Medium: nerdctl

Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: nerdctl Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...

Medium: soci-snapshotter

Issue Overview: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. CVE-2025-22874 Proxy-Authorization and Proxy-Authenticate headers...

Medium: docker

Issue Overview: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. CVE-2025-22874 Proxy-Authorization and Proxy-Authenticate headers...

Amazon Linux 2023 : docker (ALAS2023-2025-1074)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1074 advisory. Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which a...

Amazon Linux 2 : kernel (ALAS-2025-2929)

The version of kernel installed on the remote host is prior to 4.14.355-280.651. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2929 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: Fix possible corruption when moving a...

Amazon Linux 2 : oci-add-hooks (ALASDOCKER-2025-075)

The version of oci-add-hooks installed on the remote host is prior to 0-0.4.20200504git325a340. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-075 advisory. Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially...

Amazon Linux 2 : python (ALAS-2025-2911)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2911 advisory. The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially...

Amazon Linux 2 : sudo (ALAS-2025-2924)

The version of sudo installed on the remote host is prior to 1.8.23-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2924 advisory. Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed...

Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2025-066)

The version of docker installed on the remote host is prior to 25.0.8-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2025-066 advisory. Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive...

Amazon Linux 2023 : python3.12, python3.12-devel, python3.12-idle (ALAS2023-2025-1056)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1056 advisory. The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service. CVE-2025-6069 Tenable has...

Amazon Linux 2023 : runfinch-finch (ALAS2023-2025-1073)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1073 advisory. Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which a...

Amazon Linux 2 : containerd (ALASNITRO-ENCLAVES-2025-067)

The version of containerd installed on the remote host is prior to 2.0.5-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2025-067 advisory. Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitiv...

Amazon Linux 2023 : sudo, sudo-devel, sudo-logsrvd (ALAS2023-2025-1070)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1070 advisory. Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines. CVE-2025-324...

Amazon Linux 2023 : firefox (ALAS2023-2025-1055)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1055 advisory. A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox or tag, potentially making a website vulnerable to a cross- site scripting attac...

Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2025-1077)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1077 advisory. Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which a...

Amazon Linux 2023 : soci-snapshotter (ALAS2023-2025-1076)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1076 advisory. Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which a...

Amazon Linux 2 : xorg-x11-server (ALAS-2025-2918)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2918 advisory. A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and...

Amazon Linux 2 : python3-urllib3 (ALAS-2025-2916)

The version of python3-urllib3 installed on the remote host is prior to 1.25.6-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2916 advisory. urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all...

Amazon Linux 2 : cloud-init (ALAS-2025-2926)

The version of cloud-init installed on the remote host is prior to 19.3-46. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2926 advisory. When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this,...

Amazon Linux 2023 : python3-pip, python3-pip-wheel (ALAS2023-2025-1058)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1058 advisory. urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disab...