The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:18044 advisory.

    jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it     to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar     applications allow you to manipulate text.

    Security Fix(es):

    * jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers     (CVE-2026-39979)

    * jq: jq: Denial of Service via crafted JSON object causing hash collisions (CVE-2026-40164)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18025 advisory.

    This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the     code of a running kernel.  This patch module is targeted for kernel-5.14.0-570.17.1.el9_6.

    Security Fix(es):

    * kernel: Dirty Frag is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux     kernel (CVE-2026-43284)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18024 advisory.

    PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way     using a cross-distribution, cross-architecture API.

    Security Fix(es):

    * PackageKit: race condition vulnerability leads to arbitrary package installation as root     (CVE-2026-41651)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:18046 advisory.

    jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it     to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar     applications allow you to manipulate text.

    Security Fix(es):

    * jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers     (CVE-2026-39979)

    * jq: jq: Denial of Service via crafted JSON object causing hash collisions (CVE-2026-40164)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:18045 advisory.

    jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it     to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar     applications allow you to manipulate text.

    Security Fix(es):

    * jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers     (CVE-2026-39979)

    * jq: jq: Denial of Service via crafted JSON object causing hash collisions (CVE-2026-40164)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18028 advisory.

    The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics     (PNG) image format files.

    Security Fix(es):

    * libpng: libpng: Arbitrary code execution due to use-after-free vulnerability (CVE-2026-33416)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17792 advisory.

    nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency,     performance, and low memory usage.

    Security Fix(es):

    * nginx: NGINX: Arbitrary Code Execution Vulnerability (CVE-2026-42945)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17794 advisory.

    nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency,     performance, and low memory usage.

    Security Fix(es):

    * nginx: NGINX: Arbitrary Code Execution Vulnerability (CVE-2026-42945)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17795 advisory.

    The kernel packages contain the Linux kernel, the core of any Linux operating system.

    Security Fix(es):

    * kernel: Dirty Frag is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux     kernel (CVE-2026-43284)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the NVIDIA for RHEL 10 Release Notes linked from     the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17791 advisory.

    nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency,     performance, and low memory usage.

    Security Fix(es):

    * nginx: NGINX: Arbitrary Code Execution Vulnerability (CVE-2026-42945)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17793 advisory.

    nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency,     performance, and low memory usage.

    Security Fix(es):

    * nginx: NGINX: Arbitrary Code Execution Vulnerability (CVE-2026-42945)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17790 advisory.

    nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency,     performance, and low memory usage.

    Security Fix(es):

    * nginx: NGINX: Arbitrary Code Execution Vulnerability (CVE-2026-42945)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17753 advisory.

    nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency,     performance, and low memory usage.

    Security Fix(es):

    * nginx: NGINX: Arbitrary Code Execution Vulnerability (CVE-2026-42945)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17751 advisory.

    nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency,     performance, and low memory usage.

    Security Fix(es):

    * nginx: NGINX: Arbitrary Code Execution Vulnerability (CVE-2026-42945)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17752 advisory.

    nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency,     performance, and low memory usage.

    Security Fix(es):

    * nginx: NGINX: Arbitrary Code Execution Vulnerability (CVE-2026-42945)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:17687 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6772)

    * firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-6754)

    * firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component (CVE-2026-6762)

    * firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6752)

    * firefox: thunderbird: Other issue in the Storage: IndexedDB component (CVE-2026-6770)

    * firefox: thunderbird: Invalid pointer in the JavaScript: WebAssembly component (CVE-2026-6757)

    * firefox: thunderbird: Other issue in the Libraries component in NSS (CVE-2026-6767)

    * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox     150 and Thunderbird 150 (CVE-2026-6786)

    * firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6753)

    * firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-6759)

    * firefox: thunderbird: Use-after-free in the WebRTC component (CVE-2026-6747)

    * firefox: thunderbird: Information disclosure due to uninitialized memory in the Graphics: Canvas2D     component (CVE-2026-6749)

    * firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6766)

