The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3517 advisory.

    Mozilla Thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):

    * libvpx: Heap buffer overflow in libvpx (CVE-2026-2447)

    * firefox: Invalid pointer in the JavaScript Engine component (CVE-2026-2785)

    * firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8,     Firefox 148 and Thunderbird 148 (CVE-2026-2793)

    * firefox: Undefined behavior in the DOM: Core & HTML component (CVE-2026-2771)

    * firefox: Integer overflow in the Audio/Video component (CVE-2026-2774)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External     Software (CVE-2026-2776)

    * firefox: Integer overflow in the Libraries component in NSS (CVE-2026-2781)

    * firefox: Use-after-free in the JavaScript Engine: JIT component (CVE-2026-2766)

    * firefox: Use-after-free in the Storage: IndexedDB component (CVE-2026-2769)

    * firefox: Use-after-free in the DOM: Window and Location component (CVE-2026-2787)

    * firefox: Sandbox escape in the Storage: IndexedDB component (CVE-2026-2768)

    * firefox: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component     (CVE-2026-2783)

    * firefox: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-2788)

    * firefox: Mitigation bypass in the DOM: Security component (CVE-2026-2784)

    * firefox: Incorrect boundary conditions in the Graphics: ImageLib component (CVE-2026-2759)

    * firefox: Integer overflow in the JavaScript: Standard Library component (CVE-2026-2762)

    * firefox: Sandbox escape in the Graphics: WebRender component (CVE-2026-2761)

    * firefox: Privilege escalation in the Messaging System component (CVE-2026-2777)

    * firefox: Same-origin policy bypass in the Networking: JAR component (CVE-2026-2790)

    * firefox: Mitigation bypass in the DOM: HTML Parser component (CVE-2026-2775)

    * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2763)

    * firefox: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and     Thunderbird 148 (CVE-2026-2792)

    * firefox: Incorrect boundary conditions in the Web Audio component (CVE-2026-2773)

    * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2786)

    * firefox: Use-after-free in the Graphics: ImageLib component (CVE-2026-2789)

    * firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Audio/Video component (CVE-2026-2757)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component     (CVE-2026-2760)

    * firefox: Use-after-free in the Audio/Video: Playback component (CVE-2026-2772)

    * firefox: Incorrect boundary conditions in the Networking: JAR component (CVE-2026-2779)

    * firefox: Use-after-free in the JavaScript: WebAssembly component (CVE-2026-2767)

    * firefox: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component (CVE-2026-2764)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2026-2782)

    * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2765)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2026-2780)

    * firefox: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component     (CVE-2026-2778)

    * firefox: Use-after-free in the JavaScript: GC component (CVE-2026-2758)

    * firefox: Mitigation bypass in the Networking: Cache component (CVE-2026-2791)

    * firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-2770)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3497 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * libvpx: Heap buffer overflow in libvpx (CVE-2026-2447)

    * firefox: Invalid pointer in the JavaScript Engine component (CVE-2026-2785)

    * firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8,     Firefox 148 and Thunderbird 148 (CVE-2026-2793)

    * firefox: Undefined behavior in the DOM: Core & HTML component (CVE-2026-2771)

    * firefox: Integer overflow in the Audio/Video component (CVE-2026-2774)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External     Software (CVE-2026-2776)

    * firefox: Integer overflow in the Libraries component in NSS (CVE-2026-2781)

    * firefox: Use-after-free in the JavaScript Engine: JIT component (CVE-2026-2766)

    * firefox: Use-after-free in the Storage: IndexedDB component (CVE-2026-2769)

    * firefox: Use-after-free in the DOM: Window and Location component (CVE-2026-2787)

    * firefox: Sandbox escape in the Storage: IndexedDB component (CVE-2026-2768)

    * firefox: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component     (CVE-2026-2783)

    * firefox: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-2788)

    * firefox: Mitigation bypass in the DOM: Security component (CVE-2026-2784)

    * firefox: Incorrect boundary conditions in the Graphics: ImageLib component (CVE-2026-2759)

    * firefox: Integer overflow in the JavaScript: Standard Library component (CVE-2026-2762)

    * firefox: Sandbox escape in the Graphics: WebRender component (CVE-2026-2761)

    * firefox: Privilege escalation in the Messaging System component (CVE-2026-2777)

    * firefox: Same-origin policy bypass in the Networking: JAR component (CVE-2026-2790)

    * firefox: Mitigation bypass in the DOM: HTML Parser component (CVE-2026-2775)

    * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2763)

    * firefox: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and     Thunderbird 148 (CVE-2026-2792)

    * firefox: Incorrect boundary conditions in the Web Audio component (CVE-2026-2773)

    * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2786)

    * firefox: Use-after-free in the Graphics: ImageLib component (CVE-2026-2789)

    * firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Audio/Video component (CVE-2026-2757)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component     (CVE-2026-2760)

    * firefox: Use-after-free in the Audio/Video: Playback component (CVE-2026-2772)

    * firefox: Incorrect boundary conditions in the Networking: JAR component (CVE-2026-2779)

