Medium: ecs-init

Issue Overview: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. CVE-2025-22874 Proxy-Authorization and Proxy-Authenticate headers...

Medium: docker

Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: docker Note: This advisory is applicable to Amazon Linux 2 - Ecs Extra. Visit this page to learn more about Amazon Lin...

Medium: runc

Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: runc Note: This advisory is applicable to Amazon Linux 2 - Ecs Extra. Visit this page to learn more about Amazon Linux...

Important: kernel-livepatch-5.10.236-227.928

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: vxlan: Annotate FDB data races CVE-2025-38037 Affected Packages: kernel-livepatch-5.10.236-227.928 Issue Correction: Please ensure you have live patching enabled. Run yum update kernel-livepatch-5.10.236-227.928 o...

Important: kernel-livepatch-5.10.236-228.935

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: vxlan: Annotate FDB data races CVE-2025-38037 Affected Packages: kernel-livepatch-5.10.236-228.935 Issue Correction: Please ensure you have live patching enabled. Run yum update kernel-livepatch-5.10.236-228.935 o...

Important: kernel-livepatch-5.10.237-230.948

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: vxlan: Annotate FDB data races CVE-2025-38037 Affected Packages: kernel-livepatch-5.10.237-230.948 Issue Correction: Please ensure you have live patching enabled. Run yum update kernel-livepatch-5.10.237-230.948 o...

Medium: jackson

Issue Overview: jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth...

Medium: perl-Crypt-OpenSSL-RSA

Issue Overview: A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial...

Important: golang

Issue Overview: cmd/go: unexpected command execution in untrusted VCS repositories CVE-2025-4674 Affected Packages: golang Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correctio...

Medium: python-pip

Issue Overview: urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An...

Medium: ruby

Issue Overview: Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific...

Important: kernel-livepatch-6.12.29-33.102

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: vxlan: Annotate FDB data races CVE-2025-38037 Affected Packages: kernel-livepatch-6.12.29-33.102 Issue Correction: Please ensure you have live patching enabled. Run dnf update kernel-livepatch-6.12.29-33.102...

Important: kernel-livepatch-6.12.25-32.101

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: vxlan: Annotate FDB data races CVE-2025-38037 Affected Packages: kernel-livepatch-6.12.25-32.101 Issue Correction: Please ensure you have live patching enabled. Run dnf update kernel-livepatch-6.12.25-32.101...

Important: kernel-livepatch-6.1.140-154.222

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: schhfsc: Fix qlen accounting bug when using peek in hfscenqueue CVE-2025-38000 In the Linux kernel, the following vulnerability has been resolved: can: bcm: add missing rcu read protection for procfs content...

Important: gimp

Issue Overview: A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow...

Low: gimp

Issue Overview: GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1591/ NOTE: https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/fixed-vulnerabilities NOTE:...

Medium: gimp

Issue Overview: GIMP FLI file parsing out-of-bounds heap overflow. CVE-2025-2761 Affected Packages: gimp Note: This advisory is applicable to Amazon Linux 2 - Gimp Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2...

Important: gimp

Issue Overview: GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious...

Medium: gimp

Issue Overview: GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash. CVE-2022-30067 Affected Packages: gimp Note: This advisory is applicable to Amazon Linu...

Amazon Linux 2023 : libnvidia, libnvidia-container, libnvidia-container1 (ALAS2023NVIDIA-2025-126)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2025-126 advisory. Placeholder CVE. Details forthcoming CVE-2025-23266 Placeholder CVE. Details forthcoming CVE-2025-23267 Tenable has extracted the preceding description block directly from the tested...