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306320 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1281-1 advisory.

 This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.170 fixes various security issues

 The following security issues were fixed:

 - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036).
 - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689).
 - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
 - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
 - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
 - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel-livepatch-5_14_21-150400_24_170-default package.

Read more at https://www.tenable.com/plugins/nessus/306320

]]> <![CDATA[SUSE SLES12 Security Update : kernel (Live Patch 75 for SUSE Linux Enterprise 12 SP5) (SUSE-SU-2026:1293-1)]]> https://www.tenable.com/plugins/nessus/306319 https://www.tenable.com/plugins/nessus/306319 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306319 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1293-1 advisory.

 This update for the SUSE Linux Enterprise Kernel 4.12.14-122.283 fixes various security issues

 The following security issues were fixed:

 - CVE-2023-53794: cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1255235).
 - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
 - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
 - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
 - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kgraft-patch-4_12_14-122_283-default package.

Read more at https://www.tenable.com/plugins/nessus/306319

]]> <![CDATA[SUSE SLES15 Security Update : kernel (Live Patch 26 for SUSE Linux Enterprise 15 SP5) (SUSE-SU-2026:1263-1)]]> https://www.tenable.com/plugins/nessus/306318 https://www.tenable.com/plugins/nessus/306318 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306318 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1263-1 advisory.

 This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.103 fixes various security issues

 The following security issues were fixed:

 - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036).
 - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689).
 - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
 - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
 - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
 - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel-livepatch-5_14_21-150500_55_103-default package.

Read more at https://www.tenable.com/plugins/nessus/306318

]]> <![CDATA[SUSE SLES12 Security Update : kernel (Live Patch 77 for SUSE Linux Enterprise 12 SP5) (SUSE-SU-2026:1294-1)]]> https://www.tenable.com/plugins/nessus/306317 https://www.tenable.com/plugins/nessus/306317 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306317 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1294-1 advisory.

 This update for the SUSE Linux Enterprise Kernel 4.12.14-122.293 fixes various security issues

 The following security issues were fixed:

 - CVE-2023-53794: cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1255235).
 - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
 - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kgraft-patch-4_12_14-122_293-default package.

Read more at https://www.tenable.com/plugins/nessus/306317

]]> <![CDATA[SUSE SLES15 Security Update : kernel (Live Patch 20 for SUSE Linux Enterprise 15 SP6) (SUSE-SU-2026:1266-1)]]> https://www.tenable.com/plugins/nessus/306316 https://www.tenable.com/plugins/nessus/306316 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306316 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1266-1 advisory.

 This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.87 fixes various security issues

 The following security issues were fixed:

 - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
 - CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183).
 - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).

 The following non security issue was fixed:

 - Fix NULL pointer dereference in smb2_query_server_interfaces Livepatch for to restore a null check of server->ops->query_server_interfaces that was dropped by mistake. (bsc#1259896 bsc#1259962).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel-livepatch-6_4_0-150600_23_87-default package.

Read more at https://www.tenable.com/plugins/nessus/306316

]]> <![CDATA[SUSE SLES12 Security Update : kernel (Live Patch 70 for SUSE Linux Enterprise 12 SP5) (SUSE-SU-2026:1287-1)]]> https://www.tenable.com/plugins/nessus/306315 https://www.tenable.com/plugins/nessus/306315 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306315 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1287-1 advisory.

 This update for the SUSE Linux Enterprise Kernel 4.12.14-122.266 fixes various security issues

 The following security issues were fixed:

 - CVE-2023-53794: cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1255235).
 - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036).
 - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689).
 - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
 - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
 - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
 - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kgraft-patch-4_12_14-122_266-default package.

Read more at https://www.tenable.com/plugins/nessus/306315

]]> <![CDATA[SUSE SLES12 Security Update : kernel (Live Patch 71 for SUSE Linux Enterprise 12 SP5) (SUSE-SU-2026:1297-1)]]> https://www.tenable.com/plugins/nessus/306314 https://www.tenable.com/plugins/nessus/306314 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306314 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1297-1 advisory.

 This update for the SUSE Linux Enterprise Kernel 4.12.14-122.269 fixes various security issues

 The following security issues were fixed:

 - CVE-2023-53794: cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1255235).
 - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036).
 - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689).
 - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
 - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
 - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
 - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kgraft-patch-4_12_14-122_269-default package.

Read more at https://www.tenable.com/plugins/nessus/306314

]]> <![CDATA[SUSE SLES15 Security Update : kernel (Live Patch 5 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:1278-1)]]> https://www.tenable.com/plugins/nessus/306313 https://www.tenable.com/plugins/nessus/306313 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306313 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1278-1 advisory.

 This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.19 fixes various security issues

 The following security issues were fixed:

 - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036).
 - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689).
 - CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404).
 - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
 - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
 - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
 - CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183).
 - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel-livepatch-6_4_0-150700_53_19-default package.

Read more at https://www.tenable.com/plugins/nessus/306313

]]> <![CDATA[SUSE SLES15 / openSUSE 15 Security Update : openssl-1_0_0 (SUSE-SU-2026:1291-1)]]> https://www.tenable.com/plugins/nessus/306312 https://www.tenable.com/plugins/nessus/306312 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306312 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1291-1 advisory.

 - CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441).
 - CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442).
 - CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443).
 - CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444).
 - CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306312

]]> <![CDATA[SUSE SLES15 Security Update : kernel (Live Patch 18 for SUSE Linux Enterprise 15 SP6) (SUSE-SU-2026:1272-1)]]> https://www.tenable.com/plugins/nessus/306311 https://www.tenable.com/plugins/nessus/306311 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306311 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1272-1 advisory.

 This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.81 fixes various security issues

 The following security issues were fixed:

 - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
 - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
 - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
 - CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183).
 - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel-livepatch-6_4_0-150600_23_81-default package.

Read more at https://www.tenable.com/plugins/nessus/306311

]]> <![CDATA[SUSE SLES12 Security Update : kernel (Live Patch 74 for SUSE Linux Enterprise 12 SP5) (SUSE-SU-2026:1288-1)]]> https://www.tenable.com/plugins/nessus/306310 https://www.tenable.com/plugins/nessus/306310 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306310 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1288-1 advisory.

 This update for the SUSE Linux Enterprise Kernel 4.12.14-122.280 fixes various security issues

 The following security issues were fixed:

 - CVE-2023-53794: cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1255235).
 - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
 - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
 - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
 - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kgraft-patch-4_12_14-122_280-default package.

Read more at https://www.tenable.com/plugins/nessus/306310

]]> <![CDATA[SUSE SLES15 / openSUSE 15 Security Update : python312 (SUSE-SU-2026:1292-1)]]> https://www.tenable.com/plugins/nessus/306309 https://www.tenable.com/plugins/nessus/306309 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306309 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1292-1 advisory.

 - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611).
 - CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989).
 - CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734).
 - CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735).
 - CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306309

]]> <![CDATA[SUSE SLES15 Security Update : kernel (Live Patch 35 for SUSE Linux Enterprise 15 SP5) (SUSE-SU-2026:1258-1)]]> https://www.tenable.com/plugins/nessus/306308 https://www.tenable.com/plugins/nessus/306308 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306308 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1258-1 advisory.

 This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.136 fixes various security issues

 The following security issues were fixed:

 - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
 - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel-livepatch-5_14_21-150500_55_136-default package.

Read more at https://www.tenable.com/plugins/nessus/306308

]]> <![CDATA[SUSE SLES15 Security Update : kernel (Live Patch 17 for SUSE Linux Enterprise 15 SP6) (SUSE-SU-2026:1261-1)]]> https://www.tenable.com/plugins/nessus/306307 https://www.tenable.com/plugins/nessus/306307 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306307 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1261-1 advisory.

 This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.78 fixes various security issues

 The following security issues were fixed:

 - CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404).
 - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
 - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
 - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
 - CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183).
 - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel-livepatch-6_4_0-150600_23_78-default and / or kernel-livepatch-6_4_0-150700_53_22-default packages.

Read more at https://www.tenable.com/plugins/nessus/306307

]]> <![CDATA[SUSE SLES15 / openSUSE 15 Security Update : python39 (SUSE-SU-2026:1296-1)]]> https://www.tenable.com/plugins/nessus/306306 https://www.tenable.com/plugins/nessus/306306 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306306 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1296-1 advisory.

 - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611).
 - CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734).
 - CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735).
 - CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306306

]]> <![CDATA[RHEL 9 : bind9.18 (RHSA-2026:7915)]]> https://www.tenable.com/plugins/nessus/306305 https://www.tenable.com/plugins/nessus/306305 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306305 with High Severity

Synopsis

The remote Red Hat host is missing a security update for bind9.18.

Description

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:7915 advisory.

 BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly.

 Security Fix(es):

 * bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone (CVE-2026-1519)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL bind9.18 package based on the guidance in RHSA-2026:7915.

Read more at https://www.tenable.com/plugins/nessus/306305

]]> <![CDATA[Ubuntu 22.04 LTS / 25.10 : Corosync vulnerabilities (USN-8170-1)]]> https://www.tenable.com/plugins/nessus/306304 https://www.tenable.com/plugins/nessus/306304 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306304 with High Severity

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 22.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8170-1 advisory.

 It was discovered that Corosync incorrectly handled the membership commit token validity check. A remote attacker could use this issue to cause Corosync to crash, resulting in a denial of service, or to possibly obtain a small quantity of sensitive information. (CVE-2026-35091)

 It was discovered that Corosync incorrectly handled join message validation. A remote attacker could possibly use this issue to cause Corosync to crash, resulting in a denial of service. (CVE-2026-35092)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306304

]]> <![CDATA[Amazon Linux 2 : libtiff, --advisory ALAS2-2026-3235 (ALAS-2026-3235)]]> https://www.tenable.com/plugins/nessus/306303 https://www.tenable.com/plugins/nessus/306303 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306303 with High Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of libtiff installed on the remote host is prior to 4.0.3-35. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3235 advisory.

 A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution. (CVE-2026-4775)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update libtiff' or or 'yum update --advisory ALAS2-2026-3235' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306303

]]> <![CDATA[Amazon Linux 2 : cri-tools, --advisory ALAS2-2026-3236 (ALAS-2026-3236)]]> https://www.tenable.com/plugins/nessus/306302 https://www.tenable.com/plugins/nessus/306302 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306302 with Critical Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of cri-tools installed on the remote host is prior to 1.32.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3236 advisory.

 The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack. (CVE-2026-32285)

 gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, deny rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback allow rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific deny rules for canonical paths but allows other requests by default (a fallback allow rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening. (CVE-2026-33186)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update cri-tools' or or 'yum update --advisory ALAS2-2026-3236' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306302

]]> <![CDATA[Amazon Linux 2 : libpng12, --advisory ALAS2-2026-3243 (ALAS-2026-3243)]]> https://www.tenable.com/plugins/nessus/306301 https://www.tenable.com/plugins/nessus/306301 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306301 with High Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of libpng12 installed on the remote host is prior to 1.2.50-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3243 advisory.

 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer between `png_struct` and `png_info`, sharing a single allocation across two structs with independent lifetimes. The `trans_alpha` aliasing has been present since at least libpng 1.0, and the `palette` aliasing since at least 1.2.1. Both affect all prior release lines `png_set_tRNS` sets `png_ptr->trans_alpha = info_ptr->trans_alpha` (256-byte buffer) and `png_set_PLTE` sets `info_ptr->palette = png_ptr->palette` (768-byte buffer). In both cases, calling `png_free_data` (with `PNG_FREE_TRNS` or `PNG_FREE_PLTE`) frees the buffer through `info_ptr` while the corresponding `png_ptr` pointer remains dangling. Subsequent row-transform functions dereference and, in some code paths, write to the freed memory. A second call to `png_set_tRNS` or `png_set_PLTE` has the same effect, because both functions call `png_free_data` internally before reallocating the `info_ptr` buffer. Version 1.6.56 fixes the issue.

 NOTE: https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7jNOTE:
 https://github.com/pnggroup/libpng/pull/824NOTE: Fixed by:
 https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb (v1.6.56)NOTE: Fixed by: https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25 (v1.6.56)NOTE:
 Fixed by: https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667 (v1.6.56)NOTE: Fixed by:
 https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1 (v1.6.56) (CVE-2026-33416)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update libpng12' or or 'yum update --advisory ALAS2-2026-3243' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306301

]]> <![CDATA[Amazon Linux 2 : squid, --advisory ALAS2-2026-3242 (ALAS-2026-3242)]]> https://www.tenable.com/plugins/nessus/306300 https://www.tenable.com/plugins/nessus/306300 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306300 with Critical Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of squid installed on the remote host is prior to 3.5.20-17. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3242 advisory.

 Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem _cannot_ be mitigated by denying ICP queries using `icp_access` rules. This bug is fixed in Squid version 7.5.

 NOTE: https://www.openwall.com/lists/oss-security/2026/03/25/3NOTE: Fixed by: https://github.com/squid- cache/squid/commit/703e07d25ca6fa11f52d20bf0bb879e22ab7481b (SQUID_7_5) (CVE-2026-32748)

 Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol.
 This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem _cannot_ be mitigated by denying ICP queries using `icp_access` rules. Version 7.5 contains a patch.

 NOTE: https://www.openwall.com/lists/oss-security/2026/03/25/2NOTE: Fixed by: https://github.com/squid- cache/squid/commit/8a7d42f9d44befb8fcbbb619505587c8de6a1e91 (SQUID_7_5) (CVE-2026-33526)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update squid' or or 'yum update --advisory ALAS2-2026-3242' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306300

]]> <![CDATA[Amazon Linux 2 : amazon-ecr-credential-helper, --advisory ALAS2ECS-2026-103 (ALASECS-2026-103)]]> https://www.tenable.com/plugins/nessus/306299 https://www.tenable.com/plugins/nessus/306299 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306299 with Medium Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.12.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-103 advisory.

 url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
 (CVE-2026-25679)

 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root. (CVE-2026-27139)

 Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value refresh. A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow url= by setting htmlmetacontenturlescape=0. (CVE-2026-27142)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update amazon-ecr-credential-helper' or or 'yum update --advisory ALAS2ECS-2026-103' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306299

]]> <![CDATA[Amazon Linux 2 : libvncserver, --advisory ALAS2-2026-3247 (ALAS-2026-3247)]]> https://www.tenable.com/plugins/nessus/306298 https://www.tenable.com/plugins/nessus/306298 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306298 with Medium Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of libvncserver installed on the remote host is prior to 0.9.9-14. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3247 advisory.

 LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause information disclosure or application crash. Attackers can exploit improper bounds checking in the HandleUltraZipBPP() function by manipulating subrectangle header counts to read beyond the allocated heap buffer.
 (CVE-2026-32853)

 LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote attackers to cause a denial of service by sending specially crafted HTTP requests. Attackers can exploit missing validation of strchr() return values in the CONNECT and GET proxy handling paths to trigger null pointer dereferences and crash the server when httpd and proxy features are enabled. (CVE-2026-32854)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update libvncserver' or or 'yum update --advisory ALAS2-2026-3247' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306298

]]> <![CDATA[Amazon Linux 2 : oci-add-hooks, --advisory ALAS2NITRO-ENCLAVES-2026-096 (ALASNITRO-ENCLAVES-2026-096)]]> https://www.tenable.com/plugins/nessus/306297 https://www.tenable.com/plugins/nessus/306297 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306297 with Medium Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of oci-add-hooks installed on the remote host is prior to 0-0.8.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-096 advisory.

 url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
 (CVE-2026-25679)

 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root. (CVE-2026-27139)

 Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value refresh. A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow url= by setting htmlmetacontenturlescape=0. (CVE-2026-27142)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update oci-add-hooks' or or 'yum update --advisory ALAS2NITRO-ENCLAVES-2026-096' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306297

]]> <![CDATA[Amazon Linux 2 : rust, --advisory ALAS2-2026-3246 (ALAS-2026-3246)]]> https://www.tenable.com/plugins/nessus/306296 https://www.tenable.com/plugins/nessus/306296 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306296 with Medium Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of rust installed on the remote host is prior to 1.94.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3246 advisory.

 A flaw in the gix-date library can generate invalid non-UTF8 strings, leading to undefined behavior when processed. The most likely impact from a successful attack is to data integrity, by the malicious data being able to corrupt data being hold in memory and to system availability as it eventually may lead to the software using the gix_date library to crash. (CVE-2026-0810)

 tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the case where it was different from the base header. This is almost the inverse of the astral-tokio-tar issue. Any discrepancy in how tar parsers honor file size can be used to create archives that appear differently when unpacked by different archivers. In this case, the tar-rs (Rust tar) crate is an outlier in checking for the header size - other tar parsers (including e.g. Go archive/tar) unconditionally use the PAX size override. This can affect anything that uses the tar crate to parse archives and expects to have a consistent view with other parsers. This issue has been fixed in version 0.4.45. (CVE-2026-33055)

 tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpack_dir function uses fs::metadata() to check whether a path that already exists is a directory. Because fs::metadata() follows symbolic links, a crafted tarball containing a symlink entry followed by a directory entry with the same name causes the crate to treat the symlink target as a valid existing directory -- and subsequently apply chmod to it. This allows an attacker to modify the permissions of arbitrary directories outside the extraction root. This issue has been fixed in version 0.4.45. (CVE-2026-33056)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update rust' or or 'yum update --advisory ALAS2-2026-3246' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306296

]]> <![CDATA[Amazon Linux 2 : openssl11, --advisory ALAS2-2026-3249 (ALAS-2026-3249)]]> https://www.tenable.com/plugins/nessus/306295 https://www.tenable.com/plugins/nessus/306295 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306295 with High Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of openssl11 installed on the remote host is prior to 1.1.1zg-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3249 advisory.

 Potential use-after-free in DANE client code (CVE-2026-28387)

 NULL Pointer Dereference When Processing a Delta CRL

 NOTE: https://openssl-library.org/news/secadv/20260407.txt (CVE-2026-28388)

 Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (CVE-2026-28389)

 Possible NULL dereference when processing CMS KeyTransportRecipientInfo (CVE-2026-28390)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update openssl11' or or 'yum update --advisory ALAS2-2026-3249' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306295

]]> <![CDATA[Amazon Linux 2 : runc, --advisory ALAS2ECS-2026-105 (ALASECS-2026-105)]]> https://www.tenable.com/plugins/nessus/306294 https://www.tenable.com/plugins/nessus/306294 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306294 with Medium Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of runc installed on the remote host is prior to 1.3.4-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-105 advisory.

 url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
 (CVE-2026-25679)

 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root. (CVE-2026-27139)

 Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value refresh. A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow url= by setting htmlmetacontenturlescape=0. (CVE-2026-27142)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update runc' or or 'yum update --advisory ALAS2ECS-2026-105' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306294

]]> <![CDATA[Amazon Linux 2 : containerd, --advisory ALAS2ECS-2026-102 (ALASECS-2026-102)]]> https://www.tenable.com/plugins/nessus/306293 https://www.tenable.com/plugins/nessus/306293 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306293 with Critical Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of containerd installed on the remote host is prior to 2.1.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-102 advisory.

 url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
 (CVE-2026-25679)

 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root. (CVE-2026-27139)

 Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value refresh. A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow url= by setting htmlmetacontenturlescape=0. (CVE-2026-27142)

 gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, deny rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback allow rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific deny rules for canonical paths but allows other requests by default (a fallback allow rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening. (CVE-2026-33186)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update containerd' or or 'yum update --advisory ALAS2ECS-2026-102' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306293

]]> <![CDATA[Amazon Linux 2 : gimp, --advisory ALAS2GIMP-2026-013 (ALASGIMP-2026-013)]]> https://www.tenable.com/plugins/nessus/306292 https://www.tenable.com/plugins/nessus/306292 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306292 with Medium Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of gimp installed on the remote host is prior to 2.8.22-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2GIMP-2026-013 advisory.

 A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP's PCX file loader due to an off- by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible application crash, resulting in a Denial of Service (DoS). (CVE-2026-4887)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update gimp' or or 'yum update --advisory ALAS2GIMP-2026-013' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306292

]]> <![CDATA[Amazon Linux 2 : freerdp, --advisory ALAS2-2026-3238 (ALAS-2026-3238)]]> https://www.tenable.com/plugins/nessus/306291 https://www.tenable.com/plugins/nessus/306291 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306291 with Medium Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of freerdp installed on the remote host is prior to 2.11.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3238 advisory.

 DoS via WINPR_ASSERT in rts_read_auth_verifier_no_checks

 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4v4p-9v5x-hc93 (CVE-2026-33952)

 DoS via WINPR_ASSERT in IMA ADPCM audio decoder (dsp.c:331)

 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8f2g-3q27-6xm5 (CVE-2026-33977)

 Progressive Codec Quant BYTE Underflow - UB + CPU DoS

 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4gfm-4p52-h478 (CVE-2026-33983)

 ClearCodec resize_vbar_entry() Heap OOB Write

 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8469-2xcx-frf6 (CVE-2026-33984)

 ClearCodec Glyph Cache Count Desync - Heap OOB Read

 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x6gr-8p7h-5h85 (CVE-2026-33985)

 H.264 YUV Buffer Dimension Desync - Heap OOB Write

 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h6qw-wxvm-hf97 (CVE-2026-33986)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update freerdp' or or 'yum update --advisory ALAS2-2026-3238' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306291

]]> <![CDATA[Amazon Linux 2 : containerd, --advisory ALAS2DOCKER-2026-104 (ALASDOCKER-2026-104)]]> https://www.tenable.com/plugins/nessus/306290 https://www.tenable.com/plugins/nessus/306290 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306290 with Critical Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of containerd installed on the remote host is prior to 2.1.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-104 advisory.

 url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
 (CVE-2026-25679)

 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root. (CVE-2026-27139)

 Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value refresh. A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow url= by setting htmlmetacontenturlescape=0. (CVE-2026-27142)

 gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, deny rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback allow rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific deny rules for canonical paths but allows other requests by default (a fallback allow rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening. (CVE-2026-33186)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update containerd' or or 'yum update --advisory ALAS2DOCKER-2026-104' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306290

]]> <![CDATA[Amazon Linux 2 : docker, --advisory ALAS2DOCKER-2026-108 (ALASDOCKER-2026-108)]]> https://www.tenable.com/plugins/nessus/306289 https://www.tenable.com/plugins/nessus/306289 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306289 with High Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-108 advisory.

 url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
 (CVE-2026-25679)

 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root. (CVE-2026-27139)

 Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value refresh. A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow url= by setting htmlmetacontenturlescape=0. (CVE-2026-27142)

 gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, deny rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback allow rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific deny rules for canonical paths but allows other requests by default (a fallback allow rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening. (CVE-2026-33186)

 Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a privilege set that differs from the one approved by the user. Plugins that request exactly one privilege are also affected, because no comparison is performed at all. This issue has been patched in version 29.3.1. (CVE-2026-33997)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update docker' or or 'yum update --advisory ALAS2DOCKER-2026-108' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306289

]]> <![CDATA[Amazon Linux 2 : runc, --advisory ALAS2DOCKER-2026-105 (ALASDOCKER-2026-105)]]> https://www.tenable.com/plugins/nessus/306288 https://www.tenable.com/plugins/nessus/306288 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306288 with Medium Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of runc installed on the remote host is prior to 1.3.4-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-105 advisory.

 url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
 (CVE-2026-25679)

 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root. (CVE-2026-27139)

 Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value refresh. A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow url= by setting htmlmetacontenturlescape=0. (CVE-2026-27142)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update runc' or or 'yum update --advisory ALAS2DOCKER-2026-105' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306288

]]> <![CDATA[Amazon Linux 2 : plexus-utils, --advisory ALAS2-2026-3233 (ALAS-2026-3233)]]> https://www.tenable.com/plugins/nessus/306287 https://www.tenable.com/plugins/nessus/306287 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306287 with High Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of plexus-utils installed on the remote host is prior to 3.0.9-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3233 advisory.

 Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus- utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code (CVE-2025-67030)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update plexus-utils' or or 'yum update --advisory ALAS2-2026-3233' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306287

]]> <![CDATA[Amazon Linux 2 : tigervnc, --advisory ALAS2-2026-3231 (ALAS-2026-3231)]]> https://www.tenable.com/plugins/nessus/306286 https://www.tenable.com/plugins/nessus/306286 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306286 with Critical Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of tigervnc installed on the remote host is prior to 1.8.0-24. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3231 advisory.

 In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions. (CVE-2026-34352)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update tigervnc' or or 'yum update --advisory ALAS2-2026-3231' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306286

]]> <![CDATA[Amazon Linux 2 : runfinch-finch, --advisory ALAS2DOCKER-2026-106 (ALASDOCKER-2026-106)]]> https://www.tenable.com/plugins/nessus/306285 https://www.tenable.com/plugins/nessus/306285 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306285 with Critical Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of runfinch-finch installed on the remote host is prior to 1.15.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2026-106 advisory.

 gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, deny rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback allow rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific deny rules for canonical paths but allows other requests by default (a fallback allow rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening. (CVE-2026-33186)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update runfinch-finch' or or 'yum update --advisory ALAS2DOCKER-2026-106' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306285

]]> <![CDATA[Amazon Linux 2 : nerdctl, --advisory ALAS2-2026-3229 (ALAS-2026-3229)]]> https://www.tenable.com/plugins/nessus/306284 https://www.tenable.com/plugins/nessus/306284 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306284 with Critical Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of nerdctl installed on the remote host is prior to 2.2.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3229 advisory.

 url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
 (CVE-2026-25679)

 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root. (CVE-2026-27139)

 Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value refresh. A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow url= by setting htmlmetacontenturlescape=0. (CVE-2026-27142)

 gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, deny rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback allow rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific deny rules for canonical paths but allows other requests by default (a fallback allow rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening. (CVE-2026-33186)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update nerdctl' or or 'yum update --advisory ALAS2-2026-3229' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306284

]]> <![CDATA[Amazon Linux 2 : amazon-cloudwatch-agent, --advisory ALAS2-2026-3248 (ALAS-2026-3248)]]> https://www.tenable.com/plugins/nessus/306283 https://www.tenable.com/plugins/nessus/306283 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306283 with Critical Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of amazon-cloudwatch-agent installed on the remote host is prior to 1.300064.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3248 advisory.

 url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
 (CVE-2026-25679)

 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root. (CVE-2026-27139)

 Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value refresh. A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow url= by setting htmlmetacontenturlescape=0. (CVE-2026-27142)

 gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, deny rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback allow rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific deny rules for canonical paths but allows other requests by default (a fallback allow rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening. (CVE-2026-33186)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update amazon-cloudwatch-agent' or or 'yum update --advisory ALAS2-2026-3248' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306283

]]> <![CDATA[Amazon Linux 2 : perl-XML-Parser, --advisory ALAS2-2026-3230 (ALAS-2026-3230)]]> https://www.tenable.com/plugins/nessus/306282 https://www.tenable.com/plugins/nessus/306282 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306282 with Critical Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of perl-XML-Parser installed on the remote host is prior to 2.41-10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3230 advisory.

 XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes.

 A :utf8 PerlIO layer, parse_stream() in Expat.xs could overflow the XML input buffer because Perl's read() returns decoded characters while SvPV() gives back multi-byte UTF-8 bytes that can exceed the pre- allocated buffer size. This can cause heap corruption (double free or corruption) and crashes.
 (CVE-2006-10002)

 XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack.

 In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer.

 The bug can be observed when parsing an XML file with very deep element nesting (CVE-2006-10003)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update perl-XML-Parser' or or 'yum update --advisory ALAS2-2026-3230' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306282

]]> <![CDATA[Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3241 (ALAS-2026-3241)]]> https://www.tenable.com/plugins/nessus/306281 https://www.tenable.com/plugins/nessus/306281 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306281 with Critical Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of thunderbird installed on the remote host is prior to 140.9.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3241 advisory.

 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer between `png_struct` and `png_info`, sharing a single allocation across two structs with independent lifetimes. The `trans_alpha` aliasing has been present since at least libpng 1.0, and the `palette` aliasing since at least 1.2.1. Both affect all prior release lines `png_set_tRNS` sets `png_ptr->trans_alpha = info_ptr->trans_alpha` (256-byte buffer) and `png_set_PLTE` sets `info_ptr->palette = png_ptr->palette` (768-byte buffer). In both cases, calling `png_free_data` (with `PNG_FREE_TRNS` or `PNG_FREE_PLTE`) frees the buffer through `info_ptr` while the corresponding `png_ptr` pointer remains dangling. Subsequent row-transform functions dereference and, in some code paths, write to the freed memory. A second call to `png_set_tRNS` or `png_set_PLTE` has the same effect, because both functions call `png_free_data` internally before reallocating the `info_ptr` buffer. Version 1.6.56 fixes the issue.

 NOTE: https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7jNOTE:
 https://github.com/pnggroup/libpng/pull/824NOTE: Fixed by:
 https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb (v1.6.56)NOTE: Fixed by: https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25 (v1.6.56)NOTE:
 Fixed by: https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667 (v1.6.56)NOTE: Fixed by:
 https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1 (v1.6.56) (CVE-2026-33416)

 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit paletted rows to RGB or RGBA, the Neon loop processes a final partial chunk without verifying that enough input pixels remain. Because the implementation works backward from the end of the row, the final iteration dereferences pointers before the start of the row buffer (OOB read) and writes expanded pixel data to the same underflowed positions (OOB write). This is reachable via normal decoding of attacker-controlled PNG input if Neon is enabled. Version 1.6.56 fixes the issue.

 NOTE: https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2NOTE: Introduced with:
 https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869 (v1.6.36)NOTE: Fixed by: https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3 (v1.6.56) (CVE-2026-33636)

 Spoofing issue in Thunderbird. This vulnerability affects Thunderbird < 149 and Thunderbird < 140.9.
 (CVE-2026-3889)

 A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability affects Thunderbird < 149 and Thunderbird < 140.9. (CVE-2026-4371)

 Race condition, use-after-free in the Graphics: WebRender component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4684)

 Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4685)

 Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4686)

 Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4687)

 Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4688)

 Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4689)

 Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4690)

 Use-after-free in the CSS Parsing and Computation component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4691)

 Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4692)

 Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4693)

 Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4694)

 Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4695)

 Use-after-free in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4696)

 Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4697)

 JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4698)

 Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4699)

 Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4700)

 Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4701)

 JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4702)

 Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4704)

 Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4705)

 Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4706)

 Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4707)

 Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4708)

 Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4709)

 Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4710)

 Use-after-free in the Widget: Cocoa component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4711)

 Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4712)

 Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4713)

 Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4714)

 Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4715)

 Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4716)

 Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4717)

 Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4718)

 Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4719)

 Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148.
 Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4720)

 Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4721)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update thunderbird' or or 'yum update --advisory ALAS2-2026-3241' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306281

]]> <![CDATA[Amazon Linux 2 : python3, --advisory ALAS2-2026-3228 (ALAS-2026-3228)]]> https://www.tenable.com/plugins/nessus/306280 https://www.tenable.com/plugins/nessus/306280 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306280 with High Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3228 advisory.

 The tarfile module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.
 (CVE-2025-13462)

 pkgutil.get_data() did not validate the resource argument as documented, allowing path traversals.
 (CVE-2026-3479)

 The webbrowser.open() API would accept leading dashes in the URL whichcould be handled as command line options for certain web browsers. Newbehavior rejects leading dashes. Users are recommended to sanitize URLsprior to passing to webbrowser.open(). (CVE-2026-4519)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update python3' or or 'yum update --advisory ALAS2-2026-3228' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306280

]]> <![CDATA[Amazon Linux 2 : gdk-pixbuf2, --advisory ALAS2-2026-3240 (ALAS-2026-3240)]]> https://www.tenable.com/plugins/nessus/306279 https://www.tenable.com/plugins/nessus/306279 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306279 with High Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of gdk-pixbuf2 installed on the remote host is prior to 2.36.12-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3240 advisory.

 A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.
 (CVE-2026-5201)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update gdk-pixbuf2' or or 'yum update --advisory ALAS2-2026-3240' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306279

]]> <![CDATA[Amazon Linux 2 : freerdp, --advisory ALAS2-2026-3239 (ALAS-2026-3239)]]> https://www.tenable.com/plugins/nessus/306278 https://www.tenable.com/plugins/nessus/306278 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306278 with Critical Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of freerdp installed on the remote host is prior to 2.11.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3239 advisory.

 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap buffer overflow occurs in the FreeRDP client's AVC420/AVC444 YUV-to-RGB conversion path due to missing horizontal bounds validation of H.264 metablock regionRects coordinates. In yuv.c, the clamp() function (line 347) only validates top/bottom against the surface/YUV height, but never checks left/right against the surface width. When avc420_yuv_to_rgb (line 67) computes destination and source pointers using rect->left, it performs unchecked pointer arithmetic that can reach far beyond the allocated surface buffer. A malicious server sends a WIRE_TO_SURFACE_PDU_1 with AVC420 codec containing a regionRects entry where left greatly exceeds the surface width (e.g., left=60000 on a 128px surface). The H.264 bitstream decodes successfully, then yuv420_process_work_callback calls avc420_yuv_to_rgb which computes pDstPoint = pDstData + rect->top * nDstStep + rect->left * 4, writing 16-byte SSE vectors 1888+ bytes past the allocated heap region. This vulnerability is fixed in 3.24.0. (CVE-2026-29774)

 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap out- of-bounds read/write occurs in FreeRDP's bitmap cache subsystem due to an off-by-one boundary check in bitmap_cache_put. A malicious server can send a CACHE_BITMAP_ORDER (Rev1) with cacheId equal to maxCells, bypassing the guard and accessing cells[] one element past the allocated array. This vulnerability is fixed in 3.24.0. (CVE-2026-29775)

 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, Integer Underflow in update_read_cache_bitmap_order Function of FreeRDP's Core Library This vulnerability is fixed in 3.24.0.
 (CVE-2026-29776)

 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a size_t underflow in the IMA-ADPCM and MS-ADPCM audio decoders leads to heap-buffer-overflow write via the RDPSND audio channel. In libfreerdp/codec/dsp.c, the IMA-ADPCM and MS-ADPCM decoders subtract block header sizes from a size_t variable without checking for underflow. When nBlockAlign (received from the server) is set such that size % block_size == 0 triggers the header parsing at a point where size is smaller than the header (4 or 8 bytes), the subtraction wraps size to ~SIZE_MAX. The while (size > 0) loop then continues for an astronomical number of iterations. This vulnerability is fixed in 3.24.0. (CVE-2026-31883)

 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, division by zero in MS- ADPCM and IMA-ADPCM decoders when nBlockAlign is 0, leading to a crash. In libfreerdp/codec/dsp.c, both ADPCM decoders use size % block_size where block_size = context->common.format.nBlockAlign. The nBlockAlign value comes from the Server Audio Formats PDU on the RDPSND channel. The value 0 is not validated anywhere before reaching the decoder. When nBlockAlign = 0, the modulo operation causes a SIGFPE (floating point exception) crash. This vulnerability is fixed in 3.24.0. (CVE-2026-31884)

 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of- bounds read in MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and step_index values from input data. This vulnerability is fixed in 3.24.0. (CVE-2026-31885)

 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of- bounds read in freerdp_bitmap_decompress_planar when SrcSize is 0. The function dereferences *srcp (which points to pSrcData) without first verifying that SrcSize >= 1. When SrcSize is 0 and pSrcData is non-NULL, this reads one byte past the end of the source buffer. This vulnerability is fixed in 3.24.0.
 (CVE-2026-31897)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update freerdp' or or 'yum update --advisory ALAS2-2026-3239' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306278

]]> <![CDATA[Amazon Linux 2 : docker, --advisory ALAS2ECS-2026-106 (ALASECS-2026-106)]]> https://www.tenable.com/plugins/nessus/306277 https://www.tenable.com/plugins/nessus/306277 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306277 with High Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-106 advisory.

 url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
 (CVE-2026-25679)

 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root. (CVE-2026-27139)

 Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value refresh. A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow url= by setting htmlmetacontenturlescape=0. (CVE-2026-27142)

 gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, deny rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback allow rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific deny rules for canonical paths but allows other requests by default (a fallback allow rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening. (CVE-2026-33186)

 Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a privilege set that differs from the one approved by the user. Plugins that request exactly one privilege are also affected, because no comparison is performed at all. This issue has been patched in version 29.3.1. (CVE-2026-33997)

 Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1. (CVE-2026-34040)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update docker' or or 'yum update --advisory ALAS2ECS-2026-106' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306277

]]> <![CDATA[Amazon Linux 2 : nginx, --advisory ALAS2NGINX1-2026-011 (ALASNGINX1-2026-011)]]> https://www.tenable.com/plugins/nessus/306276 https://www.tenable.com/plugins/nessus/306276 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306276 with High Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of nginx installed on the remote host is prior to 1.28.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NGINX1-2026-011 advisory.

 When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP authentication is enabled, and (2) the authentication server permits retry by returning the Auth-Wait response header. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. (CVE-2026-27651)

 NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names outside the document root. This issue affects NGINX Open Source and NGINX Plus when the configuration file uses DAV module MOVE or COPY methods, prefix location (nonregular expression location configuration), and alias directives. The integrity impact is constrained because the NGINX worker process user has low privileges and does not have access to the entire system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. (CVE-2026-27654)

 The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects 32-bit NGINX Open Source if it is built with the ngx_http_mp4_module module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted MP4 file with the ngx_http_mp4_module module.

 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
 (CVE-2026-27784)

 NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation. Note:
 Software versions which have reached End of Technical Support (EoTS) are not evaluated. (CVE-2026-28753)

 NGINX Plus and NGINX Open Source have a vulnerability in the ngx_stream_ssl_module module due to the improper handling of revoked certificates when configured with the ssl_verify_client on and ssl_ocsp on directives, allowing the TLS handshake to succeed even after an OCSP check identifies the certificate as revoked.

 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
 (CVE-2026-28755)

 NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially crafted MP4 file. This issue affects NGINX Open Source and NGINX Plus if it is built with the ngx_http_mp4_module module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted MP4 file with the ngx_http_mp4_module module.

 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
 (CVE-2026-32647)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update nginx' or or 'yum update --advisory ALAS2NGINX1-2026-011' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306276

]]> <![CDATA[Amazon Linux 2 : oci-add-hooks, --advisory ALAS2DOCKER-2026-110 (ALASDOCKER-2026-110)]]> https://www.tenable.com/plugins/nessus/306275 https://www.tenable.com/plugins/nessus/306275 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306275 with Medium Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of oci-add-hooks installed on the remote host is prior to 0-0.8.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-110 advisory.

 url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
 (CVE-2026-25679)

 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root. (CVE-2026-27139)

 Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value refresh. A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow url= by setting htmlmetacontenturlescape=0. (CVE-2026-27142)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update oci-add-hooks' or or 'yum update --advisory ALAS2DOCKER-2026-110' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306275

]]> <![CDATA[Amazon Linux 2 : amazon-ecr-credential-helper, --advisory ALAS2NITRO-ENCLAVES-2026-095 (ALASNITRO-ENCLAVES-2026-095)]]> https://www.tenable.com/plugins/nessus/306274 https://www.tenable.com/plugins/nessus/306274 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306274 with Medium Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.12.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-095 advisory.

 url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
 (CVE-2026-25679)

 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root. (CVE-2026-27139)

 Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value refresh. A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow url= by setting htmlmetacontenturlescape=0. (CVE-2026-27142)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update amazon-ecr-credential-helper' or or 'yum update --advisory ALAS2NITRO-ENCLAVES-2026-095' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306274

]]> <![CDATA[Amazon Linux 2 : python, --advisory ALAS2-2026-3227 (ALAS-2026-3227)]]> https://www.tenable.com/plugins/nessus/306273 https://www.tenable.com/plugins/nessus/306273 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306273 with High Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3227 advisory.

 The tarfile module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.
 (CVE-2025-13462)

 pkgutil.get_data() did not validate the resource argument as documented, allowing path traversals.
 (CVE-2026-3479)

 The webbrowser.open() API would accept leading dashes in the URL whichcould be handled as command line options for certain web browsers. Newbehavior rejects leading dashes. Users are recommended to sanitize URLsprior to passing to webbrowser.open(). (CVE-2026-4519)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update python' or or 'yum update --advisory ALAS2-2026-3227' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306273

]]> <![CDATA[Amazon Linux 2 : soci-snapshotter, --advisory ALAS2DOCKER-2026-107 (ALASDOCKER-2026-107)]]> https://www.tenable.com/plugins/nessus/306272 https://www.tenable.com/plugins/nessus/306272 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306272 with Critical Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of soci-snapshotter installed on the remote host is prior to 0.13.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-107 advisory.

 url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
 (CVE-2026-25679)

 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root. (CVE-2026-27139)

 Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value refresh. A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow url= by setting htmlmetacontenturlescape=0. (CVE-2026-27142)

 gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, deny rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback allow rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific deny rules for canonical paths but allows other requests by default (a fallback allow rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening. (CVE-2026-33186)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update soci-snapshotter' or or 'yum update --advisory ALAS2DOCKER-2026-107' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306272

]]> <![CDATA[Amazon Linux 2 : amazon-ecr-credential-helper, --advisory ALAS2DOCKER-2026-109 (ALASDOCKER-2026-109)]]> https://www.tenable.com/plugins/nessus/306271 https://www.tenable.com/plugins/nessus/306271 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306271 with Medium Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.12.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-109 advisory.

 url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
 (CVE-2026-25679)

 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root. (CVE-2026-27139)

 Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value refresh. A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow url= by setting htmlmetacontenturlescape=0. (CVE-2026-27142)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update amazon-ecr-credential-helper' or or 'yum update --advisory ALAS2DOCKER-2026-109' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306271

]]> <![CDATA[Amazon Linux 2 : nghttp2, --advisory ALAS2-2026-3232 (ALAS-2026-3232)]]> https://www.tenable.com/plugins/nessus/306270 https://www.tenable.com/plugins/nessus/306270 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306270 with High Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of nghttp2 installed on the remote host is prior to 1.41.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3232 advisory.

 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application.
 They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available. (CVE-2026-27135)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update nghttp2' or or 'yum update --advisory ALAS2-2026-3232' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306270

]]> <![CDATA[Amazon Linux 2 : ecs-init, --advisory ALAS2ECS-2026-101 (ALASECS-2026-101)]]> https://www.tenable.com/plugins/nessus/306269 https://www.tenable.com/plugins/nessus/306269 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306269 with Critical Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of ecs-init installed on the remote host is prior to 1.102.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-101 advisory.

 url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
 (CVE-2026-25679)

 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root. (CVE-2026-27139)

 Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value refresh. A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow url= by setting htmlmetacontenturlescape=0. (CVE-2026-27142)

 gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, deny rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback allow rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific deny rules for canonical paths but allows other requests by default (a fallback allow rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening. (CVE-2026-33186)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update ecs-init' or or 'yum update --advisory ALAS2ECS-2026-101' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306269

]]> <![CDATA[Amazon Linux 2 : amazon-efs-utils, --advisory ALAS2-2026-3245 (ALAS-2026-3245)]]> https://www.tenable.com/plugins/nessus/306268 https://www.tenable.com/plugins/nessus/306268 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306268 with Critical Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of amazon-efs-utils installed on the remote host is prior to 3.0.0-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3245 advisory.

 time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario.
 A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack. (CVE-2026-25727)

 Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer.

 Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0. (CVE-2026-3336)

 Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis.



 The impacted implementations are through the EVP CIPHER API: EVP_aes_128_ccm, EVP_aes_192_ccm, and EVP_aes_256_ccm.



 Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0. (CVE-2026-3337)

 Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes.



 Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0. (CVE-2026-3338)

 A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate revocation checks.

 To remediate this issue, users should upgrade to AWS-LC 1.71.0 or AWS-LC-FIPS-3.3.0. (CVE-2026-4428)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update amazon-efs-utils' or or 'yum update --advisory ALAS2-2026-3245' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306268

]]> <![CDATA[Amazon Linux 2 : compat-libtiff3, --advisory ALAS2-2026-3234 (ALAS-2026-3234)]]> https://www.tenable.com/plugins/nessus/306267 https://www.tenable.com/plugins/nessus/306267 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306267 with High Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of compat-libtiff3 installed on the remote host is prior to 3.9.4-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3234 advisory.

 A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution. (CVE-2026-4775)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update compat-libtiff3' or or 'yum update --advisory ALAS2-2026-3234' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306267

]]> <![CDATA[Amazon Linux 2 : docker, --advisory ALAS2NITRO-ENCLAVES-2026-094 (ALASNITRO-ENCLAVES-2026-094)]]> https://www.tenable.com/plugins/nessus/306266 https://www.tenable.com/plugins/nessus/306266 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306266 with High Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-094 advisory.

 url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
 (CVE-2026-25679)

 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root. (CVE-2026-27139)

 Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value refresh. A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow url= by setting htmlmetacontenturlescape=0. (CVE-2026-27142)

 gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, deny rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback allow rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific deny rules for canonical paths but allows other requests by default (a fallback allow rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening. (CVE-2026-33186)

 Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a privilege set that differs from the one approved by the user. Plugins that request exactly one privilege are also affected, because no comparison is performed at all. This issue has been patched in version 29.3.1. (CVE-2026-33997)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update docker' or or 'yum update --advisory ALAS2NITRO-ENCLAVES-2026-094' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306266

]]> <![CDATA[Amazon Linux 2 : runc, --advisory ALAS2NITRO-ENCLAVES-2026-093 (ALASNITRO-ENCLAVES-2026-093)]]> https://www.tenable.com/plugins/nessus/306265 https://www.tenable.com/plugins/nessus/306265 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306265 with Medium Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of runc installed on the remote host is prior to 1.3.4-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-093 advisory.

 url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
 (CVE-2026-25679)

 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root. (CVE-2026-27139)

 Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value refresh. A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow url= by setting htmlmetacontenturlescape=0. (CVE-2026-27142)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update runc' or or 'yum update --advisory ALAS2NITRO-ENCLAVES-2026-093' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306265

]]> <![CDATA[Amazon Linux 2 : libpng, --advisory ALAS2-2026-3244 (ALAS-2026-3244)]]> https://www.tenable.com/plugins/nessus/306264 https://www.tenable.com/plugins/nessus/306264 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306264 with High Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of libpng installed on the remote host is prior to 1.5.13-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3244 advisory.