    * firefox: Use-after-free in the JavaScript: WebAssembly component (CVE-2026-2767)

    * firefox: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component (CVE-2026-2764)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2026-2782)

    * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2765)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2026-2780)

    * firefox: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component     (CVE-2026-2778)

    * firefox: Use-after-free in the JavaScript: GC component (CVE-2026-2758)

    * firefox: Mitigation bypass in the Networking: Cache component (CVE-2026-2791)

    * firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-2770)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3494 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * libvpx: Heap buffer overflow in libvpx (CVE-2026-2447)

    * firefox: Invalid pointer in the JavaScript Engine component (CVE-2026-2785)

    * firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8,     Firefox 148 and Thunderbird 148 (CVE-2026-2793)

    * firefox: Undefined behavior in the DOM: Core & HTML component (CVE-2026-2771)

    * firefox: Integer overflow in the Audio/Video component (CVE-2026-2774)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External     Software (CVE-2026-2776)

    * firefox: Integer overflow in the Libraries component in NSS (CVE-2026-2781)

    * firefox: Use-after-free in the JavaScript Engine: JIT component (CVE-2026-2766)

    * firefox: Use-after-free in the Storage: IndexedDB component (CVE-2026-2769)

    * firefox: Use-after-free in the DOM: Window and Location component (CVE-2026-2787)

    * firefox: Sandbox escape in the Storage: IndexedDB component (CVE-2026-2768)

    * firefox: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component     (CVE-2026-2783)

    * firefox: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-2788)

    * firefox: Mitigation bypass in the DOM: Security component (CVE-2026-2784)

    * firefox: Incorrect boundary conditions in the Graphics: ImageLib component (CVE-2026-2759)

    * firefox: Integer overflow in the JavaScript: Standard Library component (CVE-2026-2762)

    * firefox: Sandbox escape in the Graphics: WebRender component (CVE-2026-2761)

    * firefox: Privilege escalation in the Messaging System component (CVE-2026-2777)

    * firefox: Same-origin policy bypass in the Networking: JAR component (CVE-2026-2790)

    * firefox: Mitigation bypass in the DOM: HTML Parser component (CVE-2026-2775)

    * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2763)

    * firefox: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and     Thunderbird 148 (CVE-2026-2792)

    * firefox: Incorrect boundary conditions in the Web Audio component (CVE-2026-2773)

    * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2786)

    * firefox: Use-after-free in the Graphics: ImageLib component (CVE-2026-2789)

    * firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Audio/Video component (CVE-2026-2757)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component     (CVE-2026-2760)

    * firefox: Use-after-free in the Audio/Video: Playback component (CVE-2026-2772)

    * firefox: Incorrect boundary conditions in the Networking: JAR component (CVE-2026-2779)

    * firefox: Use-after-free in the JavaScript: WebAssembly component (CVE-2026-2767)

    * firefox: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component (CVE-2026-2764)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2026-2782)

    * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2765)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2026-2780)

    * firefox: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component     (CVE-2026-2778)

    * firefox: Use-after-free in the JavaScript: GC component (CVE-2026-2758)

    * firefox: Mitigation bypass in the Networking: Cache component (CVE-2026-2791)

    * firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-2770)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3489 advisory.

    Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

    Security Fix(es):

    * golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip     (CVE-2025-61728)

    * golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)

    * cmd/cgo: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3405 advisory.

    The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics     (PNG) image format files.

    Security Fix(es):

    * libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write     API (CVE-2026-22801)

    * libpng: libpng: Denial of service and information disclosure via heap buffer over-read in     png_image_finish_read (CVE-2026-22695)

    * libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3520 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: Linux kernel: Use-after-free in BPF sockmap can lead to denial of service and privilege     escalation (CVE-2025-38154)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3471 advisory.

    Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

    Security Fix(es):

    * golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip     (CVE-2025-61728)

    * golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)

    * cmd/cgo: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3492 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * libvpx: Heap buffer overflow in libvpx (CVE-2026-2447)

    * firefox: Invalid pointer in the JavaScript Engine component (CVE-2026-2785)

    * firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8,     Firefox 148 and Thunderbird 148 (CVE-2026-2793)

    * firefox: Undefined behavior in the DOM: Core & HTML component (CVE-2026-2771)

    * firefox: Integer overflow in the Audio/Video component (CVE-2026-2774)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External     Software (CVE-2026-2776)

    * firefox: Integer overflow in the Libraries component in NSS (CVE-2026-2781)

    * firefox: Use-after-free in the JavaScript Engine: JIT component (CVE-2026-2766)

    * firefox: Use-after-free in the Storage: IndexedDB component (CVE-2026-2769)

    * firefox: Use-after-free in the DOM: Window and Location component (CVE-2026-2787)

    * firefox: Sandbox escape in the Storage: IndexedDB component (CVE-2026-2768)

    * firefox: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component     (CVE-2026-2783)

    * firefox: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-2788)

    * firefox: Mitigation bypass in the DOM: Security component (CVE-2026-2784)

    * firefox: Incorrect boundary conditions in the Graphics: ImageLib component (CVE-2026-2759)

