30 matches found
Amazon Linux 2023 : aspnetcore-runtime-10.0, aspnetcore-runtime-dbg-10.0, aspnetcore-targeting-pack-10.0 (ALAS2023-2026-1867)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1867 advisory. Improper authorization in .NET allows an authorized attacker to elevate privileges locally. CVE-2026-45490 Improper link resolution before file access 'link following' in .NET allows an...
Amazon Linux 2 : amazon-ssm-agent, --advisory ALAS2-2026-3350 (ALAS-2026-3350)
The version of amazon-ssm-agent installed on the remote host is prior to 3.3.4515.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3350 advisory. When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2026-103 (ALASKERNEL-5.15-2026-103)
The version of kernel installed on the remote host is prior to 5.15.204-143.231. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2026-103 advisory. In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag...
Amazon Linux 2 : runc, --advisory ALAS2ECS-2026-114 (ALASECS-2026-114)
The version of runc installed on the remote host is prior to 1.3.4-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-114 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler...
Amazon Linux 2 : perl-YAML-Syck, --advisory ALAS2-2026-3216 (ALAS-2026-3216)
The version of perl-YAML-Syck installed on the remote host is prior to 1.27-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3216 advisory. YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high- severity heap buff...
Amazon Linux 2 : ecs-init, --advisory ALAS2ECS-2025-092 (ALASECS-2025-092)
The version of ecs-init installed on the remote host is prior to 1.82.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-092 advisory. A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload...
Amazon Linux 2 : audiofile, --advisory ALAS2-2025-3087 (ALAS-2025-3087)
The version of audiofile installed on the remote host is prior to 0.3.6-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3087 advisory. Audiofile v0.3.7 was discovered to contain a NULL pointer dereference via the ModuleState::setup function. CVE-2025-50950 Tenabl...
Amazon Linux 2 : amazon-efs-utils, --advisory ALAS2-2025-3076 (ALAS-2025-3076)
The version of amazon-efs-utils installed on the remote host is prior to 2.4.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3076 advisory. regex is an implementation of regular expressions for the Rust language. The regex crate features built-in...
Amazon Linux 2023 : libnvjpeg-12, libnvjpeg-devel-12 (ALAS2023NVIDIA-2025-197)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2025-197 advisory. NVIDIA nvJPEG library contains a vulnerability where an attacker can cause an out-of-bounds read by means of a specially crafted JPEG file. A successful exploit of this vulnerability might lead to...
Amazon Linux 2 : polkit, --advisory ALAS2-2025-3024 (ALAS-2025-3024)
The version of polkit installed on the remote host is prior to 0.112-26. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3024 advisory. A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be...
Amazon Linux 2 : compat-libtiff3, --advisory ALAS2-2025-3021 (ALAS-2025-3021)
The version of compat-libtiff3 installed on the remote host is prior to 3.9.4-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3021 advisory. Write-What-Where in libtiff via TIFFReadRGBAImageOriented CVE-2025-9900 Tenable has extracted the preceding description...
Amazon Linux 2 : amazon-ecr-credential-helper, --advisory ALAS2ECS-2025-075 (ALASECS-2025-075)
The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.10.1-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-075 advisory. Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking...
Amazon Linux 2 : krb5, --advisory ALAS2-2025-2985 (ALAS-2025-2985)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2985 advisory. krb5: overflow when calculating ulog block size CVE-2025-24528 A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weakness...
Amazon Linux 2 : vorbis-tools, --advisory ALAS2-2025-2983 (ALAS-2025-2983)
The version of vorbis-tools installed on the remote host is prior to 1.4.0-13. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2983 advisory. Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of...
Amazon Linux 2 : mod_security (ALAS-2025-2963)
The version of modsecurity installed on the remote host is prior to 2.9.11-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2963 advisory. ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. In versions 2.9.8...
Amazon Linux 2 : mod_security (ALAS-2025-2887)
The version of modsecurity installed on the remote host is prior to 2.9.10-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2887 advisory. ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions...
Amazon Linux 2 : open-vm-tools (ALAS-2025-2864)
The version of open-vm-tools installed on the remote host is prior to 12.3.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2864 advisory. VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a gue...
Amazon Linux 2 : postgresql (ALAS-2025-2866)
The version of postgresql installed on the remote host is prior to 9.2.24-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2866 advisory. Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, an...
Amazon Linux AMI : python26 (ALAS-2025-1972)
The version of python26 installed on the remote host is prior to 2.6.9-2.92. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1972 advisory. A CRLF injection flaw was discovered in python in the way URLs are handled when doing an HTTP/HTTPS connection e.g...
Amazon Linux AMI : golang (ALAS-2025-1971)
The version of golang installed on the remote host is prior to 1.23.7-1.50. It is, therefore, affected by a vulnerability as referenced in the ALAS-2025-1971 advisory. Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a...