Amazon Linux 2023 : nvidia-container, nvidia-container-toolkit (ALAS2023NVIDIA-2025-125)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2025-125 advisory. Placeholder CVE. Details forthcoming CVE-2025-23266 Placeholder CVE. Details forthcoming CVE-2025-23267 Tenable has extracted the preceding description block directly from the tested...

Important: cloud-init

Issue Overview: When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration. CVE-2024-6174 Affected Packages: cloud-init Issue Correction: Run dnf update cloud-init...

Important: sudo

Issue Overview: Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines. CVE-2025-32462 Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.co...

Important: tomcat

Issue Overview: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or...

Medium: python-pip

Issue Overview: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc...

Medium: python3.12-pip

Issue Overview: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc...

Medium: tomcat

Issue Overview: Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Users are recommended to upgrade to version 11.0.8, 10.1.42 or...

Amazon Linux 2023 : bpftool, kernel6.12, kernel6.12-modules-extra (ALAS2023-2025-1080)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1080 advisory. In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fix out-of-range access of vnicinfo array CVE-2025-22112 In the Linux kernel, the following vulnerability has bee...

Amazon Linux 2023 : python3-pip, python3-pip-wheel (ALAS2023-2025-1058)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1058 advisory. urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disab...

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-1054)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1054 advisory. A flaw was found in the Linux kernel Traffic Control TC subsystem. Using a specific networking configuration redirecting egress packets to ingress using TC action mirred a local unprivileged...

Amazon Linux 2 : sudo (ALAS-2025-2924)

The version of sudo installed on the remote host is prior to 1.8.23-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2924 advisory. Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed...

Amazon Linux 2 : python (ALAS-2025-2911)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2911 advisory. The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially...

Low: python-pip

Issue Overview: No CVE associated with this advisory Affected Packages: python-pip Issue Correction: Run dnf update python-pip --releasever 2023.8.20250707 or dnf update --advisory ALAS2023-2025-1058 --releasever 2023.8.20250707 to update your system. More information on how to update your system...

Medium: libgepub

Issue Overview: A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop...

Amazon Linux 2 : kernel (ALAS-2025-2929)

The version of kernel installed on the remote host is prior to 4.14.355-280.651. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2929 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: Fix possible corruption when moving a...

Amazon Linux 2 : cloud-init (ALAS-2025-2926)

The version of cloud-init installed on the remote host is prior to 19.3-46. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2926 advisory. When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this,...

Amazon Linux 2023 : bpftool, kernel6.12, kernel6.12-modules-extra (ALAS2023-2025-1052)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1052 advisory. In the Linux kernel, the following vulnerability has been resolved: schhfsc: Fix qlen accounting bug when using peek in hfscenqueue CVE-2025-38000 In the Linux kernel, the following...

Amazon Linux 2023 : glib2, glib2-devel, glib2-static (ALAS2023-2025-1069)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1069 advisory. A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the gdatetimenewfromiso8601 function. CVE-2025-3360 A flaw was fou...

Amazon Linux 2 : python3-urllib3 (ALAS-2025-2916)

The version of python3-urllib3 installed on the remote host is prior to 1.25.6-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2916 advisory. urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all...

Amazon Linux 2 : xorg-x11-server (ALAS-2025-2918)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2918 advisory. A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and...