    * firefox: Integer overflow in the JavaScript: Standard Library component (CVE-2026-2762)

    * firefox: Sandbox escape in the Graphics: WebRender component (CVE-2026-2761)

    * firefox: Privilege escalation in the Messaging System component (CVE-2026-2777)

    * firefox: Same-origin policy bypass in the Networking: JAR component (CVE-2026-2790)

    * firefox: Mitigation bypass in the DOM: HTML Parser component (CVE-2026-2775)

    * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2763)

    * firefox: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and     Thunderbird 148 (CVE-2026-2792)

    * firefox: Incorrect boundary conditions in the Web Audio component (CVE-2026-2773)

    * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2786)

    * firefox: Use-after-free in the Graphics: ImageLib component (CVE-2026-2789)

    * firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Audio/Video component (CVE-2026-2757)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component     (CVE-2026-2760)

    * firefox: Use-after-free in the Audio/Video: Playback component (CVE-2026-2772)

    * firefox: Incorrect boundary conditions in the Networking: JAR component (CVE-2026-2779)

    * firefox: Use-after-free in the JavaScript: WebAssembly component (CVE-2026-2767)

    * firefox: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component (CVE-2026-2764)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2026-2782)

    * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2765)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2026-2780)

    * firefox: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component     (CVE-2026-2778)

    * firefox: Use-after-free in the JavaScript: GC component (CVE-2026-2758)

    * firefox: Mitigation bypass in the Networking: Cache component (CVE-2026-2791)

    * firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-2770)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3360 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: RDMA/core: Fix KASAN: slab-use-after-free Read in ib_register_device problem (CVE-2025-38022)

    * kernel: Linux kernel: Memory corruption in Squashfs due to incorrect block size calculation     (CVE-2025-38415)

    * kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion (CVE-2025-38459)

    * kernel: Linux kernel: Denial of Service via out-of-bounds read in USB configuration parsing     (CVE-2025-39760)

    * kernel: smb: client: let recv_done verify data_offset, data_length and remaining_data_length     (CVE-2025-39933)

    * kernel: RDMA/rxe: Fix incomplete state save in rxe_requester (CVE-2023-53539)

    * kernel: net/mlx5e: Check for NOT_READY flag state after locking (CVE-2023-53581)

    * kernel: Bluetooth: hci_event: call disconnect callback before deleting conn (CVE-2023-53673)

    * kernel: Linux kernel: Use-after-free in proc_readdir_de() can lead to privilege escalation or denial of     service. (CVE-2025-40271)

    * kernel: Linux kernel: Out-of-bounds write in fbdev can lead to privilege escalation, information     disclosure, or denial of service. (CVE-2025-40304)

    * kernel: Linux kernel: Information disclosure and denial of service via out-of-bounds read in font glyph     handling (CVE-2025-40322)

    * kernel: ip6_vti: fix slab-use-after-free in decode_session6 (CVE-2023-53821)

    * kernel: ext4: fix use-after-free in ext4_orphan_cleanup (CVE-2022-50673)

    * kernel: drm/i915: Fix NULL ptr deref by checking new_crtc_state (CVE-2023-53833)

    * kernel: Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (CVE-2023-53827)

    * kernel: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349)

    * kernel: tcp: fix a signed-integer-overflow bug in tcp_add_backlog() (CVE-2022-50865)

    * kernel: Linux kernel: Use-after-free in teql queueing discipline can lead to privilege escalation     (CVE-2026-23074)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3364 advisory.

    OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)     protocols, as well as a full-strength general-purpose cryptography library.

    Security Fix(es):

    * openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing     (CVE-2025-69419)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3488 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match() (CVE-2025-40168)

    * kernel: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (CVE-2025-71085)

    * kernel: Linux kernel: Denial of Service due to a deadlock in hugetlb folio migration (CVE-2026-23097)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3437 advisory.

    OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)     protocols, as well as a full-strength general-purpose cryptography library.

    Security Fix(es):

    * openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing     (CVE-2025-69419)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3337 advisory.

    The podman tool manages pods, container images, and containers. It is part of the libpod library, which is     for applications that use container pods. Container pods is a concept in Kubernetes.

    Security Fix(es):

    * crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate     (CVE-2025-61729)

    * golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip     (CVE-2025-61728)

    * golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)

    * crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3218 advisory.

    The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can     encode structured data in an efficient yet extensible format, and provide a flexible, efficient, and     automated mechanism for serializing structured data.

    Security Fix(es):

    * python: protobuf: Protobuf: Denial of Service due to recursion depth bypass (CVE-2026-0994)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3277 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: Linux kernel: Memory corruption in Squashfs due to incorrect block size calculation     (CVE-2025-38415)

    * kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion (CVE-2025-38459)

    * kernel: Linux kernel: Denial of Service via out-of-bounds read in USB configuration parsing     (CVE-2025-39760)

    * kernel: smb: client: let recv_done verify data_offset, data_length and remaining_data_length     (CVE-2025-39933)

    * kernel: Linux kernel: Use-after-free in proc_readdir_de() can lead to privilege escalation or denial of     service. (CVE-2025-40271)

    * kernel: ip6_vti: fix slab-use-after-free in decode_session6 (CVE-2023-53821)

    * kernel: ext4: fix use-after-free in ext4_orphan_cleanup (CVE-2022-50673)

    * kernel: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349)

    * kernel: tcp: fix a signed-integer-overflow bug in tcp_add_backlog() (CVE-2022-50865)

    * kernel: Linux kernel: Use-after-free in teql queueing discipline can lead to privilege escalation     (CVE-2026-23074)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3354 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID (CVE-2026-23490)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3336 advisory.