    * firefox: thunderbird: Privilege escalation in the Networking component (CVE-2026-6761)

    * firefox: thunderbird: Mitigation bypass in the File Handling component (CVE-2026-6763)

    * firefox: thunderbird: Privilege escalation in the Graphics: WebRender component (CVE-2026-6750)

    * firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6748)

    * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird     ESR 140.10, Firefox 150 and Thunderbird 150 (CVE-2026-6785)

    * firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-6771)

    * firefox: thunderbird: Incorrect boundary conditions in the DOM: Device Interfaces component     (CVE-2026-6764)

    * firefox: thunderbird: Information disclosure in the Form Autofill component (CVE-2026-6765)

    * firefox: thunderbird: Privilege escalation in the Debugger component (CVE-2026-6769)

    * firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6751)

    * firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Networking component (CVE-2026-6776)

    * firefox: thunderbird: Use-after-free in the DOM: Core & HTML component (CVE-2026-6746)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17618 advisory.

    ImageMagick is an image display and manipulation tool for the X Window System that can read and write     multiple image formats.

    Security Fix(es):

    * ImageMagick: ImageMagick: Denial of Service via out-of-bounds write in NewXMLTree method     (CVE-2026-32636)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17685 advisory.

    The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics     (PNG) image format files.

    Security Fix(es):

    * libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon     palette expansion (CVE-2026-33636)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17686 advisory.

    A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild     under the hood. Besides building images for local usage, it can also upload images directly to cloud.  It     is compatible with composer-cli and cockpit-composer clients.

    Security Fix(es):

    * crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17625 advisory.

    Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind.
    It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL     drivers and authentication plug-ins are provided as subpackages.

    Security Fix(es):

    * dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command     (CVE-2025-59032)

    * dovecot: denial of service via crafted message before authentication (CVE-2026-27858)

    * dovecot: denial of service via specially crafted NOOP command (CVE-2026-27857)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17688 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6772)

    * firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-6754)

    * firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component (CVE-2026-6762)

    * firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6752)

    * firefox: thunderbird: Other issue in the Storage: IndexedDB component (CVE-2026-6770)

    * firefox: thunderbird: Invalid pointer in the JavaScript: WebAssembly component (CVE-2026-6757)

    * firefox: thunderbird: Other issue in the Libraries component in NSS (CVE-2026-6767)

    * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox     150 and Thunderbird 150 (CVE-2026-6786)

    * firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6753)

    * firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-6759)

    * firefox: thunderbird: Use-after-free in the WebRTC component (CVE-2026-6747)

    * firefox: thunderbird: Information disclosure due to uninitialized memory in the Graphics: Canvas2D     component (CVE-2026-6749)

    * firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6766)

    * firefox: thunderbird: Privilege escalation in the Networking component (CVE-2026-6761)

    * firefox: thunderbird: Mitigation bypass in the File Handling component (CVE-2026-6763)

    * firefox: thunderbird: Privilege escalation in the Graphics: WebRender component (CVE-2026-6750)

    * firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6748)

    * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird     ESR 140.10, Firefox 150 and Thunderbird 150 (CVE-2026-6785)

    * firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-6771)

    * firefox: thunderbird: Incorrect boundary conditions in the DOM: Device Interfaces component     (CVE-2026-6764)

    * firefox: thunderbird: Information disclosure in the Form Autofill component (CVE-2026-6765)

    * firefox: thunderbird: Privilege escalation in the Debugger component (CVE-2026-6769)

    * firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6751)

    * firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Networking component (CVE-2026-6776)

    * firefox: thunderbird: Use-after-free in the DOM: Core & HTML component (CVE-2026-6746)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:17690 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6772)

    * firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-6754)

    * firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component (CVE-2026-6762)

    * firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6752)

    * firefox: thunderbird: Other issue in the Storage: IndexedDB component (CVE-2026-6770)

    * firefox: thunderbird: Invalid pointer in the JavaScript: WebAssembly component (CVE-2026-6757)

    * firefox: thunderbird: Other issue in the Libraries component in NSS (CVE-2026-6767)

    * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox     150 and Thunderbird 150 (CVE-2026-6786)

    * firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6753)

    * firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-6759)

    * firefox: thunderbird: Use-after-free in the WebRTC component (CVE-2026-6747)

    * firefox: thunderbird: Information disclosure due to uninitialized memory in the Graphics: Canvas2D     component (CVE-2026-6749)

    * firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6766)

    * firefox: thunderbird: Privilege escalation in the Networking component (CVE-2026-6761)

    * firefox: thunderbird: Mitigation bypass in the File Handling component (CVE-2026-6763)

    * firefox: thunderbird: Privilege escalation in the Graphics: WebRender component (CVE-2026-6750)

    * firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6748)

    * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird     ESR 140.10, Firefox 150 and Thunderbird 150 (CVE-2026-6785)

    * firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-6771)

    * firefox: thunderbird: Incorrect boundary conditions in the DOM: Device Interfaces component     (CVE-2026-6764)

    * firefox: thunderbird: Information disclosure in the Form Autofill component (CVE-2026-6765)

    * firefox: thunderbird: Privilege escalation in the Debugger component (CVE-2026-6769)

    * firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6751)

    * firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Networking component (CVE-2026-6776)

    * firefox: thunderbird: Use-after-free in the DOM: Core & HTML component (CVE-2026-6746)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17628 advisory.

    Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind.
    It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL     drivers and authentication plug-ins are provided as subpackages.

    Security Fix(es):

    * dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command     (CVE-2025-59032)

    * dovecot: denial of service via crafted message before authentication (CVE-2026-27858)

    * dovecot: denial of service via specially crafted NOOP command (CVE-2026-27857)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17656 advisory.

    OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image     processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are     specific to this format.  This package containes the binaries for OpenEXR.

    Security Fix(es):

    * OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file     (CVE-2026-34588)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17642 advisory.

    The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics     (PNG) image format files.

    Security Fix(es):

    * libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon     palette expansion (CVE-2026-33636)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17560 advisory.

    PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way     using a cross-distribution, cross-architecture API.

    Security Fix(es):

    * PackageKit: race condition vulnerability leads to arbitrary package installation as root     (CVE-2026-41651)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17558 advisory.

    PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way     using a cross-distribution, cross-architecture API.

    Security Fix(es):

    * PackageKit: race condition vulnerability leads to arbitrary package installation as root     (CVE-2026-41651)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17567 advisory.

    The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics     (PNG) image format files.

    Security Fix(es):

    * libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon     palette expansion (CVE-2026-33636)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17659 advisory.

    OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image     processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are     specific to this format.  This package containes the binaries for OpenEXR.

    Security Fix(es):

    * OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file     (CVE-2026-34588)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17626 advisory.

    Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind.
    It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL     drivers and authentication plug-ins are provided as subpackages.

    Security Fix(es):

    * dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command     (CVE-2025-59032)

    * dovecot: denial of service via crafted message before authentication (CVE-2026-27858)

    * dovecot: denial of service via specially crafted NOOP command (CVE-2026-27857)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17602 advisory.

    Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind.
    It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL     drivers and authentication plug-ins are provided as subpackages.

    Security Fix(es):

    * dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command     (CVE-2025-59032)

    * dovecot: denial of service via crafted message before authentication (CVE-2026-27858)

    * dovecot: denial of service via specially crafted NOOP command (CVE-2026-27857)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17533 advisory.

    The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a     large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and     anti-aliasing, and conversions, all with multi-level undo.

    Security Fix(es):

    * gimp: GIMP:Memory disclosure and denial of service via specially crafted PCX image (CVE-2026-4887)

    * gimp: GIMP: Remote Code Execution via XPM File Parsing Integer Overflow (CVE-2026-4154)

    * GIMP: GIMP: Arbitrary code execution via specially crafted PSD file (CVE-2026-4150)

    * gimp: GIMP: Remote Code Execution via PSP file parsing (CVE-2026-4153)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17660 advisory.

