Amazon Linux 2 : openjpeg2, --advisory ALAS2-2025-3007 (ALAS-2025-3007)

The version of openjpeg2 installed on the remote host is prior to 2.4.0-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3007 advisory. openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c. CVE-2025-50952 Tenable ha...

Amazon Linux 2023 : iperf3, iperf3-devel (ALAS2023-2025-1197)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1197 advisory. In iperf before 3.19.1, iperfauth.c has an off-by-one error and resultant heap-based buffer overflow. CVE-2025-54349 In iperf before 3.19.1, iperfauth.c has a Base64Decode assertion failure an...

Amazon Linux 2023 : microcode_ctl (ALAS2023-2025-1209)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1209 advisory. Insufficient granularity of access control in the OOB-MSM for some IntelR XeonR 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent...

Amazon Linux 2 : dcraw, --advisory ALAS2-2025-3017 (ALAS-2025-3017)

The version of dcraw installed on the remote host is prior to 9.19-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3017 advisory. There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary...

Amazon Linux 2 : amazon-ssm-agent, --advisory ALAS2-2025-3010 (ALAS-2025-3010)

The version of amazon-ssm-agent installed on the remote host is prior to 3.3.3050.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3010 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line...

Amazon Linux 2023 : amazon-ssm-agent (ALAS2023-2025-1202)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1202 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which...

Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2025-043 (ALASFIREFOX-2025-043)

The version of firefox installed on the remote host is prior to 140.3.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2025-043 advisory. Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox 143,...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2025-106 (ALASKERNEL-5.10-2025-106)

The version of kernel installed on the remote host is prior to 5.10.220-209.867. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-106 advisory. In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix the behavior of READ near...

Amazon Linux 2023 : firefox (ALAS2023-2025-1203)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1203 advisory. Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. CVE-2025-10527...

Amazon Linux 2 : cups, --advisory ALAS2-2025-3012 (ALAS-2025-3012)

The version of cups installed on the remote host is prior to 1.6.3-51. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3012 advisory. OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, ...

Amazon Linux 2 : optipng, --advisory ALAS2-2025-3011 (ALAS-2025-3011)

The version of optipng installed on the remote host is prior to 0.7.7-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3011 advisory. OptiPNG v0.7.7 was discovered to contain a global buffer overflow via the 'buffer' variable at gifread.c. CVE-2023-43907 Tenable ha...

Amazon Linux 2 : kernel, --advisory ALAS2-2025-3013 (ALAS-2025-3013)

The version of kernel installed on the remote host is prior to 4.14.355-280.695. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3013 advisory. In the Linux kernel, the following vulnerability has been resolved: iavf: Fix reset error handling CVE-2022-50053 ...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2025-105 (ALASKERNEL-5.10-2025-105)

The version of kernel installed on the remote host is prior to 5.10.244-240.965. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-105 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in...

Amazon Linux 2 : libtiff, --advisory ALAS2-2025-3004 (ALAS-2025-3004)

The version of libtiff installed on the remote host is prior to 4.0.3-35. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3004 advisory. A flaw has been found in LibTIFF 4.7.0. This affects the function TIFFmallocExt/TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of t...

Amazon Linux 2023 : GraphicsMagick, GraphicsMagick-c++, GraphicsMagick-c++-devel (ALAS2023-2025-1201)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1201 advisory. ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits. CVE-2025-27795 ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer...

Amazon Linux 2 : ImageMagick, --advisory ALAS2-2025-3009 (ALAS-2025-3009)

The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3009 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower...

Amazon Linux 2 : libsoup, --advisory ALAS2-2025-3006 (ALAS-2025-3006)

The version of libsoup installed on the remote host is prior to 2.56.0-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3006 advisory. A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate...

Amazon Linux 2 : GraphicsMagick, --advisory ALAS2GRAPHICSMAGICK1.3-2025-004 (ALASGRAPHICSMAGICK1.3-2025-004)

The version of GraphicsMagick installed on the remote host is prior to 1.3.45-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2GRAPHICSMAGICK1.3-2025-004 advisory. ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits...

Amazon Linux 2 : LibRaw, --advisory ALAS2-2025-3016 (ALAS-2025-3016)

The version of LibRaw installed on the remote host is prior to 0.19.4-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3016 advisory. There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitra...

Amazon Linux 2023 : expat, expat-devel, expat-static (ALAS2023-2025-1196)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1196 advisory. libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. CVE-2025-59375 Tenable has extracted the preceding...