    The podman tool manages pods, container images, and containers. It is part of the libpod library, which is     for applications that use container pods. Container pods is a concept in Kubernetes.

    Security Fix(es):

    * crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate     (CVE-2025-61729)

    * golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip     (CVE-2025-61728)

    * golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)

    * crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3219 advisory.

    The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can     encode structured data in an efficient yet extensible format, and provide a flexible, efficient, and     automated mechanism for serializing structured data.

    Security Fix(es):

    * python: protobuf: Protobuf: Denial of Service due to recursion depth bypass (CVE-2026-0994)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3338 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * libvpx: Heap buffer overflow in libvpx (CVE-2026-2447)

    * firefox: Invalid pointer in the JavaScript Engine component (CVE-2026-2785)

    * firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8,     Firefox 148 and Thunderbird 148 (CVE-2026-2793)

    * firefox: Undefined behavior in the DOM: Core & HTML component (CVE-2026-2771)

    * firefox: Integer overflow in the Audio/Video component (CVE-2026-2774)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External     Software (CVE-2026-2776)

    * firefox: Integer overflow in the Libraries component in NSS (CVE-2026-2781)

    * firefox: Use-after-free in the JavaScript Engine: JIT component (CVE-2026-2766)

    * firefox: Use-after-free in the Storage: IndexedDB component (CVE-2026-2769)

    * firefox: Use-after-free in the DOM: Window and Location component (CVE-2026-2787)

    * firefox: Sandbox escape in the Storage: IndexedDB component (CVE-2026-2768)

    * firefox: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component     (CVE-2026-2783)

    * firefox: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-2788)

    * firefox: Mitigation bypass in the DOM: Security component (CVE-2026-2784)

    * firefox: Incorrect boundary conditions in the Graphics: ImageLib component (CVE-2026-2759)

    * firefox: Integer overflow in the JavaScript: Standard Library component (CVE-2026-2762)

    * firefox: Sandbox escape in the Graphics: WebRender component (CVE-2026-2761)

    * firefox: Privilege escalation in the Messaging System component (CVE-2026-2777)

    * firefox: Same-origin policy bypass in the Networking: JAR component (CVE-2026-2790)

    * firefox: Mitigation bypass in the DOM: HTML Parser component (CVE-2026-2775)

    * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2763)

    * firefox: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and     Thunderbird 148 (CVE-2026-2792)

    * firefox: Incorrect boundary conditions in the Web Audio component (CVE-2026-2773)

    * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2786)

    * firefox: Use-after-free in the Graphics: ImageLib component (CVE-2026-2789)

    * firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Audio/Video component (CVE-2026-2757)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component     (CVE-2026-2760)

    * firefox: Use-after-free in the Audio/Video: Playback component (CVE-2026-2772)

    * firefox: Incorrect boundary conditions in the Networking: JAR component (CVE-2026-2779)

    * firefox: Use-after-free in the JavaScript: WebAssembly component (CVE-2026-2767)

    * firefox: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component (CVE-2026-2764)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2026-2782)

    * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2765)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2026-2780)

    * firefox: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component     (CVE-2026-2778)

    * firefox: Use-after-free in the JavaScript: GC component (CVE-2026-2758)

    * firefox: Mitigation bypass in the Networking: Cache component (CVE-2026-2791)

    * firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-2770)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3208 advisory.

    389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the     Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.

    Security Fix(es):

    * 389-ds-base: 389-ds-base: Remote Code Execution and Denial of Service via heap buffer overflow     (CVE-2025-14905)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3343 advisory.

    The skopeo command lets you inspect images from container image registries, get images and image layers,     and use signatures to create and verify files.

    Security Fix(es):

    * crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate     (CVE-2025-61729)

    * golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)

    * crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:3287 advisory.

    Collector with the supported components for a Red Hat build of OpenTelemetry

    Security Fix(es):

    * crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate     (CVE-2025-61729)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3267 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: Linux kernel: xHCI driver isochronous event handling race condition leading to data loss or UAF     (CVE-2025-37882)

    * kernel: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue (CVE-2025-37861)

    * kernel: Linux kernel: Memory corruption in Squashfs due to incorrect block size calculation     (CVE-2025-38415)

    * kernel: Linux kernel: Denial of Service via out-of-bounds read in USB configuration parsing     (CVE-2025-39760)

    * kernel: Linux kernel: Out-of-bounds write in VXLAN due to incorrect nexthop hash size leading to denial     of service (CVE-2023-53192)

    * kernel: smb: client: let recv_done verify data_offset, data_length and remaining_data_length     (CVE-2025-39933)

    * kernel: Linux kernel: Use-after-free in proc_readdir_de() can lead to privilege escalation or denial of     service. (CVE-2025-40271)

    * kernel: Linux kernel Bluetooth: Denial of Service due to use-after-free in connection handling     (CVE-2023-53762)

    * kernel: Linux kernel ALSA USB audio driver: Buffer overflow leading to information disclosure and denial     of service (CVE-2025-40269)

    * kernel: ip6_vti: fix slab-use-after-free in decode_session6 (CVE-2023-53821)

    * kernel: ext4: fix use-after-free in ext4_orphan_cleanup (CVE-2022-50673)

    * kernel: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3341 advisory.