 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer between `png_struct` and `png_info`, sharing a single allocation across two structs with independent lifetimes. The `trans_alpha` aliasing has been present since at least libpng 1.0, and the `palette` aliasing since at least 1.2.1. Both affect all prior release lines `png_set_tRNS` sets `png_ptr->trans_alpha = info_ptr->trans_alpha` (256-byte buffer) and `png_set_PLTE` sets `info_ptr->palette = png_ptr->palette` (768-byte buffer). In both cases, calling `png_free_data` (with `PNG_FREE_TRNS` or `PNG_FREE_PLTE`) frees the buffer through `info_ptr` while the corresponding `png_ptr` pointer remains dangling. Subsequent row-transform functions dereference and, in some code paths, write to the freed memory. A second call to `png_set_tRNS` or `png_set_PLTE` has the same effect, because both functions call `png_free_data` internally before reallocating the `info_ptr` buffer. Version 1.6.56 fixes the issue.

 NOTE: https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7jNOTE:
 https://github.com/pnggroup/libpng/pull/824NOTE: Fixed by:
 https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb (v1.6.56)NOTE: Fixed by: https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25 (v1.6.56)NOTE:
 Fixed by: https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667 (v1.6.56)NOTE: Fixed by:
 https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1 (v1.6.56) (CVE-2026-33416)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update libpng' or or 'yum update --advisory ALAS2-2026-3244' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306264

]]> <![CDATA[Amazon Linux 2 : oci-add-hooks, --advisory ALAS2ECS-2026-104 (ALASECS-2026-104)]]> https://www.tenable.com/plugins/nessus/306263 https://www.tenable.com/plugins/nessus/306263 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306263 with Medium Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of oci-add-hooks installed on the remote host is prior to 0-0.8.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-104 advisory.

 url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
 (CVE-2026-25679)

 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root. (CVE-2026-27139)

 Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value refresh. A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow url= by setting htmlmetacontenturlescape=0. (CVE-2026-27142)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update oci-add-hooks' or or 'yum update --advisory ALAS2ECS-2026-104' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306263

]]> <![CDATA[Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2026-056 (ALASFIREFOX-2026-056)]]> https://www.tenable.com/plugins/nessus/306262 https://www.tenable.com/plugins/nessus/306262 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306262 with Critical Severity

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of firefox installed on the remote host is prior to 140.9.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2026-056 advisory.

 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer between `png_struct` and `png_info`, sharing a single allocation across two structs with independent lifetimes. The `trans_alpha` aliasing has been present since at least libpng 1.0, and the `palette` aliasing since at least 1.2.1. Both affect all prior release lines `png_set_tRNS` sets `png_ptr->trans_alpha = info_ptr->trans_alpha` (256-byte buffer) and `png_set_PLTE` sets `info_ptr->palette = png_ptr->palette` (768-byte buffer). In both cases, calling `png_free_data` (with `PNG_FREE_TRNS` or `PNG_FREE_PLTE`) frees the buffer through `info_ptr` while the corresponding `png_ptr` pointer remains dangling. Subsequent row-transform functions dereference and, in some code paths, write to the freed memory. A second call to `png_set_tRNS` or `png_set_PLTE` has the same effect, because both functions call `png_free_data` internally before reallocating the `info_ptr` buffer. Version 1.6.56 fixes the issue.

 NOTE: https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7jNOTE:
 https://github.com/pnggroup/libpng/pull/824NOTE: Fixed by:
 https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb (v1.6.56)NOTE: Fixed by: https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25 (v1.6.56)NOTE:
 Fixed by: https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667 (v1.6.56)NOTE: Fixed by:
 https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1 (v1.6.56) (CVE-2026-33416)

 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit paletted rows to RGB or RGBA, the Neon loop processes a final partial chunk without verifying that enough input pixels remain. Because the implementation works backward from the end of the row, the final iteration dereferences pointers before the start of the row buffer (OOB read) and writes expanded pixel data to the same underflowed positions (OOB write). This is reachable via normal decoding of attacker-controlled PNG input if Neon is enabled. Version 1.6.56 fixes the issue.

 NOTE: https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2NOTE: Introduced with:
 https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869 (v1.6.36)NOTE: Fixed by: https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3 (v1.6.56) (CVE-2026-33636)

 Race condition, use-after-free in the Graphics: WebRender component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4684)

 Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4685)

 Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4686)

 Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4687)

 Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4688)

 Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4689)

 Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4690)

 Use-after-free in the CSS Parsing and Computation component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4691)

 Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4692)

 Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4693)

 Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4694)

 Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4695)

 Use-after-free in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4696)

 Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4697)

 JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4698)

 Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4699)

 Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4700)

 Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4701)

 JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4702)

 Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4704)

 Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4705)

 Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4706)

 Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4707)

 Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4708)

 Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4709)

 Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4710)

 Use-after-free in the Widget: Cocoa component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4711)

 Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4712)

 Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4713)

 Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4714)

 Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4715)

 Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4716)

 Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4717)

 Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4718)

 Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4719)

 Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148.
 Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4720)

 Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4721)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update firefox' or or 'yum update --advisory ALAS2FIREFOX-2026-056' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306262

]]> <![CDATA[Ubuntu 20.04 LTS / 22.04 LTS : kvmtool vulnerabilities (USN-8172-1)]]> https://www.tenable.com/plugins/nessus/306261 https://www.tenable.com/plugins/nessus/306261 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306261 with High Severity

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8172-1 advisory.

 It was discovered that kvmtool did not properly manage memory under certain circumstances. A malicious guest attacker could use this issue to cause kvmtool to crash, leading to a denial of service, or possibly execute arbitrary code on the host system. (CVE-2021-45464)

 It was discovered that kvmtool incorrectly handled the 9p passthrough file system. A malicious guest attacker could possibly use this issue to open special files, escape the exported 9p tree, and execute arbitrary code on the host system. (CVE-2023-2861)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kvmtool package.

Read more at https://www.tenable.com/plugins/nessus/306261

]]> <![CDATA[Ubuntu 22.04 LTS / 25.10 : xdg-dbus-proxy vulnerability (USN-8167-1)]]> https://www.tenable.com/plugins/nessus/306260 https://www.tenable.com/plugins/nessus/306260 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306260 with Medium Severity

Synopsis

The remote Ubuntu host is missing a security update.

Description

The remote Ubuntu 22.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8167-1 advisory.

 It was discovered that xdg-dbus-proxy incorrectly handled eavesdropping in policy rules. A local attacker could possibly use this issue to intercept certain D-Bus messages.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected xdg-dbus-proxy and / or xdg-dbus-proxy-tests packages.

Read more at https://www.tenable.com/plugins/nessus/306260

]]> <![CDATA[Ubuntu 22.04 LTS / 25.10 : Rust vulnerability (USN-8168-1)]]> https://www.tenable.com/plugins/nessus/306259 https://www.tenable.com/plugins/nessus/306259 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306259 with Medium Severity

Synopsis

The remote Ubuntu host is missing a security update.

Description

The remote Ubuntu 22.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8168-1 advisory.

 It was discovered that tar-rs embedded in rustc incorrectly handled symlinks when unpacking a tar archive.
 If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to modify permissions of arbitrary directories outside the extraction root, and possibly escalate privileges.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306259

]]> <![CDATA[Ubuntu 14.04 LTS / 20.04 LTS / 22.04 LTS / 25.10 : Vim vulnerabilities (USN-8171-1)]]> https://www.tenable.com/plugins/nessus/306258 https://www.tenable.com/plugins/nessus/306258 Tue, 14 Apr 2026 00:00:00 GMT Nessus Plugin ID 306258 with High Severity

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 14.04 LTS / 20.04 LTS / 22.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8171-1 advisory.

 Nathan Mills discovered that Vim could crash when parsing certain regular expressions. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.10 (CVE-2026-32249)

 It was discovered that Vim did not properly sanitize user input. An attacker could possibly use this issue to execute arbitrary commands. (CVE-2026-33412)

 Avishay Matayev discovered that Vim's modeline sandbox could be bypassed when opening a maliciously- crafted file. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. (CVE-2026-34982)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306258

]]> <![CDATA[Apache Tomcat 9.0.0-M1 < 9.0.116 Multiple Vulnerabilities]]> https://www.tenable.com/plugins/was/115220 https://www.tenable.com/plugins/was/115220 Tue, 14 Apr 2026 00:00:00 GMT Web App Scanning Plugin ID 115220 with High Severity

Synopsis

Apache Tomcat 9.0.0-M1 < 9.0.116 Multiple Vulnerabilities

Description

The version of Apache Tomcat installed on the remote host is 9.0.0-M1 prior to 9.0.116, 10.1.0-M1 prior to 10.1.53 or 11.0.0-M1 prior to 11.0.20. It is, therefore, affected by multiple vulnerabilities :

 - The EncryptInterceptor used CBC by default which is vulnerable to a padding Oracle attack. (CVE-2026-29146)

 - The validation of SNI name and host name did not take account of possible differences in case allowing the strict SNI checks to be bypassed. This is an incomplete fix for CVE-2025-66614. (CVE-2026-32990)

 - CLIENT_CERT authentication did not fail OCSP checks as expected for some scenarios when soft fail was disabled. (CVE-2026-29145)

 - The addition of the ability to configure TLS 1.3 cipher suites did not preserve the order of the configured cipher suites and ciphers. (CVE-2026-29129)

 - When a Tomcat node in a cluster with the LoadBalancerDrainingValve was in the disabled (draining) state, a specially crafted URL could be used to trigger a redirect to a URI of the attacker's choice. (CVE-2026-25854)

 - Tomcat did not validate the contents of HTTP/1.1 chunk extensions. This enabled a request smuggling attack if a reverse proxy in front of Tomcat allowed CRLF sequences in an otherwise valid chunk extension. (CVE-2026-24880)

Note that the scanner has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Apache Tomcat version 9.0.116 or later.

Read more at https://www.tenable.com/plugins/was/115220

]]> <![CDATA[Apache Tomcat 10.1.0-M1 < 10.1.53 Multiple Vulnerabilities]]> https://www.tenable.com/plugins/was/115219 https://www.tenable.com/plugins/was/115219 Tue, 14 Apr 2026 00:00:00 GMT Web App Scanning Plugin ID 115219 with High Severity

Synopsis

Apache Tomcat 10.1.0-M1 < 10.1.53 Multiple Vulnerabilities

Description

The version of Apache Tomcat installed on the remote host is 9.0.0-M1 prior to 9.0.116, 10.1.0-M1 prior to 10.1.53 or 11.0.0-M1 prior to 11.0.20. It is, therefore, affected by multiple vulnerabilities :

 - The EncryptInterceptor used CBC by default which is vulnerable to a padding Oracle attack. (CVE-2026-29146)

 - The validation of SNI name and host name did not take account of possible differences in case allowing the strict SNI checks to be bypassed. This is an incomplete fix for CVE-2025-66614. (CVE-2026-32990)

 - CLIENT_CERT authentication did not fail OCSP checks as expected for some scenarios when soft fail was disabled. (CVE-2026-29145)

 - The addition of the ability to configure TLS 1.3 cipher suites did not preserve the order of the configured cipher suites and ciphers. (CVE-2026-29129)

 - When a Tomcat node in a cluster with the LoadBalancerDrainingValve was in the disabled (draining) state, a specially crafted URL could be used to trigger a redirect to a URI of the attacker's choice. (CVE-2026-25854)

 - Tomcat did not validate the contents of HTTP/1.1 chunk extensions. This enabled a request smuggling attack if a reverse proxy in front of Tomcat allowed CRLF sequences in an otherwise valid chunk extension. (CVE-2026-24880)

Note that the scanner has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Apache Tomcat version 10.1.53 or later.

Read more at https://www.tenable.com/plugins/was/115219

]]> <![CDATA[Apache Tomcat 11.0.0-M1 < 11.0.20 Multiple Vulnerabilities]]> https://www.tenable.com/plugins/was/115218 https://www.tenable.com/plugins/was/115218 Tue, 14 Apr 2026 00:00:00 GMT Web App Scanning Plugin ID 115218 with High Severity

Synopsis

Apache Tomcat 11.0.0-M1 < 11.0.20 Multiple Vulnerabilities

Description

The version of Apache Tomcat installed on the remote host is 9.0.0-M1 prior to 9.0.116, 10.1.0-M1 prior to 10.1.53 or 11.0.0-M1 prior to 11.0.20. It is, therefore, affected by multiple vulnerabilities :

 - The EncryptInterceptor used CBC by default which is vulnerable to a padding Oracle attack. (CVE-2026-29146)

 - The validation of SNI name and host name did not take account of possible differences in case allowing the strict SNI checks to be bypassed. This is an incomplete fix for CVE-2025-66614. (CVE-2026-32990)

 - CLIENT_CERT authentication did not fail OCSP checks as expected for some scenarios when soft fail was disabled. (CVE-2026-29145)

 - The addition of the ability to configure TLS 1.3 cipher suites did not preserve the order of the configured cipher suites and ciphers. (CVE-2026-29129)

 - When a Tomcat node in a cluster with the LoadBalancerDrainingValve was in the disabled (draining) state, a specially crafted URL could be used to trigger a redirect to a URI of the attacker's choice. (CVE-2026-25854)

 - Tomcat did not validate the contents of HTTP/1.1 chunk extensions. This enabled a request smuggling attack if a reverse proxy in front of Tomcat allowed CRLF sequences in an otherwise valid chunk extension. (CVE-2026-24880)

Note that the scanner has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Apache Tomcat version 11.0.20 or later.

Read more at https://www.tenable.com/plugins/was/115218

]]> <![CDATA[Apache Tomcat 9.0.13 < 9.0.117 Multiple Vulnerabilities]]> https://www.tenable.com/plugins/was/115217 https://www.tenable.com/plugins/was/115217 Tue, 14 Apr 2026 00:00:00 GMT Web App Scanning Plugin ID 115217 with High Severity

Synopsis

Apache Tomcat 9.0.13 < 9.0.117 Multiple Vulnerabilities

Description

The version of Apache Tomcat installed on the remote host is 9.0.13 prior to 9.0.117, 10.1.0-M1 prior to 10.1.54 or 11.0.0-M1 prior to 11.0.21. It is, therefore, affected by multiple vulnerabilities :

 - An error in the fix for CVE-2026-29146 allowed the EncryptInterceptor to be bypassed. (CVE-2026-34486)

 - CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used. (CVE-2026-34500)

 - The cloud membership for clustering component exposed the Kubernetes bearer token in log messages. (CVE-2026-34487)

 - Incomplete escaping when non-default values were used for the Connector attributes relaxedPathChars and/or relaxedQueryChars allowed the injection of arbitrary JSON into the JSON access log. (CVE-2026-34483)

Note that the scanner has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Apache Tomcat version 9.0.117 or later.

Read more at https://www.tenable.com/plugins/was/115217

]]> <![CDATA[Apache Tomcat 10.1.0-M1 < 10.1.54 Multiple Vulnerabilities]]> https://www.tenable.com/plugins/was/115216 https://www.tenable.com/plugins/was/115216 Tue, 14 Apr 2026 00:00:00 GMT Web App Scanning Plugin ID 115216 with High Severity

Synopsis

Apache Tomcat 10.1.0-M1 < 10.1.54 Multiple Vulnerabilities

Description

The version of Apache Tomcat installed on the remote host is 9.0.13 prior to 9.0.117, 10.1.0-M1 prior to 10.1.54 or 11.0.0-M1 prior to 11.0.21. It is, therefore, affected by multiple vulnerabilities :

 - An error in the fix for CVE-2026-29146 allowed the EncryptInterceptor to be bypassed. (CVE-2026-34486)

 - CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used. (CVE-2026-34500)

 - The cloud membership for clustering component exposed the Kubernetes bearer token in log messages. (CVE-2026-34487)

 - Incomplete escaping when non-default values were used for the Connector attributes relaxedPathChars and/or relaxedQueryChars allowed the injection of arbitrary JSON into the JSON access log. (CVE-2026-34483)

Note that the scanner has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Apache Tomcat version 10.1.54 or later.

Read more at https://www.tenable.com/plugins/was/115216

]]> <![CDATA[Apache Tomcat 11.0.0-M1 < 11.0.21 Multiple Vulnerabilities]]> https://www.tenable.com/plugins/was/115215 https://www.tenable.com/plugins/was/115215 Tue, 14 Apr 2026 00:00:00 GMT Web App Scanning Plugin ID 115215 with High Severity

Synopsis

Apache Tomcat 11.0.0-M1 < 11.0.21 Multiple Vulnerabilities

Description

The version of Apache Tomcat installed on the remote host is 9.0.13 prior to 9.0.117, 10.1.0-M1 prior to 10.1.54 or 11.0.0-M1 prior to 11.0.21. It is, therefore, affected by multiple vulnerabilities :

 - An error in the fix for CVE-2026-29146 allowed the EncryptInterceptor to be bypassed. (CVE-2026-34486)

 - CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used. (CVE-2026-34500)

 - The cloud membership for clustering component exposed the Kubernetes bearer token in log messages. (CVE-2026-34487)

 - Incomplete escaping when non-default values were used for the Connector attributes relaxedPathChars and/or relaxedQueryChars allowed the injection of arbitrary JSON into the JSON access log. (CVE-2026-34483)

Note that the scanner has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Apache Tomcat version 11.0.21 or later.

Read more at https://www.tenable.com/plugins/was/115215

]]> <![CDATA[Axios < 1.15.0 Header Injection]]> https://www.tenable.com/plugins/was/115214 https://www.tenable.com/plugins/was/115214 Tue, 14 Apr 2026 00:00:00 GMT Web App Scanning Plugin ID 115214 with Critical Severity

Synopsis

Axios < 1.15.0 Header Injection

Description

According to its self-reported version number, the Axios application running on the remote host is prior to 1.15.0. It is, therefore, affected by a Header Injection vulnerability.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Axios version 1.15.0 or later.

Read more at https://www.tenable.com/plugins/was/115214

]]> <![CDATA[Fortinet Forticlient EMS 7.4.5 < 7.4.7 Improper Access Control]]> https://www.tenable.com/plugins/was/115213 https://www.tenable.com/plugins/was/115213 Tue, 14 Apr 2026 00:00:00 GMT Web App Scanning Plugin ID 115213 with Critical Severity

Synopsis

Fortinet Forticlient EMS 7.4.5 < 7.4.7 Improper Access Control

Description

According to its banner, the version of Fortinet Forticlient EMS running on the remote host is 7.4.5 prior to 7.4.7. It is, therefore, affected by an Improper Access Control that may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Fortinet FortiClientEMS version 7.4.7 or later.

Read more at https://www.tenable.com/plugins/was/115213

]]> <![CDATA[Eaton Discontinued Devices Detection]]> https://www.tenable.com/plugins/ot/505318 https://www.tenable.com/plugins/ot/505318 Mon, 13 Apr 2026 00:00:00 GMT Tenable OT Security Plugin ID 505318 with High Severity

Synopsis

Detection of Eaton devices that are discontinued and no longer supported.

Description

The current plugin identifies Eaton devices that are currently discontinued.
Eaton Lifecycle Statuses:
 - Active: Most current offering within a product category.
 - End of Life: Discontinued date announced - actively execute migrations and last time buys.
Product generally orderable until the discontinued date.
 - Discontinued: Product no longer manufactured or procured. Repair/exchange services may be available.

Solution

Migrate to a product that is actively supported.

Read more at https://www.tenable.com/plugins/ot/505318

]]> <![CDATA[Eaton End-of-Life Devices Detection]]> https://www.tenable.com/plugins/ot/505317 https://www.tenable.com/plugins/ot/505317 Mon, 13 Apr 2026 00:00:00 GMT Tenable OT Security Plugin ID 505317 with Medium Severity

Synopsis

Detection of Eaton devices that are still supported but have a discontinued date announced.

Description

The current plugin identifies Eaton devices that are end-of-life, i.e., still supported but have a discontinued date announced.
Eaton Lifecycle Statuses:
 - Active: Most current offering within a product category.
 - End of Life: Discontinued date announced - actively execute migrations and last time buys.
Product generally orderable until the discontinued date.
 - Discontinued: Product no longer manufactured or procured. Repair/exchange services may be available.

Solution

Plan and initiate the transition to an actively supported product before the discontinuation date.

Read more at https://www.tenable.com/plugins/ot/505317

]]> <![CDATA[Eaton Active Devices Detection]]> https://www.tenable.com/plugins/ot/505316 https://www.tenable.com/plugins/ot/505316 Mon, 13 Apr 2026 00:00:00 GMT Tenable OT Security Plugin ID 505316 with Info Severity

Synopsis

Detection of active Eaton devices.

Description

The current plugin identifies Eaton devices that are still under active support.
Eaton Lifecycle Statuses:
 - Active: Most current offering within a product category.
 - End of Life: Discontinued date announced - actively execute migrations and last time buys.
Product generally orderable until the discontinued date.
 - Discontinued: Product no longer manufactured or procured. Repair/exchange services may be available.

Solution

null

Read more at https://www.tenable.com/plugins/ot/505316

]]> <![CDATA[RockyLinux 9 : nodejs:20 (RLSA-2026:7896)]]> https://www.tenable.com/plugins/nessus/306257 https://www.tenable.com/plugins/nessus/306257 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306257 with High Severity

Synopsis

The remote RockyLinux host is missing one or more security updates.

Description

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:7896 advisory.

 * minimatch: minimatch: Denial of Service via specially crafted glob patterns (CVE-2026-26996)

 * minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions (CVE-2026-27904)

 * nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135)

 * Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header (CVE-2026-21710)

Tenable has extracted the preceding description block directly from the RockyLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected nodejs-nodemon, nodejs-packaging and / or nodejs-packaging-bundler packages.

Read more at https://www.tenable.com/plugins/nessus/306257

]]> <![CDATA[Slackware Linux 15.0 / current libarchive Vulnerability (SSA:2026-103-01)]]> https://www.tenable.com/plugins/nessus/306256 https://www.tenable.com/plugins/nessus/306256 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306256 with High Severity

Synopsis

The remote Slackware Linux host is missing a security update to libarchive.

Description

The version of libarchive installed on the remote host is prior to 3.8.7. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-103-01 advisory.

 New libarchive packages are available for Slackware 15.0 and -current to fix security issues.

Tenable has extracted the preceding description block directly from the libarchive security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade the affected libarchive package.

Read more at https://www.tenable.com/plugins/nessus/306256

]]> <![CDATA[Fedora 44 : ImageMagick / LibRaw / OpenImageIO / OpenImageIO2.5 / etc (2026-bef0050737)]]> https://www.tenable.com/plugins/nessus/306255 https://www.tenable.com/plugins/nessus/306255 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306255 with Medium Severity

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 44 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-bef0050737 advisory.

 LibRaw 0.22.1 and rebuilds

 ----

 Release 3.1.12.0 (Apr 1, 2026) -- compared to 3.1.11.0

 oiiotool: Better type understanding with -i:ch= and other cleanup #5056 texture: Fix texture overblur with st-blur parameters #5071 #5080 (by Pascal Lecocq) (3.1.12.0, 3.0.17.0) IBA: Handle offset data windows in fillholes_pushpull #5105 (3.1.12.0, 3.0.17.0) ImageInput: check_open fixes and new validity checks #5087 (3.1.12.0, 3.0.17.0) bmp: Use check_open to guard against corrupt resolutions #5086 (3.1.12.0, 3.0.17.0) heif: Fix invalid read writing 8-bit images with dimensions not a multiple of 64 #5095 (by Brecht Van Lommel) ico: Various validity checks and error handling for corruptions #5088 (3.1.12.0, 3.0.17.0) jpeg: Improved safety and error reporting for jpeg and iptc #5081 jpeg2000: Suppress leak when reading with OpenJPH #5098 psd: Fixes against corrupt files with better validation #5089 (3.1.12.0, 3.0.17.0) rla: Lots of additional validity checking and safety #5094 (3.1.12.0, 3.0.17.0) tiff: Support GPS fields, and other metadata enhancements #5050 tiff: Fix buffer overrun and improve error reporting #5082, fix wrong number of values passed to invert_photometric #5083, check for invalid bit depth in palette images #5091 ImageSpec: metadata_val improved safety #5096 (3.1.12.0, 3.0.17.0) fix: Fix UB-sanitizer warning about alignment #5097 fix: Catch exceptions in print-uncaught-messages destructor #5103 fix: Enhanced exception safety for our use of OpenColorIO #5114 fix: Fix possible fmt exceptions where we might have passed null string #5115 build: Test building with clang 22.1, fix warnings uncovered #5067 build: Improve security by pinning auto-build dependencies by hash #5076 build: Include idiff in the python wheels we build #5104 (3.1.12.0, 3.0.17.0) build(pybind11): Address new pybind11 float/int auto-conversion behavior #5058 build(win): Embed manifest in OIIO executables to enable long path handling #5066 (by Nathan Rusch) ci: Add CI test for MSVS 2026 #5060 (3.1.12.0, 3.0.17.0) ci: For security, replace workflow substitutions with safer env substitutions #5070 ci: Speed up slow benchmarks for debug and sanitizer CI tests #5077 ci: On Mac Intel CI variant, don't install openvdb, for speed #5065 (3.1.12.0, 3.0.17.0) ci: Bump GitHub Actions to latest versions #5078 #5110 #5119 ci: Fix broken Mac CI and wheel building by specifying full compiler paths #5100 #5101 (3.1.12.0, 3.0.17.0) ci: Update certificates to be able to install icc #5122 (3.1.12.0, 3.0.17.0) ci: Turn off nightly workflows for user forks #5042 tests: New ref outputs for tiff-misc, heif no-avif, and ffmpeg 8.1 cases #5075 #5079 #5099 #5112 docs: Update description for dwaCompressionLevel #5074 (by Aamir Raza) docs: Fix formatting examples for version macros #5073 docs: Keep TextureSystem docs in sync with ImageCache #5085 (3.1.12.0, 3.0.17.0) docs: Fix typos and incorrect attribute name in a comment #5093 (3.1.12.0, 3.0.17.0) docs: Fix misstatement about oiiotool --if #5102 (3.1.12.0, 3.0.17.0) admin: Draft policy on use of AI coding assistants #5072 (3.1.12.0, 3.0.17.0) ci: Freetype adjustments #4999

 ----

 Update to 5.1 (#2451401)

 ----

 Update to 5.0 (#2447841)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306255

]]> <![CDATA[Fedora 44 : flatpak (2026-24eedfaa6c)]]> https://www.tenable.com/plugins/nessus/306254 https://www.tenable.com/plugins/nessus/306254 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306254 with High Severity

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-24eedfaa6c advisory.

 Update to 1.17.6


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected flatpak package.

Read more at https://www.tenable.com/plugins/nessus/306254

]]> <![CDATA[RHEL 9 : nodejs:20 (RHSA-2026:7896)]]> https://www.tenable.com/plugins/nessus/306253 https://www.tenable.com/plugins/nessus/306253 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306253 with High Severity

Synopsis

The remote Red Hat host is missing one or more security updates for nodejs:20.

Description

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7896 advisory.

 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

 Security Fix(es):

 * minimatch: minimatch: Denial of Service via specially crafted glob patterns (CVE-2026-26996)

 * minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions (CVE-2026-27904)

 * nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135)

 * Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header (CVE-2026-21710)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL nodejs:20 package based on the guidance in RHSA-2026:7896.

Read more at https://www.tenable.com/plugins/nessus/306253

]]> <![CDATA[RHEL 8 : go-toolset:rhel8 (RHSA-2026:7879)]]> https://www.tenable.com/plugins/nessus/306252 https://www.tenable.com/plugins/nessus/306252 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306252 with High Severity

Synopsis

The remote Red Hat host is missing one or more security updates for go-toolset:rhel8.

Description

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7879 advisory.

 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

 Security Fix(es):

 * cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)

 * net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL go-toolset:rhel8 package based on the guidance in RHSA-2026:7879.

Read more at https://www.tenable.com/plugins/nessus/306252

]]> <![CDATA[Oracle Linux 9 : perl-XML-Parser (ELSA-2026-7679)]]> https://www.tenable.com/plugins/nessus/306251 https://www.tenable.com/plugins/nessus/306251 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306251 with Critical Severity

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-7679 advisory.

 [2.46-9.1.0.1]
 - Add perl(LWP), perl(URI), perl(URI::file) Requires

 [2.46-9.1]
 - Fix CVE-2006-10002, CVE-2006-10003

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected perl-XML-Parser package.

Read more at https://www.tenable.com/plugins/nessus/306251

]]> <![CDATA[Oracle Linux 8 : nodejs:24 (ELSA-2026-7670)]]> https://www.tenable.com/plugins/nessus/306250 https://www.tenable.com/plugins/nessus/306250 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306250 with High Severity

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-7670 advisory.

 nodejs [1:24.14.1-2]
 - Update bundled nghttp2 to 1.68.1 Related: RHEL-151374

 [1:24.14.1-1]
 - Update to 24.14.0 Resolves: RHEL-151374

 nodejs-nodemon [3.0.3-1]
 - Initial import into nodejs:24 module

 nodejs-packaging [2021.06-6]
 - Properly handle @group/package deps in nodejs-symlink-deps Resolves: RHEL-121576

 [2021.06-5]
 - nodejs.req to properly detect bundled deps

 [2021.06-4]
 - NPM bundler: also find namespaced bundled dependencies

 [2021.06-3]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild

 [2021.06-2]
 - Fix hard-coded output directory in the bundler

 [2021.06-1]
 - Update to 2021.06-1
 - bundler: Handle archaic license metadata
 - bundler: Warn about bundled dependencies with no license metadata

 [2021.01-3]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

 [2021.01-2]
 - nodejs-packaging-bundler improvements to handle uncommon characters

 [2021.01]
 - Add nodejs-packaging-bundler and update README.md

 [2020.09-1]
 - Move to dist-git as the upstream

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306250

]]> <![CDATA[Oracle Linux 10 : vim (ELSA-2026-7711)]]> https://www.tenable.com/plugins/nessus/306249 https://www.tenable.com/plugins/nessus/306249 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306249 with High Severity

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-7711 advisory.

 - RHEL-159615 CVE-2026-33412 vim: Vim: Arbitrary code execution via command injection in glob() function
 - RHEL-155409 CVE-2026-28421 vim: Vim: Denial of service and information disclosure via crafted swap file
 - RHEL-155425 CVE-2026-28417 vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306249

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-28291]]> https://www.tenable.com/plugins/nessus/306248 https://www.tenable.com/plugins/nessus/306248 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306248 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of arbitrary commands through Git option manipulation, bypassing safety checks meant to block dangerous options like -u and --upload-pack. The flaw stems from an incomplete fix for CVE-2022-25860, as Git's flexible option parsing allows numerous character combinations (e.g., -vu, -4u, -nu) to circumvent the regular-expression-based blocklist in the unsafe operations plugin. Due to the virtually infinite number of valid option variants that Git accepts, a complete blocklist-based mitigation may be infeasible without fully emulating Git's option parsing behavior. This issue has been fixed in version 3.32.0.
 (CVE-2026-28291)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306248

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-29043]]> https://www.tenable.com/plugins/nessus/306247 https://www.tenable.com/plugins/nessus/306247 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306247 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition in the H5T__ref_mem_setnull method. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on the practical exploitability of the heap overflow against modern operating systems.
 (CVE-2026-29043)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306247

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-32316]]> https://www.tenable.com/plugins/nessus/306246 https://www.tenable.com/plugins/nessus/306246 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306246 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvp_string_append() and jvp_string_copy_replace_bad functions, where concatenating strings with a combined length exceeding 2^31 bytes causes a 32-bit unsigned integer overflow in the buffer allocation size calculation, resulting in a drastically undersized heap buffer. Subsequent memory copy operations then write the full string data into this undersized buffer, causing a heap buffer overflow classified as CWE-190 (Integer Overflow) leading to CWE-122 (Heap-based Buffer Overflow). Any system evaluating untrusted jq queries is affected, as an attacker can crash the process or potentially achieve further exploitation through heap corruption by crafting queries that produce extremely large strings. The root cause is the absence of string size bounds checking, unlike arrays and objects which already have size limits. The issue has been addressed in commit e47e56d226519635768e6aab2f38f0ab037c09e5. (CVE-2026-32316)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306246

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-6231]]> https://www.tenable.com/plugins/nessus/306245 https://www.tenable.com/plugins/nessus/306245 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306245 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - The bson_validate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed or invalid UTF-8 sequences to bypass validation and be processed incorrectly. The issue may affect applications that rely on these functions to validate untrusted BSON data before further processing. This issue affects MongoDB C Driver versions prior to 1.30.5, MongoDB C Driver version 2.0.0 and MongoDB C Driver version 2.0.1 (CVE-2026-6231)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306245

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-6100]]> https://www.tenable.com/plugins/nessus/306244 https://www.tenable.com/plugins/nessus/306244 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306244 with Critical Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re- used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling pointer in this specific error condition. The vulnerability is only present if the program re- uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable. (CVE-2026-6100)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306244

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-33555]]> https://www.tenable.com/plugins/nessus/306243 https://www.tenable.com/plugins/nessus/306243 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306243 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend server and could be used for request smuggling. The earliest affected version is 2.6. (CVE-2026-33555)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306243

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-6192]]> https://www.tenable.com/plugins/nessus/306242 https://www.tenable.com/plugins/nessus/306242 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306242 with Low Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow.
 The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is 839936aa33eb8899bbbd80fda02796bb65068951. It is suggested to install a patch to address this issue. (CVE-2026-6192)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306242

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-40394]]> https://www.tenable.com/plugins/nessus/306241 https://www.tenable.com/plugins/nessus/306241 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306241 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a workspace overflow denial of service (daemon panic) for certain amounts of prefetched data. The setup of an HTTP/2 session starts with a speculative HTTP/1 transport, and upon upgrading to h2 the HTTP/1 request is repurposed as stream zero. During the upgrade, a buffer allocation is made to reserve space to send frames to the client. This allocation would split the original workspace, and depending on the amount of prefetched data, the next fetch could perform a pipelining operation that would run out of workspace. (CVE-2026-40394)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306241

]]> <![CDATA[Amazon Linux 2023 : mod_security_crs (ALAS2023-2026-1562)]]> https://www.tenable.com/plugins/nessus/306240 https://www.tenable.com/plugins/nessus/306240 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306240 with High Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1562 advisory.

 Whitespace padding in filenames bypasses file upload extension checks

 NOTE: https://github.com/coreruleset/coreruleset/security/advisories/GHSA-rw5f-9w43-gv2w (CVE-2026-33691)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update mod_security_crs --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1562 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306240

]]> <![CDATA[Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2026-1534)]]> https://www.tenable.com/plugins/nessus/306239 https://www.tenable.com/plugins/nessus/306239 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306239 with Critical Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1534 advisory.

 url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
 (CVE-2026-25679)

 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root. (CVE-2026-27139)

 Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value refresh. A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow url= by setting htmlmetacontenturlescape=0. (CVE-2026-27142)

 gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, deny rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback allow rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific deny rules for canonical paths but allows other requests by default (a fallback allow rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening. (CVE-2026-33186)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update containerd --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1534 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306239

]]> <![CDATA[Amazon Linux 2023 : corosync, corosync-vqsim, corosynclib (ALAS2023-2026-1560)]]> https://www.tenable.com/plugins/nessus/306238 https://www.tenable.com/plugins/nessus/306238 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306238 with High Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1560 advisory.

 A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory contents. This vulnerability affects Corosync when running in totemudp/totemudpu mode, which is the default configuration. (CVE-2026-35091)

 A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets.
 This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode. (CVE-2026-35092)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update corosync --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1560 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306238

]]> <![CDATA[Amazon Linux 2023 : yq (ALAS2023-2026-1582)]]> https://www.tenable.com/plugins/nessus/306237 https://www.tenable.com/plugins/nessus/306237 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306237 with Medium Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1582 advisory.

 The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
 (CVE-2025-47911)

 The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
 (CVE-2025-58190)

 url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
 (CVE-2026-25679)

 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root. (CVE-2026-27139)

 Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value refresh. A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow url= by setting htmlmetacontenturlescape=0. (CVE-2026-27142)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update yq --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1582 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306237

]]> <![CDATA[Amazon Linux 2023 : oci-add-hooks (ALAS2023-2026-1575)]]> https://www.tenable.com/plugins/nessus/306236 https://www.tenable.com/plugins/nessus/306236 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306236 with Medium Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1575 advisory.

 url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
 (CVE-2026-25679)

 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root. (CVE-2026-27139)

 Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value refresh. A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow url= by setting htmlmetacontenturlescape=0. (CVE-2026-27142)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update oci-add-hooks --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1575 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306236

]]> <![CDATA[Amazon Linux 2023 : nodejs24, nodejs24-devel, nodejs24-full-i18n (ALAS2023-2026-1578)]]> https://www.tenable.com/plugins/nessus/306235 https://www.tenable.com/plugins/nessus/306235 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306235 with High Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1578 advisory.

 A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named __proto__ and the application accesses req.headersDistinct.

 When this occurs, dest[__proto__] resolves to Object.prototype rather than undefined, causing .push() to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by error event listeners, meaning it cannot be handled without wrapping every req.headersDistinct access in a try/catch.

 This vulnerability affects all Node.js HTTP servers on 20.x, 22.x, 24.x, and v25.x

 NOTE: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases#denial-of-service-via-
 __proto__-header-name-in-reqheadersdistinct-uncaught-typeerror-crashes-nodejs-process-cve-2026-21710--- high (CVE-2026-21710)

 A flaw in Node.js URL processing causes an assertion failure in native code when url.format() is called with a malformed internationalized domain name (IDN) containing invalid characters, crashing the Node.js process.

 This vulnerability affects 24.x and 25.x.

 NOTE: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases#assertion-error-in-node_urlcc- via-malformed-url-format-leads-to-nodejs-crash-cve-2026-21712---medium (CVE-2026-21712)

 A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior could be exploited as a timing oracle to infer HMAC values.

 Node.js already provides timing-safe comparison primitives used elsewhere in the codebase, indicating this is an oversight rather than an intentional design decision.

 This vulnerability affects 20.x, 22.x, 24.x, and 25.x.

 NOTE: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases#timing-side-channel-in-hmac- verification-via-memcmp-in-crypto_hmaccc-leads-to-potential-mac-forgery-cve-2026-21713---medium (CVE-2026-21713)

 A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream 0 (connection-level) that cause the flow control window to exceed the maximum value of 231-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up.

 This vulnerability affects HTTP2 users on Node.js 20, 22, 24 and 25.

 NOTE: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases#memory-leak-in-nodejs- http2-server-via-window_update-on-stream-0-leads-to-resource-exhaustion-cve-2026-21714---medium (CVE-2026-21714)

 A flaw in Node.js Permission Model filesystem enforcement leaves fs.realpathSync.native() without the required read permission checks, while all comparable filesystem functions correctly enforce them. As a result, code running under --permission with restricted --allow-fs-read can still use fs.realpathSync.native() to check file existence, resolve symlink targets, and enumerate filesystem paths outside of permitted directories.This vulnerability affects 20.x, 22.x, 24.x, and 25.x processes using the Permission Model where --allow-fs-read is intentionally restricted.

 NOTE: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases#permission-model-bypass-in- realpathsyncnative-allows-file-existence-disclosure-cve-2026-21715---low (CVE-2026-21715)

 An incomplete fix for CVE-2024-36137 leaves FileHandle.chmod() and FileHandle.chown() in the promises API without the required permission checks, while their callback-based equivalents (fs.fchmod(), fs.fchown()) were correctly patched.

 As a result, code running under --permission with restricted --allow-fs-write can still use promise-based FileHandle methods to modify file permissions and ownership on already-open file descriptors, bypassing the intended write restrictions.

 This vulnerability affects 20.x, 22.x, 24.x, and 25.x processes using the Permission Model where --allow- fs-write is intentionally restricted.

 NOTE: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases#cve-2024-36137-patch-bypass--- filehandlechmodchown-cve-2026-21716---low (CVE-2026-21716)

 A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process.

 The most common trigger is any endpoint that calls JSON.parse() on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table.

 This vulnerability affects 20.x, 22.x, 24.x, and 25.x.

 NOTE: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases#hashdos-in-v8-cve-2026-21717
 ---medium (CVE-2026-21717)

 node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that points to a file outside the extraction root, enabling arbitrary file read and write as the extracting user. Severity is high because the primitive bypasses path protections and turns archive extraction into a direct filesystem access primitive. This issue has been fixed in version 7.5.8. (CVE-2026-26960)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update nodejs24 --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1578 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306235

]]> <![CDATA[Amazon Linux 2023 : openexr, openexr-devel, openexr-libs (ALAS2023-2026-1561)]]> https://www.tenable.com/plugins/nessus/306234 https://www.tenable.com/plugins/nessus/306234 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306234 with High Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1561 advisory.

 OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that decodes it via exr_decoding_run().
 Consequences range from immediate crash (most likely) to corruption of adjacent heap allocations (layout- dependent). This issue has been patched in version 3.4.8. (CVE-2026-34544)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update openexr --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1561 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306234

]]> <![CDATA[Amazon Linux 2023 : cargo-c (ALAS2023-2026-1566)]]> https://www.tenable.com/plugins/nessus/306233 https://www.tenable.com/plugins/nessus/306233 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306233 with Medium Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1566 advisory.

 tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the case where it was different from the base header. This is almost the inverse of the astral-tokio-tar issue. Any discrepancy in how tar parsers honor file size can be used to create archives that appear differently when unpacked by different archivers. In this case, the tar-rs (Rust tar) crate is an outlier in checking for the header size - other tar parsers (including e.g. Go archive/tar) unconditionally use the PAX size override. This can affect anything that uses the tar crate to parse archives and expects to have a consistent view with other parsers. This issue has been fixed in version 0.4.45. (CVE-2026-33055)

 tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpack_dir function uses fs::metadata() to check whether a path that already exists is a directory. Because fs::metadata() follows symbolic links, a crafted tarball containing a symlink entry followed by a directory entry with the same name causes the crate to treat the symlink target as a valid existing directory -- and subsequently apply chmod to it. This allows an attacker to modify the permissions of arbitrary directories outside the extraction root. This issue has been fixed in version 0.4.45. (CVE-2026-33056)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update rust-cargo-c --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1566 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306233

]]> <![CDATA[Amazon Linux 2023 : libtiff, libtiff-devel, libtiff-static (ALAS2023-2026-1547)]]> https://www.tenable.com/plugins/nessus/306232 https://www.tenable.com/plugins/nessus/306232 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306232 with High Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1547 advisory.

 A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution. (CVE-2026-4775)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update libtiff --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1547 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306232

]]> <![CDATA[Amazon Linux 2023 : squid (ALAS2023-2026-1569)]]> https://www.tenable.com/plugins/nessus/306231 https://www.tenable.com/plugins/nessus/306231 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306231 with Critical Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1569 advisory.

 Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem _cannot_ be mitigated by denying ICP queries using `icp_access` rules. This bug is fixed in Squid version 7.5.

 NOTE: https://www.openwall.com/lists/oss-security/2026/03/25/3NOTE: Fixed by: https://github.com/squid- cache/squid/commit/703e07d25ca6fa11f52d20bf0bb879e22ab7481b (SQUID_7_5) (CVE-2026-32748)

 Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol.
 This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem _cannot_ be mitigated by denying ICP queries using `icp_access` rules. Version 7.5 contains a patch.

 NOTE: https://www.openwall.com/lists/oss-security/2026/03/25/2NOTE: Fixed by: https://github.com/squid- cache/squid/commit/8a7d42f9d44befb8fcbbb619505587c8de6a1e91 (SQUID_7_5) (CVE-2026-33526)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update squid --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1569 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306231

]]> <![CDATA[Amazon Linux 2023 : sudo, sudo-devel, sudo-logsrvd (ALAS2023-2026-1559)]]> https://www.tenable.com/plugins/nessus/306230 https://www.tenable.com/plugins/nessus/306230 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306230 with High Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1559 advisory.

 In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.
 (CVE-2026-35535)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update sudo --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1559 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306230

]]> <![CDATA[Amazon Linux 2023 : python3.12, python3.12-devel, python3.12-idle (ALAS2023-2026-1557)]]> https://www.tenable.com/plugins/nessus/306229 https://www.tenable.com/plugins/nessus/306229 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306229 with High Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1557 advisory.

 The webbrowser.open() API would accept leading dashes in the URL whichcould be handled as command line options for certain web browsers. Newbehavior rejects leading dashes. Users are recommended to sanitize URLsprior to passing to webbrowser.open(). (CVE-2026-4519)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update python3.12 --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1557 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306229

]]> <![CDATA[Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2026-1572)]]> https://www.tenable.com/plugins/nessus/306228 https://www.tenable.com/plugins/nessus/306228 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306228 with Critical Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1572 advisory.

 url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
 (CVE-2026-25679)

 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root. (CVE-2026-27139)

 Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value refresh. A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow url= by setting htmlmetacontenturlescape=0. (CVE-2026-27142)

 gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, deny rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback allow rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific deny rules for canonical paths but allows other requests by default (a fallback allow rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening. (CVE-2026-33186)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update amazon-cloudwatch-agent --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1572 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306228

]]> <![CDATA[Amazon Linux 2023 : tracker-miners (ALAS2023-2026-1580)]]> https://www.tenable.com/plugins/nessus/306227 https://www.tenable.com/plugins/nessus/306227 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306227 with Medium Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1580 advisory.

 A flaw was found in GNOME localsearch MP3 Extractor. When processing specially crafted MP3 files containing ID3v2.4 tags, a missing bounds check in the `extract_performers_tags` function can lead to a heap buffer overflow. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by triggering a read of unmapped memory. In some cases, it could also lead to information disclosure by reading visible heap data. (CVE-2026-1764)

 A flaw was found in the `tracker-extract-mp3` component of GNOME localsearch. This vulnerability, a heap buffer overflow, occurs when processing specially crafted MP3 files. A remote attacker could exploit this by providing a malicious MP3 file, leading to a Denial of Service (DoS) where the application crashes. It may also potentially expose sensitive information from the system's memory. (CVE-2026-1765)

 A flaw was found in GNOME localsearch MP3 Extractor, specifically within the tracker-extract-mp3 component. This heap buffer overflow vulnerability occurs when processing specially crafted MP3 files containing malformed ID3v2.3 COMM (Comment) tags. An attacker could exploit this by providing a malicious MP3 file, leading to a denial of service (DoS), which causes an application crash, and potentially disclosing sensitive information from the heap memory. (CVE-2026-1766)

 A flaw was found in the GNOME localsearch MP3 Extractor `tracker-extract-mp3` component. A remote attacker could exploit this heap buffer overflow vulnerability by providing a specially crafted MP3 file containing malformed ID3 tags. This incorrect length calculation during the parsing of performer tags can lead to a read beyond the allocated buffer, potentially causing a Denial of Service (DoS) due to a crash or enabling information disclosure. (CVE-2026-1767)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update tracker-miners --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1580 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306227

]]> <![CDATA[Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2026-1577)]]> https://www.tenable.com/plugins/nessus/306226 https://www.tenable.com/plugins/nessus/306226 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306226 with Medium Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1577 advisory.