    OpenEXR is an open-source high-dynamic-range floating-point image file format for high-quality image     processing and storage. This document presents a brief overview of OpenEXR and explains concepts that are     specific to this format.  This package containes the binaries for OpenEXR.

    Security Fix(es):

    * OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file     (CVE-2026-34588)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17561 advisory.

    PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way     using a cross-distribution, cross-architecture API.

    Security Fix(es):

    * PackageKit: race condition vulnerability leads to arbitrary package installation as root     (CVE-2026-41651)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17630 advisory.

    Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind.
    It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL     drivers and authentication plug-ins are provided as subpackages.

    Security Fix(es):

    * dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command     (CVE-2025-59032)

    * dovecot: denial of service via crafted message before authentication (CVE-2026-27858)

    * dovecot: denial of service via specially crafted NOOP command (CVE-2026-27857)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17658 advisory.

    Please update

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17619 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression     modules (CVE-2026-6100)

    * python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API     (CVE-2026-4786)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17603 advisory.

    The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics     (PNG) image format files.

    Security Fix(es):

    * libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon     palette expansion (CVE-2026-33636)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17525 advisory.

    Python is an interpreted, interactive, object-oriented programming language, which includes modules,     classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to     many system calls and libraries, as well as to various windowing systems.

    Security Fix(es):

    * python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression     modules (CVE-2026-6100)

    * python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API     (CVE-2026-4786)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:17477 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6772)

    * firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-6754)

    * firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component (CVE-2026-6762)

    * firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6752)

    * firefox: thunderbird: Other issue in the Storage: IndexedDB component (CVE-2026-6770)

    * firefox: thunderbird: Invalid pointer in the JavaScript: WebAssembly component (CVE-2026-6757)

    * firefox: thunderbird: Other issue in the Libraries component in NSS (CVE-2026-6767)

    * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox     150 and Thunderbird 150 (CVE-2026-6786)

    * firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6753)

    * firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-6759)

    * firefox: thunderbird: Use-after-free in the WebRTC component (CVE-2026-6747)

    * firefox: thunderbird: Information disclosure due to uninitialized memory in the Graphics: Canvas2D     component (CVE-2026-6749)

    * firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6766)

    * firefox: thunderbird: Privilege escalation in the Networking component (CVE-2026-6761)

    * firefox: thunderbird: Mitigation bypass in the File Handling component (CVE-2026-6763)

    * firefox: thunderbird: Privilege escalation in the Graphics: WebRender component (CVE-2026-6750)

    * firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6748)

    * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird     ESR 140.10, Firefox 150 and Thunderbird 150 (CVE-2026-6785)

    * firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-6771)

    * firefox: thunderbird: Incorrect boundary conditions in the DOM: Device Interfaces component     (CVE-2026-6764)

    * firefox: thunderbird: Information disclosure in the Form Autofill component (CVE-2026-6765)

    * firefox: thunderbird: Privilege escalation in the Debugger component (CVE-2026-6769)

    * firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6751)

    * firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Networking component (CVE-2026-6776)

    * firefox: thunderbird: Use-after-free in the DOM: Core & HTML component (CVE-2026-6746)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17524 advisory.

    The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics     (PNG) image format files.

    Security Fix(es):

    * libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon     palette expansion (CVE-2026-33636)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17482 advisory.

    Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access     Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate     packages.  libsoup uses the Glib main loop and is designed to work well with GTK applications. This     enables GNOME applications to access HTTP servers on the network in a completely asynchronous fashion,     very similar to the Gtk+ programming model (a synchronous operation mode is also supported for those who     want it), but the SOAP parts were removed long ago.

    Security Fix(es):

    * libsoup: libsoup: Denial of Service via Use-After-Free in HTTP/2 server (CVE-2026-4271)

    * libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel     establishment (CVE-2026-5119)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:17481 advisory.