    The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-     ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI     concerns itself only with network connectivity of containers and removing allocated resources when the     container is deleted.

    Security Fix(es):

    * crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate     (CVE-2025-61729)

    * golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)

    * crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3443 advisory.

    Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can     contain strings, hashes, lists, sets and sorted sets.  You can run atomic operations on these types, like     appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection,     union and difference; or getting the member with highest ranking in a sorted set.  In order to achieve its     outstanding performance, Valkey works with an in-memory dataset. Depending on your use case, you can     persist it either by dumping the dataset to disk every once in a while, or by appending each command to a     log.  Valkey also supports trivial-to-setup master-slave replication, with very fast non-blocking first     synchronization, auto-reconnection on net split and so forth.  Other features include Transactions,     Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Valkey behave     like a cache.  You can use Valkey from most programming languages also.

    Security Fix(es):

    * Valkey: Valkey: Data tampering and denial of service via improper null character handling in Lua scripts     (CVE-2025-67733)

    * valkey: Valkey: Denial of Service via invalid clusterbus packet (CVE-2026-21863)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3358 advisory.

    The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with     extremely high determinism requirements.

    Security Fix(es):

    * kernel: Linux kernel: xHCI driver isochronous event handling race condition leading to data loss or UAF     (CVE-2025-37882)

    * kernel: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue (CVE-2025-37861)

    * kernel: Linux kernel: Memory corruption in Squashfs due to incorrect block size calculation     (CVE-2025-38415)

    * kernel: Linux kernel: Denial of Service via out-of-bounds read in USB configuration parsing     (CVE-2025-39760)

    * kernel: Linux kernel: Out-of-bounds write in VXLAN due to incorrect nexthop hash size leading to denial     of service (CVE-2023-53192)

    * kernel: smb: client: let recv_done verify data_offset, data_length and remaining_data_length     (CVE-2025-39933)

    * kernel: Linux kernel: Use-after-free in proc_readdir_de() can lead to privilege escalation or denial of     service. (CVE-2025-40271)

    * kernel: Linux kernel Bluetooth: Denial of Service due to use-after-free in connection handling     (CVE-2023-53762)

    * kernel: Linux kernel ALSA USB audio driver: Buffer overflow leading to information disclosure and denial     of service (CVE-2025-40269)

    * kernel: ip6_vti: fix slab-use-after-free in decode_session6 (CVE-2023-53821)

    * kernel: ext4: fix use-after-free in ext4_orphan_cleanup (CVE-2022-50673)

    * kernel: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3340 advisory.

    The skopeo command lets you inspect images from container image registries, get images and image layers,     and use signatures to create and verify files.

    Security Fix(es):

    * crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate     (CVE-2025-61729)

    * golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)

    * crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3388 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: RDMA/core: Fix KASAN: slab-use-after-free Read in ib_register_device problem (CVE-2025-38022)

    * kernel: Linux kernel: Memory corruption in Squashfs due to incorrect block size calculation     (CVE-2025-38415)

    * kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion (CVE-2025-38459)

    * kernel: Linux kernel: Denial of Service via out-of-bounds read in USB configuration parsing     (CVE-2025-39760)

    * kernel: nbd: fix incomplete validation of ioctl arg (CVE-2023-53513)

    * kernel: Linux kernel: Use-after-free in proc_readdir_de() can lead to privilege escalation or denial of     service. (CVE-2025-40271)

    * kernel: ip6_vti: fix slab-use-after-free in decode_session6 (CVE-2023-53821)

    * kernel: Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (CVE-2023-53827)

    * kernel: tcp: fix a signed-integer-overflow bug in tcp_add_backlog() (CVE-2022-50865)

    * kernel: Linux kernel: Use-after-free in teql queueing discipline can lead to privilege escalation     (CVE-2026-23074)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3291 advisory.

    The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides     container runtime.

    Security Fix(es):

    * crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate     (CVE-2025-61729)

    * golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)

    * crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3268 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: RDMA/core: Fix KASAN: slab-use-after-free Read in ib_register_device problem (CVE-2025-38022)

    * kernel: Linux kernel: Memory corruption in Squashfs due to incorrect block size calculation     (CVE-2025-38415)

    * kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion (CVE-2025-38459)

    * kernel: Linux kernel: Denial of Service via out-of-bounds read in USB configuration parsing     (CVE-2025-39760)

    * kernel: smb: client: let recv_done verify data_offset, data_length and remaining_data_length     (CVE-2025-39933)

    * kernel: Linux kernel: Use-after-free in proc_readdir_de() can lead to privilege escalation or denial of     service. (CVE-2025-40271)

    * kernel: ip6_vti: fix slab-use-after-free in decode_session6 (CVE-2023-53821)

    * kernel: Linux kernel: Use-after-free in teql queueing discipline can lead to privilege escalation     (CVE-2026-23074)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:3289 advisory.

