Medium: docker

Issue Overview: containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container...

Important: nerdctl

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Important: firefox

Issue Overview: An issue in sqlite v.3.49.0 allows an attacker to cause a denial of service via the SQLITEDBCONFIGLOOKASIDE component CVE-2025-29088 A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-lev...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clean up repair bio if submit fails CVE-2022-49168 In the Linux kernel, the following vulnerability has been resolved: blk-throttle: Set BIOTHROTTLED when bio has been throttled CVE-2022-49465 Affect...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: NFSv4.0: Fix a use-after-free problem in the asynchronous open CVE-2024-53173 In the Linux kernel, the following vulnerability has been resolved: KVM: Explicitly verify target vCPU is online in kvmgetvcpu...

Low: kernel

Issue Overview: No CVE associated with this advisory Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.10 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories...

Medium: docker

Issue Overview: containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container...

Low: ImageMagick

Issue Overview: In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used. CVE-2025-43965 Affected Packages: ImageMagick Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference betwe...

Important: kernel-livepatch-4.14.355-276.639

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: vlan: enforce underlying device type CVE-2025-21920 Affected Packages: kernel-livepatch-4.14.355-276.639 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Medium: python-requests

Issue Overview: Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to th...

Amazon Linux 2 : soci-snapshotter (ALASDOCKER-2025-064)

The version of soci-snapshotter installed on the remote host is prior to 0.9.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-064 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line...

Important: cri-tools

Issue Overview: The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. CVE-2024-24790 The net/http package accepted data in the chunked transfer encoding...

Important: nerdctl

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Amazon Linux 2 : oci-add-hooks (ALASDOCKER-2025-065)

The version of oci-add-hooks installed on the remote host is prior to 0-0.3.20200504git325a340. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-065 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size li...

Amazon Linux 2 : kernel (ALAS-2025-2865)

The version of kernel installed on the remote host is prior to 4.14.355-277.647. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2865 advisory. In the Linux kernel, the following vulnerability has been resolved: NFSv4.0: Fix a use-after-free problem in the...

Amazon Linux 2 : docker (ALASDOCKER-2025-066)

The version of docker installed on the remote host is prior to 25.0.8-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-066 advisory. containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 wher...

Amazon Linux 2 : ppp (ALAS-2025-2867)

The version of ppp installed on the remote host is prior to 2.4.5-33. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2867 advisory. The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges. CVE-2024-58250 Tenable has extracted the preceding descriptio...

Amazon Linux 2 : webkitgtk4, --advisory ALAS2-2025-2869 (ALAS-2025-2869)

The version of webkitgtk4 installed on the remote host is prior to 2.46.6-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2869 advisory. The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma...

Amazon Linux AMI : ppp (ALAS-2025-1980)

The version of ppp installed on the remote host is prior to 2.4.5-11.10. It is, therefore, affected by a vulnerability as referenced in the ALAS-2025-1980 advisory. The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges. CVE-2024-58250 Tenable has extracted the preceding...

CVE-2023-35812

An issue was discovered in the Amazon Linux packages of OpenSSH 7.4 for Amazon Linux 1 and 2, because of an incomplete fix for CVE-2019-6111 within these specific packages. The fix had only covered cases where an absolute path is passed to scp. When a relative path is used, there is no verificati...