    The rsync utility enables the users to copy and synchronize files locally or across a network.
    Synchronization with rsync is fast because rsync only sends the differences in files over the network     instead of sending whole files. The rsync utility is also used as a mirroring tool.

    Security Fix(es):

    * rsync: Rsync: Use-after-free vulnerability in extended attribute handling (CVE-2026-41035)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17287 advisory.

    The podman tool manages pods, container images, and containers. It is part of the libpod library, which is     for applications that use container pods. Container pods is a concept in Kubernetes.

    Security Fix(es):

    * net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)

    * github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted     JSON Web Encryption (JWE) object (CVE-2026-34986)

    * crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages     (CVE-2026-32283)

    * crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building     (CVE-2026-32280)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17084 advisory.

    A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor.
    Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding.

    Security Fix(es):

    * crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate     (CVE-2025-61729)

    * golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)

    * crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)

    * net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)

    * golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root (CVE-2026-32282)

    * crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages     (CVE-2026-32283)

    * crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building     (CVE-2026-32280)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:16865 advisory.

    FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license.
    The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.

    Security Fix(es):

    * freerdp: FreeRDP: Denial of service due to use-after-free vulnerability (CVE-2026-25952)

    * freerdp: FreeRDP: Denial of Service via double free vulnerability during disconnect (CVE-2026-26986)

    * freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity (CVE-2026-27951)

    * freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId (CVE-2026-29775)

    * freerdp: FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds     checks (CVE-2026-31885)

    * freerdp: FreeRDP has a division-by-zero in ADPCM decoders when `nBlockAlign` is 0 (CVE-2026-31884)

    * freerdp: FreeRDP: Denial of Service via crafted audio data in RDP (CVE-2026-31883)

    * FreeRDP: FreeRDP: Information disclosure via heap memory out of bounds read (CVE-2026-33985)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17083 advisory.

    The fence-agents packages provide a collection of scripts for handling remote power management for cluster     devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster.

    Security Fix(es):

    * pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 ?4.1.11 MUST violation) (CVE-2026-32597)

    * pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion (CVE-2026-30922)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:16875 advisory.

    Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics     with text pointers inside Git, while storing the file contents on a remote server.

    Security Fix(es):

    * net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)

    * golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root (CVE-2026-32282)

    * crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages     (CVE-2026-32283)

    * crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building     (CVE-2026-32280)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17040 advisory.

    The podman tool manages pods, container images, and containers. It is part of the libpod library, which is     for applications that use container pods. Container pods is a concept in Kubernetes.

    Security Fix(es):

    * crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate     (CVE-2025-61729)

    * golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip     (CVE-2025-61728)

    * golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)

    * crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)

    * net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)

    * github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted     JSON Web Encryption (JWE) object (CVE-2026-34986)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:16866 advisory.

    FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license.
    The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.

    Security Fix(es):

    * freerdp: FreeRDP: Denial of service due to use-after-free vulnerability (CVE-2026-25952)

    * freerdp: FreeRDP: Denial of Service via double free vulnerability during disconnect (CVE-2026-26986)

    * freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity (CVE-2026-27951)

    * freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId (CVE-2026-29775)

    * freerdp: FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds     checks (CVE-2026-31885)

    * freerdp: FreeRDP has a division-by-zero in ADPCM decoders when `nBlockAlign` is 0 (CVE-2026-31884)

    * freerdp: FreeRDP: Denial of Service via crafted audio data in RDP (CVE-2026-31883)