    Collector with the supported components for a Red Hat build of OpenTelemetry

    Security Fix(es):

    * crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate     (CVE-2025-61729)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:2975 advisory.

    Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution     designed for on-premise or private cloud deployments.

    This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.18.34. See the     following advisory for the container images for this release:

    https://access.redhat.com/errata/RHSA-2026:2977

    Security Fix(es):

    * runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and     procfs write redirects (CVE-2025-52881)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    All OpenShift Container Platform 4.18 users are advised to upgrade to these updated packages and images     when they are available in the appropriate release channel. To check for available updates, use the     OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at     https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-     single/updating_clusters/index#updating-cluster-cli.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3339 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * libvpx: Heap buffer overflow in libvpx (CVE-2026-2447)

    * firefox: Invalid pointer in the JavaScript Engine component (CVE-2026-2785)

    * firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8,     Firefox 148 and Thunderbird 148 (CVE-2026-2793)

    * firefox: Undefined behavior in the DOM: Core & HTML component (CVE-2026-2771)

    * firefox: Integer overflow in the Audio/Video component (CVE-2026-2774)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External     Software (CVE-2026-2776)

    * firefox: Integer overflow in the Libraries component in NSS (CVE-2026-2781)

    * firefox: Use-after-free in the JavaScript Engine: JIT component (CVE-2026-2766)

    * firefox: Use-after-free in the Storage: IndexedDB component (CVE-2026-2769)

    * firefox: Use-after-free in the DOM: Window and Location component (CVE-2026-2787)

    * firefox: Sandbox escape in the Storage: IndexedDB component (CVE-2026-2768)

    * firefox: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component     (CVE-2026-2783)

    * firefox: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-2788)

    * firefox: Mitigation bypass in the DOM: Security component (CVE-2026-2784)

    * firefox: Incorrect boundary conditions in the Graphics: ImageLib component (CVE-2026-2759)

    * firefox: Integer overflow in the JavaScript: Standard Library component (CVE-2026-2762)

    * firefox: Sandbox escape in the Graphics: WebRender component (CVE-2026-2761)

    * firefox: Privilege escalation in the Messaging System component (CVE-2026-2777)

    * firefox: Same-origin policy bypass in the Networking: JAR component (CVE-2026-2790)

    * firefox: Mitigation bypass in the DOM: HTML Parser component (CVE-2026-2775)

    * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2763)

    * firefox: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and     Thunderbird 148 (CVE-2026-2792)

    * firefox: Incorrect boundary conditions in the Web Audio component (CVE-2026-2773)

    * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2786)

    * firefox: Use-after-free in the Graphics: ImageLib component (CVE-2026-2789)

    * firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Audio/Video component (CVE-2026-2757)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component     (CVE-2026-2760)

    * firefox: Use-after-free in the Audio/Video: Playback component (CVE-2026-2772)

    * firefox: Incorrect boundary conditions in the Networking: JAR component (CVE-2026-2779)

    * firefox: Use-after-free in the JavaScript: WebAssembly component (CVE-2026-2767)

    * firefox: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component (CVE-2026-2764)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2026-2782)

    * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2765)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2026-2780)

    * firefox: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component     (CVE-2026-2778)

    * firefox: Use-after-free in the JavaScript: GC component (CVE-2026-2758)

    * firefox: Mitigation bypass in the Networking: Cache component (CVE-2026-2791)

    * firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-2770)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3361 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * libvpx: Heap buffer overflow in libvpx (CVE-2026-2447)

    * firefox: Invalid pointer in the JavaScript Engine component (CVE-2026-2785)

    * firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8,     Firefox 148 and Thunderbird 148 (CVE-2026-2793)

    * firefox: Undefined behavior in the DOM: Core & HTML component (CVE-2026-2771)

    * firefox: Integer overflow in the Audio/Video component (CVE-2026-2774)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External     Software (CVE-2026-2776)

    * firefox: Integer overflow in the Libraries component in NSS (CVE-2026-2781)

    * firefox: Use-after-free in the JavaScript Engine: JIT component (CVE-2026-2766)

    * firefox: Use-after-free in the Storage: IndexedDB component (CVE-2026-2769)

    * firefox: Use-after-free in the DOM: Window and Location component (CVE-2026-2787)

    * firefox: Sandbox escape in the Storage: IndexedDB component (CVE-2026-2768)

    * firefox: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component     (CVE-2026-2783)

    * firefox: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-2788)

    * firefox: Mitigation bypass in the DOM: Security component (CVE-2026-2784)

    * firefox: Incorrect boundary conditions in the Graphics: ImageLib component (CVE-2026-2759)

