Amazon Linux 2023 : socat (ALAS2023-2026-1701)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1701 advisory. readline.sh in socat through 1.8.0.1 relies on the /tmp/$USER/stderr2 file. CVE-2024-54661 Tenable has extracted the preceding description block directly from the tested product security advisory. Note...

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2026-1710)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1710 advisory. In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers CVE-2026-43503 In the Linux kernel, the following...

Amazon Linux 2023 : bpftool6.18, kernel6.18, kernel6.18-devel (ALAS2023-2026-1709)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1709 advisory. In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers CVE-2026-43503 In the Linux kernel, the following...

Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1708)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1708 advisory. In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers CVE-2026-43503 In the Linux kernel, the following...

Medium: libgcrypt

Issue Overview: Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcrypkdecrypt. CVE-2026-41989 Affected Packages: libgcrypt Issue Correction: Run dnf update libgcrypt --releasever 2023.11.20260514 or dnf update --advisory...

Medium: curl

Issue Overview: When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory. CVE-2026-3805 Affected Packages: curl Issue Correction: Run dnf update curl --releasever 2023.11.20260514 or dnf update --advisory ALAS2023-2026-1699...

Important: python-pip

Issue Overview: pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update...

Low: socat

Issue Overview: readline.sh in socat through 1.8.0.1 relies on the /tmp/$USER/stderr2 file. CVE-2024-54661 Affected Packages: socat Issue Correction: Run dnf update socat --releasever 2023.11.20260514 or dnf update --advisory ALAS2023-2026-1701 --releasever 2023.11.20260514 to update your system...

Medium: perl-Text-CSV_XS

Issue Overview: CSVXS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption. CVE-2026-7111 Affected Packages: perl-Text-CSVXS Issue Correction: Run dnf update perl-Text-CSVXS --releasever...

Amazon Linux 2023 : cuda-toolkit (ALAS2023NVIDIA-2026-278)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2026-278 advisory. NVIDIA CUDA Toolkit contains a vulnerability in command cuobjdump where a user may cause an out-of-bound write by passing in a malformed ELF file. A successful exploit of this vulnerability may le...

Amazon Linux 2023 : cuda (ALAS2023NVIDIA-2026-279)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2026-279 advisory. NVIDIA CUDA Toolkit contains a vulnerability in command cuobjdump where a user may cause an out-of-bound write by passing in a malformed ELF file. A successful exploit of this vulnerability may le...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2026-119 (ALASKERNEL-5.10-2026-119)

The version of kernel installed on the remote host is prior to 5.10.253-252.1016. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2026-119 advisory. In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers CVE-2026-43503 In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers CVE-2026-43503 In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers CVE-2026-43503 In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers CVE-2026-43503 In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2026-122 (ALASKERNEL-5.4-2026-122)

The version of kernel installed on the remote host is prior to 5.4.302-224.471. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2026-122 advisory. In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag...

Amazon Linux 2 : kernel, --advisory ALAS2-2026-3307 (ALAS-2026-3307)

The version of kernel installed on the remote host is prior to 4.14.355-282.729. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3307 advisory. In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker...

Important: python-lxml

Issue Overview: lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to...

Important: thunderbird

Issue Overview: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox ESR 140.10.1. CVE-2026-7321 Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0, Thunderbird ESR 140.10.0, Firefox 150.0.0 and...