 A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named __proto__ and the application accesses req.headersDistinct.

 When this occurs, dest[__proto__] resolves to Object.prototype rather than undefined, causing .push() to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by error event listeners, meaning it cannot be handled without wrapping every req.headersDistinct access in a try/catch.

 This vulnerability affects all Node.js HTTP servers on 20.x, 22.x, 24.x, and v25.x

 NOTE: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases#denial-of-service-via-
 __proto__-header-name-in-reqheadersdistinct-uncaught-typeerror-crashes-nodejs-process-cve-2026-21710--- high (CVE-2026-21710)

 A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior could be exploited as a timing oracle to infer HMAC values.

 Node.js already provides timing-safe comparison primitives used elsewhere in the codebase, indicating this is an oversight rather than an intentional design decision.

 This vulnerability affects 20.x, 22.x, 24.x, and 25.x.

 NOTE: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases#timing-side-channel-in-hmac- verification-via-memcmp-in-crypto_hmaccc-leads-to-potential-mac-forgery-cve-2026-21713---medium (CVE-2026-21713)

 A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream 0 (connection-level) that cause the flow control window to exceed the maximum value of 231-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up.

 This vulnerability affects HTTP2 users on Node.js 20, 22, 24 and 25.

 NOTE: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases#memory-leak-in-nodejs- http2-server-via-window_update-on-stream-0-leads-to-resource-exhaustion-cve-2026-21714---medium (CVE-2026-21714)

 A flaw in Node.js Permission Model filesystem enforcement leaves fs.realpathSync.native() without the required read permission checks, while all comparable filesystem functions correctly enforce them. As a result, code running under --permission with restricted --allow-fs-read can still use fs.realpathSync.native() to check file existence, resolve symlink targets, and enumerate filesystem paths outside of permitted directories.This vulnerability affects 20.x, 22.x, 24.x, and 25.x processes using the Permission Model where --allow-fs-read is intentionally restricted.

 NOTE: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases#permission-model-bypass-in- realpathsyncnative-allows-file-existence-disclosure-cve-2026-21715---low (CVE-2026-21715)

 An incomplete fix for CVE-2024-36137 leaves FileHandle.chmod() and FileHandle.chown() in the promises API without the required permission checks, while their callback-based equivalents (fs.fchmod(), fs.fchown()) were correctly patched.

 As a result, code running under --permission with restricted --allow-fs-write can still use promise-based FileHandle methods to modify file permissions and ownership on already-open file descriptors, bypassing the intended write restrictions.

 This vulnerability affects 20.x, 22.x, 24.x, and 25.x processes using the Permission Model where --allow- fs-write is intentionally restricted.

 NOTE: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases#cve-2024-36137-patch-bypass--- filehandlechmodchown-cve-2026-21716---low (CVE-2026-21716)

 A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process.

 The most common trigger is any endpoint that calls JSON.parse() on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table.

 This vulnerability affects 20.x, 22.x, 24.x, and 25.x.

 NOTE: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases#hashdos-in-v8-cve-2026-21717
 ---medium (CVE-2026-21717)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update nodejs20 --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1577 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306226

]]> <![CDATA[Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2026-1558)]]> https://www.tenable.com/plugins/nessus/306225 https://www.tenable.com/plugins/nessus/306225 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306225 with High Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1558 advisory.

 The webbrowser.open() API would accept leading dashes in the URL whichcould be handled as command line options for certain web browsers. Newbehavior rejects leading dashes. Users are recommended to sanitize URLsprior to passing to webbrowser.open(). (CVE-2026-4519)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update python3.11 --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1558 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306225

]]> <![CDATA[Amazon Linux 2023 : libnghttp2, libnghttp2-devel, nghttp2 (ALAS2023-2026-1542)]]> https://www.tenable.com/plugins/nessus/306224 https://www.tenable.com/plugins/nessus/306224 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306224 with High Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1542 advisory.

 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application.
 They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available. (CVE-2026-27135)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update nghttp2 --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1542 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306224

]]> <![CDATA[Amazon Linux 2023 : credentials-fetcher (ALAS2023-2026-1551)]]> https://www.tenable.com/plugins/nessus/306223 https://www.tenable.com/plugins/nessus/306223 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306223 with Critical Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1551 advisory.

 gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, deny rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback allow rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific deny rules for canonical paths but allows other requests by default (a fallback allow rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening. (CVE-2026-33186)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update credentials-fetcher --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1551 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306223

]]> <![CDATA[Amazon Linux 2023 : python3.13, python3.13-devel, python3.13-freethreading (ALAS2023-2026-1555)]]> https://www.tenable.com/plugins/nessus/306222 https://www.tenable.com/plugins/nessus/306222 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306222 with High Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1555 advisory.

 The webbrowser.open() API would accept leading dashes in the URL whichcould be handled as command line options for certain web browsers. Newbehavior rejects leading dashes. Users are recommended to sanitize URLsprior to passing to webbrowser.open(). (CVE-2026-4519)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update python3.13 --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1555 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306222

]]> <![CDATA[Amazon Linux 2023 : nerdctl (ALAS2023-2026-1535)]]> https://www.tenable.com/plugins/nessus/306221 https://www.tenable.com/plugins/nessus/306221 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306221 with Critical Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1535 advisory.

 url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
 (CVE-2026-25679)

 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root. (CVE-2026-27139)

 Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value refresh. A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow url= by setting htmlmetacontenturlescape=0. (CVE-2026-27142)

 gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, deny rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback allow rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific deny rules for canonical paths but allows other requests by default (a fallback allow rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening. (CVE-2026-33186)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update nerdctl --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1535 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306221

]]> <![CDATA[Amazon Linux 2023 : dovecot, dovecot-devel, dovecot-mysql (ALAS2023-2026-1570)]]> https://www.tenable.com/plugins/nessus/306220 https://www.tenable.com/plugins/nessus/306220 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306220 with High Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1570 advisory.

 Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the credential will lead into full access to the affected component. Limit access to the doveadm http service port, install fixed version. No publicly available exploits are known. (CVE-2026-27856)

 Sending NOOP (((...))) command with 4000 parenthesis open+close results in ~1MB extra memory usage.
 Longer commands will result in client disconnection. This 1 MB can be left allocated for longer time periods by not sending the command ending LF. So attacker could connect possibly from even a single IP and create 1000 connections to allocate 1 GB of memory, which would likely result in reaching VSZ limit and killing the process and its other proxied connections. Attacker could connect possibly from even a single IP and create 1000 connections to allocate 1 GB of memory, which would likely result in reaching VSZ limit and killing the process and its other proxied connections. Install fixed version, there is no other remediation. No publicly available exploits are known. (CVE-2026-27857)

 Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory.Attacker can force managesieve-login to be unavailable by repeatedly crashing the process. Protect access to managesieve protocol, or install fixed version. No publicly available exploits are known. (CVE-2026-27858)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update dovecot --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1570 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306220

]]> <![CDATA[Amazon Linux 2023 : python3.14, python3.14-devel, python3.14-freethreading (ALAS2023-2026-1556)]]> https://www.tenable.com/plugins/nessus/306219 https://www.tenable.com/plugins/nessus/306219 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306219 with High Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1556 advisory.

 The webbrowser.open() API would accept leading dashes in the URL whichcould be handled as command line options for certain web browsers. Newbehavior rejects leading dashes. Users are recommended to sanitize URLsprior to passing to webbrowser.open(). (CVE-2026-4519)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update python3.14 --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1556 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306219

]]> <![CDATA[Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2026-1540)]]> https://www.tenable.com/plugins/nessus/306218 https://www.tenable.com/plugins/nessus/306218 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306218 with High Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1540 advisory.

 When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP authentication is enabled, and (2) the authentication server permits retry by returning the Auth-Wait response header. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. (CVE-2026-27651)

 NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names outside the document root. This issue affects NGINX Open Source and NGINX Plus when the configuration file uses DAV module MOVE or COPY methods, prefix location (nonregular expression location configuration), and alias directives. The integrity impact is constrained because the NGINX worker process user has low privileges and does not have access to the entire system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. (CVE-2026-27654)

 The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects 32-bit NGINX Open Source if it is built with the ngx_http_mp4_module module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted MP4 file with the ngx_http_mp4_module module.

 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
 (CVE-2026-27784)

 NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation. Note:
 Software versions which have reached End of Technical Support (EoTS) are not evaluated. (CVE-2026-28753)

 NGINX Plus and NGINX Open Source have a vulnerability in the ngx_stream_ssl_module module due to the improper handling of revoked certificates when configured with the ssl_verify_client on and ssl_ocsp on directives, allowing the TLS handshake to succeed even after an OCSP check identifies the certificate as revoked.

 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
 (CVE-2026-28755)

 NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially crafted MP4 file. This issue affects NGINX Open Source and NGINX Plus if it is built with the ngx_http_mp4_module module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted MP4 file with the ngx_http_mp4_module module.

 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
 (CVE-2026-32647)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update nginx --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1540 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306218

]]> <![CDATA[Amazon Linux 2023 : nodejs22, nodejs22-devel, nodejs22-full-i18n (ALAS2023-2026-1576)]]> https://www.tenable.com/plugins/nessus/306217 https://www.tenable.com/plugins/nessus/306217 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306217 with Medium Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1576 advisory.

 A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named __proto__ and the application accesses req.headersDistinct.

 When this occurs, dest[__proto__] resolves to Object.prototype rather than undefined, causing .push() to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by error event listeners, meaning it cannot be handled without wrapping every req.headersDistinct access in a try/catch.

 This vulnerability affects all Node.js HTTP servers on 20.x, 22.x, 24.x, and v25.x

 NOTE: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases#denial-of-service-via-
 __proto__-header-name-in-reqheadersdistinct-uncaught-typeerror-crashes-nodejs-process-cve-2026-21710--- high (CVE-2026-21710)

 A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior could be exploited as a timing oracle to infer HMAC values.

 Node.js already provides timing-safe comparison primitives used elsewhere in the codebase, indicating this is an oversight rather than an intentional design decision.

 This vulnerability affects 20.x, 22.x, 24.x, and 25.x.

 NOTE: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases#timing-side-channel-in-hmac- verification-via-memcmp-in-crypto_hmaccc-leads-to-potential-mac-forgery-cve-2026-21713---medium (CVE-2026-21713)

 A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream 0 (connection-level) that cause the flow control window to exceed the maximum value of 231-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up.

 This vulnerability affects HTTP2 users on Node.js 20, 22, 24 and 25.

 NOTE: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases#memory-leak-in-nodejs- http2-server-via-window_update-on-stream-0-leads-to-resource-exhaustion-cve-2026-21714---medium (CVE-2026-21714)

 A flaw in Node.js Permission Model filesystem enforcement leaves fs.realpathSync.native() without the required read permission checks, while all comparable filesystem functions correctly enforce them. As a result, code running under --permission with restricted --allow-fs-read can still use fs.realpathSync.native() to check file existence, resolve symlink targets, and enumerate filesystem paths outside of permitted directories.This vulnerability affects 20.x, 22.x, 24.x, and 25.x processes using the Permission Model where --allow-fs-read is intentionally restricted.

 NOTE: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases#permission-model-bypass-in- realpathsyncnative-allows-file-existence-disclosure-cve-2026-21715---low (CVE-2026-21715)

 An incomplete fix for CVE-2024-36137 leaves FileHandle.chmod() and FileHandle.chown() in the promises API without the required permission checks, while their callback-based equivalents (fs.fchmod(), fs.fchown()) were correctly patched.

 As a result, code running under --permission with restricted --allow-fs-write can still use promise-based FileHandle methods to modify file permissions and ownership on already-open file descriptors, bypassing the intended write restrictions.

 This vulnerability affects 20.x, 22.x, 24.x, and 25.x processes using the Permission Model where --allow- fs-write is intentionally restricted.

 NOTE: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases#cve-2024-36137-patch-bypass--- filehandlechmodchown-cve-2026-21716---low (CVE-2026-21716)

 A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process.

 The most common trigger is any endpoint that calls JSON.parse() on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table.

 This vulnerability affects 20.x, 22.x, 24.x, and 25.x.

 NOTE: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases#hashdos-in-v8-cve-2026-21717
 ---medium (CVE-2026-21717)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update nodejs22 --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1576 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306217

]]> <![CDATA[Amazon Linux 2023 : firefox (ALAS2023-2026-1554)]]> https://www.tenable.com/plugins/nessus/306216 https://www.tenable.com/plugins/nessus/306216 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306216 with Critical Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1554 advisory.

 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer between `png_struct` and `png_info`, sharing a single allocation across two structs with independent lifetimes. The `trans_alpha` aliasing has been present since at least libpng 1.0, and the `palette` aliasing since at least 1.2.1. Both affect all prior release lines `png_set_tRNS` sets `png_ptr->trans_alpha = info_ptr->trans_alpha` (256-byte buffer) and `png_set_PLTE` sets `info_ptr->palette = png_ptr->palette` (768-byte buffer). In both cases, calling `png_free_data` (with `PNG_FREE_TRNS` or `PNG_FREE_PLTE`) frees the buffer through `info_ptr` while the corresponding `png_ptr` pointer remains dangling. Subsequent row-transform functions dereference and, in some code paths, write to the freed memory. A second call to `png_set_tRNS` or `png_set_PLTE` has the same effect, because both functions call `png_free_data` internally before reallocating the `info_ptr` buffer. Version 1.6.56 fixes the issue.

 NOTE: https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7jNOTE:
 https://github.com/pnggroup/libpng/pull/824NOTE: Fixed by:
 https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb (v1.6.56)NOTE: Fixed by: https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25 (v1.6.56)NOTE:
 Fixed by: https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667 (v1.6.56)NOTE: Fixed by:
 https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1 (v1.6.56) (CVE-2026-33416)

 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit paletted rows to RGB or RGBA, the Neon loop processes a final partial chunk without verifying that enough input pixels remain. Because the implementation works backward from the end of the row, the final iteration dereferences pointers before the start of the row buffer (OOB read) and writes expanded pixel data to the same underflowed positions (OOB write). This is reachable via normal decoding of attacker-controlled PNG input if Neon is enabled. Version 1.6.56 fixes the issue.

 NOTE: https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2NOTE: Introduced with:
 https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869 (v1.6.36)NOTE: Fixed by: https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3 (v1.6.56) (CVE-2026-33636)

 Race condition, use-after-free in the Graphics: WebRender component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4684)

 Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4685)

 Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4686)

 Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4687)

 Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4688)

 Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4689)

 Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4690)

 Use-after-free in the CSS Parsing and Computation component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4691)

 Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4692)

 Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4693)

 Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4694)

 Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4695)

 Use-after-free in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4696)

 Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4697)

 JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4698)

 Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4699)

 Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4700)

 Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4701)

 JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4702)

 Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4704)

 Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4705)

 Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4706)

 Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4707)

 Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4708)

 Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4709)

 Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4710)

 Use-after-free in the Widget: Cocoa component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4711)

 Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4712)

 Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4713)

 Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4714)

 Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4715)

 Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4716)

 Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4717)

 Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4718)

 Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4719)

 Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148.
 Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9. (CVE-2026-4720)

 Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. (CVE-2026-4721)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update firefox --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1554 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306216

]]> <![CDATA[Amazon Linux 2023 : gdk-pixbuf2, gdk-pixbuf2-devel, gdk-pixbuf2-modules (ALAS2023-2026-1553)]]> https://www.tenable.com/plugins/nessus/306215 https://www.tenable.com/plugins/nessus/306215 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306215 with High Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1553 advisory.

 A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.
 (CVE-2026-5201)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update gdk-pixbuf2 --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1553 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306215

]]> <![CDATA[Amazon Linux 2023 : libde265, libde265-devel (ALAS2023-2026-1585)]]> https://www.tenable.com/plugins/nessus/306214 https://www.tenable.com/plugins/nessus/306214 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306214 with High Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1585 advisory.

 libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes a segmentation fault in pic_parameter_set::set_derived_values(). This issue has been patched in version 1.0.17. (CVE-2026-33164)

 libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctb_info.log2unitSize after an SPS change where PicWidthInCtbsY and PicHeightInCtbsY stay constant but Log2CtbSizeY changes, causing set_SliceHeaderIndex to index past the allocated image metadata array and write 2 bytes past the end of a heap allocation. This issue has been patched in version 1.0.17.
 (CVE-2026-33165)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update libde265 --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1585 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306214

]]> <![CDATA[Amazon Linux 2023 : gstreamer1-plugins-good, gstreamer1-plugins-good-gtk (ALAS2023-2026-1579)]]> https://www.tenable.com/plugins/nessus/306213 https://www.tenable.com/plugins/nessus/306213 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306213 with Medium Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1579 advisory.

 An out-of-bounds read in the WAV parser that can cause crashes for certain input files. (CVE-2026-1940)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update gstreamer1-plugins-good --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1579 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306213

]]> <![CDATA[Amazon Linux 2023 : libpng, libpng-devel, libpng-static (ALAS2023-2026-1563)]]> https://www.tenable.com/plugins/nessus/306212 https://www.tenable.com/plugins/nessus/306212 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306212 with High Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1563 advisory.

 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer between `png_struct` and `png_info`, sharing a single allocation across two structs with independent lifetimes. The `trans_alpha` aliasing has been present since at least libpng 1.0, and the `palette` aliasing since at least 1.2.1. Both affect all prior release lines `png_set_tRNS` sets `png_ptr->trans_alpha = info_ptr->trans_alpha` (256-byte buffer) and `png_set_PLTE` sets `info_ptr->palette = png_ptr->palette` (768-byte buffer). In both cases, calling `png_free_data` (with `PNG_FREE_TRNS` or `PNG_FREE_PLTE`) frees the buffer through `info_ptr` while the corresponding `png_ptr` pointer remains dangling. Subsequent row-transform functions dereference and, in some code paths, write to the freed memory. A second call to `png_set_tRNS` or `png_set_PLTE` has the same effect, because both functions call `png_free_data` internally before reallocating the `info_ptr` buffer. Version 1.6.56 fixes the issue.

 NOTE: https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7jNOTE:
 https://github.com/pnggroup/libpng/pull/824NOTE: Fixed by:
 https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb (v1.6.56)NOTE: Fixed by: https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25 (v1.6.56)NOTE:
 Fixed by: https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667 (v1.6.56)NOTE: Fixed by:
 https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1 (v1.6.56) (CVE-2026-33416)

 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit paletted rows to RGB or RGBA, the Neon loop processes a final partial chunk without verifying that enough input pixels remain. Because the implementation works backward from the end of the row, the final iteration dereferences pointers before the start of the row buffer (OOB read) and writes expanded pixel data to the same underflowed positions (OOB write). This is reachable via normal decoding of attacker-controlled PNG input if Neon is enabled. Version 1.6.56 fixes the issue.

 NOTE: https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2NOTE: Introduced with:
 https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869 (v1.6.36)NOTE: Fixed by: https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3 (v1.6.56) (CVE-2026-33636)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update libpng --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1563 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306212

]]> <![CDATA[Amazon Linux 2023 : runc (ALAS2023-2026-1541)]]> https://www.tenable.com/plugins/nessus/306211 https://www.tenable.com/plugins/nessus/306211 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306211 with Medium Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1541 advisory.

 url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
 (CVE-2026-25679)

 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root. (CVE-2026-27139)

 Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value refresh. A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow url= by setting htmlmetacontenturlescape=0. (CVE-2026-27142)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update runc --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1541 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306211

]]> <![CDATA[Amazon Linux 2023 : polkit, polkit-devel, polkit-libs (ALAS2023-2026-1546)]]> https://www.tenable.com/plugins/nessus/306210 https://www.tenable.com/plugins/nessus/306210 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306210 with Medium Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1546 advisory.

 A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system.
 (CVE-2026-4897)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update polkit --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1546 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306210

]]> <![CDATA[Amazon Linux 2023 : freerdp, freerdp-devel, freerdp-libs (ALAS2023-2026-1549)]]> https://www.tenable.com/plugins/nessus/306209 https://www.tenable.com/plugins/nessus/306209 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306209 with Medium Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1549 advisory.

 DoS via WINPR_ASSERT in rts_read_auth_verifier_no_checks

 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4v4p-9v5x-hc93 (CVE-2026-33952)

 DoS via WINPR_ASSERT in IMA ADPCM audio decoder (dsp.c:331)

 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8f2g-3q27-6xm5 (CVE-2026-33977)

 Persistent Cache Allocator Mismatch - Heap OOB Read

 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jm9-2925-g4v2 (CVE-2026-33982)

 Progressive Codec Quant BYTE Underflow - UB + CPU DoS

 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4gfm-4p52-h478 (CVE-2026-33983)

 ClearCodec resize_vbar_entry() Heap OOB Write

 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8469-2xcx-frf6 (CVE-2026-33984)

 ClearCodec Glyph Cache Count Desync - Heap OOB Read

 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x6gr-8p7h-5h85 (CVE-2026-33985)

 H.264 YUV Buffer Dimension Desync - Heap OOB Write

 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h6qw-wxvm-hf97 (CVE-2026-33986)

 Persistent Cache bmpSize Desync - Heap OOB Write

 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-ff8h-p5vc-wcwc (CVE-2026-33987)

 double free in kerberos_AcceptSecurityContext and kerberos_IntitalizeSecurityContextA

 NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mv25-f4p2-5mxx (CVE-2026-33995)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update freerdp --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1549 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306209

]]> <![CDATA[Amazon Linux 2023 : plexus-utils, plexus-utils-javadoc (ALAS2023-2026-1545)]]> https://www.tenable.com/plugins/nessus/306208 https://www.tenable.com/plugins/nessus/306208 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306208 with High Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1545 advisory.

 Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus- utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code (CVE-2025-67030)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update plexus-utils --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1545 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306208

]]> <![CDATA[Amazon Linux 2023 : ecs-init (ALAS2023-2026-1552)]]> https://www.tenable.com/plugins/nessus/306207 https://www.tenable.com/plugins/nessus/306207 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306207 with Critical Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1552 advisory.

 url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
 (CVE-2026-25679)

 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root. (CVE-2026-27139)

 Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value refresh. A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow url= by setting htmlmetacontenturlescape=0. (CVE-2026-27142)

 gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, deny rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback allow rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific deny rules for canonical paths but allows other requests by default (a fallback allow rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening. (CVE-2026-33186)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update ecs-init --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1552 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306207

]]> <![CDATA[Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2026-1583)]]> https://www.tenable.com/plugins/nessus/306206 https://www.tenable.com/plugins/nessus/306206 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306206 with High Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1583 advisory.

 When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized. (CVE-2025-11468)

 User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype. (CVE-2025-15282)

 When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.
 (CVE-2026-0672)

 User-controlled header names and values containing newlines can allow injecting HTTP headers.
 (CVE-2026-0865)

 The email module, specifically the BytesGenerator class, didn't properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using LiteralHeader writing headers that don't respect email folding rules, the new behavior will reject the incorrectly folded headers in BytesGenerator. (CVE-2026-1299)

 The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire. (CVE-2026-2297)

 When an Expat parser with a registered ElementDeclHandler parses an inlinedocument type definition containing a deeply nested content model a C stackoverflow occurs. (CVE-2026-4224)

 The webbrowser.open() API would accept leading dashes in the URL whichcould be handled as command line options for certain web browsers. Newbehavior rejects leading dashes. Users are recommended to sanitize URLsprior to passing to webbrowser.open(). (CVE-2026-4519)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update python3.9 --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1583 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306206

]]> <![CDATA[Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2026-1574)]]> https://www.tenable.com/plugins/nessus/306205 https://www.tenable.com/plugins/nessus/306205 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306205 with Medium Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1574 advisory.

 url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
 (CVE-2026-25679)

 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root. (CVE-2026-27139)

 Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value refresh. A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow url= by setting htmlmetacontenturlescape=0. (CVE-2026-27142)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update amazon-ecr-credential-helper --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1574 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306205

]]> <![CDATA[Amazon Linux 2023 : tigervnc, tigervnc-icons, tigervnc-license (ALAS2023-2026-1537)]]> https://www.tenable.com/plugins/nessus/306204 https://www.tenable.com/plugins/nessus/306204 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306204 with Critical Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1537 advisory.

 In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions. (CVE-2026-34352)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update tigervnc --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1537 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306204

]]> <![CDATA[Amazon Linux 2023 : cargo, clippy, rust (ALAS2023-2026-1568)]]> https://www.tenable.com/plugins/nessus/306203 https://www.tenable.com/plugins/nessus/306203 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306203 with Medium Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1568 advisory.

 A flaw in the gix-date library can generate invalid non-UTF8 strings, leading to undefined behavior when processed. The most likely impact from a successful attack is to data integrity, by the malicious data being able to corrupt data being hold in memory and to system availability as it eventually may lead to the software using the gix_date library to crash. (CVE-2026-0810)

 tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the case where it was different from the base header. This is almost the inverse of the astral-tokio-tar issue. Any discrepancy in how tar parsers honor file size can be used to create archives that appear differently when unpacked by different archivers. In this case, the tar-rs (Rust tar) crate is an outlier in checking for the header size - other tar parsers (including e.g. Go archive/tar) unconditionally use the PAX size override. This can affect anything that uses the tar crate to parse archives and expects to have a consistent view with other parsers. This issue has been fixed in version 0.4.45. (CVE-2026-33055)

 tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpack_dir function uses fs::metadata() to check whether a path that already exists is a directory. Because fs::metadata() follows symbolic links, a crafted tarball containing a symlink entry followed by a directory entry with the same name causes the crate to treat the symlink target as a valid existing directory -- and subsequently apply chmod to it. This allows an attacker to modify the permissions of arbitrary directories outside the extraction root. This issue has been fixed in version 0.4.45. (CVE-2026-33056)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update rust --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1568 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306203

]]> <![CDATA[Amazon Linux 2023 : openssl, openssl-devel, openssl-fips-provider-latest (ALAS2023-2026-1586)]]> https://www.tenable.com/plugins/nessus/306202 https://www.tenable.com/plugins/nessus/306202 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306202 with High Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1586 advisory.

 Potential use-after-free in DANE client code (CVE-2026-28387)

 NULL Pointer Dereference When Processing a Delta CRL

 NOTE: https://openssl-library.org/news/secadv/20260407.txt (CVE-2026-28388)

 Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (CVE-2026-28389)

 Possible NULL dereference when processing CMS KeyTransportRecipientInfo (CVE-2026-28390)

 Incorrect failure handling in RSA KEM RSASVE encapsulation (CVE-2026-31790)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update openssl --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1586 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306202

]]> <![CDATA[Amazon Linux 2023 : ImageMagick, ImageMagick-c++, ImageMagick-c++-devel (ALAS2023-2026-1550)]]> https://www.tenable.com/plugins/nessus/306201 https://www.tenable.com/plugins/nessus/306201 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306201 with Medium Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1550 advisory.

 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, an out-of-bounds write of a zero byte exists in the X11 `display` interaction path that could lead to a crash. Versions 7.1.2-18 and 6.9.13-43 patch the issue. (CVE-2026-33535)

 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, due to an incorrect return value on certain platforms a pointer is incremented past the end of a buffer that is on the stack and that could result in an out of bounds write. Versions 7.1.2-18 and 6.9.13-43 patch the issue. (CVE-2026-33536)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update ImageMagick --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1550 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306201

]]> <![CDATA[Amazon Linux 2023 : javapackages-bootstrap (ALAS2023-2026-1581)]]> https://www.tenable.com/plugins/nessus/306200 https://www.tenable.com/plugins/nessus/306200 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306200 with High Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1581 advisory.

 Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus- utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code (CVE-2025-67030)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update javapackages-bootstrap --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1581 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306200

]]> <![CDATA[Amazon Linux 2023 : docker (ALAS2023-2026-1571)]]> https://www.tenable.com/plugins/nessus/306199 https://www.tenable.com/plugins/nessus/306199 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306199 with High Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1571 advisory.

 url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
 (CVE-2026-25679)

 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root. (CVE-2026-27139)

 Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value refresh. A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow url= by setting htmlmetacontenturlescape=0. (CVE-2026-27142)

 Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a privilege set that differs from the one approved by the user. Plugins that request exactly one privilege are also affected, because no comparison is performed at all. This issue has been patched in version 29.3.1. (CVE-2026-33997)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update docker --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1571 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306199

]]> <![CDATA[Amazon Linux 2023 : clamav1.5, clamav1.5-data, clamav1.5-devel (ALAS2023-2026-1565)]]> https://www.tenable.com/plugins/nessus/306198 https://www.tenable.com/plugins/nessus/306198 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306198 with Medium Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1565 advisory.

 tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the case where it was different from the base header. This is almost the inverse of the astral-tokio-tar issue. Any discrepancy in how tar parsers honor file size can be used to create archives that appear differently when unpacked by different archivers. In this case, the tar-rs (Rust tar) crate is an outlier in checking for the header size - other tar parsers (including e.g. Go archive/tar) unconditionally use the PAX size override. This can affect anything that uses the tar crate to parse archives and expects to have a consistent view with other parsers. This issue has been fixed in version 0.4.45. (CVE-2026-33055)

 tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpack_dir function uses fs::metadata() to check whether a path that already exists is a directory. Because fs::metadata() follows symbolic links, a crafted tarball containing a symlink entry followed by a directory entry with the same name causes the crate to treat the symlink target as a valid existing directory -- and subsequently apply chmod to it. This allows an attacker to modify the permissions of arbitrary directories outside the extraction root. This issue has been fixed in version 0.4.45. (CVE-2026-33056)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update clamav1.5 --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1565 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306198

]]> <![CDATA[Amazon Linux 2023 : soci-snapshotter (ALAS2023-2026-1573)]]> https://www.tenable.com/plugins/nessus/306197 https://www.tenable.com/plugins/nessus/306197 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306197 with Critical Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1573 advisory.

 url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.
 (CVE-2026-25679)

 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root. (CVE-2026-27139)

 Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value refresh. A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow url= by setting htmlmetacontenturlescape=0. (CVE-2026-27142)

 gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, deny rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback allow rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific deny rules for canonical paths but allows other requests by default (a fallback allow rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening. (CVE-2026-33186)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update soci-snapshotter --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1573 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306197

]]> <![CDATA[Amazon Linux 2023 : python3-pyasn1, python3-pyasn1-modules (ALAS2023-2026-1538)]]> https://www.tenable.com/plugins/nessus/306196 https://www.tenable.com/plugins/nessus/306196 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306196 with High Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1538 advisory.

 pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with Indefinite Length (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue. (CVE-2026-30922)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update python-pyasn1 --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1538 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306196

]]> <![CDATA[Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2026-1584)]]> https://www.tenable.com/plugins/nessus/306195 https://www.tenable.com/plugins/nessus/306195 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306195 with Medium Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1584 advisory.

 When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003 (CVE-2025-22134)

 A vulnerability was identified in vim 9.1.0000. Affected is the function __memmove_avx_unaligned_erms of the file memmove-vec-unaligned-erms.S. The manipulation leads to memory corruption. The attack needs to be performed locally. The exploit is publicly available and might be used. Some users are not able to reproduce this. One of the users mentions that this appears not to be working, when coloring is turned on. (CVE-2025-9389)

 A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be exploited.
 Upgrading to version 9.1.1616 addresses this issue. The patch is identified as eeef7c77436a78cd27047b0f5fa6925d56de3cb0. It is recommended to upgrade the affected component.
 (CVE-2025-9390)

 Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the get_tagfname() function in src/tag.c. When processing help file tags, Vim copies the user-controlled 'helpfile' option value into a fixed-size heap buffer of MAXPATHL + 1 bytes (typically 4097 bytes) using an unsafe STRCPY() operation without any bounds checking. This issue has been patched in version 9.1.2132. (CVE-2026-25749)

 Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerability exists in Vim's NetBeans integration when processing the specialKeys command, affecting Vim builds that enable and use the NetBeans feature. The Stack buffer overflow exists in special_keys() (in src/netbeans.c). The while (*tok) loop writes two bytes per iteration into a 64-byte stack buffer (keybuf) with no bounds check. A malicious NetBeans server can overflow keybuf with a single specialKeys command.
 The issue has been fixed as of Vim patch v9.1.2148. (CVE-2026-26269)

 Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the `scp://` protocol handler), an attacker can execute arbitrary shell commands with the privileges of the Vim process. Version 9.2.0073 fixes the issue. (CVE-2026-28417)

 Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file, Vim can be tricked into reading up to 7 bytes beyond the allocated memory boundary. Version 9.2.0074 fixes the issue. (CVE-2026-28418)

 Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file where a delimiter appears at the start of a line, Vim attempts to read memory immediately preceding the allocated buffer. Version 9.2.0075 fixes the issue. (CVE-2026-28419)

 Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combining characters from Unicode supplementary planes. Version 9.2.0076 fixes the issue. (CVE-2026-28420)

 Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range (e.g. [0-0\u05bb]), incorrectly emits the composing bytes of that character as separate NFA states.
 This corrupts the NFA postfix stack, resulting in NFA_START_COLL having a NULL out1 pointer. When nfa_max_width() subsequently traverses the compiled NFA to estimate match width for the look-behind assertion, it dereferences state->out1->out without a NULL check, causing a segmentation fault. This vulnerability is fixed in 9.2.0137. (CVE-2026-32249)

 Command injection via newline in glob()

 NOTE: https://github.com/vim/vim/security/advisories/GHSA-w5jw-f54h-x46c (CVE-2026-33412)

 Vim before 9.2.0272 allows code execution that happens immediately upo ...

 NOTE: https://github.com/vim/vim/security/advisories/GHSA-2gmj-rpqf-pxvhNOTE: Fixed by:
 https://github.com/vim/vim/commit/664701eb7576edb7c7c7d9f2d600815ec1f43459 (v9.2.0272) (CVE-2026-34714)

 A modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file.
 The complete, guitabtooltip and printheader options are missing the P_MLE flag, allowing a modeline to be executed. Additionally, the mapset() function lacks a check_secure() call, allowing it to be abused from sandboxed expressions.

 An attacker who can deliver a crafted file to a victim achieves arbitrary command execution with the privileges of the user running Vim. (CVE-2026-34982)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update vim --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1584 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306195

]]> <![CDATA[Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2026-1539)]]> https://www.tenable.com/plugins/nessus/306194 https://www.tenable.com/plugins/nessus/306194 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306194 with High Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1539 advisory.

 Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2.0077 fixes the issue.
 (CVE-2026-28421)

 Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in `build_stl_str_hl()` when rendering a statusline with a multi-byte fill character on a very wide terminal. Version 9.2.0078 patches the issue. (CVE-2026-28422)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update vim --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1539 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306194

]]> <![CDATA[Amazon Linux 2023 : below (ALAS2023-2026-1567)]]> https://www.tenable.com/plugins/nessus/306193 https://www.tenable.com/plugins/nessus/306193 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306193 with Medium Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1567 advisory.

 tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the case where it was different from the base header. This is almost the inverse of the astral-tokio-tar issue. Any discrepancy in how tar parsers honor file size can be used to create archives that appear differently when unpacked by different archivers. In this case, the tar-rs (Rust tar) crate is an outlier in checking for the header size - other tar parsers (including e.g. Go archive/tar) unconditionally use the PAX size override. This can affect anything that uses the tar crate to parse archives and expects to have a consistent view with other parsers. This issue has been fixed in version 0.4.45. (CVE-2026-33055)

 tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpack_dir function uses fs::metadata() to check whether a path that already exists is a directory. Because fs::metadata() follows symbolic links, a crafted tarball containing a symlink entry followed by a directory entry with the same name causes the crate to treat the symlink target as a valid existing directory -- and subsequently apply chmod to it. This allows an attacker to modify the permissions of arbitrary directories outside the extraction root. This issue has been fixed in version 0.4.45. (CVE-2026-33056)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update rust-below --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1567 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306193

]]> <![CDATA[Amazon Linux 2023 : runfinch-finch (ALAS2023-2026-1548)]]> https://www.tenable.com/plugins/nessus/306192 https://www.tenable.com/plugins/nessus/306192 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306192 with Critical Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1548 advisory.

 gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, deny rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback allow rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific deny rules for canonical paths but allows other requests by default (a fallback allow rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening. (CVE-2026-33186)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update runfinch-finch --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1548 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306192

]]> <![CDATA[Amazon Linux 2023 : amazon-efs-utils (ALAS2023-2026-1564)]]> https://www.tenable.com/plugins/nessus/306191 https://www.tenable.com/plugins/nessus/306191 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306191 with Critical Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1564 advisory.

 time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario.
 A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack. (CVE-2026-25727)

 Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer.

 Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0. (CVE-2026-3336)

 Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis.



 The impacted implementations are through the EVP CIPHER API: EVP_aes_128_ccm, EVP_aes_192_ccm, and EVP_aes_256_ccm.



 Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0. (CVE-2026-3337)

 Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes.



 Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0. (CVE-2026-3338)

 A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate revocation checks.

 To remediate this issue, users should upgrade to AWS-LC 1.71.0 or AWS-LC-FIPS-3.3.0. (CVE-2026-4428)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update amazon-efs-utils --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1564 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306191

]]> <![CDATA[Amazon Linux 2023 : perl-XML-Parser, perl-XML-Parser-tests (ALAS2023-2026-1536)]]> https://www.tenable.com/plugins/nessus/306190 https://www.tenable.com/plugins/nessus/306190 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306190 with Critical Severity

Synopsis

The remote Amazon Linux 2023 host is missing a security update.

Description

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1536 advisory.

 XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes.

 A :utf8 PerlIO layer, parse_stream() in Expat.xs could overflow the XML input buffer because Perl's read() returns decoded characters while SvPV() gives back multi-byte UTF-8 bytes that can exceed the pre- allocated buffer size. This can cause heap corruption (double free or corruption) and crashes.
 (CVE-2006-10002)

 XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack.

 In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer.

 The bug can be observed when parsing an XML file with very deep element nesting (CVE-2006-10003)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'dnf update perl-XML-Parser --releasever 2023.11.20260413' or or 'dnf update --advisory ALAS2023-2026-1536 --releasever 2023.11.20260413' to update your system.

Read more at https://www.tenable.com/plugins/nessus/306190

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-31422]]> https://www.tenable.com/plugins/nessus/306189 https://www.tenable.com/plugins/nessus/306189 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306189 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - net/sched: cls_flow: fix NULL pointer dereference on shared blocks flow_change() calls tcf_block_q() and dereferences q->handle to derive a default baseclass. Shared blocks leave block->q NULL, causing a NULL deref when a flow filter without a fully qualified baseclass is created on a shared block. Check tcf_block_shared() before accessing block->q and return -EINVAL for shared blocks. This avoids the null- deref shown below: ======================================================================= KASAN: null- ptr-deref in range [0x0000000000000038-0x000000000000003f] RIP: 0010:flow_change (net/sched/cls_flow.c:508) Call Trace: tc_new_tfilter (net/sched/cls_api.c:2432) rtnetlink_rcv_msg (net/core/rtnetlink.c:6980) [...] ======================================================================= (CVE-2026-31422)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306189

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-34045]]> https://www.tenable.com/plugins/nessus/306188 https://www.tenable.com/plugins/nessus/306188 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306188 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Podman Desktop is a graphical tool for developing on containers and Kubernetes. Prior to 1.26.2, an unauthenticated HTTP server exposed by Podman Desktop allows any network attacker to remotely trigger denial-of-service conditions and extract sensitive information. By abusing missing connection limits and timeouts, an attacker can exhaust file descriptors and kernel memory, leading to application crash or full host freeze. Additionally, verbose error responses disclose internal paths and system details (including usernames on Windows), aiding further exploitation. The issue requires no authentication or user interaction and is exploitable over the network. This vulnerability is fixed in 1.26.2. (CVE-2026-34045)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306188

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-40447]]> https://www.tenable.com/plugins/nessus/306187 https://www.tenable.com/plugins/nessus/306187 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306187 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Integer overflow or wraparound vulnerability in Samsung Open Source Escargot allows undefined behavior.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335. (CVE-2026-40447)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306187

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-31428]]> https://www.tenable.com/plugins/nessus/306186 https://www.tenable.com/plugins/nessus/306186 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306186 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD __build_packet_message() manually constructs the NFULA_PAYLOAD netlink attribute using skb_put() and skb_copy_bits(), bypassing the standard nla_reserve()/nla_put() helpers. While nla_total_size(data_len) bytes are allocated (including NLA alignment padding), only data_len bytes of actual packet data are copied. The trailing nla_padlen(data_len) bytes (1-3 when data_len is not 4-byte aligned) are never initialized, leaking stale heap contents to userspace via the NFLOG netlink socket. Replace the manual attribute construction with nla_reserve(), which handles the tailroom check, header setup, and padding zeroing via __nla_reserve().
 The subsequent skb_copy_bits() fills in the payload data on top of the properly initialized attribute.
 (CVE-2026-31428)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306186

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-34478]]> https://www.tenable.com/plugins/nessus/306185 https://www.tenable.com/plugins/nessus/306185 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306185 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Apache Log4j Core's Rfc5424Layout https://logging.apache.org/log4j/2.x/manual/layouts.html#RFC5424Layout , in versions 2.21.0 through 2.25.3, is vulnerable to log injection via CRLF sequences due to undocumented renames of security-relevant configuration attributes. Two distinct issues affect users of stream-based syslog services who configure Rfc5424Layout directly: * The newLineEscape attribute was silently renamed, causing newline escaping to stop working for users of TCP framing (RFC 6587), exposing them to CRLF injection in log output. * The useTlsMessageFormat attribute was silently renamed, causing users of TLS framing (RFC 5425) to be silently downgraded to unframed TCP (RFC 6587), without newline escaping. Users of the SyslogAppender are not affected, as its configuration attributes were not modified. Users are advised to upgrade to Apache Log4j Core 2.25.4, which corrects this issue. (CVE-2026-34478)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306185

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-31426]]> https://www.tenable.com/plugins/nessus/306184 https://www.tenable.com/plugins/nessus/306184 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306184 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() When ec_install_handlers() returns
 -EPROBE_DEFER on reduced-hardware platforms, it has already started the EC and installed the address space handler with the struct acpi_ec pointer as handler context. However, acpi_ec_setup() propagates the error without any cleanup. The caller acpi_ec_add() then frees the struct acpi_ec for non-boot instances, leaving a dangling handler context in ACPICA. Any subsequent AML evaluation that accesses an EC OpRegion field dispatches into acpi_ec_space_handler() with the freed pointer, causing a use-after-free: BUG:
 KASAN: slab-use-after-free in mutex_lock (kernel/locking/mutex.c:289) Write of size 8 at addr ffff88800721de38 by task init/1 Call Trace: mutex_lock (kernel/locking/mutex.c:289) acpi_ec_space_handler (drivers/acpi/ec.c:1362) acpi_ev_address_space_dispatch (drivers/acpi/acpica/evregion.c:293) acpi_ex_access_region (drivers/acpi/acpica/exfldio.c:246) acpi_ex_field_datum_io (drivers/acpi/acpica/exfldio.c:509) acpi_ex_extract_from_field (drivers/acpi/acpica/exfldio.c:700) acpi_ex_read_data_from_field (drivers/acpi/acpica/exfield.c:327) acpi_ex_resolve_node_to_value (drivers/acpi/acpica/exresolv.c:392) Allocated by task 1:
 acpi_ec_alloc (drivers/acpi/ec.c:1424) acpi_ec_add (drivers/acpi/ec.c:1692) Freed by task 1: kfree (mm/slub.c:6876) acpi_ec_add (drivers/acpi/ec.c:1751) The bug triggers on reduced-hardware EC platforms (ec->gpe < 0) when the GPIO IRQ provider defers probing. Once the stale handler exists, any unprivileged sysfs read that causes AML to touch an EC OpRegion (battery, thermal, backlight) exercises the dangling pointer. Fix this by calling ec_remove_handlers() in the error path of acpi_ec_setup() before clearing first_ec. ec_remove_handlers() checks each EC_FLAGS_* bit before acting, so it is safe to call regardless of how far ec_install_handlers() progressed: -ENODEV (handler not installed): only calls acpi_ec_stop()
 -EPROBE_DEFER (handler installed): removes handler, stops EC (CVE-2026-31426)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306184

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2025-14569]]> https://www.tenable.com/plugins/nessus/306183 https://www.tenable.com/plugins/nessus/306183 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306183 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - A vulnerability was detected in ggml-org whisper.cpp up to 1.8.2. Affected is the function read_audio_data of the file /whisper.cpp/examples/common-whisper.cpp. The manipulation results in use after free. The attack requires a local approach. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet. (CVE-2025-14569)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306183

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-31421]]> https://www.tenable.com/plugins/nessus/306182 https://www.tenable.com/plugins/nessus/306182 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306182 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - net/sched: cls_fw: fix NULL pointer dereference on shared blocks The old-method path in fw_classify() calls tcf_block_q() and dereferences q->handle. Shared blocks leave block->q NULL, causing a NULL deref when an empty cls_fw filter is attached to a shared block and a packet with a nonzero major skb mark is classified. Reject the configuration in fw_change() when the old method (no TCA_OPTIONS) is used on a shared block, since fw_classify()'s old-method path needs block->q which is NULL for shared blocks. The fixed null-ptr-deref calling stack: KASAN: null-ptr-deref in range [0x0000000000000038-0x000000000000003f] RIP: 0010:fw_classify (net/sched/cls_fw.c:81) Call Trace: tcf_classify (./include/net/tc_wrapper.h:197 net/sched/cls_api.c:1764 net/sched/cls_api.c:1860) tc_run (net/core/dev.c:4401) __dev_queue_xmit (net/core/dev.c:4535 net/core/dev.c:4790) (CVE-2026-31421)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306182

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-31417]]> https://www.tenable.com/plugins/nessus/306181 https://www.tenable.com/plugins/nessus/306181 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306181 with Critical Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - net/x25: Fix overflow when accumulating packets Add a check to ensure that `x25_sock.fraglen` does not overflow. The `fraglen` also needs to be resetted when purging `fragment_queue` in `x25_clear_queues()`.
 (CVE-2026-31417)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306181

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-31425]]> https://www.tenable.com/plugins/nessus/306180 https://www.tenable.com/plugins/nessus/306180 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306180 with Critical Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - rds: ib: reject FRMR registration before IB connection is established rds_ib_get_mr() extracts the rds_ib_connection from conn->c_transport_data and passes it to rds_ib_reg_frmr() for FRWR memory registration. On a fresh outgoing connection, ic is allocated in rds_ib_conn_alloc() with i_cm_id = NULL because the connection worker has not yet called rds_ib_conn_path_connect() to create the rdma_cm_id. When sendmsg() with RDS_CMSG_RDMA_MAP is called on such a connection, the sendmsg path parses the control message before any connection establishment, allowing rds_ib_post_reg_frmr() to dereference ic->i_cm_id->qp and crash the kernel. The existing guard in rds_ib_reg_frmr() only checks for !ic (added in commit 9e630bcb7701), which does not catch this case since ic is allocated early and is always non-NULL once the connection object exists. KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] RIP: 0010:rds_ib_post_reg_frmr+0x50e/0x920 Call Trace: rds_ib_post_reg_frmr (net/rds/ib_frmr.c:167) rds_ib_map_frmr (net/rds/ib_frmr.c:252) rds_ib_reg_frmr (net/rds/ib_frmr.c:430) rds_ib_get_mr (net/rds/ib_rdma.c:615) __rds_rdma_map (net/rds/rdma.c:295) rds_cmsg_rdma_map (net/rds/rdma.c:860) rds_sendmsg (net/rds/send.c:1363) ____sys_sendmsg do_syscall_64 Add a check in rds_ib_get_mr() that verifies ic, i_cm_id, and qp are all non-NULL before proceeding with FRMR registration, mirroring the guard already present in rds_ib_post_inv(). Return -ENODEV when the connection is not ready, which the existing error handling in rds_cmsg_send() converts to -EAGAIN for userspace retry and triggers rds_conn_connect_if_down() to start the connection worker. (CVE-2026-31425)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306180

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-31424]]> https://www.tenable.com/plugins/nessus/306179 https://www.tenable.com/plugins/nessus/306179 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306179 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP Weiming Shi says:
 xt_match and xt_target structs registered with NFPROTO_UNSPEC can be loaded by any protocol family through nft_compat. When such a match/target sets .hooks to restrict which hooks it may run on, the bitmask uses NF_INET_* constants. This is only correct for families whose hook layout matches NF_INET_*: IPv4, IPv6, INET, and bridge all share the same five hooks (PRE_ROUTING ... POST_ROUTING). ARP only has three hooks (IN=0, OUT=1, FORWARD=2) with different semantics. Because NF_ARP_OUT == 1 == NF_INET_LOCAL_IN, the .hooks validation silently passes for the wrong reasons, allowing matches to run on ARP chains where the hook assumptions (e.g. state->in being set on input hooks) do not hold. This leads to NULL pointer dereferences; xt_devgroup is one concrete example: Oops: general protection fault, probably for non- canonical address 0xdffffc0000000044: 0000 [#1] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000220-0x0000000000000227] RIP: 0010:devgroup_mt+0xff/0x350 Call Trace: nft_match_eval (net/netfilter/nft_compat.c:407) nft_do_chain (net/netfilter/nf_tables_core.c:285) nft_do_chain_arp (net/netfilter/nft_chain_filter.c:61) nf_hook_slow (net/netfilter/core.c:623) arp_xmit (net/ipv4/arp.c:666) Kernel panic - not syncing: Fatal exception in interrupt Fix it by restricting arptables to NFPROTO_ARP extensions only. Note that arptables-legacy only supports: - arpt_CLASSIFY - arpt_mangle - arpt_MARK that provide explicit NFPROTO_ARP match/target declarations.
 (CVE-2026-31424)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306179

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-31416]]> https://www.tenable.com/plugins/nessus/306178 https://www.tenable.com/plugins/nessus/306178 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306178 with Critical Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - netfilter: nfnetlink_log: account for netlink header size This is a followup to an old bug fix: NLMSG_DONE needs to account for the netlink header size, not just the attribute size. This can result in a WARN splat + drop of the netlink message, but other than this there are no ill effects. (CVE-2026-31416)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306178

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-31419]]> https://www.tenable.com/plugins/nessus/306177 https://www.tenable.com/plugins/nessus/306177 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306177 with Critical Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - net: bonding: fix use-after-free in bond_xmit_broadcast() bond_xmit_broadcast() reuses the original skb for the last slave (determined by bond_is_last_slave()) and clones it for others. Concurrent slave enslave/release can mutate the slave list during RCU-protected iteration, changing which slave is last mid-loop. This causes the original skb to be double-consumed (double-freed). Replace the racy bond_is_last_slave() check with a simple index comparison (i + 1 == slaves_count) against the pre-snapshot slave count taken via READ_ONCE() before the loop. This preserves the zero-copy optimization for the last slave while making the last determination stable against concurrent list mutations. The UAF can trigger the following crash: ================================================================== BUG: KASAN: slab- use-after-free in skb_clone Read of size 8 at addr ffff888100ef8d40 by task exploit/147 CPU: 1 UID: 0 PID:
 147 Comm: exploit Not tainted 7.0.0-rc3+ #4 PREEMPTLAZY Call Trace: dump_stack_lvl (lib/dump_stack.c:123) print_report (mm/kasan/report.c:379 mm/kasan/report.c:482) kasan_report (mm/kasan/report.c:597) skb_clone (include/linux/skbuff.h:1724 include/linux/skbuff.h:1792 include/linux/skbuff.h:3396 net/core/skbuff.c:2108) bond_xmit_broadcast (drivers/net/bonding/bond_main.c:5334) bond_start_xmit (drivers/net/bonding/bond_main.c:5567 drivers/net/bonding/bond_main.c:5593) dev_hard_start_xmit (include/linux/netdevice.h:5325 include/linux/netdevice.h:5334 net/core/dev.c:3871 net/core/dev.c:3887) __dev_queue_xmit (include/linux/netdevice.h:3601 net/core/dev.c:4838) ip6_finish_output2 (include/net/neighbour.h:540 include/net/neighbour.h:554 net/ipv6/ip6_output.c:136) ip6_finish_output (net/ipv6/ip6_output.c:208 net/ipv6/ip6_output.c:219) ip6_output (net/ipv6/ip6_output.c:250) ip6_send_skb (net/ipv6/ip6_output.c:1985) udp_v6_send_skb (net/ipv6/udp.c:1442) udpv6_sendmsg (net/ipv6/udp.c:1733)
 __sys_sendto (net/socket.c:730 net/socket.c:742 net/socket.c:2206) __x64_sys_sendto (net/socket.c:2209) do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) Allocated by task 147: Freed by task 147: The buggy address belongs to the object at ffff888100ef8c80 which belongs to the cache skbuff_head_cache of size 224 The buggy address is located 192 bytes inside of freed 224-byte region [ffff888100ef8c80, ffff888100ef8d60) Memory state around the buggy address: ffff888100ef8c00: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc ffff888100ef8c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff888100ef8d00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc ^ ffff888100ef8d80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb ffff888100ef8e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== (CVE-2026-31419)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306177

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-31415]]> https://www.tenable.com/plugins/nessus/306176 https://www.tenable.com/plugins/nessus/306176 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306176 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - ipv6: avoid overflows in ip6_datagram_send_ctl() Yiming Qian reported : I believe I found a locally triggerable kernel bug in the IPv6 sendmsg ancillary-data path that can panic the kernel via `skb_under_panic()` (local DoS). The core issue is a mismatch between: - a 16-bit length accumulator (`struct ipv6_txoptions::opt_flen`, type `__u16`) and - a pointer to the *last* provided destination- options header (`opt->dst1opt`) when multiple `IPV6_DSTOPTS` control messages (cmsgs) are provided. - `include/net/ipv6.h`: - `struct ipv6_txoptions::opt_flen` is `__u16` (wrap possible). (lines 291-307, especially 298) - `net/ipv6/datagram.c:ip6_datagram_send_ctl()`: - Accepts repeated `IPV6_DSTOPTS` and accumulates into `opt_flen` without rejecting duplicates. (lines 909-933) - `net/ipv6/ip6_output.c:__ip6_append_data()`: - Uses `opt->opt_flen + opt->opt_nflen` to compute header sizes/headroom decisions. (lines 1448-1466, especially 1463-1465) - `net/ipv6/ip6_output.c:__ip6_make_skb()`: - Calls `ipv6_push_frag_opts()` if `opt->opt_flen` is non-zero.
 (lines 1930-1934) - `net/ipv6/exthdrs.c:ipv6_push_frag_opts()` / `ipv6_push_exthdr()`: - Push size comes from `ipv6_optlen(opt->dst1opt)` (based on the pointed-to header). (lines 1179-1185 and 1206-1211) 1.
 `opt_flen` is a 16-bit accumulator: - `include/net/ipv6.h:298` defines `__u16 opt_flen; /* after fragment hdr */`. 2. `ip6_datagram_send_ctl()` accepts *repeated* `IPV6_DSTOPTS` cmsgs and increments `opt_flen` each time: - In `net/ipv6/datagram.c:909-933`, for `IPV6_DSTOPTS`: - It computes `len = ((hdr->hdrlen + 1) << 3);` - It checks `CAP_NET_RAW` using `ns_capable(net->user_ns, CAP_NET_RAW)`. (line 922) - Then it does: - `opt->opt_flen += len;` (line 927) - `opt->dst1opt = hdr;` (line 928) There is no duplicate rejection here (unlike the legacy `IPV6_2292DSTOPTS` path which rejects duplicates at `net/ipv6/datagram.c:901-904`). If enough large `IPV6_DSTOPTS` cmsgs are provided, `opt_flen` wraps while `dst1opt` still points to a large (2048-byte) destination-options header. In the attached PoC (`poc.c`): - 32 cmsgs with `hdrlen=255` => `len = (255+1)*8 = 2048` - 1 cmsg with `hdrlen=0` => `len = 8` - Total increment: `32*2048 + 8 = 65544`, so `(__u16)opt_flen == 8` - The last cmsg is 2048 bytes, so `dst1opt` points to a 2048-byte header. 3. The transmit path sizes headers using the wrapped `opt_flen`: - In `net/ipv6/ip6_output.c:1463-1465`: - `headersize = sizeof(struct ipv6hdr) + (opt ? opt->opt_flen + opt->opt_nflen : 0) + ...;` With wrapped `opt_flen`, `headersize`/headroom decisions underestimate what will be pushed later. 4. When building the final skb, the actual push length comes from `dst1opt` and is not limited by wrapped `opt_flen`: - In `net/ipv6/ip6_output.c:1930-1934`: - `if (opt->opt_flen) proto = ipv6_push_frag_opts(skb, opt, proto);` - In `net/ipv6/exthdrs.c:1206-1211`, `ipv6_push_frag_opts()` pushes `dst1opt` via `ipv6_push_exthdr()`. - In `net/ipv6/exthdrs.c:1179-1184`, `ipv6_push_exthdr()` does: - `skb_push(skb, ipv6_optlen(opt));` - `memcpy(h, opt, ipv6_optlen(opt));` With insufficient headroom, `skb_push()` underflows and triggers `skb_under_panic()` -> `BUG()`: - `net/core/skbuff.c:2669-2675` (`skb_push()` calls `skb_under_panic()`) - `net/core/skbuff.c:207-214` (`skb_panic()` ends in `BUG()`) - The `IPV6_DSTOPTS` cmsg path requires `CAP_NET_RAW` in the target netns user namespace (`ns_capable(net->user_ns, CAP_NET_RAW)`). - Root (or any task with `CAP_NET_RAW`) can trigger this without user namespaces. - An unprivileged `uid=1000` user can trigger this if unprivileged user namespaces are enabled and it can create a userns+netns to obtain namespaced `CAP_NET_RAW` (the attached PoC does this). - Local denial of service: kernel BUG/panic (system crash). - ---truncated--- (CVE-2026-31415)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306176

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-31418]]> https://www.tenable.com/plugins/nessus/306175 https://www.tenable.com/plugins/nessus/306175 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306175 with Critical Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - netfilter: ipset: drop logically empty buckets in mtype_del mtype_del() counts empty slots below n->pos in k, but it only drops the bucket when both n->pos and k are zero. This misses buckets whose live entries have all been removed while n->pos still points past deleted slots. Treat a bucket as empty when all positions below n->pos are unused and release it directly instead of shrinking it further.
 (CVE-2026-31418)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306175

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-31427]]> https://www.tenable.com/plugins/nessus/306174 https://www.tenable.com/plugins/nessus/306174 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306174 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp process_sdp() declares union nf_inet_addr rtp_addr on the stack and passes it to the nf_nat_sip sdp_session hook after walking the SDP media descriptions. However rtp_addr is only initialized inside the media loop when a recognized media type with a non-zero port is found. If the SDP body contains no m= lines, only inactive media sections (m=audio 0 ...) or only unrecognized media types, rtp_addr is never assigned. Despite that, the function still calls hooks->sdp_session() with &rtp_addr, causing nf_nat_sdp_session() to format the stale stack value as an IP address and rewrite the SDP session owner and connection lines with it. With CONFIG_INIT_STACK_ALL_ZERO (default on most distributions) this results in the session-level o= and c= addresses being rewritten to 0.0.0.0 for inactive SDP sessions. Without stack auto-init the rewritten address is whatever happened to be on the stack. Fix this by pre-initializing rtp_addr from the session- level connection address (caddr) when available, and tracking via a have_rtp_addr flag whether any valid address was established. Skip the sdp_session hook entirely when no valid address exists. (CVE-2026-31427)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306174

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-31420]]> https://www.tenable.com/plugins/nessus/306173 https://www.tenable.com/plugins/nessus/306173 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306173 with Critical Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - bridge: mrp: reject zero test interval to avoid OOM panic br_mrp_start_test() and br_mrp_start_in_test() accept the user-supplied interval value from netlink without validation. When interval is 0, usecs_to_jiffies(0) yields 0, causing the delayed work (br_mrp_test_work_expired / br_mrp_in_test_work_expired) to reschedule itself with zero delay. This creates a tight loop on system_percpu_wq that allocates and transmits MRP test frames at maximum rate, exhausting all system memory and causing a kernel panic via OOM deadlock. The same zero-interval issue applies to br_mrp_start_in_test_parse() for interconnect test frames. Use NLA_POLICY_MIN(NLA_U32, 1) in the nla_policy tables for both IFLA_BRIDGE_MRP_START_TEST_INTERVAL and IFLA_BRIDGE_MRP_START_IN_TEST_INTERVAL, so zero is rejected at the netlink attribute parsing layer before the value ever reaches the workqueue scheduling code. This is consistent with how other bridge subsystems (br_fdb, br_mst) enforce range constraints on netlink attributes. (CVE-2026-31420)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306173

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-31414]]> https://www.tenable.com/plugins/nessus/306172 https://www.tenable.com/plugins/nessus/306172 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306172 with Critical Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - netfilter: nf_conntrack_expect: use expect->helper Use expect->helper in ctnetlink and /proc to dump the helper name. Using nfct_help() without holding a reference to the master conntrack is unsafe. Use exp->master->helper in ctnetlink path if userspace does not provide an explicit helper when creating an expectation to retain the existing behaviour. The ctnetlink expectation path holds the reference on the master conntrack and nf_conntrack_expect lock and the nfnetlink glue path refers to the master ct that is attached to the skb. (CVE-2026-31414)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306172

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-31423]]> https://www.tenable.com/plugins/nessus/306171 https://www.tenable.com/plugins/nessus/306171 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306171 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - net/sched: sch_hfsc: fix divide-by-zero in rtsc_min() m2sm() converts a u32 slope to a u64 scaled value.
 For large inputs (e.g. m1=4000000000), the result can reach 2^32. rtsc_min() stores the difference of two such u64 values in a u32 variable `dsm` and uses it as a divisor. When the difference is exactly 2^32 the truncation yields zero, causing a divide-by-zero oops in the concave-curve intersection path: Oops: divide error: 0000 RIP: 0010:rtsc_min (net/sched/sch_hfsc.c:601) Call Trace: init_ed (net/sched/sch_hfsc.c:629) hfsc_enqueue (net/sched/sch_hfsc.c:1569) [...] Widen `dsm` to u64 and replace do_div() with div64_u64() so the full difference is preserved. (CVE-2026-31423)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306171

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-34477]]> https://www.tenable.com/plugins/nessus/306170 https://www.tenable.com/plugins/nessus/306170 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306170 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - The fix for CVE-2025-68161 https://logging.apache.org/security.html#CVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.html#log4j2.sslVerifyHostName system property, but not when configured through the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName attribute of the element. Although the verifyHostName configuration attribute was introduced in Log4j Core 2.12.0, it was silently ignored in all versions through 2.25.3, leaving TLS connections vulnerable to interception regardless of the configured value. A network-based attacker may be able to perform a man-in-the-middle attack when all of the following conditions are met: * An SMTP, Socket, or Syslog appender is in use. * TLS is configured via a nested element. * The attacker can present a certificate issued by a CA trusted by the appender's configured trust store, or by the default Java trust store if none is configured. This issue does not affect users of the HTTP appender, which uses a separate verifyHostname https://logging.apache.org/log4j/2.x/manual/appenders/network.html#HttpAppender-attr- verifyHostName attribute that was not subject to this bug and verifies host names by default. Users are advised to upgrade to Apache Log4j Core 2.25.4, which corrects this issue. (CVE-2026-34477)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306170

]]> <![CDATA[Dotnetnuke < 10.2.2 Security code analysis rules triggered (GHSA-fcpv-w245-r2q7)]]> https://www.tenable.com/plugins/nessus/306169 https://www.tenable.com/plugins/nessus/306169 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306169 with High Severity

Synopsis

An ASP.NET application running on the remote web server is affected by a vulnerability.

Description

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 10.2.2.
It is, therefore, affected by a vulnerability.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Dotnetnuke version 10.2.2 or later.

Read more at https://www.tenable.com/plugins/nessus/306169

]]> <![CDATA[Dotnetnuke < 10.2.2 Stored cross-site-scripting (XSS) via SVG upload (CVE-2026-40321)]]> https://www.tenable.com/plugins/nessus/306168 https://www.tenable.com/plugins/nessus/306168 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306168 with High Severity

Synopsis

An ASP.NET application running on the remote web server is affected by a vulnerability.

Description

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 10.2.2.
It is, therefore, affected by a vulnerability.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Dotnetnuke version 10.2.2 or later.

Read more at https://www.tenable.com/plugins/nessus/306168

]]> <![CDATA[Oracle Linux 10 : nodejs24 (ELSA-2026-7675)]]> https://www.tenable.com/plugins/nessus/306167 https://www.tenable.com/plugins/nessus/306167 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306167 with Critical Severity

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-7675 advisory.

 [1:24.14.1-2.0.1]
 - Update upstream references

 [1:24.14.1-2]
 - Update bundled nghttp2 to 1.68.1

 [1:24.14.1-1]
 - Update to version 24.14.1

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306167

]]> <![CDATA[Oracle Linux 9 : nghttp2 (ELSA-2026-7668)]]> https://www.tenable.com/plugins/nessus/306166 https://www.tenable.com/plugins/nessus/306166 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306166 with High Severity

Synopsis

The remote Oracle Linux host is missing a security update.

Description

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-7668 advisory.

 [1.43.0-6.1]
 - fix Denial of service: Assertion failure due to the missing state validation (CVE-2026-27135)

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected libnghttp2, libnghttp2-devel and / or nghttp2 packages.

Read more at https://www.tenable.com/plugins/nessus/306166

]]> <![CDATA[Oracle Linux 9 : firefox (ELSA-2026-7671)]]> https://www.tenable.com/plugins/nessus/306165 https://www.tenable.com/plugins/nessus/306165 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306165 with Critical Severity

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-7671 advisory.

 [140.9.1-1.0.1]
 - Fix firefox-oracle-default-prefs.js for new nss [Orabug: 37079773]
 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file

 [140.9.1]
 - Add debranding patches (Mustafa Gezen)
 - Add OpenELA default preferences (Louis Abel)

 [140.9.1-1]
 - Update to 140.9.1 ESR

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected firefox and / or firefox-x11 packages.

Read more at https://www.tenable.com/plugins/nessus/306165

]]> <![CDATA[Oracle Linux 10 : firefox (ELSA-2026-7672)]]> https://www.tenable.com/plugins/nessus/306164 https://www.tenable.com/plugins/nessus/306164 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306164 with Critical Severity

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-7672 advisory.

 [140.9.1-1.0.1]
 - Fix firefox-oracle-default-prefs.js for new nss [Orabug: 37079773]
 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file

 [140.9.1-1]
 - Update to 140.9.1 ESR

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected firefox package.

Read more at https://www.tenable.com/plugins/nessus/306164

]]> <![CDATA[Oracle Linux 10 : perl-XML-Parser (ELSA-2026-7680)]]> https://www.tenable.com/plugins/nessus/306163 https://www.tenable.com/plugins/nessus/306163 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306163 with Critical Severity

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-7680 advisory.

 [2.47-6.1.0.1]
 - Add perl(LWP) Requires

 [2.47-6.1]
 - Fix CVE-2006-10002, CVE-2006-10003

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected perl-XML-Parser package.

Read more at https://www.tenable.com/plugins/nessus/306163

]]> <![CDATA[RHEL 8 : firefox (RHSA-2026:7858)]]> https://www.tenable.com/plugins/nessus/306162 https://www.tenable.com/plugins/nessus/306162 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306162 with Critical Severity

Synopsis

The remote Red Hat host is missing one or more security updates for firefox.

Description

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:7858 advisory.

 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

 Security Fix(es):

 * firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-4701)

 * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4721)

 * firefox: thunderbird: Privilege escalation in the Netmonitor component (CVE-2026-4717)

 * firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-4688)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4706)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4695)

 * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4689)

 * firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-4698)

 * firefox: thunderbird: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component (CVE-2026-4716)

 * firefox: thunderbird: Race condition, use-after-free in the Graphics: WebRender component (CVE-2026-4684)

 * firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4705)

 * firefox: thunderbird: Uninitialized memory in the Graphics: Canvas2D component (CVE-2026-4715)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4685)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4714)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-4709)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4710)

 * firefox: thunderbird: Information disclosure in the Widget: Cocoa component (CVE-2026-4712)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4697)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4713)

 * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4690)

 * firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-4711)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4686)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4708)

 * firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component (CVE-2026-4691)

 * firefox: thunderbird: Incorrect boundary conditions in the Layout: Text and Fonts component (CVE-2026-4699)

 * firefox: thunderbird: Use-after-free in the Layout: Text and Fonts component (CVE-2026-4696)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Playback component (CVE-2026-4693)

 * firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4718)

 * firefox: thunderbird: JIT miscompilation in the JavaScript Engine component (CVE-2026-4702)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Text component (CVE-2026-4719)

 * firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics component (CVE-2026-4694)

 * firefox: thunderbird: Sandbox escape in the Responsive Design Mode component (CVE-2026-4692)

 * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4720)

 * firefox: thunderbird: Mitigation bypass in the Networking: HTTP component (CVE-2026-4700)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4707)

 * firefox: thunderbird: Denial-of-service in the WebRTC: Signaling component (CVE-2026-4704)

 * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component (CVE-2026-4687)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL firefox package based on the guidance in RHSA-2026:7858.

Read more at https://www.tenable.com/plugins/nessus/306162

]]> <![CDATA[RHEL 8 : go-toolset:rhel8 (RHSA-2026:7876)]]> https://www.tenable.com/plugins/nessus/306161 https://www.tenable.com/plugins/nessus/306161 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306161 with High Severity

Synopsis

The remote Red Hat host is missing one or more security updates for go-toolset:rhel8.

Description

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7876 advisory.

 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

 Security Fix(es):

 * cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)

 * net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL go-toolset:rhel8 package based on the guidance in RHSA-2026:7876.

Read more at https://www.tenable.com/plugins/nessus/306161

]]> <![CDATA[RHEL 8 : firefox (RHSA-2026:7838)]]> https://www.tenable.com/plugins/nessus/306160 https://www.tenable.com/plugins/nessus/306160 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306160 with Critical Severity

Synopsis

The remote Red Hat host is missing one or more security updates for firefox.

Description

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:7838 advisory.

 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

 Security Fix(es):

 * firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-4701)

 * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4721)

 * firefox: thunderbird: Privilege escalation in the Netmonitor component (CVE-2026-4717)

 * firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-4688)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4706)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4695)

 * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4689)

 * firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-4698)

 * firefox: thunderbird: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component (CVE-2026-4716)

 * firefox: thunderbird: Race condition, use-after-free in the Graphics: WebRender component (CVE-2026-4684)

 * firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4705)

 * firefox: thunderbird: Uninitialized memory in the Graphics: Canvas2D component (CVE-2026-4715)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4685)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4714)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-4709)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4710)

 * firefox: thunderbird: Information disclosure in the Widget: Cocoa component (CVE-2026-4712)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4697)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4713)

 * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4690)

 * firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-4711)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4686)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4708)

 * firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component (CVE-2026-4691)

 * firefox: thunderbird: Incorrect boundary conditions in the Layout: Text and Fonts component (CVE-2026-4699)

 * firefox: thunderbird: Use-after-free in the Layout: Text and Fonts component (CVE-2026-4696)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Playback component (CVE-2026-4693)

 * firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4718)

 * firefox: thunderbird: JIT miscompilation in the JavaScript Engine component (CVE-2026-4702)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Text component (CVE-2026-4719)

 * firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics component (CVE-2026-4694)

 * firefox: thunderbird: Sandbox escape in the Responsive Design Mode component (CVE-2026-4692)

 * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4720)

 * firefox: thunderbird: Mitigation bypass in the Networking: HTTP component (CVE-2026-4700)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4707)

 * firefox: thunderbird: Denial-of-service in the WebRTC: Signaling component (CVE-2026-4704)

 * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component (CVE-2026-4687)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL firefox package based on the guidance in RHSA-2026:7838.

Read more at https://www.tenable.com/plugins/nessus/306160

]]> <![CDATA[RHEL 8 : go-toolset:rhel8 (RHSA-2026:7878)]]> https://www.tenable.com/plugins/nessus/306159 https://www.tenable.com/plugins/nessus/306159 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306159 with High Severity

Synopsis

The remote Red Hat host is missing one or more security updates for go-toolset:rhel8.

Description

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7878 advisory.

 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

 Security Fix(es):

 * cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)

 * net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL go-toolset:rhel8 package based on the guidance in RHSA-2026:7878.

Read more at https://www.tenable.com/plugins/nessus/306159

]]> <![CDATA[RHEL 9 : podman (RHSA-2026:7854)]]> https://www.tenable.com/plugins/nessus/306158 https://www.tenable.com/plugins/nessus/306158 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306158 with Critical Severity

Synopsis

The remote Red Hat host is missing one or more security updates for podman.

Description

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7854 advisory.

 The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.

 Security Fix(es):

 * crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)

 * golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)

 * golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)

 * crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL podman package based on the guidance in RHSA-2026:7854.

Read more at https://www.tenable.com/plugins/nessus/306158

]]> <![CDATA[RHEL 9 : golang (RHSA-2026:7833)]]> https://www.tenable.com/plugins/nessus/306157 https://www.tenable.com/plugins/nessus/306157 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306157 with High Severity

Synopsis

The remote Red Hat host is missing one or more security updates for golang.

Description

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7833 advisory.

 The golang packages provide the Go programming language compiler.

 Security Fix(es):

 * cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)

 * net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL golang package based on the guidance in RHSA-2026:7833.

Read more at https://www.tenable.com/plugins/nessus/306157

]]> <![CDATA[RHEL 9 : golang (RHSA-2026:7883)]]> https://www.tenable.com/plugins/nessus/306156 https://www.tenable.com/plugins/nessus/306156 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306156 with High Severity

Synopsis

The remote Red Hat host is missing one or more security updates for golang.

Description

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7883 advisory.

 The golang packages provide the Go programming language compiler.

 Security Fix(es):

 * cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)

 * net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL golang package based on the guidance in RHSA-2026:7883.

Read more at https://www.tenable.com/plugins/nessus/306156

]]> <![CDATA[RHEL 8 : go-toolset:rhel8 (RHSA-2026:7877)]]> https://www.tenable.com/plugins/nessus/306155 https://www.tenable.com/plugins/nessus/306155 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306155 with High Severity

Synopsis

The remote Red Hat host is missing one or more security updates for go-toolset:rhel8.

Description

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7877 advisory.

 Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

 Security Fix(es):

 * cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)

 * net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL go-toolset:rhel8 package based on the guidance in RHSA-2026:7877.

Read more at https://www.tenable.com/plugins/nessus/306155

]]> <![CDATA[Quest KACE Systems Management Appliance (SMA) Detection]]> https://www.tenable.com/plugins/nessus/306154 https://www.tenable.com/plugins/nessus/306154 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306154 with Info Severity

Synopsis

The web interface for Quest KACE Systems Management Appliance (SMA) was detected.

Description

The web interface for Quest KACE Systems Management Appliance (SMA) was detected.

Solution

null

Read more at https://www.tenable.com/plugins/nessus/306154

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-30479]]> https://www.tenable.com/plugins/nessus/306153 https://www.tenable.com/plugins/nessus/306153 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306153 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable. (CVE-2026-30479)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306153

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-1101]]> https://www.tenable.com/plugins/nessus/306152 https://www.tenable.com/plugins/nessus/306152 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306152 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to cause denial of service to the GitLab instance due to improper input validation in GraphQL queries. (CVE-2026-1101)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306152

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-34179]]> https://www.tenable.com/plugins/nessus/306151 https://www.tenable.com/plugins/nessus/306151 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306151 with Critical Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH requests to /1.0/certificates/{fingerprint} for restricted TLS certificate users, allowing a remote authenticated attacker to escalate privileges to cluster admin. (CVE-2026-34179)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306151

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-4916]]> https://www.tenable.com/plugins/nessus/306150 https://www.tenable.com/plugins/nessus/306150 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306150 with Low Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom role permissions to demote or remove higher-privileged group members due to improper authorization checks on member management operations. (CVE-2026-4916)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306150

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-5173]]> https://www.tenable.com/plugins/nessus/306149 https://www.tenable.com/plugins/nessus/306149 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306149 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to invoke unintended server-side methods through websocket connections due to improper access control. (CVE-2026-5173)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306149

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-34178]]> https://www.tenable.com/plugins/nessus/306148 https://www.tenable.com/plugins/nessus/306148 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306148 with Critical Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same archive that is never checked against project restrictions. An authenticated remote attacker with instance-creation permission in a restricted project can craft a backup archive where backup.yaml carries restricted settings such as security.privileged=true or raw.lxc directives, bypassing all project restriction enforcement and allowing full host compromise. (CVE-2026-34178)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306148

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-4332]]> https://www.tenable.com/plugins/nessus/306147 https://www.tenable.com/plugins/nessus/306147 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306147 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers due to improper input sanitization. (CVE-2026-4332)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306147

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-39883]]> https://www.tenable.com/plugins/nessus/306146 https://www.tenable.com/plugins/nessus/306146 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306146 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This vulnerability is fixed in 1.43.0. (CVE-2026-39883)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306146

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-40395]]> https://www.tenable.com/plugins/nessus/306145 https://www.tenable.com/plugins/nessus/306145 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306145 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Varnish Enterprise before 6.0.16r12 allows a workspace overflow denial of service (daemon panic) for shared VCL. The headerplus.write_req0() function from vmod_headerplus updates the underlying req0, which is normally the original read-only request from which req is derived (readable and writable from VCL).
 This is useful in the active VCL, after amending req, to prepare a refined req0 before switching to a different VCL with the return (vcl(
Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306145

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-1516]]> https://www.tenable.com/plugins/nessus/306144 https://www.tenable.com/plugins/nessus/306144 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306144 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that in Code Quality reports could have allowed an authenticated user to leak IP addresses of users viewing the report via specially crafted content. (CVE-2026-1516)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306144

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-3466]]> https://www.tenable.com/plugins/nessus/306143 https://www.tenable.com/plugins/nessus/306143 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306143 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Insufficient sanitization of dashboard dashlet title links in Checkmk 2.2.0 (EOL), Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 (beta) before 2.5.0b3 allows an attacker with dashboard creation privileges to perform stored cross-site scripting (XSS) attacks by tricking a victim into clicking a crafted dashlet title link on a shared dashboard. (CVE-2026-3466)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306143

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-23411]]> https://www.tenable.com/plugins/nessus/306142 https://www.tenable.com/plugins/nessus/306142 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306142 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - apparmor: fix race between freeing data and fs accessing it AppArmor was putting the reference to i_private data on its end after removing the original entry from the file system. However the inode can aand does live beyond that point and it is possible that some of the fs call back functions will be invoked after the reference has been put, which results in a race between freeing the data and accessing it through the fs. While the rawdata/loaddata is the most likely candidate to fail the race, as it has the fewest references. If properly crafted it might be possible to trigger a race for the other types stored in i_private. Fix this by moving the put of i_private referenced data to the correct place which is during inode eviction. (CVE-2026-23411)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306142

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-40046]]> https://www.tenable.com/plugins/nessus/306141 https://www.tenable.com/plugins/nessus/306141 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306141 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT. The fix for CVE-2025-66168: MQTT control packet remaining length field is not properly validated was only applied to 5.19.2 (and future 5.19.x) releases but was missed for all 6.0.0+ versions. This issue affects Apache ActiveMQ: from 6.0.0 before 6.2.4; Apache ActiveMQ All: from 6.0.0 before 6.2.4; Apache ActiveMQ MQTT: from 6.0.0 before 6.2.4. Users are recommended to upgrade to version 6.2.4 or a 5.19.x version starting with 5.19.2 or later (currently latest is 5.19.5), which fixes the issue.
 (CVE-2026-40046)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306141

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-1752]]> https://www.tenable.com/plugins/nessus/306140 https://www.tenable.com/plugins/nessus/306140 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306140 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in the API.
 (CVE-2026-1752)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306140

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-5733]]> https://www.tenable.com/plugins/nessus/306139 https://www.tenable.com/plugins/nessus/306139 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306139 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 149.0.2 and Thunderbird 149.0.2. (CVE-2026-5733)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306139

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-2104]]> https://www.tenable.com/plugins/nessus/306138 https://www.tenable.com/plugins/nessus/306138 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306138 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to access confidential issues assigned to other users via CSV export due to insufficient authorization checks. (CVE-2026-2104)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306138

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-34177]]> https://www.tenable.com/plugins/nessus/306137 https://www.tenable.com/plugins/nessus/306137 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306137 with Critical Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden (lxd/project/limits/permissions.go), which omits raw.apparmor and raw.qemu.conf from the set of keys blocked under the restricted.virtual-machines.lowlevel=block project restriction. A remote attacker with can_edit permission on a VM instance in a restricted project can inject an AppArmor rule and a QEMU chardev configuration that bridges the LXD Unix socket into the guest VM, enabling privilege escalation to LXD cluster administrator and subsequently to host root. (CVE-2026-34177)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306137

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-33456]]> https://www.tenable.com/plugins/nessus/306136 https://www.tenable.com/plugins/nessus/306136 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306136 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Livestatus injection in the notification test mode in Checkmk <2.5.0b4 and <2.4.0p26 allows an authenticated user with access to the notification test page to inject arbitrary Livestatus commands via a crafted service description. (CVE-2026-33456)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306136

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-33455]]> https://www.tenable.com/plugins/nessus/306135 https://www.tenable.com/plugins/nessus/306135 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306135 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Livestatus injection in the monitoring quicksearch in Checkmk <2.5.0b4 allows an authenticated attacker to inject livestatus commands via the search query due to insufficient input sanitization in search filter plugins. (CVE-2026-33455)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306135

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-2619]]> https://www.tenable.com/plugins/nessus/306134 https://www.tenable.com/plugins/nessus/306134 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306134 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user with auditor privileges to modify vulnerability flag data in private projects due to incorrect authorization. (CVE-2026-2619)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306134

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-1403]]> https://www.tenable.com/plugins/nessus/306133 https://www.tenable.com/plugins/nessus/306133 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306133 with Critical Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - GitLab has remediated an issue that when importing CSV files could have allowed an authenticated user to cause denial of service to Sidekiq workers due to improper validation of CSV file structure.
 (CVE-2026-1403)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306133

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-33457]]> https://www.tenable.com/plugins/nessus/306132 https://www.tenable.com/plugins/nessus/306132 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306132 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Livestatus injection in the prediction graph page in Checkmk <2.5.0b4, <2.4.0p26, and <2.3.0p47 allows an authenticated user to inject arbitrary Livestatus commands via a crafted service name parameter due to insufficient sanitization of the service description value. (CVE-2026-33457)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306132

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-39983]]> https://www.tenable.com/plugins/nessus/306131 https://www.tenable.com/plugins/nessus/306131 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306131 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences (\r\n) in file path parameters passed to high-level path APIs such as cd(), remove(), rename(), uploadFrom(), downloadTo(), list(), and removeDir(). The library's protectWhitespace() helper only handles leading spaces and returns other paths unchanged, while FtpContext.send() writes the resulting command string directly to the control socket with \r\n appended. This lets attacker-controlled path strings split one intended FTP command into multiple commands. This vulnerability is fixed in 5.2.1. (CVE-2026-39983)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306131

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2025-39666]]> https://www.tenable.com/plugins/nessus/306130 https://www.tenable.com/plugins/nessus/306130 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306130 with Critical Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Local privilege escalation in Checkmk 2.2.0 (EOL), Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 (beta) before 2.5.0b3 allows a site user to escalate their privileges to root, by manipulating files in the site context that are processed when the `omd` administrative command is run by root. (CVE-2025-39666)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306130

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2025-12664]]> https://www.tenable.com/plugins/nessus/306129 https://www.tenable.com/plugins/nessus/306129 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306129 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries. (CVE-2025-12664)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306129

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2025-9484]]> https://www.tenable.com/plugins/nessus/306128 https://www.tenable.com/plugins/nessus/306128 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306128 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - GitLab has remediated an issue in GitLab EE affecting all versions from 16.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user to have access to other users' email addresses via certain GraphQL queries. (CVE-2025-9484)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306128

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-5735]]> https://www.tenable.com/plugins/nessus/306127 https://www.tenable.com/plugins/nessus/306127 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306127 with Critical Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149.0.2 and Thunderbird < 149.0.2. (CVE-2026-5735)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306127

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2025-14551]]> https://www.tenable.com/plugins/nessus/306126 https://www.tenable.com/plugins/nessus/306126 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306126 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, Subiquity could include certain user credentials, such as the user's plaintext Wi-Fi password, in the attached logs. (CVE-2025-14551)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306126

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-1092]]> https://www.tenable.com/plugins/nessus/306125 https://www.tenable.com/plugins/nessus/306125 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306125 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service due to improper input validation of JSON payloads. (CVE-2026-1092)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306125

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-22666]]> https://www.tenable.com/plugins/nessus/306124 https://www.tenable.com/plugins/nessus/306124 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306124 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Dolibarr ERP/CRM versions prior to 23.0.2 contain an authenticated remote code execution vulnerability in the dol_eval_standard() function that fails to apply forbidden string checks in whitelist mode and does not detect PHP dynamic callable syntax. Attackers with administrator privileges can inject malicious payloads through computed extrafields or other evaluation paths using PHP dynamic callable syntax to bypass validation and achieve arbitrary command execution via eval(). (CVE-2026-22666)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306124

]]> <![CDATA[Dell PowerScale OneFS 9.5.x < 9.10.1.7 / 9.11.x < 9.13.0.1 Information Disclosure (DSA-2026-125)]]> https://www.tenable.com/plugins/nessus/306123 https://www.tenable.com/plugins/nessus/306123 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306123 with Medium Severity

Synopsis

The remote Dell PowerScale OneFS is affected by an information disclosure vulnerability.

Description

The version of Dell PowerScale OneFS running on the remote host is 9.5.x prior to 9.10.1.7 or 9.11.x prior to 9.13.0.1. It is, therefore, affected by a vulnerability:

 - A generation of error message containing sensitive information vulnerability allows a high privileged attacker with local access to potentially access sensitive information. (CVE-2026-24511)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Dell PowerScale OneFS version 9.10.1.7 / 9.13.0.1 or later.

Read more at https://www.tenable.com/plugins/nessus/306123

]]> <![CDATA[Dell PowerScale OneFS 9.5.x < 9.10.1.7 / 9.11.x < 9.13.0.2 Incorrect Privilege Assignment (DSA-2026-125)]]> https://www.tenable.com/plugins/nessus/306122 https://www.tenable.com/plugins/nessus/306122 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306122 with High Severity

Synopsis

The remote Dell PowerScale OneFS is affected by an incorrect privilege assignment vulnerability.

Description

The version of Dell PowerScale OneFS running on the remote host is 9.5.x prior to 9.10.1.7 or 9.11.x prior to 9.13.0.2. It is, therefore, affected by a vulnerability:

 - An incorrect privilege assignment vulnerability allows a low privileged attacker with local access to potentially escalate privileges. (CVE-2026-27102)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Dell PowerScale OneFS version 9.10.1.7 / 9.13.0.2 or later.

Read more at https://www.tenable.com/plugins/nessus/306122

]]> <![CDATA[Oracle Linux 10 : nghttp2 (ELSA-2026-7666)]]> https://www.tenable.com/plugins/nessus/306121 https://www.tenable.com/plugins/nessus/306121 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306121 with High Severity

Synopsis

The remote Oracle Linux host is missing a security update.

Description

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-7666 advisory.

 [1.64.0-2.1]
 - fix Denial of service: Assertion failure due to the missing state validation (CVE-2026-27135)

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected libnghttp2, libnghttp2-devel and / or nghttp2 packages.

Read more at https://www.tenable.com/plugins/nessus/306121

]]> <![CDATA[Oracle Linux 10 : openexr (ELSA-2026-7682)]]> https://www.tenable.com/plugins/nessus/306120 https://www.tenable.com/plugins/nessus/306120 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306120 with High Severity

Synopsis

The remote Oracle Linux host is missing a security update.

Description

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-7682 advisory.

 [3.1.10-8.1]
 - fix CVE-2026-27622

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected openexr, openexr-devel and / or openexr-libs packages.

Read more at https://www.tenable.com/plugins/nessus/306120

]]> <![CDATA[Oracle Linux 8 : nghttp2 (ELSA-2026-7667)]]> https://www.tenable.com/plugins/nessus/306119 https://www.tenable.com/plugins/nessus/306119 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306119 with High Severity

Synopsis

The remote Oracle Linux host is missing a security update.

Description

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-7667 advisory.

 [1.33.0-6.2]
 - fix Denial of service: Assertion failure due to the missing state validation (CVE-2026-27135)

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected libnghttp2, libnghttp2-devel and / or nghttp2 packages.

Read more at https://www.tenable.com/plugins/nessus/306119

]]> <![CDATA[Oracle Linux 9 : nginx:1.26 (ELSA-2026-7343)]]> https://www.tenable.com/plugins/nessus/306118 https://www.tenable.com/plugins/nessus/306118 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306118 with High Severity

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-7343 advisory.

 - Resolves: RHEL-157887 - CVE-2026-32647 nginx:1.26/nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files
 - Resolves: RHEL-159446 - CVE-2026-27651 nginx:1.26/nginx: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled
 - Resolves: RHEL-159538 - CVE-2026-27784 nginx:1.26/nginx: NGINX: Denial of Service due to memory corruption via crafted MP4 file
 - Resolves: RHEL-159559 - CVE-2026-27654 nginx:1.26/nginx: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module
 - nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections (CVE-2026-1642)

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306118

]]> <![CDATA[MiracleLinux 9 : git-lfs-3.6.1-8.el9_7 (AXSA:2026-420:04)]]> https://www.tenable.com/plugins/nessus/306117 https://www.tenable.com/plugins/nessus/306117 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306117 with High Severity

Synopsis

The remote MiracleLinux host is missing a security update.

Description

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2026-420:04 advisory.

 * net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected git-lfs package.

Read more at https://www.tenable.com/plugins/nessus/306117

]]> <![CDATA[MiracleLinux 9 : python3.9-3.9.25-3.el9_7.2 (AXSA:2026-419:03)]]> https://www.tenable.com/plugins/nessus/306116 https://www.tenable.com/plugins/nessus/306116 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306116 with High Severity

Synopsis

The remote MiracleLinux host is missing a security update.

Description

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-419:03 advisory.

 * python: Python: Command-line option injection in webbrowser.open() via crafted URLs (CVE-2026-4519)

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306116

]]> <![CDATA[MiracleLinux 9 : [security - high] gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free (AXSA:2026-421:01)]]> https://www.tenable.com/plugins/nessus/306115 https://www.tenable.com/plugins/nessus/306115 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306115 with High Severity

Synopsis

The remote MiracleLinux host is missing one or more security updates.

Description

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-421:01 advisory.

 * GStreamer: GStreamer: Arbitrary code execution via ASF file processing (CVE-2026-2920)
 * GStreamer: GStreamer: Remote Code Execution via heap-based buffer overflow in JPEG parser (CVE-2026-3082)
 * GStreamer: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay (CVE-2026-3085)
 * GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling (CVE-2026-2921)
 * GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay (CVE-2026-3083)
 * GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in RealMedia Demuxer (CVE-2026-2922)
 * GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in DVB Subtitles handling (CVE-2026-2923)

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306115

]]> <![CDATA[MiracleLinux 9 : fontforge-20201107-8.el9_7 (AXSA:2026-417:02)]]> https://www.tenable.com/plugins/nessus/306114 https://www.tenable.com/plugins/nessus/306114 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306114 with High Severity

Synopsis

The remote MiracleLinux host is missing a security update.

Description

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2026-417:02 advisory.

 * fontforge: FontForge: Remote Code Execution via malicious SFD file parsing (CVE-2025-15270)

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected fontforge package.

Read more at https://www.tenable.com/plugins/nessus/306114

]]> <![CDATA[MiracleLinux 8 : freerdp-2.11.7-6.el8_10 (AXSA:2026-416:12)]]> https://www.tenable.com/plugins/nessus/306113 https://www.tenable.com/plugins/nessus/306113 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306113 with Critical Severity

Synopsis

The remote MiracleLinux host is missing one or more security updates.

Description

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-416:12 advisory.

