Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2026-1436)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1436 advisory. A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security TLS servers. An attacker with a man-in-the-middle MITM position on the upstream server...

Important: runc

Issue Overview: cmd/go: bypass of flag sanitization can lead to arbitrary code execution CVE-2025-61731 cmd/go: unexpected code execution when invoking toolchain CVE-2025-68119 Affected Packages: runc Note: This advisory is applicable to Amazon Linux 2 - Nitro-enclaves Extra. Visit this page to...

Amazon Linux 2023 : python3.13-virtualenv (ALAS2023-2026-1428)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1428 advisory. virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform...

Amazon Linux 2023 : python3.13, python3.13-devel, python3.13-freethreading (ALAS2023-2026-1437)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1437 advisory. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email message...

Amazon Linux 2 : amazon-cloudwatch-agent, --advisory ALAS2-2026-3174 (ALAS-2026-3174)

The version of amazon-cloudwatch-agent installed on the remote host is prior to 1.300064.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3174 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported...

Amazon Linux 2023 : libpng, libpng-devel, libpng-static (ALAS2023-2026-1440)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1440 advisory. Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer ASan, the program leaks memory in various...

Amazon Linux 2 : java-1.8.0-openjdk, --advisory ALAS2-2026-3154 (ALAS-2026-3154)

The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.482.b08-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3154 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product ...

Amazon Linux 2 : openssl-snapsafe, --advisory ALAS2OPENSSL-SNAPSAFE-2026-009 (ALASOPENSSL-SNAPSAFE-2026-009)

The version of openssl-snapsafe installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2OPENSSL-SNAPSAFE-2026-009 advisory. Writing large, newline-free data into a BIO chain using the line-buffering filter where the next...

Amazon Linux 2023 : python3.12, python3.12-devel, python3.12-idle (ALAS2023-2026-1444)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1444 advisory. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email message...

Amazon Linux 2 : curl, --advisory ALAS2-2026-3173 (ALAS-2026-3173)

The version of curl installed on the remote host is prior to 8.3.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3173 advisory. curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host...

Amazon Linux 2023 : alsa-lib, alsa-lib-devel, alsa-topology (ALAS2023-2026-1426)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1426 advisory. alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplgdecodecontrolmixer1 function reads the...

Amazon Linux 2 : runc, --advisory ALAS2NITRO-ENCLAVES-2026-092 (ALASNITRO-ENCLAVES-2026-092)

The version of runc installed on the remote host is prior to 1.3.4-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-092 advisory. cmd/go: bypass of flag sanitization can lead to arbitrary code execution CVE-2025-61731 cmd/go: unexpected code...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2026-118 (ALASKERNEL-5.4-2026-118)

The version of kernel installed on the remote host is prior to 5.4.302-222.451. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2026-118 advisory. In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix null-deref in...

Amazon Linux 2 : expat, --advisory ALAS2-2026-3170 (ALAS-2026-3170)

The version of expat installed on the remote host is prior to 2.1.0-15. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3170 advisory. In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer...

Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3167 (ALAS-2026-3167)

The version of thunderbird installed on the remote host is prior to 140.7.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3167 advisory. Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox 146. CVE-2025-14327 CSS-based...

Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2026-1442)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1442 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks...

Amazon Linux 2023 : freerdp, freerdp-devel, freerdp-libs (ALAS2023-2026-1433)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1433 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race condition between the RDPGFX dynamic virtual channel thread and the SDL render thread leads to a heap...

Amazon Linux 2023 : gnupg2, gnupg2-minimal, gnupg2-smime (ALAS2023-2026-1427)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1427 advisory. In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys. CVE-2026-24882 Tenable has extracted the preceding...

Amazon Linux 2 : openssh, --advisory ALAS2-2026-3175 (ALAS-2026-3175)

The version of openssh installed on the remote host is prior to 7.4p1-22. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3175 advisory. In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it...

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2026-1438)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1438 advisory. A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary. CVE-2025-61732 Tenable has extracted the preceding description block directly from...