Amazon Linux 2 : amazon-ecr-credential-helper, --advisory ALAS2ECS-2025-075 (ALASECS-2025-075)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.10.1-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-075 advisory. Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking...

Amazon Linux 2 : gegl, --advisory ALAS2-2025-3030 (ALAS-2025-3030)

The version of gegl installed on the remote host is prior to 0.2.0-19. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3030 advisory. GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability CVE-2025-10921 Tenable has extracted the precedi...

Amazon Linux 2023 : libnvjpeg-12, libnvjpeg-devel-12 (ALAS2023NVIDIA-2025-197)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2025-197 advisory. NVIDIA nvJPEG library contains a vulnerability where an attacker can cause an out-of-bounds read by means of a specially crafted JPEG file. A successful exploit of this vulnerability might lead to...

Amazon Linux 2 : cups, --advisory ALAS2-2025-3028 (ALAS-2025-3028)

The version of cups installed on the remote host is prior to 1.6.3-51. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3028 advisory. A flaw was found in CUPS, a widely used printing service on Linux and UNIX-like systems. The issue arises when authentication is...

Amazon Linux 2 : ghostscript, --advisory ALAS2-2025-3018 (ALAS-2025-3018)

The version of ghostscript installed on the remote host is prior to 9.54.0-9. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3018 advisory. Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfwritecmap in devices/vector/gdevpdtw.c...

Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2025-1214)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1214 advisory. Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which a...

Amazon Linux 2023 : libtiff, libtiff-devel, libtiff-static (ALAS2023-2025-1212)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1212 advisory. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in...

Amazon Linux 2 : webkitgtk4, --advisory ALAS2-2025-3029 (ALAS-2025-3029)

The version of webkitgtk4 installed on the remote host is prior to 2.48.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3029 advisory. The issue was addressed with improved memory handling. This issue is fixed in Safari 26, visionOS 26, watchOS 26, macO...

Amazon Linux 2 : postgresql, --advisory ALAS2-2025-3035 (ALAS-2025-3035)

The version of postgresql installed on the remote host is prior to 9.2.24-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3035 advisory. Untrusted data inclusion in pgdump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for...

Amazon Linux 2023 : cuda-nvml-devel-12 (ALAS2023NVIDIA-2025-219)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2025-219 advisory. NVIDIA nvJPEG library contains a vulnerability where an attacker can cause an out-of-bounds read by means of a specially crafted JPEG file. A successful exploit of this vulnerability might lead to...

Amazon Linux 2023 : cuda-nvprof-12 (ALAS2023NVIDIA-2025-218)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2025-218 advisory. NVIDIA nvJPEG library contains a vulnerability where an attacker can cause an out-of-bounds read by means of a specially crafted JPEG file. A successful exploit of this vulnerability might lead to...

Amazon Linux 2 : openssl-snapsafe, --advisory ALAS2OPENSSL-SNAPSAFE-2025-008 (ALASOPENSSL-SNAPSAFE-2025-008)

The version of openssl-snapsafe installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by a vulnerability as referenced in the ALAS2OPENSSL-SNAPSAFE-2025-008 advisory. Issue summary: An application trying to decrypt CMS messages encrypted usingpassword based encryption can...

Amazon Linux 2023 : cuda-profiler-api-12 (ALAS2023NVIDIA-2025-213)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2025-213 advisory. NVIDIA nvJPEG library contains a vulnerability where an attacker can cause an out-of-bounds read by means of a specially crafted JPEG file. A successful exploit of this vulnerability might lead to...

Amazon Linux 2023 : polkit, polkit-devel, polkit-libs (ALAS2023-2025-1217)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1217 advisory. A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior,...

Amazon Linux 2 : open-vm-tools, --advisory ALAS2-2025-3036 (ALAS-2025-3036)

The version of open-vm-tools installed on the remote host is prior to 12.3.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3036 advisory. VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with...

Amazon Linux 2023 : libnpp-12, libnpp-devel-12 (ALAS2023NVIDIA-2025-200)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2025-200 advisory. NVIDIA nvJPEG library contains a vulnerability where an attacker can cause an out-of-bounds read by means of a specially crafted JPEG file. A successful exploit of this vulnerability might lead to...

Amazon Linux 2023 : libcurand-13, libcurand-devel-13 (ALAS2023NVIDIA-2025-156)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2025-156 advisory. NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successfu...

Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2025-1224)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1224 advisory. go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data CVE-2025-11065 Tenable has extracted the preceding description block directly from the tested product...

Amazon Linux 2 : sox, --advisory ALAS2-2025-3032 (ALAS-2025-3032)

The version of sox installed on the remote host is prior to 14.4.1-7. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3032 advisory. A floating point exception divide-by-zero issue was discovered in SoX in functon startread of wav.c file. An attacker with a crafted w...

Amazon Linux 2023 : ghostscript, ghostscript-gtk, ghostscript-tools-dvipdf (ALAS2023-2025-1218)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1218 advisory. Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfwritecmap in devices/vector/gdevpdtw.c. CVE-2025-59798 Artifex Ghostscript through 10.05.1 has a stack-based buffer...