Amazon Linux 2 : amazon-ssm-agent, --advisory ALAS2-2025-3121 (ALAS-2025-3121)

The version of amazon-ssm-agent installed on the remote host is prior to 3.3.3572.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3121 advisory. Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy...

Amazon Linux 2 : oci-add-hooks, --advisory ALAS2NITRO-ENCLAVES-2025-080 (ALASNITRO-ENCLAVES-2025-080)

The version of oci-add-hooks installed on the remote host is prior to 0-0.6.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2025-080 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded...

Amazon Linux 2 : nerdctl, --advisory ALAS2-2025-3100 (ALAS-2025-3100)

The version of nerdctl installed on the remote host is prior to 2.1.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3100 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certifica...

Amazon Linux 2 : grub2, --advisory ALAS2-2025-3107 (ALAS-2025-3107)

The version of grub2 installed on the remote host is prior to 2.06-14. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3107 advisory. A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service DoS...

Amazon Linux 2 : httpd, --advisory ALAS2-2025-3099 (ALAS-2025-3099)

The version of httpd installed on the remote host is prior to 2.4.66-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3099 advisory. An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures 30 days in default...

Amazon Linux 2 : python-urllib3, --advisory ALAS2-2025-3110 (ALAS-2025-3110)

The version of python-urllib3 installed on the remote host is prior to 1.25.9-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3110 advisory. urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number...

Amazon Linux 2 : thunderbird, --advisory ALAS2-2025-3108 (ALAS-2025-3108)

The version of thunderbird installed on the remote host is prior to 140.6.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3108 advisory. Race condition in the Graphics component. This vulnerability affects Firefox 145, Firefox ESR 140.5, and Firefox ESR...

Amazon Linux 2 : docker, --advisory ALAS2NITRO-ENCLAVES-2025-082 (ALASNITRO-ENCLAVES-2025-082)

The version of docker installed on the remote host is prior to 25.0.13-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2025-082 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2025-096 (ALASKERNEL-5.15-2025-096)

The version of kernel installed on the remote host is prior to 5.15.197-138.220. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2025-096 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: reject duplicat...

Amazon Linux 2 : amazon-ecr-credential-helper, --advisory ALAS2DOCKER-2025-087 (ALASDOCKER-2025-087)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.11.0-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-087 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomai...

Amazon Linux 2 : python-tornado, --advisory ALAS2-2025-3106 (ALAS-2025-3106)

The version of python-tornado installed on the remote host is prior to 4.2.1-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3106 advisory. Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied...

Amazon Linux 2 : libvirt, --advisory ALAS2-2025-3115 (ALAS-2025-3115)

The version of libvirt installed on the remote host is prior to 4.5.0-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3115 advisory. A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was perform...

Amazon Linux 2 : qt5-qtbase, --advisory ALAS2-2025-3102 (ALAS-2025-3102)

The version of qt5-qtbase installed on the remote host is prior to 5.15.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3102 advisory. Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Q...

Amazon Linux 2 : golang-github-cpuguy83-go-md2man, --advisory ALAS2-2025-3118 (ALAS-2025-3118)

The version of golang-github-cpuguy83-go-md2man installed on the remote host is prior to 1.0.4-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3118 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain...

Amazon Linux 2 : libpng, --advisory ALAS2-2025-3112 (ALAS-2025-3112)

The version of libpng installed on the remote host is prior to 1.5.13-8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3112 advisory. A heap buffer over-read vulnerability exists in libpng's pngdoquantize function when processing PNG files with malformed...

Amazon Linux 2 : glib2, --advisory ALAS2-2025-3117 (ALAS-2025-3117)

The version of glib2 installed on the remote host is prior to 2.56.1-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3117 advisory. Buffer underflow on Glib through glib/gvariant via bytestringparse or stringparse leads to OOB Write. CVE-2025-14087 Tenable has...

Important: glib2

Issue Overview: Buffer underflow on Glib through glib/gvariant via bytestringparse or stringparse leads to OOB Write. CVE-2025-14087 Affected Packages: glib2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2...

Amazon Linux 2 : containerd, --advisory ALAS2DOCKER-2025-093 (ALASDOCKER-2025-093)

The version of containerd installed on the remote host is prior to 2.1.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-093 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the...

Medium: docker

Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...

Amazon Linux 2 : containerd, --advisory ALAS2NITRO-ENCLAVES-2025-083 (ALASNITRO-ENCLAVES-2025-083)

The version of containerd installed on the remote host is prior to 2.1.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2025-083 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which may...