Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2025-1029)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1029 advisory. The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags...

Amazon Linux 2023 : runc (ALAS2023-2025-1041)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1041 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly...

Amazon Linux 2 : amazon-ecr-credential-helper (ALASECS-2025-069)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.10.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-069 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line...

Amazon Linux 2 : runc (ALASECS-2025-068)

The version of runc installed on the remote host is prior to 1.2.4-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-068 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF...

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2025-1028)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1028 advisory. Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which a...

Amazon Linux 2023 : openssh, openssh-clients, openssh-keycat (ALAS2023-2025-1038)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1038 advisory. In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding. CVE-2025-32728 Tenable has extracted the precedin...

Important: amazon-ecr-credential-helper

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Important: amazon-ecr-credential-helper

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Important: runc

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Important: amazon-ecr-credential-helper

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Important: runc

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Medium: amazon-cloudwatch-agent

Issue Overview: The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result i...

Medium: golang

Issue Overview: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. CVE-2025-22874 Proxy-Authorization and Proxy-Authenticate headers...

Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2025-1039)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1039 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly...

Amazon Linux 2023 : libxml2, libxml2-devel, libxml2-static (ALAS2023-2025-1019)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1019 advisory. A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a deni...

Amazon Linux 2 : runc (ALASNITRO-ENCLAVES-2025-064)

The version of runc installed on the remote host is prior to 1.2.4-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2025-064 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a...

Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2025-1040)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1040 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly...

Amazon Linux 2 : runc (ALASDOCKER-2025-068)

The version of runc installed on the remote host is prior to 1.2.4-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-068 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF...

Amazon Linux 2 : amazon-ecr-credential-helper (ALASDOCKER-2025-069)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.10.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-069 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size lin...

Amazon Linux 2023 : bsdcat, bsdcpio, bsdtar (ALAS2023-2025-1022)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1022 advisory. A vulnerability has been identified in the libarchive library, specifically within the archivereadformatrarseekdata function. This flaw involves an integer overflow that can ultimately lead to a...