Amazon Linux 2023 : python3.12, python3.12-devel, python3.12-idle (ALAS2023-2025-1044)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1044 advisory. Allows modifying some file metadata e.g. last modified with filter=data or file permissions chmod with filter=tar of files outside the extraction directory.You are affected by this vulnerabili...

Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2025-1043)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1043 advisory. When curl is asked to use HSTS, the expiry time for a subdomain mightoverwrite a parent domain's cache entry, making it end sooner or later thanotherwise intended. This affects curl using applications...

Amazon Linux 2023 : libvpx, libvpx-devel, libvpx-utils (ALAS2023-2025-1023)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1023 advisory. Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium Duplicate:...

Amazon Linux 2023 : java-1.8.0-amazon-corretto, java-1.8.0-amazon-corretto-devel (ALAS2023-2025-1017)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1017 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java...

Amazon Linux 2 : kernel (ALASKERNEL-5.15-2025-076)

The version of kernel installed on the remote host is prior to 5.15.182-123.190. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2025-076 advisory. In the Linux kernel, the following vulnerability has been resolved: media: streamzap: fix race between...

Low: valkey

Issue Overview: setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev-size - prev-used. CVE-2025-49112 Affected Packages: valkey Issue Correction: Run dnf update valkey --releasever 2023.7.20250623 or dnf update --advisory ALAS2023-2025-1025 --releasever...

Amazon Linux 2023 : freerdp, freerdp-devel, freerdp-libs (ALAS2023-2025-1034)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1034 advisory. A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct,...

Amazon Linux 2023 : aws-kinesis-agent (ALAS2023-2025-1024)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1024 advisory. Jackson-core contains core low-level incremental streaming parser and generator abstractions used by Jackson Data Processor. Starting in version 2.0.0 and prior to version 2.13.0, a flaw in...

Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2025-1040)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1040 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly...

Important: amazon-ecr-credential-helper

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Amazon Linux 2 : runc (ALASECS-2025-068)

The version of runc installed on the remote host is prior to 1.2.4-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-068 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF...

Important: amazon-ecr-credential-helper

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2025-1039)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1039 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly...

Medium: golang

Issue Overview: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. CVE-2025-22874 Proxy-Authorization and Proxy-Authenticate headers...

Amazon Linux 2023 : runc (ALAS2023-2025-1041)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1041 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly...

Important: containerd

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Amazon Linux 2 : amazon-ecr-credential-helper (ALASDOCKER-2025-069)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.10.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-069 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size lin...

Important: amazon-ecr-credential-helper

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Amazon Linux 2 : amazon-ecr-credential-helper (ALASECS-2025-069)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.10.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-069 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line...

Amazon Linux 2 : runc (ALASDOCKER-2025-068)

The version of runc installed on the remote host is prior to 1.2.4-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-068 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF...