Amazon Linux 2 : python-tornado, --advisory ALAS2-2025-3106 (ALAS-2025-3106)

The version of python-tornado installed on the remote host is prior to 4.2.1-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3106 advisory. Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied...

Amazon Linux 2 : webkitgtk4, --advisory ALAS2-2025-3114 (ALAS-2025-3114)

The version of webkitgtk4 installed on the remote host is prior to 2.50.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3114 advisory. A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow,...

Amazon Linux 2 : httpd, --advisory ALAS2-2025-3099 (ALAS-2025-3099)

The version of httpd installed on the remote host is prior to 2.4.66-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3099 advisory. An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures 30 days in default...

Amazon Linux 2 : libpng, --advisory ALAS2-2025-3112 (ALAS-2025-3112)

The version of libpng installed on the remote host is prior to 1.5.13-8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3112 advisory. A heap buffer over-read vulnerability exists in libpng's pngdoquantize function when processing PNG files with malformed...

Amazon Linux 2 : usbmuxd, --advisory ALAS2-2025-3111 (ALAS-2025-3111)

The version of usbmuxd installed on the remote host is prior to 1.1.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3111 advisory. A Path Traversal vulnerability in usbmuxd allows local users to escalate to the service user. CVE-2025-66004 Tenable has extracted...

Amazon Linux 2 : docker, --advisory ALAS2DOCKER-2025-094 (ALASDOCKER-2025-094)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-094 advisory. Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed...

Medium: docker

Issue Overview: Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a...

Medium: docker

Issue Overview: Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a...

Important: qt5-qtbase

Issue Overview: Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component ...

Important: httpd

Issue Overview: An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures 30 days in default configurations, to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache...

Amazon Linux 2 : grub2, --advisory ALAS2-2025-3107 (ALAS-2025-3107)

The version of grub2 installed on the remote host is prior to 2.06-14. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3107 advisory. A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service DoS...

Amazon Linux 2 : python3, --advisory ALAS2-2025-3103 (ALAS-2025-3103)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3103 advisory. When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache th...

Amazon Linux 2 : thunderbird, --advisory ALAS2-2025-3108 (ALAS-2025-3108)

The version of thunderbird installed on the remote host is prior to 140.6.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3108 advisory. Race condition in the Graphics component. This vulnerability affects Firefox 145, Firefox ESR 140.5, and Firefox ESR...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2025-096 (ALASKERNEL-5.15-2025-096)

The version of kernel installed on the remote host is prior to 5.15.197-138.220. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2025-096 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: reject duplicat...

Amazon Linux 2 : ecs-init, --advisory ALAS2ECS-2025-092 (ALASECS-2025-092)

The version of ecs-init installed on the remote host is prior to 1.82.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-092 advisory. A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload...

Amazon Linux 2 : ImageMagick, --advisory ALAS2-2025-3096 (ALAS-2025-3096)

The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3096 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and...

Amazon Linux 2 : qt5-qtbase, --advisory ALAS2-2025-3102 (ALAS-2025-3102)

The version of qt5-qtbase installed on the remote host is prior to 5.15.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3102 advisory. Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Q...

Amazon Linux 2 : libvirt, --advisory ALAS2-2025-3115 (ALAS-2025-3115)

The version of libvirt installed on the remote host is prior to 4.5.0-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3115 advisory. A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was perform...

Amazon Linux 2 : aws-cfn-bootstrap, --advisory ALAS2-2025-3104 (ALAS-2025-3104)

The version of aws-cfn-bootstrap installed on the remote host is prior to 2.0-38. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3104 advisory. Issue summary: A timing side-channel which could potentially allow recoveringthe private key exists in the ECDSA...

Amazon Linux 2 : python-urllib3, --advisory ALAS2-2025-3110 (ALAS-2025-3110)

The version of python-urllib3 installed on the remote host is prior to 1.25.9-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3110 advisory. urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number...