Amazon Linux 2023 : freerdp, freerdp-devel, freerdp-libs (ALAS2023-2026-1433)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1433 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race condition between the RDPGFX dynamic virtual channel thread and the SDL render thread leads to a heap...

Amazon Linux 2023 : libpng, libpng-devel, libpng-static (ALAS2023-2026-1440)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1440 advisory. Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer ASan, the program leaks memory in various...

Amazon Linux 2023 : firefox (ALAS2023-2026-1424)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1424 advisory. In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation. CVE-2026-25210 Tenable has...

Amazon Linux 2 : nginx, --advisory ALAS2NGINX1-2026-010 (ALASNGINX1-2026-010)

The version of nginx installed on the remote host is prior to 1.28.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NGINX1-2026-010 advisory. A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security TLS servers. A...

Amazon Linux 2023 : firefox (ALAS2023-2026-1429)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1429 advisory. Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox 146. CVE-2025-14327 Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox 147...

Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2026-1375)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1375 advisory. No QUIC certificate pinning with GnuTLS NOTE: https://curl.se/docs/CVE-2025-13034.htmlNOTE: Introduced with: https://github.com/curl/curl/commit/3210101088dfa3d6a125d213226b092f2f866722...

Amazon Linux 2023 : docker (ALAS2023-2026-1376)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1376 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processe...

Amazon Linux 2023 : fontforge, fontforge-devel (ALAS2023-2026-1431)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1431 advisory. FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of...

Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2026-1436)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1436 advisory. A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security TLS servers. An attacker with a man-in-the-middle MITM position on the upstream server...

Amazon Linux 2 : fontforge, --advisory ALAS2-2026-3164 (ALAS-2026-3164)

The version of fontforge installed on the remote host is prior to 20120731b-13. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3164 advisory. FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows...

Amazon Linux 2023 : alsa-lib, alsa-lib-devel, alsa-topology (ALAS2023-2026-1426)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1426 advisory. alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplgdecodecontrolmixer1 function reads the...

Amazon Linux 2 : oci-add-hooks, --advisory ALAS2NITRO-ENCLAVES-2026-091 (ALASNITRO-ENCLAVES-2026-091)

The version of oci-add-hooks installed on the remote host is prior to 0-0.7.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-091 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2026-113 (ALASKERNEL-5.10-2026-113)

The version of kernel installed on the remote host is prior to 5.10.248-247.988. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2026-113 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: core: ufs: Fix a hang in the...

Amazon Linux 2023 : python3.12-wheel, python3.12-wheel-wheel (ALAS2023-2026-1410)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1410 advisory. wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.46.1 and below, the unpack function is vulnerable to file permission modification through...

Amazon Linux 2 : openssl11, --advisory ALAS2-2026-3169 (ALAS-2026-3169)

The version of openssl11 installed on the remote host is prior to 1.1.1zf-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3169 advisory. Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short...

Amazon Linux 2 : openssl, --advisory ALAS2-2026-3168 (ALAS-2026-3168)

The version of openssl installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3168 advisory. Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writ...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2026-118 (ALASKERNEL-5.4-2026-118)

The version of kernel installed on the remote host is prior to 5.4.302-222.451. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2026-118 advisory. In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix null-deref in...

Amazon Linux 2023 : python3.12, python3.12-devel, python3.12-idle (ALAS2023-2026-1444)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1444 advisory. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email message...

Amazon Linux 2 : runc, --advisory ALAS2NITRO-ENCLAVES-2026-092 (ALASNITRO-ENCLAVES-2026-092)

The version of runc installed on the remote host is prior to 1.3.4-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-092 advisory. cmd/go: bypass of flag sanitization can lead to arbitrary code execution CVE-2025-61731 cmd/go: unexpected code...

Amazon Linux 2 : java-1.8.0-openjdk, --advisory ALAS2-2026-3154 (ALAS-2026-3154)

The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.482.b08-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3154 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product ...