Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-1124)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1124 advisory. Thor before 1.4.0 can construct an unsafe shell command from library input. CVE-2025-54314 Tenable has extracted the preceding description block directly from the tested product security advisory. Note...

Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-1115)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1115 advisory. Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is...

Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-1131)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1131 advisory. The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet.An attacker can craft a...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2025-105)

The version of kernel installed on the remote host is prior to 5.4.296-217.423. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.4-2025-105 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported versi...

Amazon Linux 2023 : git, git-all, git-core (ALAS2023-2025-1108)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1108 advisory. When a user clones an untrusted repository and runs Gitk without additional command arguments, any writable file can be created and truncated. The option Support per-file encoding must have be...

Amazon Linux 2023 : nvidia-kmod-common (ALAS2023NVIDIA-2025-134)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2025-134 advisory. NVIDIA Display Driver for Linux and Windows contains a vulnerability in the kernel mode driver, where an attacker could access memory outside bounds permitted under normal use cases. A...

Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2025-1094)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1094 advisory. Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable...

Amazon Linux 2 : firefox (ALASFIREFOX-2025-041)

The version of firefox installed on the remote host is prior to 128.13.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2025-041 advisory. On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT,...

Important: gdk-pixbuf2

Issue Overview: In GNOME GdkPixbuf aka gdk-pixbuf through 2.42.10, the ANI Windows animated cursor decoder encounters heap memory corruption in aniloadchunk in io-ani.c when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a deni...

Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2025-1090)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1090 advisory. The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service. CVE-2025-6069 Tenable has...

Amazon Linux 2023 : java-11-amazon-corretto, java-11-amazon-corretto-devel, java-11-amazon-corretto-headless (ALAS2023-2025-1101)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1101 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE:...

Amazon Linux 2023 : libnvidia-cfg, libnvidia-ml, nvidia-driver-cuda (ALAS2023NVIDIA-2025-138)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2025-138 advisory. NVIDIA Display Driver for Linux and Windows contains a vulnerability in the kernel mode driver, where an attacker could access memory outside bounds permitted under normal use cases. A...

Amazon Linux 2 : kernel (ALASKERNEL-5.15-2025-086)

The version of kernel installed on the remote host is prior to 5.15.189-131.202. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.15-2025-086 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported...

Amazon Linux 2023 : jakarta-mail (ALAS2023-2025-1117)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1117 advisory. In Jakarta Mail 2.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages. CVE-2025-7962 Tenable has extracted the preceding description...

Low: kernel

Issue Overview: No CVE associated with this advisory Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories...

Low: kernel

Issue Overview: No CVE associated with this advisory Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.10 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories...

Low: kernel

Issue Overview: No CVE associated with this advisory Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: tap: NULL pointer derefence in devparseheaderprotocol when skb-dev is null CVE-2022-50073 In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a server shutdown leak CVE-2023-53131 ...

Medium: pam

Issue Overview: A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. CVE-2025-6020 Affected Packages: pam Note: This advisor...

Amazon Linux 2023 : php8.1, php8.1-bcmath, php8.1-cli (ALAS2023-2025-1087)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1087 advisory. fsockopen doesn't regard hostname as well, hostname is terminated at the null byte. This can cause Server Side Request Forgery in general case. CVE-2025-1220 Missing error checking could resul...