    * firefox: Integer overflow in the JavaScript: Standard Library component (CVE-2026-2762)

    * firefox: Sandbox escape in the Graphics: WebRender component (CVE-2026-2761)

    * firefox: Privilege escalation in the Messaging System component (CVE-2026-2777)

    * firefox: Same-origin policy bypass in the Networking: JAR component (CVE-2026-2790)

    * firefox: Mitigation bypass in the DOM: HTML Parser component (CVE-2026-2775)

    * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2763)

    * firefox: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and     Thunderbird 148 (CVE-2026-2792)

    * firefox: Incorrect boundary conditions in the Web Audio component (CVE-2026-2773)

    * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2786)

    * firefox: Use-after-free in the Graphics: ImageLib component (CVE-2026-2789)

    * firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Audio/Video component (CVE-2026-2757)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component     (CVE-2026-2760)

    * firefox: Use-after-free in the Audio/Video: Playback component (CVE-2026-2772)

    * firefox: Incorrect boundary conditions in the Networking: JAR component (CVE-2026-2779)

    * firefox: Use-after-free in the JavaScript: WebAssembly component (CVE-2026-2767)

    * firefox: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component (CVE-2026-2764)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2026-2782)

    * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2765)

    * firefox: Privilege escalation in the Netmonitor component (CVE-2026-2780)

    * firefox: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component     (CVE-2026-2778)

    * firefox: Use-after-free in the JavaScript: GC component (CVE-2026-2758)

    * firefox: Mitigation bypass in the Networking: Cache component (CVE-2026-2791)

    * firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-2770)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3359 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID (CVE-2026-23490)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3297 advisory.

    The buildah package provides a tool for facilitating building OCI container images. Among other things,     buildah enables you to: Create a working container, either from scratch or using an image as a starting     point; Create an image, either from a working container or using the instructions in a Dockerfile; Build     both Docker and OCI images.

    Security Fix(es):

    * crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate     (CVE-2025-61729)

    * golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)

    * crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3334 advisory.

    FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license.
    The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.

    Security Fix(es):

    * freerdp: FreeRDP heap-buffer-overflow (CVE-2026-22855)

    * freerdp: FreeRDP global-buffer-overflow (CVE-2026-22858)

    * freerdp: FreeRDP heap-buffer-overflow (CVE-2026-22859)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3275 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: Kernel: Double free vulnerability in exFAT filesystem can lead to denial of service     (CVE-2025-38206)

    * kernel: drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies (CVE-2025-40096)

    * kernel: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match() (CVE-2025-40168)

    * kernel: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3298 advisory.

    The buildah package provides a tool for facilitating building OCI container images. Among other things,     buildah enables you to: Create a working container, either from scratch or using an image as a starting     point; Create an image, either from a working container or using the instructions in a Dockerfile; Build     both Docker and OCI images.

    Security Fix(es):

    * crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate     (CVE-2025-61729)

    * golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)

    * crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:3288 advisory.

    Collector with the supported components for a Red Hat build of OpenTelemetry

    Security Fix(es):

    * crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate     (CVE-2025-61729)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3293 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: RDMA/core: Fix KASAN: slab-use-after-free Read in ib_register_device problem (CVE-2025-38022)

    * kernel: Linux kernel: Memory corruption in Squashfs due to incorrect block size calculation     (CVE-2025-38415)

    * kernel: Linux kernel: Denial of Service via out-of-bounds read in USB configuration parsing     (CVE-2025-39760)

    * kernel: smb: client: let recv_done verify data_offset, data_length and remaining_data_length     (CVE-2025-39933)

    * kernel: Linux kernel: Use-after-free in proc_readdir_de() can lead to privilege escalation or denial of     service. (CVE-2025-40271)

    * kernel: Linux kernel ALSA USB audio driver: Buffer overflow leading to information disclosure and denial     of service (CVE-2025-40269)

    * kernel: ip6_vti: fix slab-use-after-free in decode_session6 (CVE-2023-53821)

    * kernel: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3188 advisory.

    Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB &     OpenTSDB.

    Security Fix(es):

    * golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip     (CVE-2025-61728)

    * golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)

    * crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3192 advisory.

    The golang packages provide the Go programming language compiler.

    Security Fix(es):

    * golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip     (CVE-2025-61728)

    * golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)

    * cmd/cgo: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)

    * crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3193 advisory.

    The golang packages provide the Go programming language compiler.

    Security Fix(es):

    * golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip     (CVE-2025-61728)

    * golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)

    * cmd/cgo: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)

    * crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3187 advisory.

    The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries     and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.

    Security Fix(es):

    * golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)

    * crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3220 advisory.

    The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can     encode structured data in an efficient yet extensible format, and provide a flexible, efficient, and     automated mechanism for serializing structured data.

    Security Fix(es):

    * python: protobuf: Protobuf: Denial of Service due to recursion depth bypass (CVE-2026-0994)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3164 advisory.

    EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual     Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.