    * FreeRDP: FreeRDP: Information disclosure via heap memory out of bounds read (CVE-2026-33985)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Severity
315145	RHEL 9 : jq (RHSA-2026:18044)	medium
315144	RHEL 9 : kpatch-patch-5_14_0-570_17_1, kpatch-patch-5_14_0-570_39_1, kpatch-patch-5_14_0-570_66_1, and kpatch-patch-5_14_0-570_94_1 (RHSA-2026:18025)	high
315143	RHEL 9 : PackageKit (RHSA-2026:18024)	high
315142	RHEL 8 : jq (RHSA-2026:18046)	medium
315141	RHEL 9 : jq (RHSA-2026:18045)	medium
315140	RHEL 9 : libpng (RHSA-2026:18028)	high
315005	RHEL 9 : nginx (RHSA-2026:17792)	critical
315004	RHEL 9 : nginx (RHSA-2026:17794)	critical
314967	RHEL 10 : kernel (RHSA-2026:17795)	high
314966	RHEL 9 : nginx (RHSA-2026:17791)	critical
314965	RHEL 9 : nginx:1.24 (RHSA-2026:17793)	critical
314964	RHEL 10 : nginx (RHSA-2026:17790)	critical
314928	RHEL 9 : nginx:1.26 (RHSA-2026:17753)	critical
314927	RHEL 9 : nginx (RHSA-2026:17751)	critical
314926	RHEL 9 : nginx:1.24 (RHSA-2026:17752)	critical
314758	RHEL 9 : firefox (RHSA-2026:17687)	critical
314757	RHEL 7 : ImageMagick (RHSA-2026:17618)	high
314756	RHEL 9 : libpng (RHSA-2026:17685)	high
314755	RHEL 10 : osbuild-composer (RHSA-2026:17686)	critical
314754	RHEL 9 : dovecot (RHSA-2026:17625)	high
314753	RHEL 9 : firefox (RHSA-2026:17688)	critical
314752	RHEL 10 : firefox (RHSA-2026:17690)	critical
314751	RHEL 9 : dovecot (RHSA-2026:17628)	high
314750	RHEL 10 : openexr (RHSA-2026:17656)	high
314749	RHEL 9 : libpng (RHSA-2026:17642)	high
314748	RHEL 8 : PackageKit (RHSA-2026:17560)	high
314699	RHEL 8 : PackageKit (RHSA-2026:17558)	high
314698	RHEL 10 : libpng (RHSA-2026:17567)	high
314697	RHEL 9 : openexr (RHSA-2026:17659)	high
314696	RHEL 9 : dovecot (RHSA-2026:17626)	high
314695	RHEL 10 : dovecot (RHSA-2026:17602)	high
314694	RHEL 8 : gimp:2.8 (RHSA-2026:17533)	high
314693	RHEL 9 : openexr (RHSA-2026:17660)	high
314692	RHEL 8 : PackageKit (RHSA-2026:17561)	high
314691	RHEL 9 : dovecot (RHSA-2026:17630)	high
314690	RHEL 9 : openexr update (Important) (RHSA-2026:17658)	high
314689	RHEL 8 : python3 (RHSA-2026:17619)	critical
314688	RHEL 9 : libpng (RHSA-2026:17603)	high
314646	RHEL 9 : python3.12 (RHSA-2026:17525)	critical
314645	RHEL 8 : firefox (RHSA-2026:17477)	critical
314644	RHEL 9 : libpng (RHSA-2026:17524)	high
314643	RHEL 10 : libsoup3 (RHSA-2026:17482)	high
314642	RHEL 8 : rsync (RHSA-2026:17481)	high
314515	RHEL 9 : podman (RHSA-2026:17287)	high
314514	RHEL 10 : gvisor-tap-vsock (RHSA-2026:17084)	critical
314497	RHEL 9 : freerdp (RHSA-2026:16865)	medium
314496	RHEL 10 : fence-agents (RHSA-2026:17083)	high
314495	RHEL 8 : git-lfs (RHSA-2026:16875)	medium
314494	RHEL 10 : podman (RHSA-2026:17040)	critical
314493	RHEL 9 : freerdp (RHSA-2026:16866)	medium

Detections

Analytics

Red Hat Local Security Checks Family for Nessus

medium

high

high

medium

medium

high

critical

critical

high

critical

critical

critical

critical

critical

critical

critical

high

high

critical

high

critical

critical

high

high

high

high

high

high

high

high

high

high

high

high

high

high

critical

high

critical

critical

high

high

high

high

critical

medium

high

medium

critical

medium