Amazon Linux 2 : cloud-init (ALAS-2025-2926)

The version of cloud-init installed on the remote host is prior to 19.3-46. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2926 advisory. When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this,...

Medium: postgresql

Issue Overview: Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5...

Amazon Linux 2 : qt5-qtconnectivity (ALAS-2024-2673)

The version of qt5-qtconnectivity installed on the remote host is prior to 5.15.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2673 advisory. An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x...

Amazon Linux 2 : qt5-qtserialport (ALAS-2024-2665)

The version of qt5-qtserialport installed on the remote host is prior to 5.15.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2665 advisory. An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x...

Medium: xmlgraphics-commons

Issue Overview: Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET...