Amazon Linux 2023 : libnvidia-cfg, libnvidia-fbc, libnvidia-gpucomp (ALAS2023NVIDIA-2025-251)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2025-251 advisory. NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to code execution, escalatio...

Amazon Linux 2023 : nvidia-xconfig (ALAS2023NVIDIA-2025-241)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2025-241 advisory. NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to code execution, escalatio...

Amazon Linux 2023 : bind, bind-chroot, bind-devel (ALAS2023-2025-1255)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1255 advisory. Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache.This issue affects BIND 9 versions 9.11.0 throug...

Amazon Linux 2 : unbound, --advisory ALAS2UNBOUND-1.17-2025-006 (ALASUNBOUND-1.17-2025-006)

The version of unbound installed on the remote host is prior to 1.17.0-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2UNBOUND-1.17-2025-006 advisory. NLnet Labs Unbound up to and including version 1.24.0 is vulnerable to possible domain hijack attacks. Promiscuous NS...

Amazon Linux 2 : bind, --advisory ALAS2-2025-3054 (ALAS-2025-3054)

The version of bind installed on the remote host is prior to 9.11.4-26.P2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3054 advisory. Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion. This...

Low: unbound

Issue Overview: No CVE associated with this advisory Affected Packages: unbound Issue Correction: Run dnf update unbound --releasever 2023.9.20251105 or dnf update --advisory ALAS2023-2025-1256 --releasever 2023.9.20251105 to update your system. More information on how to update your system can b...

Low: unbound

Issue Overview: No CVE associated with this advisory Affected Packages: unbound Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update unbound or yum update...

Low: unbound

Issue Overview: No CVE associated with this advisory Affected Packages: unbound Note: This advisory is applicable to Amazon Linux 2 - Unbound-1.17 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisorie...

Important: bind

Issue Overview: Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion. This issue affects BIND 9 versions 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1...

Amazon Linux 2 : unbound, --advisory ALAS2-2025-3055 (ALAS-2025-3055)

The version of unbound installed on the remote host is prior to 1.7.3-15. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3055 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

Important: webkitgtk4

Issue Overview: The issue was addressed with improved memory handling. This issue is fixed in Safari 26, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected Safari crash. CVE-2025-43272 A correctness issue was address...

Amazon Linux 2 : webkitgtk4, --advisory ALAS2-2025-3059 (ALAS-2025-3059)

The version of webkitgtk4 installed on the remote host is prior to 2.48.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3059 advisory. The issue was addressed with improved memory handling. This issue is fixed in Safari 26, visionOS 26, watchOS 26, macO...

Low: runc

Issue Overview: No CVE associated with this advisory Affected Packages: runc Note: This advisory is applicable to Amazon Linux 2 - Ecs Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue...

Low: runc

Issue Overview: No CVE associated with this advisory Affected Packages: runc Issue Correction: Run dnf update runc --releasever 2023.9.20251105 or dnf update --advisory ALAS2023-2025-1263 --releasever 2023.9.20251105 to update your system. More information on how to update your system can be foun...

Low: runc

Issue Overview: No CVE associated with this advisory Affected Packages: runc Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue...

Amazon Linux 2 : kernel, --advisory ALAS2-2025-3053 (ALAS-2025-3053)

The version of kernel installed on the remote host is prior to 4.14.355-280.706. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3053 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: libsas: Fix use-after-free bug in...

Amazon Linux 2 : golang, --advisory ALAS2-2025-3042 (ALAS-2025-3042)

The version of golang installed on the remote host is prior to 1.24.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3042 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2025-093 (ALASKERNEL-5.15-2025-093)

The version of kernel installed on the remote host is prior to 5.15.194-135.217. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2025-093 advisory. In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix memory leak in...

Amazon Linux 2 : sssd, --advisory ALAS2-2025-3050 (ALAS-2025-3050)

The version of sssd installed on the remote host is prior to 1.16.5-11. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3050 advisory. A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default...

Amazon Linux 2023 : libxslt, libxslt-devel, python3-libxslt (ALAS2023-2025-1228)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1228 advisory. A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash. CVE-2025-10911 Tenable has extracted the precedin...