Amazon Linux 2023 : java-1.8.0-amazon-corretto, java-1.8.0-amazon-corretto-devel (ALAS2023-2025-1106)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1106 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE:...

Amazon Linux 2 : java-1.8.0-amazon-corretto (ALASCORRETTO8-2025-020)

The version of java-1.8.0-amazon-corretto installed on the remote host is prior to 1.8.0462.b08-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2CORRETTO8-2025-020 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise...

Amazon Linux 2023 : python3.12-pip, python3.12-pip-wheel (ALAS2023-2025-1096)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1096 advisory. urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disab...

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2025-1104)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1104 advisory. cmd/go: unexpected command execution in untrusted VCS repositories CVE-2025-4674 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Ness...

Amazon Linux 2023 : pam, pam-devel (ALAS2023-2025-1121)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1121 advisory. A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink...

Amazon Linux 2023 : python3-requests, python3-requests+security, python3-requests+socks (ALAS2023-2025-1110)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1110 advisory. Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to...

Amazon Linux 2 : php (ALASPHP8.2-2025-008)

The version of php installed on the remote host is prior to 8.2.29-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.2-2025-008 advisory. fsockopen doesn't regard hostname as well, hostname is terminated at the null byte. This can cause Server Side Request...

Amazon Linux 2023 : kmod-nvidia-open-dkms (ALAS2023NVIDIA-2025-139)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2025-139 advisory. NVIDIA Display Driver for Linux and Windows contains a vulnerability in the kernel mode driver, where an attacker could access memory outside bounds permitted under normal use cases. A...

Amazon Linux 2023 : java-21-amazon-corretto, java-21-amazon-corretto-devel, java-21-amazon-corretto-headless (ALAS2023-2025-1099)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1099 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE:...

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-1111)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1111 advisory. In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Leak pages if setmemoryencrypted fails CVE-2024-36913 In the Linux kernel, the following vulnerability h...

Amazon Linux 2023 : java-24-amazon-corretto, java-24-amazon-corretto-devel, java-24-amazon-corretto-headless (ALAS2023-2025-1098)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1098 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE:...

Amazon Linux 2023 : git, git-all, git-core (ALAS2023-2025-1108)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1108 advisory. When a user clones an untrusted repository and runs Gitk without additional command arguments, any writable file can be created and truncated. The option Support per-file encoding must have be...

Amazon Linux 2 : mtr (ALAS-2025-2937)

The version of mtr installed on the remote host is prior to 0.92-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2937 advisory. mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTRPACKET environment variable...

Amazon Linux 2 : python-pip (ALAS-2025-2935)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2935 advisory. urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable...

Amazon Linux 2 : jq (ALAS-2025-2943)

The version of jq installed on the remote host is prior to 1.5-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2943 advisory. jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index...

Amazon Linux 2 : golang (ALAS-2025-2939)

The version of golang installed on the remote host is prior to 1.23.11-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2939 advisory. cmd/go: unexpected command execution in untrusted VCS repositories CVE-2025-4674 Tenable has extracted the preceding description...

Amazon Linux 2 : pixman (ALAS-2025-2945)

The version of pixman installed on the remote host is prior to 0.34.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2945 advisory. In libpixman in Pixman before 0.42.2, there is an out-of-bounds write aka heap-based buffer overflow in rasterizeedges8 due to an...

Amazon Linux 2 : java-11-amazon-corretto (ALAS-2025-2940)

The version of java-11-amazon-corretto installed on the remote host is prior to 11.0.28+6-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2940 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product...

Medium: docker

Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: docker Note: This advisory is applicable to Amazon Linux 2 - Ecs Extra. Visit this page to learn more about Amazon Lin...

Medium: ecs-init

Issue Overview: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. CVE-2025-22874 Proxy-Authorization and Proxy-Authenticate headers...