Amazon Linux 2 : python-tornado, --advisory ALAS2-2026-3286 (ALAS-2026-3286)

The version of python-tornado installed on the remote host is prior to 4.2.1-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3286 advisory. In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to...

Amazon Linux 2 : docker, --advisory ALAS2DOCKER-2026-114 (ALASDOCKER-2026-114)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-114 advisory. Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that...

Amazon Linux 2 : docker, --advisory ALAS2NITRO-ENCLAVES-2026-100 (ALASNITRO-ENCLAVES-2026-100)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-100 advisory. Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been...

Amazon Linux 2 : rust, --advisory ALAS2-2026-3296 (ALAS-2026-3296)

The version of rust installed on the remote host is prior to 1.95.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3296 advisory. Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic in ptr::dropinplace...

Amazon Linux 2 : PackageKit, --advisory ALAS2-2026-3282 (ALAS-2026-3282)

The version of PackageKit installed on the remote host is prior to 1.1.5-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3282 advisory. PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro,...

Amazon Linux 2 : ruby, --advisory ALAS2-2026-3284 (ALAS-2026-3284)

The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3284 advisory. ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance...

Amazon Linux 2 : qemu, --advisory ALAS2-2026-3293 (ALAS-2026-3293)

The version of qemu installed on the remote host is prior to 3.1.0-8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3293 advisory. hcd-ohci: infinite loop NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/129922c2bc398b656a9180150e667f98fdf0d40...

Amazon Linux 2 : dnsmasq, --advisory ALAS2DNSMASQ-2026-003 (ALASDNSMASQ-2026-003)

The version of dnsmasq installed on the remote host is prior to 2.90-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DNSMASQ-2026-003 advisory. dnsmasqs extractname function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache...

Amazon Linux 2 : python3-tornado, --advisory ALAS2-2026-3287 (ALAS-2026-3287)

The version of python3-tornado installed on the remote host is prior to 5.0.2-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3287 advisory. In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to...

Amazon Linux 2 : vim, --advisory ALAS2-2026-3292 (ALAS-2026-3292)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3292 advisory. Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is...

Amazon Linux 2 : oci-add-hooks, --advisory ALAS2NITRO-ENCLAVES-2026-101 (ALASNITRO-ENCLAVES-2026-101)

The version of oci-add-hooks installed on the remote host is prior to 0-0.9.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-101 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow ...

Amazon Linux 2 : containerd, --advisory ALAS2ECS-2026-109 (ALASECS-2026-109)

The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-109 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler...

Amazon Linux 2 : amazon-ecr-credential-helper, --advisory ALAS2ECS-2026-111 (ALASECS-2026-111)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.12.0-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-111 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow ...

Amazon Linux 2 : amazon-ecr-credential-helper, --advisory ALAS2DOCKER-2026-113 (ALASDOCKER-2026-113)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.12.0-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-113 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overfl...

Amazon Linux 2 : amazon-ecr-credential-helper, --advisory ALAS2NITRO-ENCLAVES-2026-099 (ALASNITRO-ENCLAVES-2026-099)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.12.0-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-099 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow o...

Amazon Linux 2 : runfinch-finch, --advisory ALAS2DOCKER-2026-117 (ALASDOCKER-2026-117)

The version of runfinch-finch installed on the remote host is prior to 1.17.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-117 advisory. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination ...

Amazon Linux 2 : docker, --advisory ALAS2ECS-2026-108 (ALASECS-2026-108)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-108 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler...

Low: atop

Issue Overview: atop through 2.11.0 allows local users to cause a denial of service e.g., assertion failure and application exit or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop. CVE-2025-31160 Affected Packages: atop...

Low: PackageKit

Issue Overview: A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: fbcon: Set fbdisplayi-mode to NULL when the mode is released CVE-2025-40323 In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: add seqadj extension for natted connections...