Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2025-089 (ALASKERNEL-5.15-2025-089)

The version of kernel installed on the remote host is prior to 5.15.191-132.213. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2025-089 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: idle: Check...

Important: microcode_ctl

Issue Overview: Improper buffer restrictions for some IntelR XeonR Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-20053 Missing reference to active allocated resource for some IntelR XeonR processors may all...

Medium: edk2

Issue Overview: EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service. CVE-2024-38805 Affected Packages: edk2 Note: This advisory is applicable to Amazon Linux ...

Medium: gstreamer1-plugins-base

Issue Overview: In GStreamer through 1.26.1, the subparse plugin's parsesubriptime function may write data past the bounds of a stack buffer, leading to a crash. CVE-2025-47806 In GStreamer through 1.26.1, the subparse plugin's subripunescapeformatting function may dereference a NULL pointer whil...

Amazon Linux 2 : edk2, --advisory ALAS2-2025-2996 (ALAS-2025-2996)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2996 advisory. EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service. CVE-2024-388...

Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2025-042 (ALASFIREFOX-2025-042)

The version of firefox installed on the remote host is prior to 140.2.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2025-042 advisory. Improper Input Validation vulnerability in Mozilla neqo leads to an unexploitable crash..This issue affects neqo:...

Amazon Linux 2 : gstreamer1-plugins-good, --advisory ALAS2-2025-3003 (ALAS-2025-3003)

The version of gstreamer1-plugins-good installed on the remote host is prior to 1.18.4-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3003 advisory. GStreamer is a library for constructing graphs of media-handling components. The function qtdemuxparsesbg...

Amazon Linux 2 : udisks2, --advisory ALAS2-2025-2992 (ALAS-2025-2992)

The version of udisks2 installed on the remote host is prior to 2.7.3-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2992 advisory. A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is...

Important: microcode_ctl

Issue Overview: A potential security vulnerability in some Intelr Processors may allow information disclosure. Intel is releasing microcode updates and prescriptive guidance to mitigate this potential vulnerability. Info:...

Medium: mpg123

Issue Overview: An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to...

Important: kernel-livepatch-5.10.238-234.956

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ACPICA: Refuse to evaluate a method if arguments are missing CVE-2025-38386 Affected Packages: kernel-livepatch-5.10.238-234.956 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Important: kernel-livepatch-5.10.239-236.958

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ACPICA: Refuse to evaluate a method if arguments are missing CVE-2025-38386 Affected Packages: kernel-livepatch-5.10.239-236.958 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Amazon Linux 2 : redis, --advisory ALAS2REDIS6-2025-014 (ALASREDIS6-2025-014)

The version of redis installed on the remote host is prior to 6.2.14-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2REDIS6-2025-014 advisory. TOCTOU in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a...

Amazon Linux 2 : kernel, --advisory ALAS2-2025-3001 (ALAS-2025-3001)

The version of kernel installed on the remote host is prior to 4.14.355-280.684. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3001 advisory. In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: fix -anonvma race CVE-2023-5293...

Amazon Linux 2 : microcode_ctl, --advisory ALAS2-2025-2993 (ALAS-2025-2993)

The version of microcodectl installed on the remote host is prior to 2.1-47. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2993 advisory. Improper buffer restrictions for some IntelR XeonR Processor firmware with SGX enabled may allow a privileged user to...

Amazon Linux 2 : pki-core, --advisory ALAS2-2025-2995 (ALAS-2025-2995)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2995 advisory. Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Bootstrap allows Cross-Site Scripting XSS.This issue affects Bootstrap: from 3.4.1 before 4.0.0...

Amazon Linux 2 : giflib, --advisory ALAS2-2025-2998 (ALAS-2025-2998)

The version of giflib installed on the remote host is prior to 4.1.6-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2998 advisory. A memory leak out-of-memory in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception ...

Amazon Linux 2 : ImageMagick, --advisory ALAS2-2025-3000 (ALAS-2025-3000)

The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3000 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version...

Medium: rust-cargo-c

Issue Overview: tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be...

Important: microcode_ctl

Issue Overview: A potential security vulnerability in some Intelr Processors may allow information disclosure. Intel is releasing microcode updates and prescriptive guidance to mitigate this potential vulnerability. Info:...