Amazon Linux 2 : perl, --advisory ALAS2-2026-3352 (ALAS-2026-3352)

The version of perl installed on the remote host is prior to 5.16.3-299. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3352 advisory. Buffer overflow in Perlstudychunk CVE-2026-8376 Tenable has extracted the preceding description block directly from the tested...

Amazon Linux 2023 : memcached, memcached-devel, memcached-selinux (ALAS2023-2026-1781)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1781 advisory. In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by...

Amazon Linux 2023 : libnvsdm, libnvsdm-devel (ALAS2023NVIDIA-2026-290)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2026-290 advisory. NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successfu...

Amazon Linux 2 : perl-Crypt-PasswdMD5, --advisory ALAS2-2026-3343 (ALAS-2026-3343)

The version of perl-Crypt-PasswdMD5 installed on the remote host is prior to 1.3-17. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3343 advisory. Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The built-in rand function ...

Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3340 (ALAS-2026-3340)

The version of thunderbird installed on the remote host is prior to 140.11.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3340 advisory. Three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming th...

Amazon Linux 2 : perl-HTTP-Daemon, --advisory ALAS2-2026-3341 (ALAS-2026-3341)

The version of perl-HTTP-Daemon installed on the remote host is prior to 6.01-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3341 advisory. HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with...

Amazon Linux 2023 : nvlink5 (ALAS2023NVIDIA-2026-280)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2026-280 advisory. NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successfu...

Amazon Linux 2 : perl-XML-LibXML, --advisory ALAS2-2026-3342 (ALAS-2026-3342)

The version of perl-XML-LibXML installed on the remote host is prior to 2.0018-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3342 advisory. XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncat...

Amazon Linux 2 : perl-Template-Toolkit, --advisory ALAS2-2026-3345 (ALAS-2026-3345)

The version of perl-Template-Toolkit installed on the remote host is prior to 2.24-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3345 advisory. emplate::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The htmlfilter functi...

Amazon Linux 2023 : firefox (ALAS2023-2026-1793)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1793 advisory. Three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing attacker-controlled bytes inside an ignored...

Amazon Linux 2 : mesa, --advisory ALAS2-2026-3330 (ALAS-2026-3330)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3330 advisory. In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca...

Medium: perl

Issue Overview: Buffer overflow in Perlstudychunk CVE-2026-8376 Affected Packages: perl Issue Correction: Run dnf update perl --releasever 2023.12.20260608 or dnf update --advisory ALAS2023-2026-1819 --releasever 2023.12.20260608 to update your system. More information on how to update your syste...

Amazon Linux 2023 : python3.13, python3.13-devel, python3.13-freethreading (ALAS2023-2026-1786)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1786 advisory. http.cookies.Morsel.jsoutput returns an inline snippet and only escapes for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element...

Amazon Linux 2023 : credentials-fetcher (ALAS2023-2026-1792)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1792 advisory. A denial of service vulnerability GHSA-XMRV-PMRH-HHX2 was found in the bundled AWS SDK for Go v2 EventStream decoder used by credentials-fetcher. An attacker who can inject a malformed EventStream...

Amazon Linux 2 : rsync, --advisory ALAS2-2026-3332 (ALAS-2026-3332)

The version of rsync installed on the remote host is prior to 3.1.2-11. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3332 advisory. Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counte...

Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2026-1785)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1785 advisory. http.cookies.Morsel.jsoutput returns an inline snippet and only escapes for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element...

Amazon Linux 2 : yelp, --advisory ALAS2-2026-3337 (ALAS-2026-3337)

The version of yelp installed on the remote host is prior to 3.28.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3337 advisory. A sandbox escape vulnerability was found in yelp, the GNOME help viewer. Bypassing the fix for CVE-2025-3155, a malicious help docume...

Amazon Linux 2 : atril, --advisory ALAS2MATE-DESKTOP1.X-2026-011 (ALASMATE-DESKTOP1.X-2026-011)

The version of atril installed on the remote host is prior to 1.20.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2MATE-DESKTOP1.X-2026-011 advisory. CVE-2026-46529 is a command injection vulnerability in Evince, Atril, and Xreader caused by missing quoting of...

Amazon Linux 2023 : vorbis-tools (ALAS2023-2026-1812)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1812 advisory. A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in the remote control...

Amazon Linux 2 : 389-ds-base, --advisory ALAS2-2026-3339 (ALAS-2026-3339)

The version of 389-ds-base installed on the remote host is prior to 1.3.10.2-17. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3339 advisory. A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound ...