Amazon Linux 2 : LibRaw (ALAS-2025-2974)

The version of LibRaw installed on the remote host is prior to 0.19.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2974 advisory. In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser. CVE-2025-43961 In...

Amazon Linux 2 : python (ALAS-2025-2961)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2961 advisory. There is a defect in the CPython tarfile module affecting the TarFile extraction and entry enumeration APIs. The tar implementation...

Amazon Linux 2 : webkitgtk4 (ALAS-2025-2970)

The version of webkitgtk4 installed on the remote host is prior to 2.48.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2970 advisory. A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequo...

Medium: cni-plugins

Issue Overview: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. CVE-2025-22874 Proxy-Authorization and Proxy-Authenticate headers...

Medium: libcap

Issue Overview: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. CVE-2025-22874 Proxy-Authorization and Proxy-Authenticate headers...

Medium: nodejs22

Issue Overview: There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above. CVE-2025-6965 Affected Packages: nodejs2...

Medium: mod_security

Issue Overview: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If SecParseXmlIntoArgs is set to On or OnlyArgs, and the request type is application/xm...

Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2025-1152)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1152 advisory. NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the serve...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2025-097)

The version of kernel installed on the remote host is prior to 5.10.238-234.956. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-097 advisory. In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: fix -anonvma race...

Amazon Linux 2023 : openexr, openexr-devel, openexr-libs (ALAS2023-2025-1142)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1142 advisory. An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service DoS via the convert function of exrmultipart.cpp. CVE-2024-31047 Tenable has...

Amazon Linux 2023 : captree, libcap, libcap-devel (ALAS2023-2025-1141)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1141 advisory. Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which a...

Amazon Linux 2023 : lemon, sqlite, sqlite-analyzer (ALAS2023-2025-1151)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1151 advisory. There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommen...

Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2025-1138)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1138 advisory. Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim's tar.vim plugin can allow overwriting of arbitrary files when opening specially craft...

Amazon Linux 2023 : python3.13, python3.13-devel, python3.13-freethreading (ALAS2023-2025-1147)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1147 advisory. There is a defect in the CPython tarfile module affecting the TarFile extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error,...

Amazon Linux 2023 : nodejs22, nodejs22-devel, nodejs22-full-i18n (ALAS2023-2025-1137)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1137 advisory. There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommen...

Important: python3.12

Issue Overview: There is a defect in the CPython "tarfile" module affecting the "TarFile" extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously...

Amazon Linux 2023 : cni-plugins (ALAS2023-2025-1143)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1143 advisory. Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which a...

Amazon Linux 2023 : python3.12, python3.12-devel, python3.12-idle (ALAS2023-2025-1135)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1135 advisory. There is a defect in the CPython tarfile module affecting the TarFile extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error,...

Amazon Linux 2023 : mod_security, mod_security-mlogc (ALAS2023-2025-1139)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1139 advisory. ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8 to before 2.9.11, an empty XML tag can cause a segmentation fault. If...

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-1144)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1144 advisory. In the Linux kernel, the following vulnerability has been resolved: xsk: Fix race condition in AFXDP generic RX path CVE-2025-37920 In the Linux kernel, the following vulnerability has been...