    Security Fix(es):

    * edk2: Out-of-bounds read & write in RFC 3211 KEK Unwrap [rhel-9.4.z] (CVE-2025-9230)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE page(s)     listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3124 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: Linux kernel: Data corruption and system instability due to improper io_uring/net buffer     handling (CVE-2025-38730)

    * kernel: Linux kernel: Denial of Service via out-of-bounds read in USB configuration parsing     (CVE-2025-39760)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3189 advisory.

    389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the     Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.

    Security Fix(es):

    * 389-ds-base: 389-ds-base: Remote Code Execution and Denial of Service via heap buffer overflow     (CVE-2025-14905)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3165 advisory.

    Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of     architectures. The qemu-kvm packages provide the user-space component for running virtual machines that     use KVM.

    Security Fix(es):

    * qemu-kvm: VNC WebSocket handshake use-after-free (CVE-2025-11234)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Severity
300263	RHEL 10 : thunderbird (RHSA-2026:3517)	critical
300262	RHEL 9 : firefox (RHSA-2026:3497)	critical
300261	RHEL 8 : firefox (RHSA-2026:3494)	critical
300253	RHEL 8 : go-toolset:rhel8 (RHSA-2026:3489)	high
300252	RHEL 9 : libpng (RHSA-2026:3405)	high
300251	RHEL 9 : kernel (RHSA-2026:3520)	high
300250	RHEL 8 : go-toolset:rhel8 (RHSA-2026:3471)	high
300216	RHEL 8 : firefox (RHSA-2026:3492)	critical
300215	RHEL 8 : kernel (RHSA-2026:3360)	high
300214	RHEL 8 : openssl (RHSA-2026:3364)	high
300210	RHEL 9 : kernel (RHSA-2026:3488)	high
300155	RHEL 8 : openssl (RHSA-2026:3437)	high
300127	RHEL 9 : podman (RHSA-2026:3337)	critical
300103	RHEL 10 : protobuf (RHSA-2026:3218)	high
300096	RHEL 8 : kernel (RHSA-2026:3277)	high
300095	RHEL 10 : python-pyasn1 (RHSA-2026:3354)	high
300094	RHEL 10 : podman (RHSA-2026:3336)	critical
300093	RHEL 9 : protobuf (RHSA-2026:3219)	high
300084	RHEL 8 : firefox (RHSA-2026:3338)	critical
300081	RHEL 10 : 389-ds-base (RHSA-2026:3208)	high
300073	RHEL 10 : skopeo (RHSA-2026:3343)	critical
300061	RHEL 9 : opentelemetry-collector (RHSA-2026:3287)	high
300052	RHEL 9 : kernel (RHSA-2026:3267)	high
300044	RHEL 9 : containernetworking-plugins (RHSA-2026:3341)	critical
300011	RHEL 10 : valkey (RHSA-2026:3443)	high
300007	RHEL 9 : kernel-rt (RHSA-2026:3358)	high
300006	RHEL 9 : skopeo (RHSA-2026:3340)	critical
300005	RHEL 8 : kernel (RHSA-2026:3388)	high
299993	RHEL 9 : runc (RHSA-2026:3291)	critical
299992	RHEL 8 : kernel (RHSA-2026:3268)	high
299991	RHEL 9 : opentelemetry-collector (RHSA-2026:3289)	high
299990	RHEL 9 : OpenShift Container Platform 4.18.34 (RHSA-2026:2975)	high
299984	RHEL 9 : firefox (RHSA-2026:3339)	critical
299964	RHEL 10 : firefox (RHSA-2026:3361)	critical
299963	RHEL 9 : python-pyasn1 (RHSA-2026:3359)	high
299962	RHEL 10 : buildah (RHSA-2026:3297)	critical
299961	RHEL 8 : freerdp (RHSA-2026:3334)	medium
299933	RHEL 10 : kernel (RHSA-2026:3275)	high
299930	RHEL 9 : buildah (RHSA-2026:3298)	critical
299929	RHEL 10 : opentelemetry-collector (RHSA-2026:3288)	high
299928	RHEL 9 : kernel (RHSA-2026:3293)	high
299887	RHEL 8 : grafana (RHSA-2026:3188)	critical
299886	RHEL 10 : golang (RHSA-2026:3192)	critical
299885	RHEL 9 : golang (RHSA-2026:3193)	critical
299884	RHEL 8 : grafana-pcp (RHSA-2026:3187)	critical
299883	RHEL 9 : protobuf (RHSA-2026:3220)	high
299859	RHEL 9 : edk2 (RHSA-2026:3164)	high
299858	RHEL 10 : kernel (RHSA-2026:3124)	high
299857	RHEL 9 : 389-ds-base (RHSA-2026:3189)	high
299856	RHEL 9 : qemu-kvm (RHSA-2026:3165)	high

Detections

Analytics

Red Hat Local Security Checks Family for Nessus

critical

critical

critical

high

high

high

high

critical

high

high

high

high

critical

high

high

high

critical

high

critical

high

critical

high

high

critical

high

high

critical

high

critical

high

high

high

critical

critical

high

critical

medium

high

critical

high

high

critical

critical

critical

critical

high

high

high

high

high