Amazon Linux 2023 : libxml2, libxml2-devel, libxml2-static (ALAS2023-2026-1446)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1446 advisory. A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user...

Amazon Linux 2 : qt5-qt3d, --advisory ALAS2-2026-3187 (ALAS-2026-3187)

The version of qt5-qt3d installed on the remote host is prior to 5.15.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3187 advisory. A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the functi...

Amazon Linux 2 : python3, --advisory ALAS2-2026-3184 (ALAS-2026-3184)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3184 advisory. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be...

Amazon Linux 2023 : cuda (ALAS2023NVIDIA-2026-277)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2026-277 advisory. NVIDIA Nsight Systems contains a vulnerability in the gfxhotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the processnsysrepcli.py script if...

Amazon Linux 2 : postgresql, --advisory ALAS2POSTGRESQL14-2026-022 (ALASPOSTGRESQL14-2026-022)

The version of postgresql installed on the remote host is prior to 14.21-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL14-2026-022 advisory. Improper validation of type oidvector in PostgreSQL allows a database user to disclose a few bytes of server...

Amazon Linux 2023 : cuda-toolkit-13 (ALAS2023NVIDIA-2026-276)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2026-276 advisory. NVIDIA Nsight Systems contains a vulnerability in the gfxhotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the processnsysrepcli.py script if...

Amazon Linux 2 : evolution-data-server, --advisory ALAS2-2026-3179 (ALAS-2026-3179)

The version of evolution-data-server installed on the remote host is prior to 3.28.5-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3179 advisory. The Evolution backend server exposes the D-Bus service org.gnome.evolution.dataserver.AddressBook, that can be used ...

Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2026-053 (ALASFIREFOX-2026-053)

The version of firefox installed on the remote host is prior to 140.7.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2026-053 advisory. A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized but allocated memory. Th...

Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3190 (ALAS-2026-3190)

The version of thunderbird installed on the remote host is prior to 140.7.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3190 advisory. A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized but allocated memory. This...

Amazon Linux 2 : gimp, --advisory ALAS2GIMP-2026-011 (ALASGIMP-2026-011)

The version of gimp installed on the remote host is prior to 2.8.22-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2GIMP-2026-011 advisory. GIMP: PSD loader: heap-buffer-overflow in freadpascalstring no null terminator CVE-2026-2239 An integer overflow...

Amazon Linux 2023 : postgresql16, postgresql16-contrib, postgresql16-llvmjit (ALAS2023-2026-1458)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1458 advisory. Improper validation of type oidvector in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of...

Amazon Linux 2 : runc, --advisory ALAS2ECS-2026-099 (ALASECS-2026-099)

The version of runc installed on the remote host is prior to 1.3.4-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-099 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP...

Amazon Linux 2023 : nodejs24, nodejs24-devel, nodejs24-full-i18n (ALAS2023-2026-1466)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1466 advisory. node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. Th...

Amazon Linux 2 : libpng, --advisory ALAS2-2026-3189 (ALAS-2026-3189)

The version of libpng installed on the remote host is prior to 1.5.13-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3189 advisory. libpng: An out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogra...

Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2026-1464)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1464 advisory. node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. Th...

Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3177 (ALAS-2026-3177)

The version of thunderbird installed on the remote host is prior to 140.7.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3177 advisory. time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type...

Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2026-052 (ALASFIREFOX-2026-052)

The version of firefox installed on the remote host is prior to 140.7.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2FIREFOX-2026-052 advisory. time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type...

Amazon Linux 2023 : python3-jwt, python3-jwt+crypto (ALAS2023-2026-1467)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1467 advisory. pyjwt v2.10.1 was discovered to contain weak encryption. CVE-2025-45768 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus has no...

Amazon Linux 2 : qemu, --advisory ALAS2-2026-3182 (ALAS-2026-3182)

The version of qemu installed on the remote host is prior to 3.1.0-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3182 advisory. A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a...

Amazon Linux 2 : python, --advisory ALAS2-2026-3185 (ALAS-2026-3185)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3185 advisory. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be...