Amazon Linux 2023 : python3.13, python3.13-devel, python3.13-freethreading (ALAS2023-2026-1786)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1786 advisory. http.cookies.Morsel.jsoutput returns an inline snippet and only escapes for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element...

Amazon Linux 2023 : device-mapper-persistent-data (ALAS2023-2026-1791)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1791 advisory. An unsoundness issue RUSTSEC-2026-0097 was found in the bundled Rust rand crate used by device-mapper- persistent-data. ThreadRng methods use unsafe code that can create aliased mutable references when...

Amazon Linux 2023 : sendmail, sendmail-cf, sendmail-milter (ALAS2023-2026-1818)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1818 advisory. sendmail through at least 8.14.7 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address,...

Amazon Linux 2 : atril, --advisory ALAS2MATE-DESKTOP1.X-2026-011 (ALASMATE-DESKTOP1.X-2026-011)

The version of atril installed on the remote host is prior to 1.20.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2MATE-DESKTOP1.X-2026-011 advisory. CVE-2026-46529 is a command injection vulnerability in Evince, Atril, and Xreader caused by missing quoting of...

Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2026-1773)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1773 advisory. NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-...

Medium: python3.9

Issue Overview: http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie valu...

Amazon Linux 2023 : libnvsdm, libnvsdm-devel (ALAS2023NVIDIA-2026-290)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2026-290 advisory. NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successfu...

Amazon Linux 2023 : capstone, capstone-devel, capstone-java (ALAS2023-2026-1772)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1772 advisory. Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, an unchecked vsnprintf return in SStreamconcat lets a malicious csoptmem.vsnprintf drive SStream's index negative or past the en...

Amazon Linux 2023 : mariadb1011, mariadb1011-backup, mariadb1011-client-utils (ALAS2023-2026-1811)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1811 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable...

Amazon Linux 2023 : memcached, memcached-devel, memcached-selinux (ALAS2023-2026-1781)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1781 advisory. In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by...

Medium: python3.13

Issue Overview: http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie valu...

Medium: capstone

Issue Overview: Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, an unchecked vsnprintf return in SStreamconcat lets a malicious csoptmem.vsnprintf drive SStream's index negative or past the end, leading to a stack buffer underflow/overflow when the next write occurs. Comm...

Amazon Linux 2 : bind, --advisory ALAS2-2026-3353 (ALAS-2026-3353)

The version of bind installed on the remote host is prior to 9.11.4-26.P2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3353 advisory. Limit resolver server list size CVE-2026-3592 Avoid unbounded recursion loop CVE-2026-5950 Tenable has extracted the...

Amazon Linux 2 : perl-Template-Toolkit, --advisory ALAS2-2026-3345 (ALAS-2026-3345)

The version of perl-Template-Toolkit installed on the remote host is prior to 2.24-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3345 advisory. emplate::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The htmlfilter functi...

Amazon Linux 2 : postgresql, --advisory ALAS2-2026-3344 (ALAS-2026-3344)

The version of postgresql installed on the remote host is prior to 9.2.24-8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3344 advisory. Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and...

Important: dotnet8.0

Issue Overview: Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. CVE-2026-32177 Loop with unreachable exit condition 'infinite loop' in ASP.NET Core allows an unauthorized attacker to deny service over a network. CVE-2026-42899 Affected Packages:...

Amazon Linux 2 : perl-YAML-Syck, --advisory ALAS2-2026-3327 (ALAS-2026-3327)

The version of perl-YAML-Syck installed on the remote host is prior to 1.27-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3327 advisory. YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 sexagesimal parsing code in perlsyck.h has a...

Amazon Linux 2 : rsync, --advisory ALAS2-2026-3332 (ALAS-2026-3332)

The version of rsync installed on the remote host is prior to 3.1.2-11. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3332 advisory. Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counte...

Amazon Linux 2 : perl-XML-LibXML, --advisory ALAS2-2026-3342 (ALAS-2026-3342)

The version of perl-XML-LibXML installed on the remote host is prior to 2.0018-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3342 advisory. XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncat...

Amazon Linux 2 : perl-Crypt-PasswdMD5, --advisory ALAS2-2026-3343 (ALAS-2026-3343)

The version of perl-Crypt-PasswdMD5 installed on the remote host is prior to 1.3-17. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3343 advisory. Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The built-in rand function ...