Amazon Linux 2023 : capstone, capstone-devel, capstone-java (ALAS2023-2026-1372)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1372 advisory. Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds- checked, so a user-provided skipdata callback can make csdisasm/csdisasmiter memcpy more than 24...

Amazon Linux 2023 : aws-nitro-enclaves-cli, aws-nitro-enclaves-cli-devel, aws-nitro-enclaves-cli-integration-tests (ALAS2023-2026-1371)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1371 advisory. openssl: rust-openssl Use-After-Free in Md::fetch and Cipher::fetch CVE-2025-3416 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2026-097 (ALASKERNEL-5.15-2026-097)

The version of kernel installed on the remote host is prior to 5.15.197-138.223. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.15-2026-097 advisory. In the Linux kernel, the following vulnerability has been resolved: tcpmetrics: use dstdevnetrcu CVE-2025-40075...

Amazon Linux 2 : python-urllib3, --advisory ALAS2-2026-3156 (ALAS-2026-3156)

The version of python-urllib3 installed on the remote host is prior to 1.25.9-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3156 advisory. urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number...

Amazon Linux 2023 : java-17-amazon-corretto, java-17-amazon-corretto-devel, java-17-amazon-corretto-headless (ALAS2023-2026-1385)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1385 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: RMI. Supported versions that are affected are Oracle Java SE...

Amazon Linux 2 : python3-urllib3, --advisory ALAS2-2026-3131 (ALAS-2026-3131)

The version of python3-urllib3 installed on the remote host is prior to 1.25.6-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3131 advisory. urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP...

Amazon Linux 2 : libxml2, --advisory ALAS2-2026-3144 (ALAS-2026-3144)

The version of libxml2 installed on the remote host is prior to 2.9.1-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3144 advisory. A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the...

Amazon Linux 2 : ImageMagick, --advisory ALAS2-2026-3132 (ALAS-2026-3132)

The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3132 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to...

Amazon Linux 2023 : openssl, openssl-devel, openssl-fips-provider-latest (ALAS2023-2026-1406)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1406 advisory. A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an oversized Initialization Vector ...

Amazon Linux 2023 : libtasn1, libtasn1-devel, libtasn1-tools (ALAS2023-2026-1395)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1395 advisory. Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1expendoctetstring. CVE-2025-13151 Tenable has...

Amazon Linux 2 : python-urllib3, --advisory ALAS2-2026-3149 (ALAS-2026-3149)

The version of python-urllib3 installed on the remote host is prior to 1.25.9-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3149 advisory. urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP...

Amazon Linux 2023 : libsoup3, libsoup3-devel (ALAS2023-2026-1394)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1394 advisory. A flaw in libsoup's HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, ...

Amazon Linux 2 : python-pyasn1, --advisory ALAS2-2026-3148 (ALAS-2026-3148)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3148 advisory. pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. This...

Amazon Linux 2023 : unzip (ALAS2023-2026-1422)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1422 advisory. Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service resource consumption, aka a better zip bomb issue. CVE-2019-13232 Tenable has extracted the...

Low: libxml2

Issue Overview: A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during...

Amazon Linux 2023 : python3-pip, python3-pip-wheel (ALAS2023-2026-1416)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1416 advisory. urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire...

Amazon Linux 2 : java-1.8.0-amazon-corretto, --advisory ALAS2CORRETTO8-2026-022 (ALASCORRETTO8-2026-022)

The version of java-1.8.0-amazon-corretto installed on the remote host is prior to 1.8.0482.b08-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2CORRETTO8-2026-022 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise...

Medium: capstone

Issue Overview: Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make csdisasm/csdisasmiter memcpy more than 24 bytes into csinsn.bytes, causing a heap buffer overflow in the disassembly path...

Amazon Linux 2 : kernel, --advisory ALAS2-2026-3161 (ALAS-2026-3161)

The version of kernel installed on the remote host is prior to 4.14.355-280.713. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3161 advisory. In the Linux kernel, the following vulnerability has been resolved: net: iptunnel: prevent perpetual headroom grow...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2026-111 (ALASKERNEL-5.10-2026-111)

The version of kernel installed on the remote host is prior to 5.10.247-246.992. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.10-2026-111 advisory. In the Linux kernel, the following vulnerability has been resolved: tcpmetrics: use dstdevnetrcu CVE-2025-40075...