Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2026-1375)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1375 advisory. No QUIC certificate pinning with GnuTLS NOTE: https://curl.se/docs/CVE-2025-13034.htmlNOTE: Introduced with: https://github.com/curl/curl/commit/3210101088dfa3d6a125d213226b092f2f866722...

Amazon Linux 2 : golang, --advisory ALAS2-2026-3172 (ALAS-2026-3172)

The version of golang installed on the remote host is prior to 1.24.13-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3172 advisory. A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary. CVE-2025-617...

Amazon Linux 2023 : firefox (ALAS2023-2026-1429)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1429 advisory. Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox 146. CVE-2025-14327 Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox 147...

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2026-1438)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1438 advisory. A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary. CVE-2025-61732 Tenable has extracted the preceding description block directly from...

Amazon Linux 2023 : python3.13, python3.13-devel, python3.13-freethreading (ALAS2023-2026-1437)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1437 advisory. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email message...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2026-113 (ALASKERNEL-5.10-2026-113)

The version of kernel installed on the remote host is prior to 5.10.248-247.988. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2026-113 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: core: ufs: Fix a hang in the...

Amazon Linux 2023 : python3.12, python3.12-devel, python3.12-idle (ALAS2023-2026-1444)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1444 advisory. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email message...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2026-118 (ALASKERNEL-5.4-2026-118)

The version of kernel installed on the remote host is prior to 5.4.302-222.451. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2026-118 advisory. In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix null-deref in...

Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3167 (ALAS-2026-3167)

The version of thunderbird installed on the remote host is prior to 140.7.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3167 advisory. Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox 146. CVE-2025-14327 CSS-based...

Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2026-050 (ALASFIREFOX-2026-050)

The version of firefox installed on the remote host is prior to 140.7.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2026-050 advisory. Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox 146. CVE-2025-14327 Mitigation...

Important: cuda

Issue Overview: NVIDIA Nsight Systems contains a vulnerability in the gfxhotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the processnsysrepcli.py script if the script is invoked manually. A successful exploit of this vulnerability might lea...

Important: kmod-nvidia-open-dkms

Issue Overview: NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of servic...

Amazon Linux 2023 : kmod-nvidia-latest-dkms (ALAS2023NVIDIA-2026-273)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2026-273 advisory. NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. A successful exploit of this vulnerability mig...

Amazon Linux 2023 : kmod-nvidia-open-dkms (ALAS2023NVIDIA-2026-272)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2026-272 advisory. NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. A successful exploit of this vulnerability mig...

Amazon Linux 2023 : nvidia, nvidia-fabric-manager (ALAS2023NVIDIA-2026-268)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2026-268 advisory. NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. A successful exploit of this vulnerability mig...

Amazon Linux 2023 : nsight-systems (ALAS2023NVIDIA-2026-256)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2026-256 advisory. NVIDIA Nsight Systems contains a vulnerability in the gfxhotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the processnsysrepcli.py script if...

Medium: expat

Issue Overview: In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation. CVE-2026-25210 Affected Packages: expat Issue Correction: Run dnf update expat --releasever 2023.10.20260216...

Medium: firefox

Issue Overview: In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation. CVE-2026-25210 Affected Packages: firefox Issue Correction: Run dnf update firefox --releasever...

Medium: docker

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

Important: nvidia-imex

Issue Overview: NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of servic...