 * freerdp: FreeRDP heap-use-after-free (CVE-2026-22856)
 * freerdp: FreeRDP heap-buffer-overflow (CVE-2026-22854)
 * freerdp: FreeRDP heap-buffer-overflow (CVE-2026-22852)
 * freerdp: FreeRDP: Denial of Service via FastGlyph parsing buffer overflow (CVE-2026-23732)
 * freerdp: FreeRDP: Denial of Service via use-after-free in AUDIN format renegotiation (CVE-2026-24676)
 * freerdp: FreeRDP has a heap-use-after-free in video_timer (CVE-2026-24491)
 * freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2() (CVE-2026-23948)
 * freerdp: FreeRDP has a Heap-use-after-free in play_thread (CVE-2026-24684)
 * freerdp: FreeRDP has a heap-use-after-free in urb_bulk_transfer_cb (CVE-2026-24681)
 * freerdp: FreeRDP has a heap-use-after-free in ainput_send_input_event (CVE-2026-24683)
 * freerdp: FreeRDP has a heap-buffer-overflow in urb_select_interface (CVE-2026-24679)
 * freerdp: FreeRDP has a Heap-use-after-free in urb_select_interface (CVE-2026-24675)
 * freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages (CVE-2026-31806)

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306113

]]> <![CDATA[RHEL 9 : firefox (RHSA-2026:7839)]]> https://www.tenable.com/plugins/nessus/306112 https://www.tenable.com/plugins/nessus/306112 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306112 with Critical Severity

Synopsis

The remote Red Hat host is missing one or more security updates for firefox.

Description

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:7839 advisory.

 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

 Security Fix(es):

 * firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-4701)

 * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4721)

 * firefox: thunderbird: Privilege escalation in the Netmonitor component (CVE-2026-4717)

 * firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-4688)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4706)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4695)

 * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4689)

 * firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-4698)

 * firefox: thunderbird: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component (CVE-2026-4716)

 * firefox: thunderbird: Race condition, use-after-free in the Graphics: WebRender component (CVE-2026-4684)

 * firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4705)

 * firefox: thunderbird: Uninitialized memory in the Graphics: Canvas2D component (CVE-2026-4715)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4685)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4714)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-4709)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4710)

 * firefox: thunderbird: Information disclosure in the Widget: Cocoa component (CVE-2026-4712)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4697)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4713)

 * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4690)

 * firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-4711)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4686)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4708)

 * firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component (CVE-2026-4691)

 * firefox: thunderbird: Incorrect boundary conditions in the Layout: Text and Fonts component (CVE-2026-4699)

 * firefox: thunderbird: Use-after-free in the Layout: Text and Fonts component (CVE-2026-4696)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Playback component (CVE-2026-4693)

 * firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4718)

 * firefox: thunderbird: JIT miscompilation in the JavaScript Engine component (CVE-2026-4702)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Text component (CVE-2026-4719)

 * firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics component (CVE-2026-4694)

 * firefox: thunderbird: Sandbox escape in the Responsive Design Mode component (CVE-2026-4692)

 * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4720)

 * firefox: thunderbird: Mitigation bypass in the Networking: HTTP component (CVE-2026-4700)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4707)

 * firefox: thunderbird: Denial-of-service in the WebRTC: Signaling component (CVE-2026-4704)

 * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component (CVE-2026-4687)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL firefox package based on the guidance in RHSA-2026:7839.

Read more at https://www.tenable.com/plugins/nessus/306112

]]> <![CDATA[RHEL 9 : rhc (RHSA-2026:7665)]]> https://www.tenable.com/plugins/nessus/306111 https://www.tenable.com/plugins/nessus/306111 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306111 with High Severity

Synopsis

The remote Red Hat host is missing a security update for rhc.

Description

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:7665 advisory.

 rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management.

 Security Fix(es):

 * net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL rhc package based on the guidance in RHSA-2026:7665.

Read more at https://www.tenable.com/plugins/nessus/306111

]]> <![CDATA[RHEL 10 : perl-XML-Parser (RHSA-2026:7680)]]> https://www.tenable.com/plugins/nessus/306110 https://www.tenable.com/plugins/nessus/306110 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306110 with Critical Severity

Synopsis

The remote Red Hat host is missing one or more security updates for perl-XML-Parser.

Description

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:7680 advisory.

 This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark's expat library. Each call to one of the parsing methods creates a new instance of XML::Parser::Expat which is then used to parse the document. Expat options may be provided when the XML::Parser object is created. These options are then passed on to the Expat object on each parse call. They can also be given as extra arguments to the parse methods, in which case they override options given at XML::Parser creation time.

 Security Fix(es):

 * perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files (CVE-2006-10003)

 * perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input (CVE-2006-10002)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL perl-XML-Parser package based on the guidance in RHSA-2026:7680.

Read more at https://www.tenable.com/plugins/nessus/306110

]]> <![CDATA[RHEL 10 : firefox (RHSA-2026:7843)]]> https://www.tenable.com/plugins/nessus/306109 https://www.tenable.com/plugins/nessus/306109 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306109 with Critical Severity

Synopsis

The remote Red Hat host is missing one or more security updates for firefox.

Description

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:7843 advisory.

 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

 Security Fix(es):

 * firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-4701)

 * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4721)

 * firefox: thunderbird: Privilege escalation in the Netmonitor component (CVE-2026-4717)

 * firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-4688)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4706)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4695)

 * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4689)

 * firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-4698)

 * firefox: thunderbird: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component (CVE-2026-4716)

 * firefox: thunderbird: Race condition, use-after-free in the Graphics: WebRender component (CVE-2026-4684)

 * firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4705)

 * firefox: thunderbird: Uninitialized memory in the Graphics: Canvas2D component (CVE-2026-4715)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4685)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4714)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-4709)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4710)

 * firefox: thunderbird: Information disclosure in the Widget: Cocoa component (CVE-2026-4712)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4697)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4713)

 * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4690)

 * firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-4711)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4686)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4708)

 * firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component (CVE-2026-4691)

 * firefox: thunderbird: Incorrect boundary conditions in the Layout: Text and Fonts component (CVE-2026-4699)

 * firefox: thunderbird: Use-after-free in the Layout: Text and Fonts component (CVE-2026-4696)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Playback component (CVE-2026-4693)

 * firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4718)

 * firefox: thunderbird: JIT miscompilation in the JavaScript Engine component (CVE-2026-4702)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Text component (CVE-2026-4719)

 * firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics component (CVE-2026-4694)

 * firefox: thunderbird: Sandbox escape in the Responsive Design Mode component (CVE-2026-4692)

 * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4720)

 * firefox: thunderbird: Mitigation bypass in the Networking: HTTP component (CVE-2026-4700)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4707)

 * firefox: thunderbird: Denial-of-service in the WebRTC: Signaling component (CVE-2026-4704)

 * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component (CVE-2026-4687)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL firefox package based on the guidance in RHSA-2026:7843.

Read more at https://www.tenable.com/plugins/nessus/306109

]]> <![CDATA[RHEL 8 : firefox (RHSA-2026:7840)]]> https://www.tenable.com/plugins/nessus/306108 https://www.tenable.com/plugins/nessus/306108 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306108 with Critical Severity

Synopsis

The remote Red Hat host is missing one or more security updates for firefox.

Description

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:7840 advisory.

 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

 Security Fix(es):

 * firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-4701)

 * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4721)

 * firefox: thunderbird: Privilege escalation in the Netmonitor component (CVE-2026-4717)

 * firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-4688)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4706)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4695)

 * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4689)

 * firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-4698)

 * firefox: thunderbird: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component (CVE-2026-4716)

 * firefox: thunderbird: Race condition, use-after-free in the Graphics: WebRender component (CVE-2026-4684)

 * firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4705)

 * firefox: thunderbird: Uninitialized memory in the Graphics: Canvas2D component (CVE-2026-4715)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4685)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4714)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-4709)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4710)

 * firefox: thunderbird: Information disclosure in the Widget: Cocoa component (CVE-2026-4712)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4697)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4713)

 * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4690)

 * firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-4711)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4686)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4708)

 * firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component (CVE-2026-4691)

 * firefox: thunderbird: Incorrect boundary conditions in the Layout: Text and Fonts component (CVE-2026-4699)

 * firefox: thunderbird: Use-after-free in the Layout: Text and Fonts component (CVE-2026-4696)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Playback component (CVE-2026-4693)

 * firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4718)

 * firefox: thunderbird: JIT miscompilation in the JavaScript Engine component (CVE-2026-4702)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Text component (CVE-2026-4719)

 * firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics component (CVE-2026-4694)

 * firefox: thunderbird: Sandbox escape in the Responsive Design Mode component (CVE-2026-4692)

 * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4720)

 * firefox: thunderbird: Mitigation bypass in the Networking: HTTP component (CVE-2026-4700)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4707)

 * firefox: thunderbird: Denial-of-service in the WebRTC: Signaling component (CVE-2026-4704)

 * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component (CVE-2026-4687)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL firefox package based on the guidance in RHSA-2026:7840.

Read more at https://www.tenable.com/plugins/nessus/306108

]]> <![CDATA[RHEL 10 : rhc (RHSA-2026:7669)]]> https://www.tenable.com/plugins/nessus/306107 https://www.tenable.com/plugins/nessus/306107 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306107 with High Severity

Synopsis

The remote Red Hat host is missing a security update for rhc.

Description

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:7669 advisory.

 rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management.

 Security Fix(es):

 * net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL rhc package based on the guidance in RHSA-2026:7669.

Read more at https://www.tenable.com/plugins/nessus/306107

]]> <![CDATA[RHEL 8 : fontforge (RHSA-2026:7677)]]> https://www.tenable.com/plugins/nessus/306106 https://www.tenable.com/plugins/nessus/306106 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306106 with High Severity

Synopsis

The remote Red Hat host is missing one or more security updates for fontforge.

Description

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:7677 advisory.

 FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript (ASCII and binary Type 1, some Type 3 and Type 0), TrueType, OpenType (Type2) and CID-keyed fonts.

 Security Fix(es):

 * fontforge: FontForge: Remote Code Execution via heap-based buffer overflow in BMP file parsing (CVE-2025-15279)

 * fontforge: FontForge: Remote Code Execution via Use-After-Free in SFD file parsing (CVE-2025-15269)

 * fontforge: FontForge: Arbitrary code execution via SFD file parsing buffer overflow (CVE-2025-15275)

 * fontforge: FontForge: Remote Code Execution via malicious SFD file parsing (CVE-2025-15270)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL fontforge package based on the guidance in RHSA-2026:7677.

Read more at https://www.tenable.com/plugins/nessus/306106

]]> <![CDATA[RHEL 10 : openexr (RHSA-2026:7682)]]> https://www.tenable.com/plugins/nessus/306105 https://www.tenable.com/plugins/nessus/306105 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306105 with High Severity

Synopsis

The remote Red Hat host is missing a security update for openexr.

Description

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:7682 advisory.

 OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR.

 Security Fix(es):

 * openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing (CVE-2026-27622)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL openexr package based on the guidance in RHSA-2026:7682.

Read more at https://www.tenable.com/plugins/nessus/306105

]]> <![CDATA[RHEL 9 : firefox (RHSA-2026:7841)]]> https://www.tenable.com/plugins/nessus/306104 https://www.tenable.com/plugins/nessus/306104 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306104 with Critical Severity

Synopsis

The remote Red Hat host is missing one or more security updates for firefox.

Description

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7841 advisory.

 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

 Security Fix(es):

 * firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-4701)

 * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4721)

 * firefox: thunderbird: Privilege escalation in the Netmonitor component (CVE-2026-4717)

 * firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-4688)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4706)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4695)

 * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4689)

 * firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-4698)

 * firefox: thunderbird: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component (CVE-2026-4716)

 * firefox: thunderbird: Race condition, use-after-free in the Graphics: WebRender component (CVE-2026-4684)

 * firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4705)

 * firefox: thunderbird: Uninitialized memory in the Graphics: Canvas2D component (CVE-2026-4715)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4685)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4714)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-4709)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4710)

 * firefox: thunderbird: Information disclosure in the Widget: Cocoa component (CVE-2026-4712)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4697)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4713)

 * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4690)

 * firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-4711)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4686)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4708)

 * firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component (CVE-2026-4691)

 * firefox: thunderbird: Incorrect boundary conditions in the Layout: Text and Fonts component (CVE-2026-4699)

 * firefox: thunderbird: Use-after-free in the Layout: Text and Fonts component (CVE-2026-4696)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Playback component (CVE-2026-4693)

 * firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4718)

 * firefox: thunderbird: JIT miscompilation in the JavaScript Engine component (CVE-2026-4702)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Text component (CVE-2026-4719)

 * firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics component (CVE-2026-4694)

 * firefox: thunderbird: Sandbox escape in the Responsive Design Mode component (CVE-2026-4692)

 * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4720)

 * firefox: thunderbird: Mitigation bypass in the Networking: HTTP component (CVE-2026-4700)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4707)

 * firefox: thunderbird: Denial-of-service in the WebRTC: Signaling component (CVE-2026-4704)

 * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component (CVE-2026-4687)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL firefox package based on the guidance in RHSA-2026:7841.

Read more at https://www.tenable.com/plugins/nessus/306104

]]> <![CDATA[RHEL 10 : vim (RHSA-2026:7711)]]> https://www.tenable.com/plugins/nessus/306103 https://www.tenable.com/plugins/nessus/306103 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306103 with High Severity

Synopsis

The remote Red Hat host is missing one or more security updates for vim.

Description

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7711 advisory.

 Vim (Vi IMproved) is an updated and improved version of the vi editor.

 Security Fix(es):

 * vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin (CVE-2026-28417)

 * vim: Vim: Denial of service and information disclosure via crafted swap file (CVE-2026-28421)

 * vim: Vim: Arbitrary code execution via command injection in glob() function (CVE-2026-33412)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL vim package based on the guidance in RHSA-2026:7711.

Read more at https://www.tenable.com/plugins/nessus/306103

]]> <![CDATA[RHEL 8 : perl-XML-Parser (RHSA-2026:7681)]]> https://www.tenable.com/plugins/nessus/306102 https://www.tenable.com/plugins/nessus/306102 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306102 with Critical Severity

Synopsis

The remote Red Hat host is missing one or more security updates for perl-XML-Parser.

Description

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:7681 advisory.

 This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark's expat library. Each call to one of the parsing methods creates a new instance of XML::Parser::Expat which is then used to parse the document. Expat options may be provided when the XML::Parser object is created. These options are then passed on to the Expat object on each parse call. They can also be given as extra arguments to the parse methods, in which case they override options given at XML::Parser creation time.

 Security Fix(es):

 * perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files (CVE-2006-10003)

 * perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input (CVE-2006-10002)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL perl-XML-Parser package based on the guidance in RHSA-2026:7681.

Read more at https://www.tenable.com/plugins/nessus/306102

]]> <![CDATA[RHEL 10 : nghttp2 (RHSA-2026:7666)]]> https://www.tenable.com/plugins/nessus/306101 https://www.tenable.com/plugins/nessus/306101 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306101 with High Severity

Synopsis

The remote Red Hat host is missing a security update for nghttp2.

Description

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:7666 advisory.

 libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C.

 Security Fix(es):

 * nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL nghttp2 package based on the guidance in RHSA-2026:7666.

Read more at https://www.tenable.com/plugins/nessus/306101

]]> <![CDATA[RHEL 10 : firefox (RHSA-2026:7672)]]> https://www.tenable.com/plugins/nessus/306100 https://www.tenable.com/plugins/nessus/306100 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306100 with Critical Severity

Synopsis

The remote Red Hat host is missing one or more security updates for firefox.

Description

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:7672 advisory.

 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

 Security Fix(es):

 * libpng: libpng: Arbitrary code execution due to use-after-free vulnerability (CVE-2026-33416)

 * libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion (CVE-2026-33636)

 * thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 (CVE-2026-5734)

 * thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 (CVE-2026-5731)

 * firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component (CVE-2026-5732)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL firefox package based on the guidance in RHSA-2026:7672.

Read more at https://www.tenable.com/plugins/nessus/306100

]]> <![CDATA[Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-8159-1)]]> https://www.tenable.com/plugins/nessus/306099 https://www.tenable.com/plugins/nessus/306099 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306099 with High Severity

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8159-1 advisory.

 Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems:

 - ARM64 architecture;

 - Cryptographic API;

 - Netfilter;

 - Network traffic control; (CVE-2025-37849, CVE-2026-23060, CVE-2026-23074, CVE-2026-23111)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

Read more at https://www.tenable.com/plugins/nessus/306099

]]> <![CDATA[Ubuntu 14.04 LTS : Salt vulnerabilities (USN-8153-1)]]> https://www.tenable.com/plugins/nessus/306098 https://www.tenable.com/plugins/nessus/306098 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306098 with Medium Severity

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8153-1 advisory.

 Zach Malone discovered that Salt did not properly handle permissions to cache data. A local attacker could possibly use this issue to obtain sensitive information. (CVE-2015-8034) Dylan Frese discovered that Salt incorrectly allowed users to specify PAM service. An attacker could possibly use this issue to bypass authentication. (CVE-2016-3176)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306098

]]> <![CDATA[Ubuntu Pro Realtime 22.04 LTS : Linux kernel (Intel IoTG Real-time) vulnerabilities (USN-8164-1)]]> https://www.tenable.com/plugins/nessus/306097 https://www.tenable.com/plugins/nessus/306097 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306097 with High Severity

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu Pro Realtime 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8164-1 advisory.

 Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module (LSM).
 An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information (kernel memory), local privilege escalation, or possibly escape a container. (LP: #2143853, CVE-2026-23268, CVE-2026-23269, CVE-2026-23403, CVE-2026-23404, CVE-2026-23405, CVE-2026-23406, CVE-2026-23407, CVE-2026-23408, CVE-2026-23409, CVE-2026-23410, CVE-2026-23411)

 Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems:

 - ARM64 architecture;

 - Cryptographic API;

 - Netfilter;

 - Network traffic control; (CVE-2025-37849, CVE-2026-23060, CVE-2026-23074, CVE-2026-23111)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

Read more at https://www.tenable.com/plugins/nessus/306097

]]> <![CDATA[Ubuntu 24.04 LTS / 25.10 : RetroArch vulnerability (USN-8166-1)]]> https://www.tenable.com/plugins/nessus/306096 https://www.tenable.com/plugins/nessus/306096 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306096 with High Severity

Synopsis

The remote Ubuntu host is missing a security update.

Description

The remote Ubuntu 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8166-1 advisory.

 It was discovered that RetroArch did not correctly handle certain memory operations, which could lead to a buffer overflow. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.10.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected retroarch and / or retroarch-dev packages.

Read more at https://www.tenable.com/plugins/nessus/306096

]]> <![CDATA[Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : Django vulnerabilities (USN-8154-1)]]> https://www.tenable.com/plugins/nessus/306095 https://www.tenable.com/plugins/nessus/306095 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306095 with Low Severity

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8154-1 advisory.

 Seokchan Yoon discovered that Django incorrectly handled copying memory when parsing multipart uploads with excessive whitespace. A remote attacker could possibly use this issue to cause Django to use excessive resources, leading to a denial of service. (CVE-2026-33033)

 It was discovered that Django did not enforce an upload memory size limit in the Content-Length header. A remote attacker could possibly use this issue to cause Django to use excessive resources, leading to a denial of service. This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-33034)

 Tarek Nakkouch discovered that Django incorrectly handled underscores in the ASGI headers. A remote attacker could possibly use this issue to spoof HTTP headers. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. (CVE-2026-3902)

 It was discovered that Django incorrectly handled verification of model data created with POST requests. A remote attacker could possibly use this issue to forge new model permissions. (CVE-2026-4277, CVE-2026-4292)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected python-django, python-django-common and / or python3-django packages.

Read more at https://www.tenable.com/plugins/nessus/306095

]]> <![CDATA[Ubuntu Pro FIPS-updates 24.04 LTS : Linux kernel (Azure FIPS) vulnerabilities (USN-8165-1)]]> https://www.tenable.com/plugins/nessus/306094 https://www.tenable.com/plugins/nessus/306094 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306094 with High Severity

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu Pro FIPS-updates 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8165-1 advisory.

 Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module (LSM).
 An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information (kernel memory), local privilege escalation, or possibly escape a container. (LP: #2143853, CVE-2026-23268, CVE-2026-23269, CVE-2026-23403, CVE-2026-23404, CVE-2026-23405, CVE-2026-23406, CVE-2026-23407, CVE-2026-23408, CVE-2026-23409, CVE-2026-23410, CVE-2026-23411)

 Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems:

 - ARM64 architecture;

 - MIPS architecture;

 - Nios II architecture;

 - PA-RISC architecture;

 - RISC-V architecture;

 - S390 architecture;

 - Sun Sparc architecture;

 - User-Mode Linux (UML);

 - x86 architecture;

 - Xtensa architecture;

 - Block layer subsystem;

 - Cryptographic API;

 - Compute Acceleration Framework;

 - ACPI drivers;

 - ATM drivers;

 - Drivers core;

 - Block device driver;

 - Network block device driver;

 - Bluetooth drivers;

 - Bus devices;

 - Hardware random number generator core;

 - Character device driver;

 - Data acquisition framework and drivers;

 - CPU frequency scaling framework;

 - Hardware crypto device drivers;

 - Device frequency scaling framework;

 - DMA engine subsystem;

 - ARM SCMI message protocol;

 - EFI core;

 - Intel Stratix 10 firmware drivers;

 - GPU drivers;

 - HID subsystem;

 - CoreSight HW tracing drivers;

 - IIO subsystem;

 - InfiniBand drivers;

 - Input Device core drivers;

 - Input Device (Miscellaneous) drivers;

 - Input Device (Tablet) drivers;

 - IOMMU subsystem;

 - ISDN/mISDN subsystem;

 - Mailbox framework;

 - Multiple devices driver;

 - Media drivers;

 - Fastrpc Driver;

 - MOST (Media Oriented Systems Transport) drivers;

 - MTD block device drivers;

 - Ethernet bonding driver;

 - Network drivers;

 - Mellanox network drivers;

 - STMicroelectronics network drivers;

 - Texas Instruments network drivers;

 - Ethernet team driver;

 - NVME drivers;

 - PCI subsystem;

 - PCCARD (PCMCIA/CardBus) bus subsystem;

 - Performance monitor drivers;

 - Pin controllers subsystem;

 - x86 platform drivers;

 - ARM PM domains;

 - PPS (Pulse Per Second) driver;

 - PTP clock framework;

 - PWM drivers;

 - Remote Processor subsystem;

 - S/390 drivers;

 - SCSI subsystem;

 - Texas Instruments SoC drivers;

 - TCM subsystem;

 - Trusted Execution Environment drivers;

 - TTY drivers;

 - Userspace I/O drivers;

 - Cadence USB3 driver;

 - DesignWare USB3 driver;

 - USB Gadget drivers;

 - USB Host Controller drivers;

 - Renesas USBHS Controller drivers;

 - USB Mass Storage drivers;

 - Virtio Host (VHOST) subsystem;

 - Framebuffer layer;

 - Xen hypervisor drivers;

 - AFS file system;

 - BTRFS file system;

 - Ceph distributed file system;

 - File systems infrastructure;

 - EFI Variable file system;

 - exFAT file system;

 - Ext4 file system;

 - F2FS file system;

 - FUSE (File system in Userspace);

 - GFS2 file system;

 - HFS file system;

 - HFS+ file system;

 - HugeTLB file system;

 - JFS file system;

 - KERNFS file system;

 - Network file system (NFS) client;

 - Network file system (NFS) server daemon;

 - File system notification infrastructure;

 - NTFS3 file system;

 - OCFS2 file system;

 - OrangeFS file system;

 - Proc file system;

 - Diskquota system;

 - SMB network file system;

 - SquashFS file system;

 - UDF file system;

 - XFS file system;

 - Asynchronous Transfer Mode (ATM) subsystem;

 - BPF subsystem;

 - Mellanox drivers;

 - NFS page cache wrapper;

 - Memory management;

 - Memory Management;

 - Media input infrastructure;

 - Bluetooth subsystem;

 - IP tunnels definitions;

 - Network traffic control;

 - Rose network layer;

 - Network sockets;

 - io_uring subsystem;

 - Control group (cgroup);

 - Kernel crash support code;

 - Kernel futex primitives;

 - PID allocator;

 - Scheduler infrastructure;

 - Syscalls implementation;

 - Timer subsystem;

 - Tracing infrastructure;

 - 9P file system network protocol;

 - Amateur Radio drivers;

 - B.A.T.M.A.N. meshing protocol;

 - Ethernet bridge;

 - Ceph Core library;

 - Networking core;

 - Devlink API;

 - IPv4 networking;

 - IPv6 networking;

 - MAC80211 subsystem;

 - Multipath TCP;

 - Netfilter;

 - NFC subsystem;

 - Open vSwitch;

 - RF switch subsystem;

 - SCTP protocol;

 - SMC sockets;

 - Sun RPC protocol;

 - TIPC protocol;

 - TLS protocol;

 - VMware vSockets driver;

 - Wireless networking;

 - eXpress Data Path;

 - XFRM subsystem;

 - Integrity Measurement Architecture(IMA) framework;

 - Intel ASoC drivers;

 - QCOM ASoC drivers;

 - USB sound devices; (CVE-2025-21833, CVE-2025-22103, CVE-2025-22105, CVE-2025-22106, CVE-2025-22107, CVE-2025-22113, CVE-2025-22121, CVE-2025-22124, CVE-2025-22125, CVE-2025-23129, CVE-2025-23130, CVE-2025-23133, CVE-2025-23143, CVE-2025-37860, CVE-2025-38105, CVE-2025-38502, CVE-2025-38556, CVE-2025-38627, CVE-2025-38643, CVE-2025-38709, CVE-2025-39678, CVE-2025-39697, CVE-2025-39805, CVE-2025-39806, CVE-2025-39807, CVE-2025-39808, CVE-2025-39810, CVE-2025-39811, CVE-2025-39812, CVE-2025-39813, CVE-2025-39815, CVE-2025-39817, CVE-2025-39819, CVE-2025-39823, CVE-2025-39824, CVE-2025-39825, CVE-2025-39826, CVE-2025-39827, CVE-2025-39828, CVE-2025-39829, CVE-2025-39832, CVE-2025-39835, CVE-2025-39836, CVE-2025-39838, CVE-2025-39839, CVE-2025-39841, CVE-2025-39842, CVE-2025-39843, CVE-2025-39844, CVE-2025-39845, CVE-2025-39846, CVE-2025-39847, CVE-2025-39848, CVE-2025-39849, CVE-2025-39850, CVE-2025-39851, CVE-2025-39852, CVE-2025-39853, CVE-2025-39854, CVE-2025-39857, CVE-2025-39860, CVE-2025-39861, CVE-2025-39863, CVE-2025-39864, CVE-2025-39865, CVE-2025-39866, CVE-2025-39869, CVE-2025-39870, CVE-2025-39871, CVE-2025-39873, CVE-2025-39876, CVE-2025-39877, CVE-2025-39880, CVE-2025-39881, CVE-2025-39883, CVE-2025-39885, CVE-2025-39886, CVE-2025-39891, CVE-2025-39894, CVE-2025-39895, CVE-2025-39897, CVE-2025-39899, CVE-2025-39901, CVE-2025-39902, CVE-2025-39907, CVE-2025-39909, CVE-2025-39911, CVE-2025-39913, CVE-2025-39914, CVE-2025-39916, CVE-2025-39920, CVE-2025-39923, CVE-2025-39927, CVE-2025-39929, CVE-2025-39931, CVE-2025-39932, CVE-2025-39934, CVE-2025-39937, CVE-2025-39938, CVE-2025-39940, CVE-2025-39942, CVE-2025-39943, CVE-2025-39944, CVE-2025-39945, CVE-2025-39947, CVE-2025-39948, CVE-2025-39949, CVE-2025-39950, CVE-2025-39951, CVE-2025-39952, CVE-2025-39953, CVE-2025-39955, CVE-2025-39957, CVE-2025-39961, CVE-2025-39965, CVE-2025-39967, CVE-2025-39968, CVE-2025-39969, CVE-2025-39970, CVE-2025-39971, CVE-2025-39972, CVE-2025-39973, CVE-2025-39977, CVE-2025-39978, CVE-2025-39980, CVE-2025-39981, CVE-2025-39982, CVE-2025-39985, CVE-2025-39986, CVE-2025-39987, CVE-2025-39988, CVE-2025-39991, CVE-2025-39992, CVE-2025-39994, CVE-2025-39995, CVE-2025-39996, CVE-2025-39998, CVE-2025-40000, CVE-2025-40001, CVE-2025-40006, CVE-2025-40008, CVE-2025-40009, CVE-2025-40010, CVE-2025-40011, CVE-2025-40013, CVE-2025-40016, CVE-2025-40020, CVE-2025-40021, CVE-2025-40024, CVE-2025-40026, CVE-2025-40027, CVE-2025-40029, CVE-2025-40030, CVE-2025-40031, CVE-2025-40032, CVE-2025-40033, CVE-2025-40035, CVE-2025-40036, CVE-2025-40037, CVE-2025-40038, CVE-2025-40042, CVE-2025-40043, CVE-2025-40044, CVE-2025-40047, CVE-2025-40048, CVE-2025-40049, CVE-2025-40051, CVE-2025-40052, CVE-2025-40053, CVE-2025-40055, CVE-2025-40056, CVE-2025-40057, CVE-2025-40058, CVE-2025-40059, CVE-2025-40060, CVE-2025-40061, CVE-2025-40062, CVE-2025-40067, CVE-2025-40068, CVE-2025-40070, CVE-2025-40071, CVE-2025-40077, CVE-2025-40078, CVE-2025-40079, CVE-2025-40080, CVE-2025-40081, CVE-2025-40083, CVE-2025-40084, CVE-2025-40085, CVE-2025-40087, CVE-2025-40088, CVE-2025-40092, CVE-2025-40093, CVE-2025-40094, CVE-2025-40095, CVE-2025-40096, CVE-2025-40099, CVE-2025-40100, CVE-2025-40101, CVE-2025-40103, CVE-2025-40104, CVE-2025-40105, CVE-2025-40106, CVE-2025-40107, CVE-2025-40109, CVE-2025-40110, CVE-2025-40111, CVE-2025-40112, CVE-2025-40115, CVE-2025-40116, CVE-2025-40118, CVE-2025-40120, CVE-2025-40121, CVE-2025-40123, CVE-2025-40124, CVE-2025-40125, CVE-2025-40126, CVE-2025-40127, CVE-2025-40129, CVE-2025-40134, CVE-2025-40137, CVE-2025-40140, CVE-2025-40141, CVE-2025-40153, CVE-2025-40154, CVE-2025-40155, CVE-2025-40156, CVE-2025-40159, CVE-2025-40160, CVE-2025-40165, CVE-2025-40166, CVE-2025-40167, CVE-2025-40169, CVE-2025-40171, CVE-2025-40172, CVE-2025-40173, CVE-2025-40176, CVE-2025-40178, CVE-2025-40179, CVE-2025-40180, CVE-2025-40183, CVE-2025-40187, CVE-2025-40188, CVE-2025-40192, CVE-2025-40193, CVE-2025-40194, CVE-2025-40196, CVE-2025-40198, CVE-2025-40200, CVE-2025-40201, CVE-2025-40202, CVE-2025-40204, CVE-2025-40205, CVE-2025-40206, CVE-2025-40207, CVE-2025-40211, CVE-2025-40218, CVE-2025-40219, CVE-2025-40220, CVE-2025-40221, CVE-2025-40223, CVE-2025-40226, CVE-2025-40231, CVE-2025-40233, CVE-2025-40235, CVE-2025-40237, CVE-2025-40238, CVE-2025-40240, CVE-2025-40242, CVE-2025-40243, CVE-2025-40244, CVE-2025-40245, CVE-2025-40248, CVE-2025-40250, CVE-2025-40251, CVE-2025-40252, CVE-2025-40253, CVE-2025-40254, CVE-2025-40257, CVE-2025-40258, CVE-2025-40259, CVE-2025-40261, CVE-2025-40262, CVE-2025-40263, CVE-2025-40264, CVE-2025-40266, CVE-2025-40268, CVE-2025-40269, CVE-2025-40271, CVE-2025-40272, CVE-2025-40273, CVE-2025-40275, CVE-2025-40277, CVE-2025-40278, CVE-2025-40279, CVE-2025-40280, CVE-2025-40281, CVE-2025-40282, CVE-2025-40283, CVE-2025-40284, CVE-2025-40285, CVE-2025-40286, CVE-2025-40287, CVE-2025-40288, CVE-2025-40289, CVE-2025-40292, CVE-2025-40293, CVE-2025-40294, CVE-2025-40301, CVE-2025-40303, CVE-2025-40304, CVE-2025-40305, CVE-2025-40306, CVE-2025-40307, CVE-2025-40308, CVE-2025-40309, CVE-2025-40310, CVE-2025-40311, CVE-2025-40312, CVE-2025-40313, CVE-2025-40314, CVE-2025-40315, CVE-2025-40317, CVE-2025-40318, CVE-2025-40319, CVE-2025-40320, CVE-2025-40321, CVE-2025-40322, CVE-2025-40323, CVE-2025-40324, CVE-2025-40328, CVE-2025-40329, CVE-2025-40331, CVE-2025-40333, CVE-2025-40337, CVE-2025-40339, CVE-2025-40341, CVE-2025-40342, CVE-2025-40343, CVE-2025-40345, CVE-2025-40346, CVE-2025-40347, CVE-2025-40349, CVE-2025-40350, CVE-2025-40351, CVE-2025-40353, CVE-2025-40358, CVE-2025-40360, CVE-2025-40363, CVE-2025-68168, CVE-2025-68171, CVE-2025-68172, CVE-2025-68173, CVE-2025-68176, CVE-2025-68177, CVE-2025-68178, CVE-2025-68179, CVE-2025-68180, CVE-2025-68183, CVE-2025-68184, CVE-2025-68185, CVE-2025-68190, CVE-2025-68191, CVE-2025-68192, CVE-2025-68194, CVE-2025-68198, CVE-2025-68200, CVE-2025-68201, CVE-2025-68204, CVE-2025-68208, CVE-2025-68213, CVE-2025-68214, CVE-2025-68217, CVE-2025-68218, CVE-2025-68219, CVE-2025-68220, CVE-2025-68222, CVE-2025-68223, CVE-2025-68227, CVE-2025-68229, CVE-2025-68231, CVE-2025-68233, CVE-2025-68235, CVE-2025-68237, CVE-2025-68238, CVE-2025-68241, CVE-2025-68244, CVE-2025-68245, CVE-2025-68246, CVE-2025-68249, CVE-2025-68282, CVE-2025-68283, CVE-2025-68284, CVE-2025-68285, CVE-2025-68286, CVE-2025-68287, CVE-2025-68288, CVE-2025-68289, CVE-2025-68290, CVE-2025-68295, CVE-2025-68297, CVE-2025-68301, CVE-2025-68302, CVE-2025-68303, CVE-2025-68305, CVE-2025-68307, CVE-2025-68308, CVE-2025-68310, CVE-2025-68311, CVE-2025-68312, CVE-2025-68313, CVE-2025-68315, CVE-2025-68320, CVE-2025-68321, CVE-2025-68322, CVE-2025-68327, CVE-2025-68328, CVE-2025-68330, CVE-2025-68331, CVE-2025-68339, CVE-2025-68340, CVE-2025-68342, CVE-2025-68343, CVE-2025-68734, CVE-2026-23060, CVE-2026-23074, CVE-2026-23111)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

Read more at https://www.tenable.com/plugins/nessus/306094

]]> <![CDATA[Ubuntu 18.04 LTS / 20.04 LTS : MongoDB vulnerability (USN-8160-1)]]> https://www.tenable.com/plugins/nessus/306093 https://www.tenable.com/plugins/nessus/306093 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306093 with High Severity

Synopsis

The remote Ubuntu host is missing a security update.

Description

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8160-1 advisory.

 It was discovered that MongoDB incorrectly handled length parameters in zlib-compressed network messages prior to authentication. An unauthenticated remote attacker could possibly use this issue to cause MongoDB to allocate an oversized memory buffer, resulting in the exposure of sensitive information.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306093

]]> <![CDATA[Ubuntu 20.04 LTS : Linux kernel (NVIDIA Tegra) vulnerabilities (USN-8162-1)]]> https://www.tenable.com/plugins/nessus/306092 https://www.tenable.com/plugins/nessus/306092 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306092 with High Severity

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8162-1 advisory.

 Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems:

 - ARM64 architecture;

 - Block layer subsystem;

 - Cryptographic API;

 - Drivers core;

 - Bluetooth drivers;

 - DMA engine subsystem;

 - GPU drivers;

 - HID subsystem;

 - Intel Trace Hub HW tracing drivers;

 - IIO ADC drivers;

 - IRQ chip drivers;

 - Modular ISDN driver;

 - LED subsystem;

 - UACCE accelerator framework;

 - Ethernet bonding driver;

 - Network drivers;

 - STMicroelectronics network drivers;

 - Ethernet team driver;

 - NVME drivers;

 - PHY drivers;

 - SLIMbus drivers;

 - W1 Dallas's 1-wire bus driver;

 - Xen hypervisor drivers;

 - BTRFS file system;

 - Ext4 file system;

 - Network file system (NFS) client;

 - Network file system (NFS) server daemon;

 - NTFS3 file system;

 - SMB network file system;

 - NFC subsystem;

 - BPF subsystem;

 - IRQ subsystem;

 - Memory management;

 - Bluetooth subsystem;

 - CAN network layer;

 - Networking core;

 - IPv4 networking;

 - IPv6 networking;

 - L2TP protocol;

 - Netfilter;

 - NET/ROM layer;

 - Network traffic control;

 - SCTP protocol;

 - TLS protocol;

 - XFRM subsystem;

 - Creative Sound Blaster X-Fi driver;

 - USB sound devices; (CVE-2023-53421, CVE-2023-53520, CVE-2023-53662, CVE-2023-54207, CVE-2025-37849, CVE-2025-38057, CVE-2025-38125, CVE-2025-38232, CVE-2025-38408, CVE-2025-38591, CVE-2025-40149, CVE-2025-40164, CVE-2025-68211, CVE-2025-68340, CVE-2025-68365, CVE-2025-68725, CVE-2025-68817, CVE-2025-71080, CVE-2025-71163, CVE-2025-71185, CVE-2025-71186, CVE-2025-71188, CVE-2025-71190, CVE-2025-71191, CVE-2025-71194, CVE-2025-71196, CVE-2025-71197, CVE-2025-71199, CVE-2026-22997, CVE-2026-22998, CVE-2026-22999, CVE-2026-23001, CVE-2026-23003, CVE-2026-23011, CVE-2026-23026, CVE-2026-23033, CVE-2026-23037, CVE-2026-23038, CVE-2026-23049, CVE-2026-23056, CVE-2026-23058, CVE-2026-23060, CVE-2026-23061, CVE-2026-23063, CVE-2026-23064, CVE-2026-23071, CVE-2026-23073, CVE-2026-23074, CVE-2026-23075, CVE-2026-23076, CVE-2026-23078, CVE-2026-23080, CVE-2026-23083, CVE-2026-23084, CVE-2026-23085, CVE-2026-23087, CVE-2026-23089, CVE-2026-23090, CVE-2026-23091, CVE-2026-23093, CVE-2026-23095, CVE-2026-23096, CVE-2026-23097, CVE-2026-23098, CVE-2026-23099, CVE-2026-23101, CVE-2026-23103, CVE-2026-23105, CVE-2026-23108, CVE-2026-23111, CVE-2026-23119, CVE-2026-23120, CVE-2026-23121, CVE-2026-23124, CVE-2026-23125, CVE-2026-23128, CVE-2026-23133, CVE-2026-23145, CVE-2026-23146, CVE-2026-23150, CVE-2026-23164, CVE-2026-23167, CVE-2026-23170, CVE-2026-23209)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

Read more at https://www.tenable.com/plugins/nessus/306092

]]> <![CDATA[Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : QEMU vulnerabilities (USN-8161-1)]]> https://www.tenable.com/plugins/nessus/306091 https://www.tenable.com/plugins/nessus/306091 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306091 with High Severity

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8161-1 advisory.

 It was discovered that the LSI53C895A SCSI Host Bus Adapter implementation of QEMU incorrectly handled memory. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2024-6519)

 It was discovered that QEMU could be made to read out of bounds when reading VMDK images. If a user or an automated system were tricked into opening a specially crafted VMDK image, an attacker could possibly use this issue to leak sensitive informaton or cause QEMU to crash, resulting in a denial of service.
 (CVE-2026-2243)

 It was discovered that the virtio-snd device implementation of QEMU could be made to write out of bounds.
 An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-3195)

 It was discovered that the virtio-snd device implementation of QEMU contained an arithmetic overflow. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.10.
 (CVE-2026-3196)

 It was discovered that the Hyper-V Synthetic Debugging device implementation of QEMU could me made to write out of bounds. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-3842)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306091

]]> <![CDATA[Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : OpenSSL vulnerabilities (USN-8155-1)]]> https://www.tenable.com/plugins/nessus/306090 https://www.tenable.com/plugins/nessus/306090 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306090 with High Severity

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8155-1 advisory.

 Viktor Dukhovni discovered that OpenSSL incorrectly negotiated the expected preferred key exchange group when used as a TLS 1.3 server. This could result in a less preferred key exchange being used, contrary to expectations. This issue only affected Ubuntu 25.10. (CVE-2026-2673)

 Igor Morgenstern discovered that OpenSSL incorrectly handled certain memory operations when used as a DANE client. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-28387)

 Igor Morgenstern discovered that OpenSSL incorrectly handled certain memory operations when processing a delta CRL. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2026-28388)

 Nathan Sportsman, Daniel Rhea, and Jaeho Nam discovered that OpenSSL incorrectly handled certain memory operations when processing a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service.
 (CVE-2026-28389)

 Muhammad Daffa, Joshua Rogers, and Chanho Kim discovered that OpenSSL incorrectly handled processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2026-28390)

 Quoc Tran discovered that OpenSSL incorrectly handled hexadecimal conversion on 32-bit platforms. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-31789)

 Simo Sorce discovered that OpenSSL incorrectly handled failures in RSA KEM RSASVE Encapsulation. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-31790)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306090

]]> <![CDATA[Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : Squid vulnerabilities (USN-8157-1)]]> https://www.tenable.com/plugins/nessus/306089 https://www.tenable.com/plugins/nessus/306089 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306089 with Critical Severity

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8157-1 advisory.

 It was discovered that Squid incorrectly handled certain ICP traffic. In environments where ICP support is enabled, a remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or obtain small amounts of sensitive information.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306089

]]> <![CDATA[Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : GDK-PixBuf vulnerability (USN-8156-1)]]> https://www.tenable.com/plugins/nessus/306088 https://www.tenable.com/plugins/nessus/306088 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306088 with High Severity

Synopsis

The remote Ubuntu host is missing a security update.

Description

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8156-1 advisory.

 It was discovered that GDK-PixBuf incorrectly handled certain JPEG files. An attacker could use this issue to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306088

]]> <![CDATA[Ubuntu Pro FIPS-updates 22.04 LTS : Linux kernel (Azure FIPS) vulnerabilities (USN-8163-1)]]> https://www.tenable.com/plugins/nessus/306087 https://www.tenable.com/plugins/nessus/306087 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306087 with High Severity

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu Pro FIPS-updates 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8163-1 advisory.

 Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module (LSM).
 An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information (kernel memory), local privilege escalation, or possibly escape a container. (LP: #2143853, CVE-2026-23268, CVE-2026-23269, CVE-2026-23403, CVE-2026-23404, CVE-2026-23405, CVE-2026-23406, CVE-2026-23407, CVE-2026-23408, CVE-2026-23409, CVE-2026-23410, CVE-2026-23411)

 Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems:

 - ARM64 architecture;

 - Nios II architecture;

 - PowerPC architecture;

 - Sun Sparc architecture;

 - User-Mode Linux (UML);

 - x86 architecture;

 - Block layer subsystem;

 - Cryptographic API;

 - ACPI drivers;

 - ATM drivers;

 - Drivers core;

 - Network block device driver;

 - Bluetooth drivers;

 - Bus devices;

 - Character device driver;

 - Hardware random number generator core;

 - TPM device driver;

 - Data acquisition framework and drivers;

 - Counter interface drivers;

 - CPU frequency scaling framework;

 - DMA engine subsystem;

 - Intel Stratix 10 firmware drivers;

 - GPU drivers;

 - HID subsystem;

 - Hardware monitoring drivers;

 - CoreSight HW tracing drivers;

 - IIO subsystem;

 - InfiniBand drivers;

 - Input Device core drivers;

 - Input Device (Miscellaneous) drivers;

 - Input Device (Tablet) drivers;

 - ISDN/mISDN subsystem;

 - Macintosh device drivers;

 - Multiple devices driver;

 - Media drivers;

 - MOST (Media Oriented Systems Transport) drivers;

 - MTD block device drivers;

 - Network drivers;

 - Mellanox network drivers;

 - Texas Instruments network drivers;

 - Ethernet team driver;

 - MediaTek network drivers;

 - NVME drivers;

 - PA-RISC drivers;

 - PCI subsystem;

 - Performance monitor drivers;

 - Pin controllers subsystem;

 - Chrome hardware platform drivers;

 - x86 platform drivers;

 - ARM PM domains;

 - PPS (Pulse Per Second) driver;

 - PWM drivers;

 - Voltage and Current Regulator drivers;

 - S/390 drivers;

 - SCSI subsystem;

 - Texas Instruments SoC drivers;

 - SPI subsystem;

 - Realtek RTL8723BS SDIO drivers;

 - TCM subsystem;

 - Userspace I/O drivers;

 - Cadence USB3 driver;

 - DesignWare USB3 driver;

 - USB Gadget drivers;

 - USB Host Controller drivers;

 - Renesas USBHS Controller drivers;

 - USB Mass Storage drivers;

 - USB Type-C Connector System Software Interface driver;

 - Backlight driver;

 - Framebuffer layer;

 - Watchdog drivers;

 - BFS file system;

 - BTRFS file system;

 - File systems infrastructure;

 - Ext4 file system;

 - F2FS file system;

 - FUSE (File system in Userspace);

 - HFS file system;

 - HFS+ file system;

 - HugeTLB file system;

 - Journaling layer for block devices (JBD2);

 - JFS file system;

 - Network file system (NFS) client;

 - Network file system (NFS) server daemon;

 - File system notification infrastructure;

 - NTFS3 file system;

 - OCFS2 file system;

 - OrangeFS file system;

 - Proc file system;

 - SMB network file system;

 - SquashFS file system;

 - UDF file system;

 - XFS file system;

 - BPF subsystem;

 - Ethernet bridge;

 - Memory management;

 - padata parallel execution mechanism;

 - IP tunnels definitions;

 - Network traffic control;

 - Network sockets;

 - XFRM subsystem;

 - io_uring subsystem;

 - Control group (cgroup);

 - Locking primitives;

 - Padata parallel execution mechanism;

 - PID allocator;

 - Scheduler infrastructure;

 - Shadow Call Stack mechanism;

 - Tracing infrastructure;

 - 9P file system network protocol;

 - Bluetooth subsystem;

 - CAIF protocol;

 - CAN network layer;

 - Ceph Core library;

 - Networking core;

 - Ethtool driver;

 - HSR network protocol;

 - IPv4 networking;

 - IPv6 networking;

 - MAC80211 subsystem;

 - Multipath TCP;

 - Netfilter;

 - NET/ROM layer;

 - NFC subsystem;

 - Open vSwitch;

 - RF switch subsystem;

 - Rose network layer;

 - SCTP protocol;

 - Sun RPC protocol;

 - TIPC protocol;

 - Unix domain sockets;

 - VMware vSockets driver;

 - Wireless networking;

 - Rust bindings mechanism;

 - Integrity Measurement Architecture(IMA) framework;

 - Key management;

 - Simplified Mandatory Access Control Kernel framework;

 - FireWire sound drivers;

 - Turtle Beach Wavefront ALSA driver;

 - Intel ASoC drivers;

 - STMicroelectronics SoC drivers;

 - USB sound devices; (CVE-2022-49465, CVE-2022-49635, CVE-2023-53041, CVE-2024-36903, CVE-2024-36927, CVE-2024-37354, CVE-2024-41014, CVE-2024-46830, CVE-2024-47666, CVE-2024-49968, CVE-2024-53114, CVE-2024-56538, CVE-2024-58011, CVE-2025-21780, CVE-2025-21861, CVE-2025-22022, CVE-2025-22058, CVE-2025-22111, CVE-2025-22121, CVE-2025-23143, CVE-2025-37849, CVE-2025-38022, CVE-2025-38129, CVE-2025-38236, CVE-2025-38248, CVE-2025-38556, CVE-2025-38584, CVE-2025-39869, CVE-2025-39873, CVE-2025-39876, CVE-2025-39880, CVE-2025-39883, CVE-2025-39885, CVE-2025-39907, CVE-2025-39911, CVE-2025-39913, CVE-2025-39923, CVE-2025-39934, CVE-2025-39937, CVE-2025-39943, CVE-2025-39945, CVE-2025-39949, CVE-2025-39951, CVE-2025-39953, CVE-2025-39955, CVE-2025-39967, CVE-2025-39968, CVE-2025-39969, CVE-2025-39970, CVE-2025-39971, CVE-2025-39972, CVE-2025-39973, CVE-2025-39980, CVE-2025-39985, CVE-2025-39986, CVE-2025-39987, CVE-2025-39988, CVE-2025-39994, CVE-2025-39995, CVE-2025-39996, CVE-2025-39998, CVE-2025-40001, CVE-2025-40006, CVE-2025-40011, CVE-2025-40020, CVE-2025-40021, CVE-2025-40026, CVE-2025-40027, CVE-2025-40029, CVE-2025-40030, CVE-2025-40035, CVE-2025-40040, CVE-2025-40042, CVE-2025-40043, CVE-2025-40044, CVE-2025-40048, CVE-2025-40049, CVE-2025-40053, CVE-2025-40055, CVE-2025-40060, CVE-2025-40068, CVE-2025-40070, CVE-2025-40078, CVE-2025-40081, CVE-2025-40083, CVE-2025-40085, CVE-2025-40087, CVE-2025-40088, CVE-2025-40092, CVE-2025-40094, CVE-2025-40105, CVE-2025-40106, CVE-2025-40109, CVE-2025-40110, CVE-2025-40111, CVE-2025-40112, CVE-2025-40115, CVE-2025-40116, CVE-2025-40118, CVE-2025-40120, CVE-2025-40121, CVE-2025-40124, CVE-2025-40125, CVE-2025-40126, CVE-2025-40127, CVE-2025-40134, CVE-2025-40140, CVE-2025-40153, CVE-2025-40154, CVE-2025-40167, CVE-2025-40171, CVE-2025-40173, CVE-2025-40178, CVE-2025-40179, CVE-2025-40183, CVE-2025-40187, CVE-2025-40188, CVE-2025-40194, CVE-2025-40200, CVE-2025-40204, CVE-2025-40205, CVE-2025-40211, CVE-2025-40215, CVE-2025-40219, CVE-2025-40220, CVE-2025-40223, CVE-2025-40231, CVE-2025-40233, CVE-2025-40240, CVE-2025-40243, CVE-2025-40244, CVE-2025-40245, CVE-2025-40248, CVE-2025-40252, CVE-2025-40253, CVE-2025-40254, CVE-2025-40257, CVE-2025-40258, CVE-2025-40259, CVE-2025-40261, CVE-2025-40262, CVE-2025-40263, CVE-2025-40264, CVE-2025-40269, CVE-2025-40271, CVE-2025-40272, CVE-2025-40273, CVE-2025-40275, CVE-2025-40277, CVE-2025-40278, CVE-2025-40279, CVE-2025-40280, CVE-2025-40281, CVE-2025-40282, CVE-2025-40283, CVE-2025-40304, CVE-2025-40306, CVE-2025-40308, CVE-2025-40309, CVE-2025-40312, CVE-2025-40313, CVE-2025-40314, CVE-2025-40315, CVE-2025-40317, CVE-2025-40319, CVE-2025-40321, CVE-2025-40322, CVE-2025-40324, CVE-2025-40331, CVE-2025-40342, CVE-2025-40343, CVE-2025-40345, CVE-2025-40346, CVE-2025-40349, CVE-2025-40351, CVE-2025-40360, CVE-2025-40363, CVE-2025-68168, CVE-2025-68176, CVE-2025-68177, CVE-2025-68185, CVE-2025-68191, CVE-2025-68192, CVE-2025-68194, CVE-2025-68200, CVE-2025-68204, CVE-2025-68217, CVE-2025-68220, CVE-2025-68227, CVE-2025-68229, CVE-2025-68238, CVE-2025-68241, CVE-2025-68244, CVE-2025-68245, CVE-2025-68249, CVE-2025-68254, CVE-2025-68255, CVE-2025-68257, CVE-2025-68258, CVE-2025-68261, CVE-2025-68264, CVE-2025-68266, CVE-2025-68282, CVE-2025-68284, CVE-2025-68285, CVE-2025-68286, CVE-2025-68287, CVE-2025-68288, CVE-2025-68289, CVE-2025-68290, CVE-2025-68295, CVE-2025-68301, CVE-2025-68302, CVE-2025-68303, CVE-2025-68308, CVE-2025-68312, CVE-2025-68321, CVE-2025-68325, CVE-2025-68327, CVE-2025-68328, CVE-2025-68330, CVE-2025-68331, CVE-2025-68332, CVE-2025-68335, CVE-2025-68336, CVE-2025-68337, CVE-2025-68339, CVE-2025-68344, CVE-2025-68346, CVE-2025-68349, CVE-2025-68354, CVE-2025-68362, CVE-2025-68364, CVE-2025-68366, CVE-2025-68367, CVE-2025-68372, CVE-2025-68724, CVE-2025-68727, CVE-2025-68728, CVE-2025-68732, CVE-2025-68733, CVE-2025-68734, CVE-2025-68740, CVE-2025-68746, CVE-2025-68757, CVE-2025-68758, CVE-2025-68759, CVE-2025-68764, CVE-2025-68765, CVE-2025-68767, CVE-2025-68769, CVE-2025-68771, CVE-2025-68774, CVE-2025-68776, CVE-2025-68777, CVE-2025-68780, CVE-2025-68782, CVE-2025-68783, CVE-2025-68785, CVE-2025-68787, CVE-2025-68788, CVE-2025-68795, CVE-2025-68796, CVE-2025-68797, CVE-2025-68799, CVE-2025-68800, CVE-2025-68801, CVE-2025-68803, CVE-2025-68804, CVE-2025-68808, CVE-2025-68813, CVE-2025-68814, CVE-2025-68815, CVE-2025-68816, CVE-2025-68818, CVE-2025-68819, CVE-2025-68820, CVE-2025-71064, CVE-2025-71066, CVE-2025-71068, CVE-2025-71069, CVE-2025-71075, CVE-2025-71077, CVE-2025-71078, CVE-2025-71079, CVE-2025-71081, CVE-2025-71082, CVE-2025-71083, CVE-2025-71084, CVE-2025-71085, CVE-2025-71086, CVE-2025-71087, CVE-2025-71091, CVE-2025-71093, CVE-2025-71094, CVE-2025-71096, CVE-2025-71097, CVE-2025-71098, CVE-2025-71102, CVE-2025-71104, CVE-2025-71105, CVE-2025-71108, CVE-2025-71111, CVE-2025-71112, CVE-2025-71113, CVE-2025-71114, CVE-2025-71116, CVE-2025-71118, CVE-2025-71120, CVE-2025-71121, CVE-2025-71125, CVE-2025-71127, CVE-2025-71131, CVE-2025-71132, CVE-2025-71133, CVE-2025-71136, CVE-2025-71137, CVE-2025-71147, CVE-2025-71154, CVE-2025-71180, CVE-2025-71182, CVE-2026-22976, CVE-2026-22977, CVE-2026-22978, CVE-2026-22980, CVE-2026-22982, CVE-2026-22984, CVE-2026-22990, CVE-2026-22991, CVE-2026-22992, CVE-2026-23019, CVE-2026-23020, CVE-2026-23021, CVE-2026-23047, CVE-2026-23060, CVE-2026-23074, CVE-2026-23111, CVE-2026-23202, CVE-2026-23207)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel package.

Read more at https://www.tenable.com/plugins/nessus/306087

]]> <![CDATA[Ubuntu 18.04 LTS / 20.04 LTS : Dogtag PKI vulnerability (USN-8158-1)]]> https://www.tenable.com/plugins/nessus/306086 https://www.tenable.com/plugins/nessus/306086 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306086 with High Severity

Synopsis

The remote Ubuntu host is missing a security update.

Description

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8158-1 advisory.

 Fraser Tweedale and Geetika Kapoor discovered that Dogtag PKI could renew a certificate without proper authentication. An attacker could possibly use this to repeatedly renew a compromised certificate and maintain unauthorized access to a system or resource.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306086

]]> <![CDATA[RHEL 9 : firefox (RHSA-2026:7845)]]> https://www.tenable.com/plugins/nessus/306085 https://www.tenable.com/plugins/nessus/306085 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306085 with Critical Severity

Synopsis

The remote Red Hat host is missing one or more security updates for firefox.

Description

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7845 advisory.

 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

 Security Fix(es):

 * firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-4701)

 * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4721)

 * firefox: thunderbird: Privilege escalation in the Netmonitor component (CVE-2026-4717)

 * firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-4688)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4706)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4695)

 * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4689)

 * firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-4698)

 * firefox: thunderbird: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component (CVE-2026-4716)

 * firefox: thunderbird: Race condition, use-after-free in the Graphics: WebRender component (CVE-2026-4684)

 * firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4705)

 * firefox: thunderbird: Uninitialized memory in the Graphics: Canvas2D component (CVE-2026-4715)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4685)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4714)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-4709)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4710)

 * firefox: thunderbird: Information disclosure in the Widget: Cocoa component (CVE-2026-4712)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4697)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4713)

 * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4690)

 * firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-4711)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4686)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4708)

 * firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component (CVE-2026-4691)

 * firefox: thunderbird: Incorrect boundary conditions in the Layout: Text and Fonts component (CVE-2026-4699)

 * firefox: thunderbird: Use-after-free in the Layout: Text and Fonts component (CVE-2026-4696)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Playback component (CVE-2026-4693)

 * firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4718)

 * firefox: thunderbird: JIT miscompilation in the JavaScript Engine component (CVE-2026-4702)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Text component (CVE-2026-4719)

 * firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics component (CVE-2026-4694)

 * firefox: thunderbird: Sandbox escape in the Responsive Design Mode component (CVE-2026-4692)

 * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4720)

 * firefox: thunderbird: Mitigation bypass in the Networking: HTTP component (CVE-2026-4700)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4707)

 * firefox: thunderbird: Denial-of-service in the WebRTC: Signaling component (CVE-2026-4704)

 * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component (CVE-2026-4687)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL firefox package based on the guidance in RHSA-2026:7845.

Read more at https://www.tenable.com/plugins/nessus/306085

]]> <![CDATA[RHEL 9 : golang (RHSA-2026:7834)]]> https://www.tenable.com/plugins/nessus/306084 https://www.tenable.com/plugins/nessus/306084 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306084 with High Severity

Synopsis

The remote Red Hat host is missing one or more security updates for golang.

Description

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7834 advisory.

 The golang packages provide the Go programming language compiler.

 Security Fix(es):

 * cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)

 * net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL golang package based on the guidance in RHSA-2026:7834.

Read more at https://www.tenable.com/plugins/nessus/306084

]]> <![CDATA[RHEL 8 : firefox (RHSA-2026:7842)]]> https://www.tenable.com/plugins/nessus/306083 https://www.tenable.com/plugins/nessus/306083 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306083 with Critical Severity

Synopsis

The remote Red Hat host is missing one or more security updates for firefox.

Description

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:7842 advisory.

 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

 Security Fix(es):

 * firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-4701)

 * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4721)

 * firefox: thunderbird: Privilege escalation in the Netmonitor component (CVE-2026-4717)

 * firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-4688)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4706)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4695)

 * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4689)

 * firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-4698)

 * firefox: thunderbird: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component (CVE-2026-4716)

 * firefox: thunderbird: Race condition, use-after-free in the Graphics: WebRender component (CVE-2026-4684)

 * firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4705)

 * firefox: thunderbird: Uninitialized memory in the Graphics: Canvas2D component (CVE-2026-4715)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4685)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4714)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-4709)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4710)

 * firefox: thunderbird: Information disclosure in the Widget: Cocoa component (CVE-2026-4712)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4697)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4713)

 * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4690)

 * firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-4711)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4686)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4708)

 * firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component (CVE-2026-4691)

 * firefox: thunderbird: Incorrect boundary conditions in the Layout: Text and Fonts component (CVE-2026-4699)

 * firefox: thunderbird: Use-after-free in the Layout: Text and Fonts component (CVE-2026-4696)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Playback component (CVE-2026-4693)

 * firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4718)

 * firefox: thunderbird: JIT miscompilation in the JavaScript Engine component (CVE-2026-4702)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Text component (CVE-2026-4719)

 * firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics component (CVE-2026-4694)

 * firefox: thunderbird: Sandbox escape in the Responsive Design Mode component (CVE-2026-4692)

 * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4720)

 * firefox: thunderbird: Mitigation bypass in the Networking: HTTP component (CVE-2026-4700)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4707)

 * firefox: thunderbird: Denial-of-service in the WebRTC: Signaling component (CVE-2026-4704)

 * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component (CVE-2026-4687)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL firefox package based on the guidance in RHSA-2026:7842.

Read more at https://www.tenable.com/plugins/nessus/306083

]]> <![CDATA[RHEL 7 : gstreamer-plugins-base and gstreamer-plugins-good (RHSA-2026:7850)]]> https://www.tenable.com/plugins/nessus/306082 https://www.tenable.com/plugins/nessus/306082 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306082 with High Severity

Synopsis

The remote Red Hat host is missing one or more security updates for gstreamer-plugins-base / gstreamer-plugins-good.

Description

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7850 advisory.

 GStreamer is a streaming media framework, based on graphs of filters which operate on media data.
 Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types or processing capabilities can be added simply by installing new plug-ins. GStreamer Good Plug-ins is a collection of well-supported plug-ins of good quality and under the LGPL license.

 Security Fix(es):

 * GStreamer: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay (CVE-2026-3085)

 * GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling (CVE-2026-2921)

 * GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay (CVE-2026-3083)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL gstreamer-plugins-base / gstreamer-plugins-good packages based on the guidance in RHSA-2026:7850.

Read more at https://www.tenable.com/plugins/nessus/306082

]]> <![CDATA[RHEL 9 : perl-XML-Parser (RHSA-2026:7679)]]> https://www.tenable.com/plugins/nessus/306081 https://www.tenable.com/plugins/nessus/306081 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306081 with Critical Severity

Synopsis

The remote Red Hat host is missing one or more security updates for perl-XML-Parser.

Description

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:7679 advisory.

 This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark's expat library. Each call to one of the parsing methods creates a new instance of XML::Parser::Expat which is then used to parse the document. Expat options may be provided when the XML::Parser object is created. These options are then passed on to the Expat object on each parse call. They can also be given as extra arguments to the parse methods, in which case they override options given at XML::Parser creation time.

 Security Fix(es):

 * perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files (CVE-2006-10003)

 * perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input (CVE-2006-10002)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL perl-XML-Parser package based on the guidance in RHSA-2026:7679.

Read more at https://www.tenable.com/plugins/nessus/306081

]]> <![CDATA[RHEL 9 : firefox (RHSA-2026:7837)]]> https://www.tenable.com/plugins/nessus/306080 https://www.tenable.com/plugins/nessus/306080 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306080 with Critical Severity

Synopsis

The remote Red Hat host is missing one or more security updates for firefox.

Description

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7837 advisory.

 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

 Security Fix(es):

 * firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-4701)

 * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4721)

 * firefox: thunderbird: Privilege escalation in the Netmonitor component (CVE-2026-4717)

 * firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-4688)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4706)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4695)

 * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4689)

 * firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-4698)

 * firefox: thunderbird: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component (CVE-2026-4716)

 * firefox: thunderbird: Race condition, use-after-free in the Graphics: WebRender component (CVE-2026-4684)

 * firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4705)

 * firefox: thunderbird: Uninitialized memory in the Graphics: Canvas2D component (CVE-2026-4715)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4685)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4714)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-4709)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4710)

 * firefox: thunderbird: Information disclosure in the Widget: Cocoa component (CVE-2026-4712)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4697)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4713)

 * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4690)

 * firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-4711)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4686)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4708)

 * firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component (CVE-2026-4691)

 * firefox: thunderbird: Incorrect boundary conditions in the Layout: Text and Fonts component (CVE-2026-4699)

 * firefox: thunderbird: Use-after-free in the Layout: Text and Fonts component (CVE-2026-4696)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Playback component (CVE-2026-4693)

 * firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4718)

 * firefox: thunderbird: JIT miscompilation in the JavaScript Engine component (CVE-2026-4702)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Text component (CVE-2026-4719)

 * firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics component (CVE-2026-4694)

 * firefox: thunderbird: Sandbox escape in the Responsive Design Mode component (CVE-2026-4692)

 * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4720)

 * firefox: thunderbird: Mitigation bypass in the Networking: HTTP component (CVE-2026-4700)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4707)

 * firefox: thunderbird: Denial-of-service in the WebRTC: Signaling component (CVE-2026-4704)

 * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component (CVE-2026-4687)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL firefox package based on the guidance in RHSA-2026:7837.

Read more at https://www.tenable.com/plugins/nessus/306080

]]> <![CDATA[FreeBSD : Python -- HTTP proxy CONNECT tunnel does not sanitize CR/LF (30bda1c3-369b-11f1-b51c-6dd25bec137b)]]> https://www.tenable.com/plugins/nessus/306079 https://www.tenable.com/plugins/nessus/306079 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306079 with Medium Severity

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 30bda1c3-369b-11f1-b51c-6dd25bec137b advisory.

 Seth Larson reports:
 HTTP proxy via CONNECT tunneling doesn't sanitize CR/LF (CVE-2026-1502).

Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306079

]]> <![CDATA[FreeBSD : Python -- configparser vulnerable to excessive CPU use (5ec4dcf6-3588-11f1-b51c-6dd25bec137b)]]> https://www.tenable.com/plugins/nessus/306078 https://www.tenable.com/plugins/nessus/306078 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306078 with High Severity

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 5ec4dcf6-3588-11f1-b51c-6dd25bec137b advisory.

 Stan Ulbrych reports:
 configparser.RawConfigParser.{OPTCRE,OPTCRE_NV} regexes [are] vulnerable to quadratic backtracking.

Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306078

]]> <![CDATA[FreeBSD : Vaultwarden -- Multiple vulnerabilities (57f31f61-36a1-11f1-9839-8447094a420f)]]> https://www.tenable.com/plugins/nessus/306077 https://www.tenable.com/plugins/nessus/306077 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306077 with High Severity

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 57f31f61-36a1-11f1-9839-8447094a420f advisory.

 The Vaultwarden project reports:
 GHSA-937x-3j8m-7w7p Unconfirmed Owner Can Purge Entire Organization Vault.
 GHSA-569v-845w-g82p Cross-Org Group Binding Enables Unauthorized Read And Write Access Into Another Organization GHSA-6j4w-g4jh-xjfx Refresh tokens not invalidated on security stamp rotation

Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306077

]]> <![CDATA[Fedora 42 : vim (2026-c718defeb6)]]> https://www.tenable.com/plugins/nessus/306076 https://www.tenable.com/plugins/nessus/306076 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306076 with High Severity

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-c718defeb6 advisory.

 Security fix for CVE-2026-34714, CVE-2026-35177, CVE-2026-34982



Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected 2:vim package.

Read more at https://www.tenable.com/plugins/nessus/306076

]]> <![CDATA[Fedora 42 : polkit (2026-1774635f74)]]> https://www.tenable.com/plugins/nessus/306075 https://www.tenable.com/plugins/nessus/306075 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306075 with Medium Severity

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-1774635f74 advisory.

 CVE-2026-4897 aisle.com fix of unsanitized getline

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected polkit package.

Read more at https://www.tenable.com/plugins/nessus/306075

]]> <![CDATA[Fedora 43 : trivy (2026-868e266938)]]> https://www.tenable.com/plugins/nessus/306074 https://www.tenable.com/plugins/nessus/306074 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306074 with High Severity

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-868e266938 advisory.

 Update to 0.69.3

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected trivy package.

Read more at https://www.tenable.com/plugins/nessus/306074

]]> <![CDATA[Fedora 43 : libcap (2026-ccc66d5ab4)]]> https://www.tenable.com/plugins/nessus/306073 https://www.tenable.com/plugins/nessus/306073 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306073 with High Severity

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-ccc66d5ab4 advisory.

 An update to patch a security vulnerability.
 Advisory: https://github.com/AndrewGMorgan/libcap_mirror/security/advisories/GHSA-f78v-p5hx-m7hh

 # Changelog

 ```
 * Mon Apr 06 2026 Carlos Rodriguez-Fernandez - 2.76-4
 - Patch for security vulnerability ```




Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected libcap package.

Read more at https://www.tenable.com/plugins/nessus/306073

]]> <![CDATA[Fedora 43 : pdns-recursor (2026-9c582575e5)]]> https://www.tenable.com/plugins/nessus/306072 https://www.tenable.com/plugins/nessus/306072 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306072 with High Severity

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-9c582575e5 advisory.

 Update to latest 5.2 release, fixing multiple security issues

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected pdns-recursor package.

Read more at https://www.tenable.com/plugins/nessus/306072

]]> <![CDATA[Fedora 43 : libpng (2026-67c20bfb74)]]> https://www.tenable.com/plugins/nessus/306071 https://www.tenable.com/plugins/nessus/306071 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306071 with High Severity

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-67c20bfb74 advisory.

 1.6.56 is release fixes for the following two security vulnerabilities:

 - CVE-2026-33416 (high severity): Use-after-free memory bug in the transparency and palette-handling code.
 Similar to its predecessor CVE-2026-25646, this latent bug has existed for 25 years. Both Halil Oktay and Ryo Shimada discovered it within days of one another.

 - CVE-2026-33636 (high severity): Out-of-bounds read and write vulnerability in the ARM Neon palette- expansion code. This one was found and fixed by Taegu Ha and has existed since 1.6.36.

 The images that trigger these bugs are valid. Users are encouraged to update immediately.


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected 2:libpng package.

Read more at https://www.tenable.com/plugins/nessus/306071

]]> <![CDATA[RHEL 10 : openexr (RHSA-2026:7678)]]> https://www.tenable.com/plugins/nessus/306070 https://www.tenable.com/plugins/nessus/306070 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306070 with High Severity

Synopsis

The remote Red Hat host is missing a security update for openexr.

Description

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:7678 advisory.

 OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are specific to this format. This package containes the binaries for OpenEXR.

 Security Fix(es):

 * openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing (CVE-2026-27622)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL openexr package based on the guidance in RHSA-2026:7678.

Read more at https://www.tenable.com/plugins/nessus/306070

]]> <![CDATA[RHEL 8 : nghttp2 (RHSA-2026:7667)]]> https://www.tenable.com/plugins/nessus/306069 https://www.tenable.com/plugins/nessus/306069 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306069 with High Severity

Synopsis

The remote Red Hat host is missing a security update for nghttp2.

Description

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:7667 advisory.

 libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C.

 Security Fix(es):

 * nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL nghttp2 package based on the guidance in RHSA-2026:7667.

Read more at https://www.tenable.com/plugins/nessus/306069

]]> <![CDATA[RHEL 7 : gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good (RHSA-2026:7673)]]> https://www.tenable.com/plugins/nessus/306068 https://www.tenable.com/plugins/nessus/306068 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306068 with High Severity

Synopsis

The remote Red Hat host is missing one or more security updates for gstreamer1-plugins-bad-free / gstreamer1-plugins- base / gstreamer1-plugins-good.

Description

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7673 advisory.

 GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer.

 Security Fix(es):

 * GStreamer: GStreamer: Remote Code Execution via heap-based buffer overflow in JPEG parser (CVE-2026-3082)

 * GStreamer: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay (CVE-2026-3085)

 * GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling (CVE-2026-2921)

 * GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay (CVE-2026-3083)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL gstreamer1-plugins-bad-free / gstreamer1-plugins-base / gstreamer1-plugins-good packages based on the guidance in RHSA-2026:7673.

Read more at https://www.tenable.com/plugins/nessus/306068

]]> <![CDATA[RHEL 10 : nodejs24 (RHSA-2026:7675)]]> https://www.tenable.com/plugins/nessus/306067 https://www.tenable.com/plugins/nessus/306067 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306067 with Critical Severity

Synopsis

The remote Red Hat host is missing one or more security updates for nodejs24.

Description

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7675 advisory.

 Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices.

 Security Fix(es):

 * nodejs: Nodejs denial of service (CVE-2026-21637)

 * brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion (CVE-2026-25547)

 * minimatch: minimatch: Denial of Service via specially crafted glob patterns (CVE-2026-26996)

 * undici: Undici: Denial of Service due to uncontrolled resource consumption (CVE-2026-2581)

 * undici: Undici: HTTP header injection and request smuggling vulnerability (CVE-2026-1527)

 * undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression (CVE-2026-1526)

 * undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter (CVE-2026-2229)

 * undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers (CVE-2026-1525)

 * undici: undici: Denial of Service via crafted WebSocket frame with large length (CVE-2026-1528)

 * nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135)

 * Node.js: Node.js: Denial of Service via malformed Internationalized Domain Name processing (CVE-2026-21712)

 * Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header (CVE-2026-21710)

 * Node.js: Node.js: Information disclosure due to `fs.realpathSync.native()` bypassing filesystem read restrictions (CVE-2026-21715)

 * nodejs: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix. (CVE-2026-21716)

 * Node.js: Node.js: Unauthorized inter-process communication due to missing Unix Domain Socket permission checks (CVE-2026-21711)

 * Node.js: Node.js: Information disclosure via timing oracle in HMAC verification (CVE-2026-21713)

 * Node.js: Node.js: Memory leak and Denial of Service via crafted HTTP/2 WINDOW_UPDATE frames (CVE-2026-21714)

 * nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions (CVE-2026-21717)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL nodejs24 package based on the guidance in RHSA-2026:7675.

Read more at https://www.tenable.com/plugins/nessus/306067

]]> <![CDATA[RHEL 8 : nodejs:24 (RHSA-2026:7670)]]> https://www.tenable.com/plugins/nessus/306066 https://www.tenable.com/plugins/nessus/306066 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306066 with High Severity

Synopsis

The remote Red Hat host is missing one or more security updates for nodejs:24.

Description

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7670 advisory.

 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

 Security Fix(es):

 * nodejs: Nodejs denial of service (CVE-2026-21637)

 * minimatch: minimatch: Denial of Service via specially crafted glob patterns (CVE-2026-26996)

 * undici: Undici: Denial of Service due to uncontrolled resource consumption (CVE-2026-2581)

 * undici: Undici: HTTP header injection and request smuggling vulnerability (CVE-2026-1527)

 * undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression (CVE-2026-1526)

 * undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter (CVE-2026-2229)

 * undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers (CVE-2026-1525)

 * undici: undici: Denial of Service via crafted WebSocket frame with large length (CVE-2026-1528)

 * nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135)

 * Node.js: Node.js: Denial of Service via malformed Internationalized Domain Name processing (CVE-2026-21712)

 * Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header (CVE-2026-21710)

 * Node.js: Node.js: Information disclosure due to `fs.realpathSync.native()` bypassing filesystem read restrictions (CVE-2026-21715)

 * nodejs: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix. (CVE-2026-21716)

 * Node.js: Node.js: Unauthorized inter-process communication due to missing Unix Domain Socket permission checks (CVE-2026-21711)

 * Node.js: Node.js: Information disclosure via timing oracle in HMAC verification (CVE-2026-21713)

 * Node.js: Node.js: Memory leak and Denial of Service via crafted HTTP/2 WINDOW_UPDATE frames (CVE-2026-21714)

 * nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions (CVE-2026-21717)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL nodejs:24 package based on the guidance in RHSA-2026:7670.

Read more at https://www.tenable.com/plugins/nessus/306066

]]> <![CDATA[RHEL 8 : rhc (RHSA-2026:7674)]]> https://www.tenable.com/plugins/nessus/306065 https://www.tenable.com/plugins/nessus/306065 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306065 with High Severity

Synopsis

The remote Red Hat host is missing a security update for rhc.

Description

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:7674 advisory.

 rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management.

 Security Fix(es):

 * net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL rhc package based on the guidance in RHSA-2026:7674.

Read more at https://www.tenable.com/plugins/nessus/306065

]]> <![CDATA[RHEL 9 : firefox (RHSA-2026:7671)]]> https://www.tenable.com/plugins/nessus/306064 https://www.tenable.com/plugins/nessus/306064 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306064 with Critical Severity

Synopsis

The remote Red Hat host is missing one or more security updates for firefox.

Description

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7671 advisory.

 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

 Security Fix(es):

 * libpng: libpng: Arbitrary code execution due to use-after-free vulnerability (CVE-2026-33416)

 * libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion (CVE-2026-33636)

 * thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 (CVE-2026-5734)

 * thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2 (CVE-2026-5731)

 * firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component (CVE-2026-5732)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL firefox package based on the guidance in RHSA-2026:7671.

Read more at https://www.tenable.com/plugins/nessus/306064

]]> <![CDATA[RHEL 9 : nghttp2 (RHSA-2026:7668)]]> https://www.tenable.com/plugins/nessus/306063 https://www.tenable.com/plugins/nessus/306063 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306063 with High Severity

Synopsis

The remote Red Hat host is missing a security update for nghttp2.

Description

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:7668 advisory.

 libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C.

 Security Fix(es):

 * nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL nghttp2 package based on the guidance in RHSA-2026:7668.

Read more at https://www.tenable.com/plugins/nessus/306063

]]> <![CDATA[RHEL 7 : rhc (RHSA-2026:7676)]]> https://www.tenable.com/plugins/nessus/306062 https://www.tenable.com/plugins/nessus/306062 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306062 with High Severity

Synopsis

The remote Red Hat host is missing one or more security updates for rhc.

Description

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:7676 advisory.

 rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management.

 Security Fix(es):

 * crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)

 * golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL rhc package based on the guidance in RHSA-2026:7676.

Read more at https://www.tenable.com/plugins/nessus/306062

]]> <![CDATA[RockyLinux 8 : nodejs:24 (RLSA-2026:7670)]]> https://www.tenable.com/plugins/nessus/306061 https://www.tenable.com/plugins/nessus/306061 Mon, 13 Apr 2026 00:00:00 GMT Nessus Plugin ID 306061 with High Severity

Synopsis

The remote RockyLinux host is missing one or more security updates.

Description

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:7670 advisory.

 * nodejs: Nodejs denial of service (CVE-2026-21637)

 * minimatch: minimatch: Denial of Service via specially crafted glob patterns (CVE-2026-26996)

 * undici: Undici: Denial of Service due to uncontrolled resource consumption (CVE-2026-2581)

 * undici: Undici: HTTP header injection and request smuggling vulnerability (CVE-2026-1527)

 * undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression (CVE-2026-1526)

 * undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter (CVE-2026-2229)

 * undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers (CVE-2026-1525)

 * undici: undici: Denial of Service via crafted WebSocket frame with large length (CVE-2026-1528)

 * nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135)

 * Node.js: Node.js: Denial of Service via malformed Internationalized Domain Name processing (CVE-2026-21712)

 * Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header (CVE-2026-21710)

 * Node.js: Node.js: Information disclosure due to `fs.realpathSync.native()` bypassing filesystem read restrictions (CVE-2026-21715)

 * nodejs: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix. (CVE-2026-21716)

 * Node.js: Node.js: Unauthorized inter-process communication due to missing Unix Domain Socket permission checks (CVE-2026-21711)

 * Node.js: Node.js: Information disclosure via timing oracle in HMAC verification (CVE-2026-21713)

 * Node.js: Node.js: Memory leak and Denial of Service via crafted HTTP/2 WINDOW_UPDATE frames (CVE-2026-21714)

 * nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions (CVE-2026-21717)

Tenable has extracted the preceding description block directly from the RockyLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected nodejs-nodemon, nodejs-packaging and / or nodejs-packaging-bundler packages.

Read more at https://www.tenable.com/plugins/nessus/306061

]]> <![CDATA[Fedora 42 : pdns-recursor (2026-2490896a5d)]]> https://www.tenable.com/plugins/nessus/306060 https://www.tenable.com/plugins/nessus/306060 Sun, 12 Apr 2026 00:00:00 GMT Nessus Plugin ID 306060 with High Severity

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-2490896a5d advisory.

 Update to latest 5.2 release, fixing multiple security issues

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected pdns-recursor package.

Read more at https://www.tenable.com/plugins/nessus/306060

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-40386]]> https://www.tenable.com/plugins/nessus/306059 https://www.tenable.com/plugins/nessus/306059 Sun, 12 Apr 2026 00:00:00 GMT Nessus Plugin ID 306059 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs. (CVE-2026-40386)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306059

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-1502]]> https://www.tenable.com/plugins/nessus/306058 https://www.tenable.com/plugins/nessus/306058 Sun, 12 Apr 2026 00:00:00 GMT Nessus Plugin ID 306058 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host. (CVE-2026-1502)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306058

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-40393]]> https://www.tenable.com/plugins/nessus/306057 https://www.tenable.com/plugins/nessus/306057 Sun, 12 Apr 2026 00:00:00 GMT Nessus Plugin ID 306057 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca.
 (CVE-2026-40393)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306057

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-40385]]> https://www.tenable.com/plugins/nessus/306056 https://www.tenable.com/plugins/nessus/306056 Sun, 12 Apr 2026 00:00:00 GMT Nessus Plugin ID 306056 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems. (CVE-2026-40385)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306056

]]> <![CDATA[Fedora 42 : libmicrohttpd (2026-7a0641ca41)]]> https://www.tenable.com/plugins/nessus/306055 https://www.tenable.com/plugins/nessus/306055 Sun, 12 Apr 2026 00:00:00 GMT Nessus Plugin ID 306055 with High Severity

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-7a0641ca41 advisory.

 Update to 1.0.3-1

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected 1:libmicrohttpd package.

Read more at https://www.tenable.com/plugins/nessus/306055

]]> <![CDATA[Fedora 43 : yarnpkg (2026-085abeea02)]]> https://www.tenable.com/plugins/nessus/306054 https://www.tenable.com/plugins/nessus/306054 Sun, 12 Apr 2026 00:00:00 GMT Nessus Plugin ID 306054 with Critical Severity

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-085abeea02 advisory.

 Refresh vendor bundle, fixes CVE-2026-4800.

 ----

 Update vendor bundle.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected yarnpkg package.

Read more at https://www.tenable.com/plugins/nessus/306054

]]> <![CDATA[Fedora 42 : trafficserver (2026-a157bd84c4)]]> https://www.tenable.com/plugins/nessus/306053 https://www.tenable.com/plugins/nessus/306053 Sun, 12 Apr 2026 00:00:00 GMT Nessus Plugin ID 306053 with High Severity

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-a157bd84c4 advisory.

 Resolves:
 CVE-2025-58136 - A simple legitimate POST request causes a crash CVE-2025-65114 - Malformed chunked message body allows request smuggling

 Changes with Apache Traffic Server 10.1.2 #12864 - Fix ppa log field #13037 - Fix prev_is_cr flag handling in chunked encoding parser #13040 - HttpSM - make sure we have a valid buffer to write on.


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected trafficserver package.

Read more at https://www.tenable.com/plugins/nessus/306053

]]> <![CDATA[Fedora 42 : mupdf (2026-b56fe1f040)]]> https://www.tenable.com/plugins/nessus/306052 https://www.tenable.com/plugins/nessus/306052 Sun, 12 Apr 2026 00:00:00 GMT Nessus Plugin ID 306052 with High Severity

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-b56fe1f040 advisory.

 fix CVE-2026-3308 (rhbz#2454360)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected mupdf package.

Read more at https://www.tenable.com/plugins/nessus/306052

]]> <![CDATA[Fedora 43 : trafficserver (2026-7b719a7a58)]]> https://www.tenable.com/plugins/nessus/306051 https://www.tenable.com/plugins/nessus/306051 Sun, 12 Apr 2026 00:00:00 GMT Nessus Plugin ID 306051 with High Severity

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-7b719a7a58 advisory.

 Resolves:
 CVE-2025-58136 - A simple legitimate POST request causes a crash CVE-2025-65114 - Malformed chunked message body allows request smuggling

 Changes with Apache Traffic Server 10.1.2 #12864 - Fix ppa log field #13037 - Fix prev_is_cr flag handling in chunked encoding parser #13040 - HttpSM - make sure we have a valid buffer to write on.


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected trafficserver package.

Read more at https://www.tenable.com/plugins/nessus/306051

]]> <![CDATA[Fedora 42 : mingw-exiv2 (2026-592e4238fa)]]> https://www.tenable.com/plugins/nessus/306050 https://www.tenable.com/plugins/nessus/306050 Sun, 12 Apr 2026 00:00:00 GMT Nessus Plugin ID 306050 with Medium Severity

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-592e4238fa advisory.

 Update to exiv2-0.28.8.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected mingw-exiv2 package.

Read more at https://www.tenable.com/plugins/nessus/306050

]]> <![CDATA[Fedora 43 : mupdf (2026-7a9c0c8c04)]]> https://www.tenable.com/plugins/nessus/306049 https://www.tenable.com/plugins/nessus/306049 Sun, 12 Apr 2026 00:00:00 GMT Nessus Plugin ID 306049 with High Severity

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-7a9c0c8c04 advisory.

 fix CVE-2026-3308 (rhbz#2454361)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected mupdf package.

Read more at https://www.tenable.com/plugins/nessus/306049

]]> <![CDATA[Fedora 43 : mingw-exiv2 (2026-5eb6f779c0)]]> https://www.tenable.com/plugins/nessus/306048 https://www.tenable.com/plugins/nessus/306048 Sun, 12 Apr 2026 00:00:00 GMT Nessus Plugin ID 306048 with Medium Severity

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-5eb6f779c0 advisory.

 Update to exiv2-0.28.8.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected mingw-exiv2 package.

Read more at https://www.tenable.com/plugins/nessus/306048

]]> <![CDATA[Fedora 42 : corosync (2026-95ee0edcd5)]]> https://www.tenable.com/plugins/nessus/306047 https://www.tenable.com/plugins/nessus/306047 Sun, 12 Apr 2026 00:00:00 GMT Nessus Plugin ID 306047 with High Severity

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-95ee0edcd5 advisory.

 Security fix for CVE-2026-35091 and CVE-2026-35092

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected corosync package.

Read more at https://www.tenable.com/plugins/nessus/306047

]]> <![CDATA[Fedora 42 : yarnpkg (2026-7a6943e57d)]]> https://www.tenable.com/plugins/nessus/306046 https://www.tenable.com/plugins/nessus/306046 Sun, 12 Apr 2026 00:00:00 GMT Nessus Plugin ID 306046 with Critical Severity

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-7a6943e57d advisory.

 Refresh vendor bundle, fixes CVE-2026-4800.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected yarnpkg package.

Read more at https://www.tenable.com/plugins/nessus/306046

]]> <![CDATA[Fedora 43 : libmicrohttpd (2026-65a08d1312)]]> https://www.tenable.com/plugins/nessus/306045 https://www.tenable.com/plugins/nessus/306045 Sun, 12 Apr 2026 00:00:00 GMT Nessus Plugin ID 306045 with High Severity

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-65a08d1312 advisory.

 Update to 1.0.3-1

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected 1:libmicrohttpd package.

Read more at https://www.tenable.com/plugins/nessus/306045

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-34479]]> https://www.tenable.com/plugins/nessus/306044 https://www.tenable.com/plugins/nessus/306044 Sun, 12 Apr 2026 00:00:00 GMT Nessus Plugin ID 306044 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to reject documents containing such characters with a fatal error, which may cause downstream log processing systems to drop or fail to index affected records. Two groups of users are affected: * Those using Log4j1XmlLayout directly in a Log4j Core 2 configuration file. * Those using the Log4j 1 configuration compatibility layer with org.apache.log4j.xml.XMLLayout specified as the layout class. Users are advised to upgrade to Apache Log4j 1-to-Log4j 2 bridge version 2.25.4, which corrects this issue. Note: The Apache Log4j 1-to-Log4j 2 bridge is deprecated and will not be present in Log4j 3. Users are encouraged to consult the Log4j 1 to Log4j 2 migration guide https://logging.apache.org/log4j/2.x/migrate-from-log4j1.html , and specifically the section on eliminating reliance on the bridge. (CVE-2026-34479)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306044

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-34480]]> https://www.tenable.com/plugins/nessus/306043 https://www.tenable.com/plugins/nessus/306043 Sun, 12 Apr 2026 00:00:00 GMT Nessus Plugin ID 306043 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/#charsets producing invalid XML output whenever a log message or MDC value contains such characters. The impact depends on the StAX implementation in use: * JRE built-in StAX:
 Forbidden characters are silently written to the output, producing malformed XML. Conforming parsers must reject such documents with a fatal error, which may cause downstream log-processing systems to drop the affected records. * Alternative StAX implementations (e.g., Woodstox https://github.com/FasterXML/woodstox , a transitive dependency of the Jackson XML Dataformat module): An exception is thrown during the logging call, and the log event is never delivered to its intended appender, only to Log4j's internal status logger. Users are advised to upgrade to Apache Log4j Core 2.25.4, which corrects this issue by sanitizing forbidden characters before XML output. (CVE-2026-34480)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306043

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-3446]]> https://www.tenable.com/plugins/nessus/306042 https://www.tenable.com/plugins/nessus/306042 Sun, 12 Apr 2026 00:00:00 GMT Nessus Plugin ID 306042 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - When calling base64.b64decode() or related functions the decoding process would stop after encountering the first padded quad regardless of whether there was more information to be processed. This can lead to data being accepted which may be processed differently by other implementations. Use validate=True to enable stricter processing of base64 data. (CVE-2026-3446)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306042

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-34481]]> https://www.tenable.com/plugins/nessus/306041 https://www.tenable.com/plugins/nessus/306041 Sun, 12 Apr 2026 00:00:00 GMT Nessus Plugin ID 306041 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values (NaN, Infinity, or -Infinity), which are prohibited by RFC 8259. This may cause downstream log processing systems to reject or fail to index affected records. An attacker can exploit this issue only if both of the following conditions are met: * The application uses JsonTemplateLayout. * The application logs a MapMessage containing an attacker-controlled floating-point value. Users are advised to upgrade to Apache Log4j JSON Template Layout 2.25.4, which corrects this issue.
 (CVE-2026-34481)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306041

]]> <![CDATA[FreeBSD : py-ormar -- vulnerabilities (8d549898-3598-11f1-a8bc-3c7c3fba4204)]]> https://www.tenable.com/plugins/nessus/306040 https://www.tenable.com/plugins/nessus/306040 Sun, 12 Apr 2026 00:00:00 GMT Nessus Plugin ID 306040 with Critical Severity

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 8d549898-3598-11f1-a8bc-3c7c3fba4204 advisory.

 https://github.com/ormar-orm/ormar/security/advisories reports:

Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306040

]]> <![CDATA[FreeBSD : (lib)tiff -- Integer Overflow or Wraparound (766bb9b5-357f-11f1-98f0-00a098b42aeb)]]> https://www.tenable.com/plugins/nessus/306039 https://www.tenable.com/plugins/nessus/306039 Sun, 12 Apr 2026 00:00:00 GMT Nessus Plugin ID 306039 with High Severity

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 766bb9b5-357f-11f1-98f0-00a098b42aeb advisory.

 PrymEvol and Quang Luong reports:
 A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution.


Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306039

]]> <![CDATA[RockyLinux 10 : nodejs22 (RLSA-2026:7080)]]> https://www.tenable.com/plugins/nessus/306038 https://www.tenable.com/plugins/nessus/306038 Sun, 12 Apr 2026 00:00:00 GMT Nessus Plugin ID 306038 with Critical Severity

Synopsis

The remote RockyLinux host is missing one or more security updates.

Description

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:7080 advisory.

 * brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion (CVE-2026-25547)

 * minimatch: minimatch: Denial of Service via specially crafted glob patterns (CVE-2026-26996)

 * minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions (CVE-2026-27904)

 * undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression (CVE-2026-1526)

 * undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter (CVE-2026-2229)

 * undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers (CVE-2026-1525)

 * undici: undici: Denial of Service via crafted WebSocket frame with large length (CVE-2026-1528)

 * nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135)

 * Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header (CVE-2026-21710)

Tenable has extracted the preceding description block directly from the RockyLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306038

]]> <![CDATA[RockyLinux 10 : kernel (RLSA-2026:6632)]]> https://www.tenable.com/plugins/nessus/306037 https://www.tenable.com/plugins/nessus/306037 Sun, 12 Apr 2026 00:00:00 GMT Nessus Plugin ID 306037 with High Severity

Synopsis

The remote RockyLinux host is missing one or more security updates.

Description

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:6632 advisory.

 * kernel: Linux kernel (net/mlx5): Use-after-free in ECVF vports unload leads to denial of service (CVE-2025-38109)

 * kernel: Linux kernel: Local denial of service and memory leak in DAMON sysfs via setup failure (CVE-2026-23144)

 * kernel: Linux kernel: Use-after-free in bonding module can cause system crash or arbitrary code execution (CVE-2026-23171)

 * kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (CVE-2026-23193)

 * kernel: macvlan: fix error recovery in macvlan_common_newlink() (CVE-2026-23209)

 * kernel: net/sched: cls_u32: use skb_header_pointer_careful() (CVE-2026-23204)

 * kernel: ALSA: aloop: Fix racy access at PCM trigger (CVE-2026-23191)

Tenable has extracted the preceding description block directly from the RockyLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306037

]]> <![CDATA[Fedora 45 : micropython (2026-d619d8d077)]]> https://www.tenable.com/plugins/nessus/306036 https://www.tenable.com/plugins/nessus/306036 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306036 with Medium Severity

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 45 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d619d8d077 advisory.

 Automatic update for micropython-1.28.0-1.fc45.

 ##### **Changelog**

 ```
 * Mon Apr 6 2026 Lumr Balhar - 1.28.0-1
 - Update to 1.28.0
 - Security fix for CVE-2026-1998
 - Update mbedtls submodule to 3.6.6
 - mbedtls security fixes for CVE-2026-25834, CVE-2026-34871, CVE-2026-25833
 - CVE-2025-52496, CVE-2025-52497, CVE-2025-49087, CVE-2025-54764, CVE-2025-59438 Resolves: rhbz#2455368, rhbz#2376688, rhbz#2376701, rhbz#2382261, rhbz#2405245, rhbz#2405374, rhbz#2437327, rhbz#2454032, rhbz#2454086, rhbz#2454213

 ```

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected micropython package.

Read more at https://www.tenable.com/plugins/nessus/306036

]]> <![CDATA[Slackware Linux 15.0 / current openssl Multiple Vulnerabilities (SSA:2026-101-01)]]> https://www.tenable.com/plugins/nessus/306035 https://www.tenable.com/plugins/nessus/306035 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306035 with High Severity

Synopsis

The remote Slackware Linux host is missing a security update to openssl.

Description

The version of openssl installed on the remote host is prior to 1.1.1zg / 3.5.6. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2026-101-01 advisory.

 New openssl packages are available for Slackware 15.0 and -current to fix security issues.

Tenable has extracted the preceding description block directly from the openssl security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the affected openssl package.

Read more at https://www.tenable.com/plugins/nessus/306035

]]> <![CDATA[RockyLinux 8 : thunderbird (RLSA-2026:6917)]]> https://www.tenable.com/plugins/nessus/306034 https://www.tenable.com/plugins/nessus/306034 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306034 with Critical Severity

Synopsis

The remote RockyLinux host is missing one or more security updates.

Description

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:6917 advisory.

 * firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-4701)

 * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4721)

 * firefox: thunderbird: Privilege escalation in the Netmonitor component (CVE-2026-4717)

 * firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-4688)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4706)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4695)

 * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4689)

 * firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-4698)

 * firefox: thunderbird: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component (CVE-2026-4716)

 * firefox: thunderbird: Race condition, use-after-free in the Graphics: WebRender component (CVE-2026-4684)

 * firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4705)

 * firefox: thunderbird: Uninitialized memory in the Graphics: Canvas2D component (CVE-2026-4715)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4685)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4714)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-4709)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4710)

 * firefox: thunderbird: Information disclosure in the Widget: Cocoa component (CVE-2026-4712)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4697)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4713)

 * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4690)

 * firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-4711)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4686)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4708)

 * firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component (CVE-2026-4691)

 * firefox: thunderbird: Incorrect boundary conditions in the Layout: Text and Fonts component (CVE-2026-4699)

 * firefox: thunderbird: Use-after-free in the Layout: Text and Fonts component (CVE-2026-4696)

 * firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Playback component (CVE-2026-4693)

 * firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4718)

 * firefox: thunderbird: JIT miscompilation in the JavaScript Engine component (CVE-2026-4702)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Text component (CVE-2026-4719)

 * firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics component (CVE-2026-4694)

 * firefox: thunderbird: Sandbox escape in the Responsive Design Mode component (CVE-2026-4692)

 * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4720)

 * firefox: thunderbird: Mitigation bypass in the Networking: HTTP component (CVE-2026-4700)

 * firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4707)

 * firefox: thunderbird: Denial-of-service in the WebRTC: Signaling component (CVE-2026-4704)

 * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component (CVE-2026-4687)

 * thunderbird: Out of bounds read in IMAP parsing (CVE-2026-4371)

 * thunderbird: Spoofing issue in Thunderbird (CVE-2026-3889)

Tenable has extracted the preceding description block directly from the RockyLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected thunderbird, thunderbird-debuginfo and / or thunderbird-debugsource packages.

Read more at https://www.tenable.com/plugins/nessus/306034

]]> <![CDATA[RockyLinux 8 : kernel (RLSA-2026:6571)]]> https://www.tenable.com/plugins/nessus/306033 https://www.tenable.com/plugins/nessus/306033 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306033 with High Severity

Synopsis

The remote RockyLinux host is missing one or more security updates.

Description

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:6571 advisory.

 * kernel: nouveau: fix instmem race condition around ptr stores (CVE-2024-26984)

 * kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (CVE-2026-23193)

 * kernel: kernel: Privilege escalation or denial of service via use-after-free in nf_tables_addchain() (CVE-2026-23231)

 * kernel: Linux kernel (qla2xxx): Double free vulnerability leads to denial of service and potential privilege escalation. (CVE-2025-71238)

Tenable has extracted the preceding description block directly from the RockyLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306033

]]> <![CDATA[RockyLinux 9 : kernel (RLSA-2026:6570)]]> https://www.tenable.com/plugins/nessus/306032 https://www.tenable.com/plugins/nessus/306032 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306032 with High Severity

Synopsis

The remote RockyLinux host is missing one or more security updates.

Description

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:6570 advisory.

 * kernel: Linux kernel (net/mlx5): Use-after-free in ECVF vports unload leads to denial of service (CVE-2025-38109)

 * kernel: Kernel: Privilege escalation or denial of service in nf_tables via inverted element activity check (CVE-2026-23111)

 * kernel: Linux kernel: Denial of Service in ice driver due to race condition during VSI rebuild (CVE-2026-23210)

 * kernel: kernel: Privilege escalation or denial of service via use-after-free in nf_tables_addchain() (CVE-2026-23231)

Tenable has extracted the preceding description block directly from the RockyLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306032

]]> <![CDATA[RockyLinux 8 : kernel-rt (RLSA-2026:6572)]]> https://www.tenable.com/plugins/nessus/306031 https://www.tenable.com/plugins/nessus/306031 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306031 with High Severity

Synopsis

The remote RockyLinux host is missing one or more security updates.

Description

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:6572 advisory.

 * kernel: nouveau: fix instmem race condition around ptr stores (CVE-2024-26984)

 * kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (CVE-2026-23193)

 * kernel: kernel: Privilege escalation or denial of service via use-after-free in nf_tables_addchain() (CVE-2026-23231)

 * kernel: Linux kernel (qla2xxx): Double free vulnerability leads to denial of service and potential privilege escalation. (CVE-2025-71238)

Tenable has extracted the preceding description block directly from the RockyLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306031

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-40194]]> https://www.tenable.com/plugins/nessus/306030 https://www.tenable.com/plugins/nessus/306030 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306030 with Low Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - phpseclib is a PHP secure communications library. Prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::get_binary_packet() uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp(), which short- circuits on the first differing byte. This is a real variable-time comparison (CWE-208), proven by scaling benchmarks. This vulnerability is fixed in 3.0.51, 2.0.53, and 1.0.28. (CVE-2026-40194)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306030

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-4150]]> https://www.tenable.com/plugins/nessus/306029 https://www.tenable.com/plugins/nessus/306029 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306029 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28807.
 (CVE-2026-4150)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306029

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-40354]]> https://www.tenable.com/plugins/nessus/306028 https://www.tenable.com/plugins/nessus/306028 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306028 with Low Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host context via a symlink attack on g_file_trash. (CVE-2026-40354)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306028

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-40021]]> https://www.tenable.com/plugins/nessus/306027 https://www.tenable.com/plugins/nessus/306027 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306027 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/configuration/layouts.html#layout- list and XmlLayoutSchemaLog4J https://logging.apache.org/log4net/manual/configuration/layouts.html#layout- list , in versions before 3.3.0, fail to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/#charsets in MDC property keys and values, as well as the identity field that may carry attacker-influenced data. This causes an exception during serialization and the silent loss of the affected log event. An attacker who can influence any of these fields can exploit this to suppress individual log records, impairing audit trails and detection of malicious activity. Users are advised to upgrade to Apache Log4net 3.3.0, which fixes this issue. (CVE-2026-40021)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306027

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-4153]]> https://www.tenable.com/plugins/nessus/306026 https://www.tenable.com/plugins/nessus/306026 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306026 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28874.
 (CVE-2026-4153)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306026

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-40175]]> https://www.tenable.com/plugins/nessus/306025 https://www.tenable.com/plugins/nessus/306025 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306025 with Critical Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0, the Axios library is vulnerable to a specific Gadget attack chain that allows Prototype Pollution in any third-party dependency to be escalated into Remote Code Execution (RCE) or Full Cloud Compromise (via AWS IMDSv2 bypass). This vulnerability is fixed in 1.15.0. (CVE-2026-40175)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306025

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-5795]]> https://www.tenable.com/plugins/nessus/306024 https://www.tenable.com/plugins/nessus/306024 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306024 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable. Upon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator code without clearing those ThreadLocals. A subsequent request using the same thread inherits the ThreadLocal values, leading to a broken access control and privilege escalation. (CVE-2026-5795)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306024

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-40198]]> https://www.tenable.com/plugins/nessus/306023 https://www.tenable.com/plugins/nessus/306023 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306023 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. _pack_ipv6() does not check that uncompressed IPv6 addresses (without ::) have exactly 8 hex groups. Inputs like abcd, 1:2:3, or 1:2:3:4:5:6:7 are accepted and produce packed values of wrong length (3, 7, or 15 bytes instead of 17). The packed values are used internally for mask and comparison operations. find() and bin_find() use Perl string comparison (lt/gt) on these values, and comparing strings of different lengths gives wrong results. This can cause find() to incorrectly report an address as inside or outside a range. Example: my $cidr = Net::CIDR::Lite->new(::/8); $cidr->find(1:2:3); # invalid input, incorrectly returns true This is the same class of input validation issue as CVE-2021-47154 (IPv4 leading zeros) previously fixed in this module. See also CVE-2026-40199, a related issue in the same function affecting IPv4 mapped IPv6 addresses. (CVE-2026-40198)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306023

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-4154]]> https://www.tenable.com/plugins/nessus/306022 https://www.tenable.com/plugins/nessus/306022 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306022 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XPM files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28901.
 (CVE-2026-4154)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306022

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-4151]]> https://www.tenable.com/plugins/nessus/306021 https://www.tenable.com/plugins/nessus/306021 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306021 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ANI files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28813.
 (CVE-2026-4151)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306021

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-40199]]> https://www.tenable.com/plugins/nessus/306020 https://www.tenable.com/plugins/nessus/306020 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306020 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. _pack_ipv6() includes the sentinel byte from _pack_ipv4() when building the packed representation of IPv4 mapped addresses like ::ffff:192.168.1.1. This produces an 18 byte value instead of 17 bytes, misaligning the IPv4 part of the address. The wrong length causes incorrect results in mask operations (bitwise AND truncates to the shorter operand) and in find() / bin_find() which use Perl string comparison (lt/gt). This can cause find() to incorrectly match or miss addresses. Example: my $cidr = Net::CIDR::Lite->new(::ffff:192.168.1.0/120); $cidr->find(::ffff:192.168.2.0); # incorrectly returns true This is triggered by valid RFC 4291 IPv4 mapped addresses (::ffff:x.x.x.x). See also CVE-2026-40198, a related issue in the same function affecting malformed IPv6 addresses. (CVE-2026-40199)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306020

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-4152]]> https://www.tenable.com/plugins/nessus/306019 https://www.tenable.com/plugins/nessus/306019 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306019 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28863.
 (CVE-2026-4152)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306019

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-40023]]> https://www.tenable.com/plugins/nessus/306018 https://www.tenable.com/plugins/nessus/306018 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306018 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx_1_1xml_1_1XMLLayout.html , in versions before 1.7.0, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/#charsets in log messages, NDC, and MDC property keys and values, producing invalid XML output. Conforming XML parsers must reject such documents with a fatal error, which may cause downstream log processing systems to drop or fail to index affected records. An attacker who can influence logged data can exploit this to suppress individual log records, impairing audit trails and detection of malicious activity. Users are advised to upgrade to Apache Log4cxx 1.7.0, which fixes this issue.
 (CVE-2026-40023)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/306018

]]> <![CDATA[CBL Mariner 2.0 Security Update: CBL-Mariner Releases (CVE-2026-34743)]]> https://www.tenable.com/plugins/nessus/306017 https://www.tenable.com/plugins/nessus/306017 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306017 with Medium Severity

Synopsis

The remote CBL Mariner host is missing one or more security updates.

Description

The version of CBL-Mariner Releases installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-34743 advisory.

 - XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3. (CVE-2026-34743)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306017

]]> <![CDATA[Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-35535)]]> https://www.tenable.com/plugins/nessus/306016 https://www.tenable.com/plugins/nessus/306016 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306016 with High Severity

Synopsis

The remote Azure Linux host is missing one or more security updates.

Description

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-35535 advisory.

 - In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.
 (CVE-2026-35535)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306016

]]> <![CDATA[RockyLinux 10 : kea (RLSA-2026:7342)]]> https://www.tenable.com/plugins/nessus/306015 https://www.tenable.com/plugins/nessus/306015 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306015 with High Severity

Synopsis

The remote RockyLinux host is missing a security update.

Description

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:7342 advisory.

 * Kea: Kea: Denial of Service via maliciously crafted message (CVE-2026-3608)

Tenable has extracted the preceding description block directly from the RockyLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306015

]]> <![CDATA[SUSE SLES15 Security Update : kernel (Live Patch 27 for SUSE Linux Enterprise 15 SP5) (SUSE-SU-2026:1242-1)]]> https://www.tenable.com/plugins/nessus/306014 https://www.tenable.com/plugins/nessus/306014 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306014 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1242-1 advisory.

 This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.179 fixes various security issues

 The following security issues were fixed:

 - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036).
 - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689).
 - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
 - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
 - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
 - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel-livepatch-5_14_21-150400_24_179-default and / or kernel- livepatch-5_14_21-150500_55_110-default packages.

Read more at https://www.tenable.com/plugins/nessus/306014

]]> <![CDATA[SUSE SLES15 Security Update : nghttp2 (SUSE-SU-2026:1247-1)]]> https://www.tenable.com/plugins/nessus/306013 https://www.tenable.com/plugins/nessus/306013 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306013 with High Severity

Synopsis

The remote SUSE host is missing a security update.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1247-1 advisory.

 This update for nghttp2 fixes the following issue:

 - CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306013

]]> <![CDATA[SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2026:1257-1)]]> https://www.tenable.com/plugins/nessus/306012 https://www.tenable.com/plugins/nessus/306012 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306012 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1257-1 advisory.

 - CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441).
 - CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442).
 - CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443).
 - CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444).
 - CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306012

]]> <![CDATA[SUSE SLES12 Security Update : openssl-1_1 (SUSE-SU-2026:1255-1)]]> https://www.tenable.com/plugins/nessus/306011 https://www.tenable.com/plugins/nessus/306011 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306011 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1255-1 advisory.

 - CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441).
 - CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442).
 - CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443).
 - CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306011

]]> <![CDATA[SUSE SLES15 Security Update : kernel (Live Patch 4 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:1244-1)]]> https://www.tenable.com/plugins/nessus/306010 https://www.tenable.com/plugins/nessus/306010 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306010 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1244-1 advisory.

 This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.16 fixes various security issues

 The following security issues were fixed:

 - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036).
 - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689).
 - CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404).
 - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
 - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
 - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
 - CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183).
 - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel-livepatch-6_4_0-150700_53_16-default package.

Read more at https://www.tenable.com/plugins/nessus/306010

]]> <![CDATA[Adobe Reader < 26.001.21411 Vulnerability (APSB26-43) (macOS)]]> https://www.tenable.com/plugins/nessus/306009 https://www.tenable.com/plugins/nessus/306009 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306009 with High Severity

Synopsis

The version of Adobe Reader installed on the remote macOS host is affected by a vulnerability.

Description

The version of Adobe Reader installed on the remote macOS host is a version prior to 26.001.21411. It is, therefore, affected by a vulnerability.

 - Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2026-34621)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Adobe Reader version 26.001.21411 or later.

Read more at https://www.tenable.com/plugins/nessus/306009

]]> <![CDATA[Adobe Reader < 26.001.21411 Vulnerability (APSB26-43)]]> https://www.tenable.com/plugins/nessus/306008 https://www.tenable.com/plugins/nessus/306008 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306008 with High Severity

Synopsis

The version of Adobe Reader installed on the remote Windows host is affected by a vulnerability.

Description

The version of Adobe Reader installed on the remote Windows host is a version prior to 26.001.21411. It is, therefore, affected by a vulnerability.

 - Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2026-34621)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Adobe Reader version 26.001.21411 or later.

Read more at https://www.tenable.com/plugins/nessus/306008

]]> <![CDATA[Adobe Acrobat < 24.001.30362 / 26.001.21411 Vulnerability (APSB26-43)]]> https://www.tenable.com/plugins/nessus/306007 https://www.tenable.com/plugins/nessus/306007 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306007 with High Severity

Synopsis

The version of Adobe Acrobat installed on the remote Windows host is affected by a vulnerability.

Description

The version of Adobe Acrobat installed on the remote Windows host is a version prior to 24.001.30362 or 26.001.21411. It is, therefore, affected by a vulnerability.

 - Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2026-34621)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Adobe Acrobat version 24.001.30362 / 26.001.21411 or later.

Read more at https://www.tenable.com/plugins/nessus/306007

]]> <![CDATA[Adobe Acrobat < 24.001.30360 / 26.001.21411 Vulnerability (APSB26-43) (macOS)]]> https://www.tenable.com/plugins/nessus/306006 https://www.tenable.com/plugins/nessus/306006 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306006 with High Severity

Synopsis

The version of Adobe Acrobat installed on the remote macOS host is affected by a vulnerability.

Description

The version of Adobe Acrobat installed on the remote macOS host is a version prior to 24.001.30360 or 26.001.21411. It is, therefore, affected by a vulnerability.

 - Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2026-34621)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Adobe Acrobat version 24.001.30360 / 26.001.21411 or later.

Read more at https://www.tenable.com/plugins/nessus/306006

]]> <![CDATA[Photon OS 5.0: Linux PHSA-2026-5.0-0813]]> https://www.tenable.com/plugins/nessus/306005 https://www.tenable.com/plugins/nessus/306005 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306005 with High Severity

Synopsis

The remote PhotonOS host is missing multiple security updates.

Description

An update of the linux package has been released.

Solution

Update the affected Linux packages.

Read more at https://www.tenable.com/plugins/nessus/306005

]]> <![CDATA[Photon OS 5.0: Openssl PHSA-2026-5.0-0810]]> https://www.tenable.com/plugins/nessus/306004 https://www.tenable.com/plugins/nessus/306004 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306004 with High Severity

Synopsis

The remote PhotonOS host is missing multiple security updates.

Description

An update of the openssl package has been released.

Solution

Update the affected Linux packages.

Read more at https://www.tenable.com/plugins/nessus/306004

]]> <![CDATA[SUSE SLES12 Security Update : openssl-1_0_0 (SUSE-SU-2026:1256-1)]]> https://www.tenable.com/plugins/nessus/306003 https://www.tenable.com/plugins/nessus/306003 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306003 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1256-1 advisory.

 - CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441).
 - CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442).
 - CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443).
 - CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444).
 - CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/306003

]]> <![CDATA[SUSE SLES15 Security Update : kernel (Live Patch 34 for SUSE Linux Enterprise 15 SP5) (SUSE-SU-2026:1254-1)]]> https://www.tenable.com/plugins/nessus/306002 https://www.tenable.com/plugins/nessus/306002 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306002 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1254-1 advisory.

 This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.133 fixes various security issues

 The following security issues were fixed:

 - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
 - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
 - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
 - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel-livepatch-5_14_21-150500_55_133-default package.

Read more at https://www.tenable.com/plugins/nessus/306002

]]> <![CDATA[SUSE SLES15 Security Update : kernel (Live Patch 11 for SUSE Linux Enterprise 15 SP6) (SUSE-SU-2026:1239-1)]]> https://www.tenable.com/plugins/nessus/306001 https://www.tenable.com/plugins/nessus/306001 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306001 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1239-1 advisory.

 This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.50 fixes various security issues

 The following security issues were fixed:

 - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036).
 - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689).
 - CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253404).
 - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
 - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
 - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
 - CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258183).
 - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel-livepatch-6_4_0-150600_23_50-default package.

Read more at https://www.tenable.com/plugins/nessus/306001

]]> <![CDATA[Photon OS 5.0: Rubygem PHSA-2026-5.0-0816]]> https://www.tenable.com/plugins/nessus/306000 https://www.tenable.com/plugins/nessus/306000 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 306000 with Medium Severity

Synopsis

The remote PhotonOS host is missing multiple security updates.

Description

An update of the rubygem package has been released.

Solution

Update the affected Linux packages.

Read more at https://www.tenable.com/plugins/nessus/306000

]]> <![CDATA[Photon OS 5.0: Mysql PHSA-2026-5.0-0815]]> https://www.tenable.com/plugins/nessus/305999 https://www.tenable.com/plugins/nessus/305999 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 305999 with Medium Severity

Synopsis

The remote PhotonOS host is missing multiple security updates.

Description

An update of the mysql package has been released.

Solution

Update the affected Linux packages.

Read more at https://www.tenable.com/plugins/nessus/305999

]]> <![CDATA[Photon OS 5.0: Linux PHSA-2026-5.0-0806]]> https://www.tenable.com/plugins/nessus/305998 https://www.tenable.com/plugins/nessus/305998 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 305998 with High Severity

Synopsis

The remote PhotonOS host is missing multiple security updates.

Description

An update of the linux package has been released.

Solution

Update the affected Linux packages.

Read more at https://www.tenable.com/plugins/nessus/305998

]]> <![CDATA[Photon OS 5.0: Python3 PHSA-2026-5.0-0816]]> https://www.tenable.com/plugins/nessus/305997 https://www.tenable.com/plugins/nessus/305997 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 305997 with High Severity

Synopsis

The remote PhotonOS host is missing multiple security updates.

Description

An update of the python3 package has been released.

Solution

Update the affected Linux packages.

Read more at https://www.tenable.com/plugins/nessus/305997

]]> <![CDATA[FreeBSD : Mbed TLS -- vulnerabilities (d77bd2f5-34f0-11f1-bc6d-3c7c3fba4204)]]> https://www.tenable.com/plugins/nessus/305996 https://www.tenable.com/plugins/nessus/305996 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 305996 with Critical Severity

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the d77bd2f5-34f0-11f1-bc6d-3c7c3fba4204 advisory.

 https://mbed-tls.readthedocs.io/en/latest/security-advisories/ reports:

Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/305996

]]> <![CDATA[FreeBSD : DNSdist -- vulnerabilities (431c2753-3503-11f1-bc6d-3c7c3fba4204)]]> https://www.tenable.com/plugins/nessus/305995 https://www.tenable.com/plugins/nessus/305995 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 305995 with Medium Severity

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 431c2753-3503-11f1-bc6d-3c7c3fba4204 advisory.

 https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html reports:

Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/305995

]]> <![CDATA[FreeBSD : chromium -- security fixes (4b727a1a-5034-42b4-b29b-2289389f4ba8)]]> https://www.tenable.com/plugins/nessus/305994 https://www.tenable.com/plugins/nessus/305994 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 305994 with Critical Severity

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 4b727a1a-5034-42b4-b29b-2289389f4ba8 advisory.

 Chrome Releases reports:
 This update includes multiple security fixes:

Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/305994

]]> <![CDATA[Photon OS 4.0: Nodejs PHSA-2026-4.0-0995]]> https://www.tenable.com/plugins/nessus/305993 https://www.tenable.com/plugins/nessus/305993 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 305993 with Medium Severity

Synopsis

The remote PhotonOS host is missing multiple security updates.

Description

An update of the nodejs package has been released.

Solution

Update the affected Linux packages.

Read more at https://www.tenable.com/plugins/nessus/305993

]]> <![CDATA[Photon OS 4.0: Python3 PHSA-2026-4.0-0995]]> https://www.tenable.com/plugins/nessus/305992 https://www.tenable.com/plugins/nessus/305992 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 305992 with High Severity

Synopsis

The remote PhotonOS host is missing multiple security updates.

Description

An update of the python3 package has been released.

Solution

Update the affected Linux packages.

Read more at https://www.tenable.com/plugins/nessus/305992

]]> <![CDATA[Photon OS 5.0: Nodejs PHSA-2026-5.0-0814]]> https://www.tenable.com/plugins/nessus/305991 https://www.tenable.com/plugins/nessus/305991 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 305991 with Medium Severity

Synopsis

The remote PhotonOS host is missing multiple security updates.

Description

An update of the nodejs package has been released.

Solution

Update the affected Linux packages.

Read more at https://www.tenable.com/plugins/nessus/305991

]]> <![CDATA[Photon OS 4.0: Rubygem PHSA-2026-4.0-0995]]> https://www.tenable.com/plugins/nessus/305990 https://www.tenable.com/plugins/nessus/305990 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 305990 with High Severity

Synopsis

The remote PhotonOS host is missing multiple security updates.

Description

An update of the rubygem package has been released.

Solution

Update the affected Linux packages.

Read more at https://www.tenable.com/plugins/nessus/305990

]]> <![CDATA[SUSE SLES15 Security Update : kernel (Live Patch 47 for SUSE Linux Enterprise 15 SP4) (SUSE-SU-2026:1237-1)]]> https://www.tenable.com/plugins/nessus/305989 https://www.tenable.com/plugins/nessus/305989 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 305989 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1237-1 advisory.

 This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.187 fixes various security issues

 The following security issues were fixed:

 - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
 - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
 - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
 - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel-livepatch-5_14_21-150400_24_187-default package.

Read more at https://www.tenable.com/plugins/nessus/305989

]]> <![CDATA[SUSE SLES15 Security Update : kernel (Live Patch 28 for SUSE Linux Enterprise 15 SP5) (SUSE-SU-2026:1248-1)]]> https://www.tenable.com/plugins/nessus/305988 https://www.tenable.com/plugins/nessus/305988 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 305988 with High Severity

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1248-1 advisory.

 This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.113 fixes various security issues

 The following security issues were fixed:

 - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252036).
 - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252689).
 - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256780).
 - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257238).
 - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1258051).
 - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258784).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected kernel-livepatch-5_14_21-150500_55_113-default package.

Read more at https://www.tenable.com/plugins/nessus/305988

]]> <![CDATA[SUSE SLES15 / openSUSE 15 Security Update : tigervnc (SUSE-SU-2026:1252-1)]]> https://www.tenable.com/plugins/nessus/305987 https://www.tenable.com/plugins/nessus/305987 Sat, 11 Apr 2026 00:00:00 GMT Nessus Plugin ID 305987 with Critical Severity

Synopsis

The remote SUSE host is missing a security update.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1252-1 advisory.

 - CVE-2026-34352: Fixed permissions to prevent other users from observing the screen, or modifying what is sent to the client. (bsc#1260871)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/305987

]]> <![CDATA[Anthropic Claude Code < 2.1.2 Sandbox Escape via settings.json Injection (CVE-2026-25725)]]> https://www.tenable.com/plugins/nessus/305986 https://www.tenable.com/plugins/nessus/305986 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305986 with High Severity

Synopsis

An application installed on the remote host is affected by a sandbox escape vulnerability.

Description

The version of Anthropic Claude Code installed on the remote host is prior to 2.1.2. It is, therefore, affected by a sandbox escape vulnerability.

The bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While the parent directory was mounted as writable and .claude/settings.local.json was explicitly protected with read-only constraints, settings.json was not protected if it was missing. This allowed malicious code running inside the sandbox to create this file and inject persistent hooks such as SessionStart commands that would execute with host privileges when Claude Code was restarted.
(CVE-2026-25725)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade Anthropic Claude Code to version 2.1.2 or later.

Read more at https://www.tenable.com/plugins/nessus/305986

]]> <![CDATA[Anthropic Claude Code < 2.0.65 API Key Leak via Project Settings (CVE-2026-21852)]]> https://www.tenable.com/plugins/nessus/305985 https://www.tenable.com/plugins/nessus/305985 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305985 with Medium Severity

Synopsis

An application installed on the remote host is affected by an information disclosure vulnerability.

Description

The version of Anthropic Claude Code installed on the remote host is prior to 2.0.65. It is, therefore, affected by an information disclosure vulnerability.

A vulnerability in the project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. If a user started Claude Code in an attacker-controlled repository, and the repository included a settings file that set ANTHROPIC_BASE_URL to an attacker-controlled endpoint, Claude Code would issue API requests before showing the trust prompt, potentially leaking the user's API keys. (CVE-2026-21852)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade Anthropic Claude Code to version 2.0.65 or later.

Read more at https://www.tenable.com/plugins/nessus/305985

]]> <![CDATA[Anthropic Claude Code < 2.1.7 Permission Deny Bypass Through Symbolic Links (CVE-2026-25724)]]> https://www.tenable.com/plugins/nessus/305984 https://www.tenable.com/plugins/nessus/305984 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305984 with Low Severity

Synopsis

An application installed on the remote host is affected by a permission bypass vulnerability.

Description

The version of Anthropic Claude Code installed on the remote host is prior to 2.1.7. It is, therefore, affected by a permission bypass vulnerability.

Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly denied Claude Code access to a file such as /etc/passwd and Claude Code had access to a symbolic link pointing to that file, it was possible for Claude Code to read the restricted file through the symlink without triggering deny rule enforcement. (CVE-2026-25724)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade Anthropic Claude Code to version 2.1.7 or later.

Read more at https://www.tenable.com/plugins/nessus/305984

]]> <![CDATA[Anthropic Claude Code Installed (Linux / macOS)]]> https://www.tenable.com/plugins/nessus/305983 https://www.tenable.com/plugins/nessus/305983 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305983 with Info Severity

Synopsis

Anthropic Claude Code is installed on the remote host.

Description

Anthropic Claude Code, an agentic coding tool, is installed on the remote Linux or macOS host.

Solution

null

Read more at https://www.tenable.com/plugins/nessus/305983

]]> <![CDATA[Dotnetnuke < 10.2.2 Same HostGUID for all new installs (CVE-2026-40306)]]> https://www.tenable.com/plugins/nessus/305982 https://www.tenable.com/plugins/nessus/305982 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305982 with High Severity

Synopsis

An ASP.NET application running on the remote web server is affected by a vulnerability.

Description

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 10.2.2.
It is, therefore, affected by a vulnerability.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Dotnetnuke version 10.2.2 or later.

Read more at https://www.tenable.com/plugins/nessus/305982

]]> <![CDATA[Dotnetnuke 6.0.x < 10.2.2 Force Friend Request Acceptance (CVE-2026-40305)]]> https://www.tenable.com/plugins/nessus/305981 https://www.tenable.com/plugins/nessus/305981 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305981 with Medium Severity

Synopsis

An ASP.NET application running on the remote web server is affected by a vulnerability.

Description

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is 6.0.x prior to 10.2.2. It is, therefore, affected by a vulnerability.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Dotnetnuke version 10.2.2 or later.

Read more at https://www.tenable.com/plugins/nessus/305981

]]> <![CDATA[Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-34743)]]> https://www.tenable.com/plugins/nessus/305980 https://www.tenable.com/plugins/nessus/305980 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305980 with Medium Severity

Synopsis

The remote Azure Linux host is missing one or more security updates.

Description

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-34743 advisory.

 - XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3. (CVE-2026-34743)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/305980

]]> <![CDATA[Microsoft Edge (Chromium) < 147.0.3912.60 Multiple Vulnerabilities]]> https://www.tenable.com/plugins/nessus/305979 https://www.tenable.com/plugins/nessus/305979 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305979 with Critical Severity

Synopsis

The remote host has an web browser installed that is affected by multiple vulnerabilities.

Description

The version of Microsoft Edge installed on the remote Windows host is prior to 147.0.3912.60. It is, therefore, affected by multiple vulnerabilities as referenced in the April 10, 2026 advisory.

 - Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) (CVE-2026-5874)

 - User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. (CVE-2026-33119)

 - Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2026-33118)

 - Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) (CVE-2026-5858)

 - Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) (CVE-2026-5859)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Microsoft Edge version 147.0.3912.60 or later.

Read more at https://www.tenable.com/plugins/nessus/305979

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-34734]]> https://www.tenable.com/plugins/nessus/305978 https://www.tenable.com/plugins/nessus/305978 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305978 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An attacker who can supply a malicious h5 file can trigger a heap use-after-free. The freed object is referenced in a memmove call from H5T__conv_struct. The original object was allocated by H5D__typeinfo_init_phase3 and freed by H5D__typeinfo_term. (CVE-2026-34734)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/305978

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-31412]]> https://www.tenable.com/plugins/nessus/305977 https://www.tenable.com/plugins/nessus/305977 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305977 with Critical Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() The `check_command_size_in_blocks()` function calculates the data size in bytes by left shifting `common->data_size_from_cmnd` by the block size (`common->curlun->blkbits`). However, it does not validate whether this shift operation will cause an integer overflow. Initially, the block size is set up in `fsg_lun_open()` , and the `common->data_size_from_cmnd` is set up in `do_scsi_command()`. During initialization, there is no integer overflow check for the interaction between two variables. So if a malicious USB host sends a SCSI READ or WRITE command requesting a large amount of data (`common->data_size_from_cmnd`), the left shift operation can wrap around. This results in a truncated data size, which can bypass boundary checks and potentially lead to memory corruption or out-of-bounds accesses. Fix this by using the check_shl_overflow() macro to safely perform the shift and catch any overflows. (CVE-2026-31412)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/305977

]]> <![CDATA[Oracle Linux 10 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50184)]]> https://www.tenable.com/plugins/nessus/305976 https://www.tenable.com/plugins/nessus/305976 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305976 with High Severity

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 10 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50184 advisory.

 - ipv6: use RCU in ip6_xmit() (Eric Dumazet) [Orabug: 39186444] {CVE-2025-40135}
 - netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (Inseo An) [Orabug: 39181102] {CVE-2026-23231}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/305976

]]> <![CDATA[Unity Linux 20.1060a / 20.1070a Security Update: grafana (UTSA-2026-007098)]]> https://www.tenable.com/plugins/nessus/305975 https://www.tenable.com/plugins/nessus/305975 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305975 with Critical Severity

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007098 advisory.

 The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines.
 This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected grafana package.

Read more at https://www.tenable.com/plugins/nessus/305975

]]> <![CDATA[Unity Linux 20.1060a / 20.1070a Security Update: grafana (UTSA-2026-007107)]]> https://www.tenable.com/plugins/nessus/305974 https://www.tenable.com/plugins/nessus/305974 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305974 with Critical Severity

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007107 advisory.

 During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected grafana package.

Read more at https://www.tenable.com/plugins/nessus/305974

]]> <![CDATA[Unity Linux 20.1070a Security Update: vsftpd (UTSA-2026-007108)]]> https://www.tenable.com/plugins/nessus/305973 https://www.tenable.com/plugins/nessus/305973 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305973 with Medium Severity

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007108 advisory.

 A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected vsftpd package.

Read more at https://www.tenable.com/plugins/nessus/305973

]]> <![CDATA[Unity Linux 20.1060a / 20.1070a Security Update: grafana (UTSA-2026-007100)]]> https://www.tenable.com/plugins/nessus/305972 https://www.tenable.com/plugins/nessus/305972 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305972 with Medium Severity

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007100 advisory.

 A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF.

 The default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected grafana package.

Read more at https://www.tenable.com/plugins/nessus/305972

]]> <![CDATA[Unity Linux 20.1070a Security Update: glibc (UTSA-2026-007101)]]> https://www.tenable.com/plugins/nessus/305971 https://www.tenable.com/plugins/nessus/305971 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305971 with Medium Severity

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007101 advisory.

 The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected glibc package.

Read more at https://www.tenable.com/plugins/nessus/305971

]]> <![CDATA[Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: freerdp (UTSA-2026-007105)]]> https://www.tenable.com/plugins/nessus/305970 https://www.tenable.com/plugins/nessus/305970 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305970 with High Severity

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007105 advisory.

 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server can trigger a heap buffer overflow in FreeRDP clients using the GDI surface pipeline (e.g., `xfreerdp`) by sending an RDPGFX ClearCodec surface command with an out-of-bounds destination rectangle.
 The `gdi_SurfaceCommand_ClearCodec()` handler does not call `is_within_surface()` to validate the command rectangle against the destination surface dimensions, allowing attacker-controlled `cmd->left`/`cmd->top` (and subcodec rectangle offsets) to reach image copy routines that write into `surface->data` without bounds enforcement. The OOB write corrupts an adjacent `gdiGfxSurface` struct's `codecs*` pointer with attacker-controlled pixel data, and corruption of `codecs*` is sufficient to reach an indirect function pointer call (`NSC_CONTEXT.decode` at `nsc.c:500`) on a subsequent codec command full instruction pointer (RIP) control demonstrated in exploitability harness. Users should upgrade to version 3.23.0 to receive a patch.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected freerdp package.

Read more at https://www.tenable.com/plugins/nessus/305970

]]> <![CDATA[Unity Linux 20.1060a / 20.1070a Security Update: grafana (UTSA-2026-007102)]]> https://www.tenable.com/plugins/nessus/305969 https://www.tenable.com/plugins/nessus/305969 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305969 with High Severity

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007102 advisory.

 Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected grafana package.

Read more at https://www.tenable.com/plugins/nessus/305969

]]> <![CDATA[Unity Linux 20.1060a / 20.1070a Security Update: grafana (UTSA-2026-007106)]]> https://www.tenable.com/plugins/nessus/305968 https://www.tenable.com/plugins/nessus/305968 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305968 with Medium Severity

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007106 advisory.

 archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected grafana package.

Read more at https://www.tenable.com/plugins/nessus/305968

]]> <![CDATA[Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: freerdp (UTSA-2026-007104)]]> https://www.tenable.com/plugins/nessus/305967 https://www.tenable.com/plugins/nessus/305967 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305967 with High Severity

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007104 advisory.

 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, in the RLE planar decode path, `planar_decompress_plane_rle()` writes into `pDstData` at `((nYDst+y) * nDstStep) + (4*nXDst) + nChannel` without verifying that `(nYDst+nSrcHeight)` fits in the destination height or that `(nXDst+nSrcWidth)` fits in the destination stride. When `TempFormat != DstFormat`, `pDstData` becomes `planar->pTempData` (sized for the desktop), while `nYDst` is only validated against the **surface** by `is_within_surface()`. A malicious RDP server can exploit this to perform a heap out-of-bounds write with attacker-controlled offset and pixel data on any connecting FreeRDP client. The OOB write reaches up to 132,096 bytes past the temp buffer end, and on the brk heap (desktop 128128), an adjacent `NSC_CONTEXT` struct's `decode` function pointer is overwritten with attacker-controlled pixel data control-flowrelevant corruption (function pointer overwritten) demonstrated under deterministic heap layout (`nsc->decode = 0xFF414141FF414141`). Version 3.23.0 fixes the vulnerability.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected freerdp package.

Read more at https://www.tenable.com/plugins/nessus/305967

]]> <![CDATA[Unity Linux 20.1060a / 20.1070a Security Update: grafana (UTSA-2026-007103)]]> https://www.tenable.com/plugins/nessus/305966 https://www.tenable.com/plugins/nessus/305966 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305966 with High Severity

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007103 advisory.

 The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected grafana package.

Read more at https://www.tenable.com/plugins/nessus/305966

]]> <![CDATA[Unity Linux 20.1060a / 20.1070a Security Update: grafana (UTSA-2026-007099)]]> https://www.tenable.com/plugins/nessus/305965 https://www.tenable.com/plugins/nessus/305965 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305965 with Medium Severity

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007099 advisory.

 tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected grafana package.

Read more at https://www.tenable.com/plugins/nessus/305965

]]> <![CDATA[Dotnetnuke < 10.2.2 Same HostGUID for all new installs (GHSA-2rhw-gw3f-477j)]]> https://www.tenable.com/plugins/nessus/305964 https://www.tenable.com/plugins/nessus/305964 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305964 with High Severity

Synopsis

An ASP.NET application running on the remote web server is affected by a vulnerability.

Description

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 10.2.2.
It is, therefore, affected by a vulnerability.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Dotnetnuke version 10.2.2 or later.

Read more at https://www.tenable.com/plugins/nessus/305964

]]> <![CDATA[Dotnetnuke < 10.2.2 Stored cross-site-scripting (XSS) via SVG upload (GHSA-ffq7-898w-9jc4)]]> https://www.tenable.com/plugins/nessus/305963 https://www.tenable.com/plugins/nessus/305963 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305963 with High Severity

Synopsis

An ASP.NET application running on the remote web server is affected by a vulnerability.

Description

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is prior to 10.2.2.
It is, therefore, affected by a vulnerability.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Dotnetnuke version 10.2.2 or later.

Read more at https://www.tenable.com/plugins/nessus/305963

]]> <![CDATA[Dotnetnuke 6.0.x < 10.2.2 Force Friend Request Acceptance (GHSA-fpj4-9qhx-5m6m)]]> https://www.tenable.com/plugins/nessus/305962 https://www.tenable.com/plugins/nessus/305962 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305962 with High Severity

Synopsis

An ASP.NET application running on the remote web server is affected by a vulnerability.

Description

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is 6.0.x prior to 10.2.2. It is, therefore, affected by a vulnerability.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Dotnetnuke version 10.2.2 or later.

Read more at https://www.tenable.com/plugins/nessus/305962

]]> <![CDATA[Ruby Rack 3.x < 3.1.21 / 3.2.x < 3.2.6 Multiple Vulnerabilities]]> https://www.tenable.com/plugins/nessus/305961 https://www.tenable.com/plugins/nessus/305961 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305961 with Medium Severity

Synopsis

The remote host has an application installed that is affected by multiple vulnerabilities.

Description

The version of the Rack Ruby library installed on the remote host is 3.0.0.beta1 or later but prior to 3.1.21, or is 3.2.0 or later but prior to 3.2.6. It is, therefore, affected by multiple vulnerabilities:

 - Rack::Multipart::Parser#handle_mime_head parses quoted multipart parameters using repeated String#index searches with String#slice! prefix deletion. For escape-heavy quoted values, this causes super-linear processing leading to denial of service (CVE-2026-34827)

 - Rack::Request parses Host header using AUTHORITY regex accepting characters not permitted in RFC-compliant hostnames (/, ?, #, @). Applications validating hosts with naive prefix/suffix checks can be bypassed, leading to host header poisoning (CVE-2026-34835)

 - Rack::Utils.forwarded_values parses RFC 7239 Forwarded header by splitting on semicolons before handling quoted-string values, allowing parameter smuggling (CVE-2026-32762)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Rack version 3.1.21 or 3.2.6 or later.

Read more at https://www.tenable.com/plugins/nessus/305961

]]> <![CDATA[Ruby Rack 3.2.x < 3.2.6 Header Injection Vulnerability]]> https://www.tenable.com/plugins/nessus/305960 https://www.tenable.com/plugins/nessus/305960 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305960 with Medium Severity

Synopsis

The remote host has an application installed that is affected by a header injection vulnerability.

Description

The version of the Rack Ruby library installed on the remote host is 3.2.0 or later but prior to 3.2.6.
It is, therefore, affected by a header injection vulnerability:

 - Rack::Multipart::Parser unfolds folded multipart part headers incorrectly, preserving embedded CRLF in parsed parameter values instead of removing folded line break. Applications reusing these values in HTTP response headers may be vulnerable to header injection or response splitting. (CVE-2026-26962)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Rack version 3.2.6 or later.

Read more at https://www.tenable.com/plugins/nessus/305960

]]> <![CDATA[Ruby Rack < 2.2.23 / 3.0.x < 3.1.21 / 3.2 < 3.2.6 Multiple Vulnerabilities]]> https://www.tenable.com/plugins/nessus/305959 https://www.tenable.com/plugins/nessus/305959 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305959 with High Severity

Synopsis

The remote host has an application installed that is affected by multiple vulnerabilities.

Description

The version of the Rack Ruby library installed on the remote host is prior to 2.2.23, prior to 3.1.21, or prior to 3.2.6.
It is, therefore, affected by multiple vulnerabilities:

 - Rack::Utils.get_byte_ranges parses HTTP Range header without limiting the number of individual byte ranges, leading to denial of service (CVE-2026-34826)

 - Rack::Static uses simple string prefix check allowing unintended file disclosure (CVE-2026-34785)

 - Rack::Utils.select_best_encoding has quadratic time complexity with many wildcard Accept-Encoding entries (CVE-2026-34230)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Rack version 2.2.23, 3.1.21, 3.2.6 or later.

Read more at https://www.tenable.com/plugins/nessus/305959

]]> <![CDATA[RHEL 10 : cockpit: Unauthenticated remote code execution due to SSH command-line argument injection (Critical) (RHSA-2026:7381)]]> https://www.tenable.com/plugins/nessus/305958 https://www.tenable.com/plugins/nessus/305958 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305958 with Critical Severity

Synopsis

The remote Red Hat host is missing a security update.

Description

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:7381 advisory.

 Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more.

 Security Fix(es):

 * cockpit: ws: be more explicit when handling hostnames on cli (CVE-2026-4631)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/305958

]]> <![CDATA[RHEL 9 : cockpit: Unauthenticated remote code execution due to SSH command-line argument injection (Critical) (RHSA-2026:7382)]]> https://www.tenable.com/plugins/nessus/305957 https://www.tenable.com/plugins/nessus/305957 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305957 with Critical Severity

Synopsis

The remote Red Hat host is missing a security update.

Description

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:7382 advisory.

 Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more.

 Security Fix(es):

 * cockpit: ws: be more explicit when handling hostnames on cli (CVE-2026-4631)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/305957

]]> <![CDATA[RHEL 9 : cockpit: Unauthenticated remote code execution due to SSH command-line argument injection (Critical) (RHSA-2026:7384)]]> https://www.tenable.com/plugins/nessus/305956 https://www.tenable.com/plugins/nessus/305956 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305956 with Critical Severity

Synopsis

The remote Red Hat host is missing a security update.

Description

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:7384 advisory.

 Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more.

 Security Fix(es):

 * cockpit: ws: be more explicit when handling hostnames on cli (CVE-2026-4631)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/305956

]]> <![CDATA[Apache ActiveMQ < 5.19.4 / 6.x < 6.2.3 Improper Input Validation Code Injection]]> https://www.tenable.com/plugins/nessus/305955 https://www.tenable.com/plugins/nessus/305955 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305955 with High Severity

Synopsis

The remote host is running a web application that is affected by a code injection vulnerability.

Description

The version of Apache ActiveMQ running on the remote host is prior to 5.19.4 or 6.x prior to 6.2.3. It is, therefore, affected by an improper input validation and code injection vulnerability:

 - ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ with a default access policy that permits exec operations on ActiveMQ MBeans. An authenticated attacker can exploit specific broker operations with a crafted discovery URI that manipulates the VM transport's brokerConfig parameter to load a remote Spring XML context. Since Spring instantiates singleton beans before validation occurs, arbitrary code execution can occur on the broker's JVM through bean factory methods such as Runtime.exec(). (CVE-2026-34197)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Apache ActiveMQ version 5.19.4, 6.2.3, or later.

Read more at https://www.tenable.com/plugins/nessus/305955

]]> <![CDATA[Apache ActiveMQ < 5.19.3 / 5.19.4, 6.x < 6.2.2 / 6.2.3 Classpath Path Traversal]]> https://www.tenable.com/plugins/nessus/305954 https://www.tenable.com/plugins/nessus/305954 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305954 with Medium Severity

Synopsis

The remote host is running a web application that is affected by a path traversal vulnerability.

Description

The version of Apache ActiveMQ running on the remote host is prior to 5.19.3 / 5.19.4 or 6.x prior to 6.2.2 / 6.2.3.
It is, therefore, affected by an improper validation and restriction of classpath path name vulnerability:

 - An authenticated user could exploit path concatenation to traverse the classpath in two specific contexts: when creating a Stomp consumer and when browsing messages via the Web console. This vulnerability enables classpath path resource loading that could potentially be combined with other attacks for exploitation. (CVE-2026-33227)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Apache ActiveMQ version 5.19.3 / 5.19.4, 6.2.2 / 6.2.3, or later.

Read more at https://www.tenable.com/plugins/nessus/305954

]]> <![CDATA[Logstash Installed (Linux)]]> https://www.tenable.com/plugins/nessus/305953 https://www.tenable.com/plugins/nessus/305953 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305953 with Info Severity

Synopsis

Logstash is installed on the remote Linux host.

Description

Logstash, a data collection engine by Elastic, is installed on the remote Linux host.

Solution

null

Read more at https://www.tenable.com/plugins/nessus/305953

]]> <![CDATA[Logstash Installed (macOS)]]> https://www.tenable.com/plugins/nessus/305952 https://www.tenable.com/plugins/nessus/305952 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305952 with Info Severity

Synopsis

Logstash is installed on the remote macOS host.

Description

Logstash, a data collection engine by Elastic, is installed on the remote macOS host.

Solution

null

Read more at https://www.tenable.com/plugins/nessus/305952

]]> <![CDATA[Logstash 8.x < 8.19.14 / 9.x < 9.2.8 / 9.3.x < 9.3.3 Path Traversal (ESA-2026-29)]]> https://www.tenable.com/plugins/nessus/305951 https://www.tenable.com/plugins/nessus/305951 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305951 with Critical Severity

Synopsis

The remote host is affected by a path traversal vulnerability.

Description

The version of Logstash installed on the remote host is 8.x prior to 8.19.14, 9.x prior to 9.2.8, or 9.3.x prior to 9.3.3. It is, therefore, affected by a path traversal vulnerability:

 - The archive extraction utilities used by Logstash do not properly validate file paths within compressed archives.
 An attacker who can serve a specially crafted archive to Logstash through a compromised or attacker-controlled update endpoint can write arbitrary files to the host filesystem with the privileges of the Logstash process. In certain configurations where automatic pipeline reloading is enabled, this can be escalated to remote code execution. (CVE-2026-33466)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Logstash version 8.19.14, 9.2.8, 9.3.3, or later.

Read more at https://www.tenable.com/plugins/nessus/305951

]]> <![CDATA[AlmaLinux 10 : freerdp (ALSA-2026:6799)]]> https://www.tenable.com/plugins/nessus/305950 https://www.tenable.com/plugins/nessus/305950 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305950 with Critical Severity

Synopsis

The remote AlmaLinux host is missing one or more security updates.

Description

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:6799 advisory.

 * freerdp: FreeRDP heap-use-after-free (CVE-2026-22856)
 * freerdp: FreeRDP heap-buffer-overflow (CVE-2026-22854)
 * freerdp: FreeRDP heap-buffer-overflow (CVE-2026-22852)
 * freerdp: FreeRDP: Denial of Service via FastGlyph parsing buffer overflow (CVE-2026-23732)
 * freerdp: FreeRDP: Denial of Service via use-after-free in AUDIN format renegotiation (CVE-2026-24676)
 * freerdp: FreeRDP has a heap-use-after-free in video_timer (CVE-2026-24491)
 * freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2() (CVE-2026-23948)
 * freerdp: FreeRDP has a Heap-use-after-free in play_thread (CVE-2026-24684)
 * freerdp: FreeRDP has a heap-use-after-free in urb_bulk_transfer_cb (CVE-2026-24681)
 * freerdp: FreeRDP has a Heap-buffer-overflow in audio_formats_free (CVE-2026-24682)
 * freerdp: FreeRDP has a heap-use-after-free in ainput_send_input_event (CVE-2026-24683)
 * freerdp: FreeRDP has a heap-buffer-overflow in urb_select_interface (CVE-2026-24679)
 * freerdp: FreeRDP has a Heap-use-after-free in urb_select_interface (CVE-2026-24675)
 * freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages (CVE-2026-31806)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/305950

]]> <![CDATA[AlmaLinux 9 : nginx:1.24 (ALSA-2026:6923)]]> https://www.tenable.com/plugins/nessus/305949 https://www.tenable.com/plugins/nessus/305949 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305949 with High Severity

Synopsis

The remote AlmaLinux host is missing one or more security updates.

Description

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:6923 advisory.

 * nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files (CVE-2026-32647)
 * NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module (CVE-2026-27654)
 * NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file (CVE-2026-27784)
 * NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled (CVE-2026-27651)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/305949

]]> <![CDATA[AlmaLinux 9 : python3.9 (ALSA-2026:6766)]]> https://www.tenable.com/plugins/nessus/305948 https://www.tenable.com/plugins/nessus/305948 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305948 with High Severity

Synopsis

The remote AlmaLinux host is missing a security update.

Description

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:6766 advisory.

 * python: Python: Command-line option injection in webbrowser.open() via crafted URLs (CVE-2026-4519)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/305948

]]> <![CDATA[AlmaLinux 9 : openssh (ALSA-2026:6462)]]> https://www.tenable.com/plugins/nessus/305947 https://www.tenable.com/plugins/nessus/305947 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305947 with Medium Severity

Synopsis

The remote AlmaLinux host is missing a security update.

Description

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:6462 advisory.

 * openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables (CVE-2026-3497)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/305947

]]> <![CDATA[AlmaLinux 10 : fontforge (ALSA-2026:6631)]]> https://www.tenable.com/plugins/nessus/305946 https://www.tenable.com/plugins/nessus/305946 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305946 with High Severity

Synopsis

The remote AlmaLinux host is missing a security update.

Description

The remote AlmaLinux 10 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2026:6631 advisory.

 * fontforge: FontForge: Remote Code Execution via malicious SFD file parsing (CVE-2025-15270)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected fontforge package.

Read more at https://www.tenable.com/plugins/nessus/305946

]]> <![CDATA[AlmaLinux 10 : openssh (ALSA-2026:6463)]]> https://www.tenable.com/plugins/nessus/305945 https://www.tenable.com/plugins/nessus/305945 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305945 with Medium Severity

Synopsis

The remote AlmaLinux host is missing a security update.

Description

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:6463 advisory.

 * openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables (CVE-2026-3497)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/305945

]]> <![CDATA[AlmaLinux 10 : nodejs22 (ALSA-2026:7080)]]> https://www.tenable.com/plugins/nessus/305944 https://www.tenable.com/plugins/nessus/305944 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305944 with Critical Severity

Synopsis

The remote AlmaLinux host is missing one or more security updates.

Description

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:7080 advisory.

 * brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion (CVE-2026-25547)
 * minimatch: minimatch: Denial of Service via specially crafted glob patterns (CVE-2026-26996)
 * minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions (CVE-2026-27904)
 * undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression (CVE-2026-1526)
 * undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter (CVE-2026-2229)
 * undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers (CVE-2026-1525)
 * undici: undici: Denial of Service via crafted WebSocket frame with large length (CVE-2026-1528)
 * nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135)
 * Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header (CVE-2026-21710)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/305944

]]> <![CDATA[AlmaLinux 10 : libtiff (ALSA-2026:7081)]]> https://www.tenable.com/plugins/nessus/305943 https://www.tenable.com/plugins/nessus/305943 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305943 with High Severity

Synopsis

The remote AlmaLinux host is missing a security update.

Description

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:7081 advisory.

 * libtiff: Segment fault in libtiff in TIFFReadRGBATileExt() leading to denial of service (CVE-2023-52356)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected libtiff, libtiff-devel and / or libtiff-tools packages.

Read more at https://www.tenable.com/plugins/nessus/305943

]]> <![CDATA[AlmaLinux 9 : fontforge (ALSA-2026:6628)]]> https://www.tenable.com/plugins/nessus/305942 https://www.tenable.com/plugins/nessus/305942 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305942 with High Severity

Synopsis

The remote AlmaLinux host is missing a security update.

Description

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2026:6628 advisory.

 * fontforge: FontForge: Remote Code Execution via malicious SFD file parsing (CVE-2025-15270)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected fontforge package.

Read more at https://www.tenable.com/plugins/nessus/305942

]]> <![CDATA[AlmaLinux 10 : nginx (ALSA-2026:6906)]]> https://www.tenable.com/plugins/nessus/305941 https://www.tenable.com/plugins/nessus/305941 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305941 with High Severity

Synopsis

The remote AlmaLinux host is missing one or more security updates.

Description

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:6906 advisory.

 * nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files (CVE-2026-32647)
 * NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module (CVE-2026-27654)
 * NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file (CVE-2026-27784)
 * NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled (CVE-2026-27651)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Read more at https://www.tenable.com/plugins/nessus/305941

]]> <![CDATA[SonicWall SMA 1000 Series <= 12.4.3-03245 / 12.5.x <= 12.5.0-02283 Multiple Vulnerabilities (SNWLID-2026-0003)]]> https://www.tenable.com/plugins/nessus/305940 https://www.tenable.com/plugins/nessus/305940 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305940 with High Severity

Synopsis

The remote device is affected by multiple vulnerabilities.

Description

The remote host is a SonicWall SMA 1000 Series device that is affected by multiple vulnerabilities:

 - A privilege escalation vulnerability due to improper neutralization of special elements used in an SQL command. A remote authenticated attacker with read-only administrator privileges can escalate privileges to primary administrator. (CVE-2026-4112)

 - An observable response discrepancy vulnerability that allows a remote attacker to enumerate SSL VPN user credentials. (CVE-2026-4113)

 - An improper handling of Unicode encoding vulnerability that allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication. (CVE-2026-4114)

 - An improper handling of Unicode encoding vulnerability that allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication. (CVE-2026-4116)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to SonicWall SMA 1000 Series version 12.4.3-03387 or 12.5.0-02624 or later.

Read more at https://www.tenable.com/plugins/nessus/305940

]]> <![CDATA[Keycloak < 26.4.11 Multiple Vulnerabilities]]> https://www.tenable.com/plugins/nessus/305939 https://www.tenable.com/plugins/nessus/305939 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305939 with Medium Severity

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

Keycloak versions installed prior to 26.4.11 are affected by multiple vulnerabilities:

 - A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. Specifically, an attacker who has already obtained a victim's password can delete the victim's registered MFA/OTP credential without first proving possession of that factor.
 The attacker can then register their own MFA device, effectively taking full control of the account. This weakness undermines the intended protection provided by multi-factor authentication. (CVE-2026-3429)

 - A flaw was found in Keycloak. An authorization bypass vulnerability in the Keycloak Admin API allows any authenticated user, even those without administrative privileges, to enumerate the organization memberships of other users. This information disclosure occurs if the attacker knows the victim's unique identifier (UUID) and the Organizations feature is enabled. (CVE-2026-2366)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade Keycloak to 26.4.11 or later.

Read more at https://www.tenable.com/plugins/nessus/305939

]]> <![CDATA[Kibana 8.x < 8.19.14 / 9.0.x < 9.2.8 / 9.3.x < 9.3.3 Multiple Vulnerabilities (ESA-2026-21 / ESA-2026-24 / ESA-2026-25 / ESA-2026-26)]]> https://www.tenable.com/plugins/nessus/305938 https://www.tenable.com/plugins/nessus/305938 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305938 with High Severity

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

The version of Kibana installed on the remote host is prior to 8.19.14, 9.2.8, or 9.3.3. It is, therefore, affected by multiple vulnerabilities as referenced in the ESA-2026-21, ESA-2026-24, ESA-2026-25, and ESA-2026-26 advisories.

 - An incorrect authorization vulnerability in Kibana Fleet allows a user with limited Fleet privileges to exploit an internal API endpoint to retrieve sensitive configuration data, including private keys and authentication tokens, that should only be accessible to users with higher-level settings privileges. The endpoint composes its response by fetching full configuration objects and returning them directly, bypassing the authorization checks enforced by the dedicated settings APIs. (CVE-2026-33461)

 - A user with Fleet agent management privileges in one Kibana space can retrieve Fleet Server policy details from other spaces through an internal enrollment endpoint. This endpoint improperly uses an unscoped internal client, bypassing space-scoped access controls and resulting in cross-space information disclosure. (CVE-2026-33460)

 - In Kibana's Fleet plugin debug route handlers, an authenticated user with Fleet sub-feature privileges can read index data beyond their direct Elasticsearch RBAC scope, allowing unauthorized data access across the deployment.
 (CVE-2026-4498)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update to Kibana version 8.19.14, 9.2.8, 9.3.3 or later.

Read more at https://www.tenable.com/plugins/nessus/305938

]]> <![CDATA[Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-007078)]]> https://www.tenable.com/plugins/nessus/305937 https://www.tenable.com/plugins/nessus/305937 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305937 with Medium Severity

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007078 advisory.

 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, domain=path authorization is checked before final file open/use. A symlink swap between check-time and use-time bypasses policy-denied read/write. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected ImageMagick package.

Read more at https://www.tenable.com/plugins/nessus/305937

]]> <![CDATA[Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freeipmi (UTSA-2026-007097)]]> https://www.tenable.com/plugins/nessus/305936 https://www.tenable.com/plugins/nessus/305936 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305936 with High Severity

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007097 advisory.

 ipmi-oem in FreeIPMI before 1.16.17 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system management. It is most commonly used for sensor reading (e.g., CPU temperatures through the ipmi-sensors command within FreeIPMI) and remote power control (the ipmipower command). The ipmi-oem client command implements a set of a IPMI OEM commands for specific hardware vendors. If a user has supported hardware, they may wish to use the ipmi-oem command to send a request to a server to retrieve specific information. Three subcommands were found to have exploitable buffer overflows on response messages. They are: ipmi-oem dell get-last-post- code - get the last POST code and string describing the error on some Dell servers, ipmi-oem supermicro extra-firmware-info - get extra firmware info on Supermicro servers, and ipmi-oem wistron read- proprietary-string - read a proprietary string on Wistron servers.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected freeipmi package.

Read more at https://www.tenable.com/plugins/nessus/305936

]]> <![CDATA[Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-007079)]]> https://www.tenable.com/plugins/nessus/305935 https://www.tenable.com/plugins/nessus/305935 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305935 with Medium Severity

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007079 advisory.

 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow vulnerability exists in the MNG encoder. There is a bounds checks missing that could corrupting the stack with attacker-controlled data. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected ImageMagick package.

Read more at https://www.tenable.com/plugins/nessus/305935

]]> <![CDATA[Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-007089)]]> https://www.tenable.com/plugins/nessus/305934 https://www.tenable.com/plugins/nessus/305934 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305934 with Medium Severity

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007089 advisory.

 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MAT decoder uses 32-bit arithmetic due to incorrect parenthesization resulting in a heap over-read. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected ImageMagick package.

Read more at https://www.tenable.com/plugins/nessus/305934

]]> <![CDATA[Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-007075)]]> https://www.tenable.com/plugins/nessus/305933 https://www.tenable.com/plugins/nessus/305933 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305933 with Medium Severity

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007075 advisory.

 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a 32-bit unsigned integer overflow in the XWD (X Windows) encoder can cause an undersized heap buffer allocation. When writing a extremely large image an out of bounds heap write can occur. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected ImageMagick package.

Read more at https://www.tenable.com/plugins/nessus/305933

]]> <![CDATA[Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-007087)]]> https://www.tenable.com/plugins/nessus/305932 https://www.tenable.com/plugins/nessus/305932 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305932 with High Severity

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007087 advisory.

 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an extremely large image profile could result in a heap overflow when encoding a PNG image. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected ImageMagick package.

Read more at https://www.tenable.com/plugins/nessus/305932

]]> <![CDATA[Unity Linux 20.1070e Security Update: unbound (UTSA-2026-007095)]]> https://www.tenable.com/plugins/nessus/305931 https://www.tenable.com/plugins/nessus/305931 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305931 with High Severity

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007095 advisory.

 NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks.
 Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually these RRSets are used to update the resolver's knowledge of the zone's name servers. A malicious actor can exploit the possible poisonous effect by injecting NS RRSets (and possibly their respective address records) in a reply. This could be done for example by trying to spoof a packet or fragmentation attacks. Unbound would then proceed to update the NS RRSet data it already has since the new data has enough trust for it, i.e., in-zone data for the delegation point. Unbound 1.24.1 includes a fix that scrubs unsolicited NS RRSets (and their respective address records) from replies mitigating the possible poison effect. Unbound 1.24.2 includes an additional fix that scrubs unsolicited NS RRSets (and their respective address records) from YXDOMAIN and non-referral nodata replies, further mitigating the possible poison effect.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected unbound package.

Read more at https://www.tenable.com/plugins/nessus/305931

]]> <![CDATA[Unity Linux 20.1070e Security Update: binutils (UTSA-2026-007090)]]> https://www.tenable.com/plugins/nessus/305930 https://www.tenable.com/plugins/nessus/305930 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305930 with Medium Severity

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007090 advisory.

 A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected binutils package.

Read more at https://www.tenable.com/plugins/nessus/305930

]]> <![CDATA[Unity Linux 20.1070e Security Update: openldap (UTSA-2026-007094)]]> https://www.tenable.com/plugins/nessus/305929 https://www.tenable.com/plugins/nessus/305929 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305929 with Medium Severity

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007094 advisory.

 OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of- bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected openldap package.

Read more at https://www.tenable.com/plugins/nessus/305929

]]> <![CDATA[Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-007074)]]> https://www.tenable.com/plugins/nessus/305928 https://www.tenable.com/plugins/nessus/305928 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305928 with High Severity

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007074 advisory.

 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an uninitialized pointer dereference vulnerability exists in the JBIG decoder due to a missing check. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected ImageMagick package.

Read more at https://www.tenable.com/plugins/nessus/305928

]]> <![CDATA[Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-007083)]]> https://www.tenable.com/plugins/nessus/305927 https://www.tenable.com/plugins/nessus/305927 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305927 with Medium Severity

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007083 advisory.

 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap use-after-free vulnerability in ImageMagick's MSL decoder allows an attacker to trigger access to freed memory by crafting an MSL file. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected ImageMagick package.

Read more at https://www.tenable.com/plugins/nessus/305927

]]> <![CDATA[Unity Linux 20.1070e Security Update: python-ldap (UTSA-2026-007091)]]> https://www.tenable.com/plugins/nessus/305926 https://www.tenable.com/plugins/nessus/305926 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305926 with Medium Severity

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007091 advisory.

 python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, the sanitization method `ldap.filter.escape_filter_chars` can be tricked to skip escaping of special characters when a crafted `list` or `dict` is supplied as the `assertion_value` parameter, and the non-default `escape_mode=1` is configured. The method `ldap.filter.escape_filter_chars` supports 3 different escaping modes. `escape_mode=0` (default) and `escape_mode=2` happen to raise exceptions when a `list` or `dict` object is supplied as the `assertion_value` parameter. However, `escape_mode=1` computes without performing adequate logic to ensure a fully escaped return value. If an application relies on the vulnerable method in the `python-ldap` library to escape untrusted user input, an attacker might be able to abuse the vulnerability to launch ldap injection attacks which could potentially disclose or manipulate ldap data meant to be inaccessible to them. Version 3.4.5 fixes the issue by adding a type check at the start of the `ldap.filter.escape_filter_chars` method to raise an exception when the supplied `assertion_value` parameter is not of type `str`.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected python-ldap package.

Read more at https://www.tenable.com/plugins/nessus/305926

]]> <![CDATA[Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-007084)]]> https://www.tenable.com/plugins/nessus/305925 https://www.tenable.com/plugins/nessus/305925 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305925 with Medium Severity

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007084 advisory.

 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap-use-after-free vulnerability exists in the MSL encoder, where a cloned image is destroyed twice. The MSL coder does not support writing MSL so the write capability has been removed. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected ImageMagick package.

Read more at https://www.tenable.com/plugins/nessus/305925

]]> <![CDATA[Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-007086)]]> https://www.tenable.com/plugins/nessus/305924 https://www.tenable.com/plugins/nessus/305924 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305924 with Medium Severity

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007086 advisory.

 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, A heap-buffer-overflow vulnerability exists in the PCL encode due to an undersized output buffer allocation. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected ImageMagick package.

Read more at https://www.tenable.com/plugins/nessus/305924

]]> <![CDATA[Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-007076)]]> https://www.tenable.com/plugins/nessus/305923 https://www.tenable.com/plugins/nessus/305923 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305923 with High Severity

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007076 advisory.

 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled kernel strings exceeding a buffer are copied into fixed-size stack buffers via memcpy without bounds checking, resulting in stack corruption. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected ImageMagick package.

Read more at https://www.tenable.com/plugins/nessus/305923

]]> <![CDATA[Unity Linux 20.1070e Security Update: python-ldap (UTSA-2026-007085)]]> https://www.tenable.com/plugins/nessus/305922 https://www.tenable.com/plugins/nessus/305922 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305922 with Medium Severity

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007085 advisory.

 python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, ldap.dn.escape_dn_chars() escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this helper to construct DNs from untrusted input can be made to consistently fail before a request is sent to the LDAP server (e.g., AD), resulting in a client-side denial of service. Version 3.4.5 contains a patch for the issue.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected python-ldap package.

Read more at https://www.tenable.com/plugins/nessus/305922

]]> <![CDATA[Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-007082)]]> https://www.tenable.com/plugins/nessus/305921 https://www.tenable.com/plugins/nessus/305921 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305921 with High Severity

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007082 advisory.

 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected ImageMagick package.

Read more at https://www.tenable.com/plugins/nessus/305921

]]> <![CDATA[Unity Linux 20.1070e Security Update: python-xmltodict (UTSA-2026-007093)]]> https://www.tenable.com/plugins/nessus/305920 https://www.tenable.com/plugins/nessus/305920 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305920 with Medium Severity

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007093 advisory.

 XML Injection vulnerability in xmltodict allows Input Data Manipulation.
 This issue affects xmltodict: from 0.14.2 before 0.15.1.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected python-xmltodict package.

Read more at https://www.tenable.com/plugins/nessus/305920

]]> <![CDATA[Unity Linux 20.1070e Security Update: unbound (UTSA-2026-007096)]]> https://www.tenable.com/plugins/nessus/305919 https://www.tenable.com/plugins/nessus/305919 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305919 with High Severity

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007096 advisory.

 A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet (ECS). Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along with queries to upstream name servers, i.e., at least one of the 'send-client-subnet', 'client-subnet-zone' or 'client-subnet- always-forward' options is used. Resolvers supporting ECS need to segregate outgoing queries to accommodate for different outgoing ECS information. This re-opens up resolvers to a birthday paradox attack (Rebirthday Attack) that tries to match the DNS transaction ID in order to cache non-ECS poisonous replies.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected unbound package.

Read more at https://www.tenable.com/plugins/nessus/305919

]]> <![CDATA[Unity Linux 20.1070e Security Update: binutils (UTSA-2026-007081)]]> https://www.tenable.com/plugins/nessus/305918 https://www.tenable.com/plugins/nessus/305918 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305918 with Medium Severity

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007081 advisory.

 A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected binutils package.

Read more at https://www.tenable.com/plugins/nessus/305918

]]> <![CDATA[Unity Linux 20.1070e Security Update: vsftpd (UTSA-2026-007077)]]> https://www.tenable.com/plugins/nessus/305917 https://www.tenable.com/plugins/nessus/305917 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305917 with Medium Severity

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007077 advisory.

 A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected vsftpd package.

Read more at https://www.tenable.com/plugins/nessus/305917

]]> <![CDATA[Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-007080)]]> https://www.tenable.com/plugins/nessus/305916 https://www.tenable.com/plugins/nessus/305916 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305916 with Medium Severity

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007080 advisory.

 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a crafted image could cause an out of bounds heap write inside the WaveletDenoiseImage method. When processing a crafted image with the -wavelet-denoise operation an out of bounds write can occur. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected ImageMagick package.

Read more at https://www.tenable.com/plugins/nessus/305916

]]> <![CDATA[Unity Linux 20.1070e Security Update: binutils (UTSA-2026-007092)]]> https://www.tenable.com/plugins/nessus/305915 https://www.tenable.com/plugins/nessus/305915 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305915 with Medium Severity

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007092 advisory.

 A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected binutils package.

Read more at https://www.tenable.com/plugins/nessus/305915

]]> <![CDATA[Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-007088)]]> https://www.tenable.com/plugins/nessus/305914 https://www.tenable.com/plugins/nessus/305914 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305914 with High Severity

Synopsis

The Unity Linux host is missing one or more security updates.

Description

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007088 advisory.

 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an integer overflow in DIB coder can result in out of bounds read or write. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.

Tenable has extracted the preceding description block directly from the Unity Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected ImageMagick package.

Read more at https://www.tenable.com/plugins/nessus/305914

]]> <![CDATA[Atlassian Jira Service Management Data Center and Server 5.17.2 < 10.3.17 / 10.4.x < 11.3.0 (JSDSERVER-16515)]]> https://www.tenable.com/plugins/nessus/305913 https://www.tenable.com/plugins/nessus/305913 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305913 with High Severity

Synopsis

The remote Atlassian Jira Service Management Data Center and Server (Jira Service Desk) host is missing a security update.

Description

The version of Atlassian Jira Service Management Data Center and Server (Jira Service Desk) running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16515 advisory.

 - Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function. (CVE-2022-25927)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Atlassian Jira Service Management Data Center and Server version 10.3.17, 11.3.0 or later.

Read more at https://www.tenable.com/plugins/nessus/305913

]]> <![CDATA[Atlassian Jira Service Management Data Center and Server 5.15.2 < 10.3.18 / 10.4.x < 11.3.3 (JSDSERVER-16529)]]> https://www.tenable.com/plugins/nessus/305912 https://www.tenable.com/plugins/nessus/305912 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305912 with High Severity

Synopsis

The remote Atlassian Jira Service Management Data Center and Server (Jira Service Desk) host is missing a security update.

Description

The version of Atlassian Jira Service Management Data Center and Server (Jira Service Desk) running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16529 advisory.

 - node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation logic.
 This mismatch allows an attacker to craft a malicious TAR archive that bypasses path traversal protections and creates hardlinks to arbitrary files outside the extraction directory. Version 7.5.7 contains a fix for the issue. (CVE-2026-24842)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Atlassian Jira Service Management Data Center and Server version 10.3.18, 11.3.3 or later.

Read more at https://www.tenable.com/plugins/nessus/305912

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-29129]]> https://www.tenable.com/plugins/nessus/305911 https://www.tenable.com/plugins/nessus/305911 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305911 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Configured cipher preference order not preserved vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue. (CVE-2026-29129)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/305911

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-5460]]> https://www.tenable.com/plugins/nessus/305910 https://www.tenable.com/plugins/nessus/305910 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305910 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography (PQC) hybrid KeyShare processing. In the error handling path of TLSX_KeyShare_ProcessPqcHybridClient() in src/tls.c, the inner function TLSX_KeyShare_ProcessPqcClient_ex() frees a KyberKey object upon encountering an error. The caller then invokes TLSX_KeyShare_FreeAll(), which attempts to call ForceZero() on the already-freed KyberKey, resulting in writes of zero bytes over freed heap memory. (CVE-2026-5460)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/305910

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-5507]]> https://www.tenable.com/plugins/nessus/305909 https://www.tenable.com/plugins/nessus/305909 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305909 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the application to call specific session restore APIs. (CVE-2026-5507)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/305909

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-5263]]> https://www.tenable.com/plugins/nessus/305908 https://www.tenable.com/plugins/nessus/305908 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305908 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL would accept them as valid. (CVE-2026-5263)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/305908

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-25854]]> https://www.tenable.com/plugins/nessus/305907 https://www.tenable.com/plugins/nessus/305907 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305907 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Occasional URL redirection to untrusted Site ('Open Redirect') vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100. Other, unsupported versions may also be affected Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue. (CVE-2026-25854)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/305907

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-5501]]> https://www.tenable.com/plugins/nessus/305906 https://www.tenable.com/plugins/nessus/305906 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305906 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - wolfSSL_X509_verify_cert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints `CA:FALSE` that is legitimately signed by a trusted root. An attacker who obtains any leaf certificate from a trusted CA (e.g. a free DV cert from Let's Encrypt) can forge a certificate for any subject name with any public key and arbitrary signature bytes, and the function returns `WOLFSSL_SUCCESS` / `X509_V_OK`. The native wolfSSL TLS handshake path (`ProcessPeerCerts`) is not susceptible and the issue is limited to applications using the OpenSSL compatibility API directly, which would include integrations of wolfSSL into nginx and haproxy. (CVE-2026-5501)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/305906

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-5295]]> https://www.tenable.com/plugins/nessus/305905 https://www.tenable.com/plugins/nessus/305905 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305905 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - A stack buffer overflow exists in wolfSSL's PKCS7 implementation in the wc_PKCS7_DecryptOri() function in wolfcrypt/src/pkcs7.c. When processing a CMS EnvelopedData message containing an OtherRecipientInfo (ORI) recipient, the function copies an ASN.1-parsed OID into a fixed 32-byte stack buffer (oriOID[MAX_OID_SZ]) via XMEMCPY without first validating that the parsed OID length does not exceed MAX_OID_SZ. A crafted CMS EnvelopedData message with an ORI recipient containing an OID longer than 32 bytes triggers a stack buffer overflow. Exploitation requires the library to be built with --enable-pkcs7 (disabled by default) and the application to have registered an ORI decrypt callback via wc_PKCS7_SetOriDecryptCb(). (CVE-2026-5295)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/305905

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-29146]]> https://www.tenable.com/plugins/nessus/305904 https://www.tenable.com/plugins/nessus/305904 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305904 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are recommended to upgrade to version 11.0.19, 10.1.53 and 9.0.116, which fixes the issue. (CVE-2026-29146)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/305904

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-5477]]> https://www.tenable.com/plugins/nessus/305903 https://www.tenable.com/plugins/nessus/305903 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305903 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - An integer overflow existed in the wolfCrypt CMAC implementation, that could be exploited to forge CMAC tags. The function wc_CmacUpdate used the guard `if (cmac->totalSz != 0)` to skip XOR-chaining on the first block (where digest is all-zeros and the XOR is a no-op). However, totalSz is word32 and wraps to zero after 2^28 block flushes (4 GiB), causing the guard to erroneously discard the live CBC-MAC chain state. Any two messages sharing a common suffix beyond the 4 GiB mark then produce identical CMAC tags, enabling a zero-work prefix-substitution forgery. The fix removes the guard, making the XOR unconditional;
 the no-op property on the first block is preserved because digest is zero-initialized by wc_InitCmac_ex.
 (CVE-2026-5477)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/305903

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-5194]]> https://www.tenable.com/plugins/nessus/305902 https://www.tenable.com/plugins/nessus/305902 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305902 with Critical Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions. This could lead to reduced security of ECDSA certificate-based authentication if the public CA key used is also known. This affects ECDSA/ECC verification when EdDSA or ML-DSA is also enabled. (CVE-2026-5194)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/305902

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-34487]]> https://www.tenable.com/plugins/nessus/305901 https://www.tenable.com/plugins/nessus/305901 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305901 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue. (CVE-2026-34487)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/305901

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-5772]]> https://www.tenable.com/plugins/nessus/305900 https://www.tenable.com/plugins/nessus/305900 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305900 with Low Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) during wildcard hostname validation when the LEFT_MOST_WILDCARD_ONLY flag is active. If a wildcard * exhausts the entire hostname string, the function reads one byte past the buffer without a bounds check, which could cause a crash. (CVE-2026-5772)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/305900

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-5392]]> https://www.tenable.com/plugins/nessus/305899 https://www.tenable.com/plugins/nessus/305899 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305899 with Low Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Heap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can trigger an OOB read on the heap. The missing bounds check is in the indefinite-length end-of-content verification loop in PKCS7_VerifySignedData(). (CVE-2026-5392)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/305899

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-5504]]> https://www.tenable.com/plugins/nessus/305898 https://www.tenable.com/plugins/nessus/305898 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305898 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated. (CVE-2026-5504)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/305898

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-5479]]> https://www.tenable.com/plugins/nessus/305897 https://www.tenable.com/plugins/nessus/305897 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305897 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EVP_CipherFinal (and related EVP cipher finalization functions) fails to verify the authentication tag before returning plaintext to the caller. When an application uses the EVP API to perform ChaCha20-Poly1305 decryption, the implementation computes or accepts the tag but does not compare it against the expected value.
 (CVE-2026-5479)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/305897

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-5448]]> https://www.tenable.com/plugins/nessus/305896 https://www.tenable.com/plugins/nessus/305896 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305896 with Low Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - X.509 date buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore. A buffer overflow may occur when parsing date fields from a crafted X.509 certificate via the compatibility layer API. This is only triggered when calling these two APIs directly from an application, and does not affect TLS or certificate verify operations in wolfSSL. (CVE-2026-5448)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/305896

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-5447]]> https://www.tenable.com/plugins/nessus/305895 https://www.tenable.com/plugins/nessus/305895 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305895 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Heap buffer overflow in CertFromX509 via AuthorityKeyIdentifier size confusion. A heap buffer overflow occurs when converting an X.509 certificate internally due to incorrect size handling of the AuthorityKeyIdentifier extension. (CVE-2026-5447)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/305895

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-5446]]> https://www.tenable.com/plugins/nessus/305894 https://www.tenable.com/plugins/nessus/305894 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305894 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wc_AriaEncrypt is stateless and passes the caller-supplied IV verbatim to the MagicCrypto SDK with no internal counter, and because the explicit IV is zero-initialized at session setup and never incremented in non-FIPS builds. This vulnerability affects wolfSSL builds configured with --enable-aria and the proprietary MagicCrypto SDK (a non-default, opt-in configuration required for Korean regulatory deployments). AES-GCM is not affected because wc_AesGcmEncrypt_ex maintains an internal invocation counter independently of the call-site guard. (CVE-2026-5446)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/305894

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-32990]]> https://www.tenable.com/plugins/nessus/305893 https://www.tenable.com/plugins/nessus/305893 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305893 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue. (CVE-2026-32990)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/305893

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-39304]]> https://www.tenable.com/plugins/nessus/305892 https://www.tenable.com/plugins/nessus/305892 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305892 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ. ActiveMQ NIO SSL transports do not correctly handle TLSv1.3 handshake KeyUpdates triggered by clients. This makes it possible for a client to rapidly trigger updates which causes the broker to exhaust all its memory in the SSL engine leading to DoS. Note: TLS versions before TLSv1.3 (such as TLSv1.2) are broken but are not vulnerable to OOM. Previous TLS versions require a full handshake renegotiation which causes a connection to hang but not OOM. This is fixed as well. This issue affects Apache ActiveMQ Client: before 5.19.4, from 6.0.0 before 6.2.4; Apache ActiveMQ Broker: before 5.19.4, from 6.0.0 before 6.2.4; Apache ActiveMQ: before 5.19.4, from 6.0.0 before 6.2.4. Users are recommended to upgrade to version 6.2.4 or 5.19.5, which fixes the issue. (CVE-2026-39304)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/305892

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-5500]]> https://www.tenable.com/plugins/nessus/305891 https://www.tenable.com/plugins/nessus/305891 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305891 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - wolfSSL's wc_PKCS7_DecodeAuthEnvelopedData() does not properly sanitize the AES-GCM authentication tag length received and has no lower bounds check. A man-in-the-middle can therefore truncate the mac field from 16 bytes to 1 byte, reducing the tag check from 2 to 2. (CVE-2026-5500)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/305891

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-5187]]> https://www.tenable.com/plugins/nessus/305890 https://www.tenable.com/plugins/nessus/305890 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305890 with Low Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Two potential heap out-of-bounds write locations existed in DecodeObjectId() in wolfcrypt/src/asn.c.
 First, a bounds check only validates one available slot before writing two OID arc values (out[0] and out[1]), enabling a 2-byte out-of-bounds write when outSz equals 1. Second, multiple callers pass sizeof(decOid) (64 bytes on 64-bit platforms) instead of the element count MAX_OID_SZ (32), causing the function to accept crafted OIDs with 33 or more arcs that write past the end of the allocated buffer.
 (CVE-2026-5187)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/305890

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-34483]]> https://www.tenable.com/plugins/nessus/305889 https://www.tenable.com/plugins/nessus/305889 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305889 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117 , which fix the issue. (CVE-2026-34483)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/305889

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-5466]]> https://www.tenable.com/plugins/nessus/305888 https://www.tenable.com/plugins/nessus/305888 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305888 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - wolfSSL's ECCSI signature verifier `wc_VerifyEccsiHash` decodes the `r` and `s` scalars from the signature blob via `mp_read_unsigned_bin` with no check that they lie in `[1, q-1]`. A crafted forged signature could verify against any message for any identity, using only publicly-known constants. (CVE-2026-5466)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/305888

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-5264]]> https://www.tenable.com/plugins/nessus/305887 https://www.tenable.com/plugins/nessus/305887 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305887 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that triggers a heap buffer overflow. (CVE-2026-5264)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/305887

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-5503]]> https://www.tenable.com/plugins/nessus/305886 https://www.tenable.com/plugins/nessus/305886 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305886 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - In TLSX_EchChangeSNI, the ctx->extensions branch set extensions unconditionally even when TLSX_Find returned NULL. This caused TLSX_UseSNI to attach the attacker-controlled publicName to the shared WOLFSSL_CTX when no inner SNI was configured. TLSX_EchRestoreSNI then failed to clean it up because its removal was gated on serverNameX != NULL. The inner ClientHello was sized before the pollution but written after it, causing TLSX_SNI_Write to memcpy 255 bytes past the allocation boundary. (CVE-2026-5503)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/305886

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-24880]]> https://www.tenable.com/plugins/nessus/305885 https://www.tenable.com/plugins/nessus/305885 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305885 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Other, unsupported versions may also be affected. Users are recommended to upgrade to version 11.0.20, 10.1.52 or 9.0.116, which fix the issue. (CVE-2026-24880)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/305885

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-29145]]> https://www.tenable.com/plugins/nessus/305884 https://www.tenable.com/plugins/nessus/305884 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305884 with Critical Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat Native: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39, from 1.3.0 through 1.3.6, from 2.0.0 through 2.0.13.
 Users are recommended to upgrade to version Tomcat Native 1.3.7 or 2.0.14 and Tomcat 11.0.20, 10.1.53 and 9.0.116, which fix the issue. (CVE-2026-29145)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/305884

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-34486]]> https://www.tenable.com/plugins/nessus/305883 https://www.tenable.com/plugins/nessus/305883 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305883 with High Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.
 (CVE-2026-34486)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/305883

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-34500]]> https://www.tenable.com/plugins/nessus/305882 https://www.tenable.com/plugins/nessus/305882 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305882 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fixes the issue. (CVE-2026-34500)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/305882

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-5778]]> https://www.tenable.com/plugins/nessus/305881 https://www.tenable.com/plugins/nessus/305881 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305881 with Low Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Integer underflow in wolfSSL packet sniffer <= 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by ssl_DecodePacket. The underflow wraps a 16-bit length to a large value that is passed to AEAD decryption routines, causing a large out-of-bounds read and crash. An unauthenticated attacker can trigger this remotely via malformed TLS Application Data records. (CVE-2026-5778)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/305881

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-5188]]> https://www.tenable.com/plugins/nessus/305880 https://www.tenable.com/plugins/nessus/305880 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305880 with Low Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name (SAN) extension of X.509 certificates. A malformed certificate can specify an entry length larger than the enclosing sequence, causing the internal length counter to wrap during parsing. This results in incorrect handling of certificate data. The issue is limited to configurations using the original ASN.1 parsing implementation which is off by default. (CVE-2026-5188)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/305880

]]> <![CDATA[Linux Distros Unpatched Vulnerability : CVE-2026-5393]]> https://www.tenable.com/plugins/nessus/305879 https://www.tenable.com/plugins/nessus/305879 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305879 with Medium Severity

Synopsis

The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.

Description

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

 - Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-experimental and --enable-dual-alg-certs is used when building wolfSSL. (CVE-2026-5393)

Note that Nessus relies on the presence of the package as reported by the vendor.

Solution

There is no known solution at this time.

Read more at https://www.tenable.com/plugins/nessus/305879

]]> <![CDATA[OCaml <= 4.14.3 Integer Overflow Information Disclosure (CVE-2026-34353)]]> https://www.tenable.com/plugins/nessus/305878 https://www.tenable.com/plugins/nessus/305878 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305878 with Medium Severity

Synopsis

The remote host is affected by an information disclosure vulnerability.

Description

The version of OCaml installed on the remote host is prior to or equal to 4.14.3. It is, therefore, affected by an information disclosure vulnerability:

 - An integer overflow in Bigarray.reshape allows reading of arbitrary memory when untrusted data is processed. (CVE-2026-34353)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

See vendor advisory.

Read more at https://www.tenable.com/plugins/nessus/305878

]]> <![CDATA[OCaml Programming Language Installed (macOS)]]> https://www.tenable.com/plugins/nessus/305877 https://www.tenable.com/plugins/nessus/305877 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305877 with Info Severity

Synopsis

OCaml is installed on the remote macOS host.

Description

OCaml is installed on the remote macOS host.

Solution

null

Read more at https://www.tenable.com/plugins/nessus/305877

]]> <![CDATA[OCaml Programming Language Installed (Linux)]]> https://www.tenable.com/plugins/nessus/305876 https://www.tenable.com/plugins/nessus/305876 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305876 with Info Severity

Synopsis

OCaml is installed on the remote Linux host.

Description

OCaml is installed on the remote Linux host.

Solution

null

Read more at https://www.tenable.com/plugins/nessus/305876

]]> <![CDATA[MariaDB 11.4.1 < 11.4.10 DoS]]> https://www.tenable.com/plugins/nessus/305875 https://www.tenable.com/plugins/nessus/305875 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305875 with Critical Severity

Synopsis

The remote database server is affected by a vulnerability.

Description

The version of MariaDB installed on the remote host is prior to 11.4.10. It is, therefore, affected by a vulnerability as referenced in the GHSA-4rj5-2227-9wgc advisory.

 - MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code execution. These conditions require tight control over memory layout which is generally only attainable in a lab environment. This issue is fixed in MariaDB 11.4.10, MariaDB 11.8.6, and MariaDB 12.2.2. (CVE-2026-32710)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to MariaDB version 11.4.10 or later.

Read more at https://www.tenable.com/plugins/nessus/305875

]]> <![CDATA[MariaDB 11.8.1 < 11.8.6 DoS]]> https://www.tenable.com/plugins/nessus/305874 https://www.tenable.com/plugins/nessus/305874 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305874 with Critical Severity

Synopsis

The remote database server is affected by a vulnerability.

Description

The version of MariaDB installed on the remote host is prior to 11.8.6. It is, therefore, affected by a vulnerability as referenced in the GHSA-4rj5-2227-9wgc advisory.

 - MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code execution. These conditions require tight control over memory layout which is generally only attainable in a lab environment. This issue is fixed in MariaDB 11.4.10, MariaDB 11.8.6, and MariaDB 12.2.2. (CVE-2026-32710)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to MariaDB version 11.8.6 or later.

Read more at https://www.tenable.com/plugins/nessus/305874

]]> <![CDATA[MariaDB 12.1.2 < 12.2.2 DoS]]> https://www.tenable.com/plugins/nessus/305873 https://www.tenable.com/plugins/nessus/305873 Fri, 10 Apr 2026 00:00:00 GMT Nessus Plugin ID 305873 with Critical Severity

Synopsis

The remote database server is affected by a vulnerability.

Description

The version of MariaDB installed on the remote host is prior to 12.2.2. It is, therefore, affected by a vulnerability as referenced in the GHSA-4rj5-2227-9wgc advisory.

 - MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code execution. These conditions require tight control over memory layout which is generally only attainable in a lab environment. This issue is fixed in MariaDB 11.4.10, MariaDB 11.8.6, and MariaDB 12.2.2. (CVE-2026-32710)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to MariaDB version 12.2.2 or later.

Read more at https://www.tenable.com/plugins/nessus/305873

]]>