Amazon Linux 2 : soci-snapshotter, --advisory ALAS2DOCKER-2025-090 (ALASDOCKER-2025-090)

The version of soci-snapshotter installed on the remote host is prior to 0.12.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-090 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint...

Amazon Linux 2 : runc, --advisory ALAS2ECS-2025-089 (ALASECS-2025-089)

The version of runc installed on the remote host is prior to 1.3.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2025-089 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificat...

Amazon Linux 2 : amazon-cloudwatch-agent, --advisory ALAS2-2025-3120 (ALAS-2025-3120)

The version of amazon-cloudwatch-agent installed on the remote host is prior to 1.300062.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3120 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which m...

Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2025-049 (ALASFIREFOX-2025-049)

The version of firefox installed on the remote host is prior to 140.6.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2025-049 advisory. Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox 146 and Firefox ESR 140.6...

Medium: docker

Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...

Amazon Linux 2 : usbmuxd, --advisory ALAS2-2025-3111 (ALAS-2025-3111)

The version of usbmuxd installed on the remote host is prior to 1.1.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3111 advisory. A Path Traversal vulnerability in usbmuxd allows local users to escalate to the service user. CVE-2025-66004 Tenable has extracted...

Amazon Linux 2 : docker, --advisory ALAS2DOCKER-2025-089 (ALASDOCKER-2025-089)

The version of docker installed on the remote host is prior to 25.0.13-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-089 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate...

Amazon Linux 2 : ecs-init, --advisory ALAS2ECS-2025-092 (ALASECS-2025-092)

The version of ecs-init installed on the remote host is prior to 1.82.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-092 advisory. A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload...

Amazon Linux 2 : kernel, --advisory ALAS2-2025-3090 (ALAS-2025-3090)

The version of kernel installed on the remote host is prior to 4.14.355-280.710. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3090 advisory. In the Linux kernel, the following vulnerability has been resolved: NFSD: Avoid calling OPDESC with ops-opnum == OPILLEGAL...

Low: python3

Issue Overview: If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment variables. CVE-2025-6075 Affected Packages: python3 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...

Medium: postgresql

Issue Overview: Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail...

Medium: curl

Issue Overview: wcurl path traversal with percent-encoded slashes URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. CVE-2025-11563 Affected Packages: curl Note: This advisory is...

Amazon Linux 2 : unbound, --advisory ALAS2-2025-3095 (ALAS-2025-3095)

The version of unbound installed on the remote host is prior to 1.7.3-15. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3095 advisory. NLnet Labs Unbound up to and including version 1.24.0 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that...

Amazon Linux 2 : postgresql, --advisory ALAS2POSTGRESQL14-2025-021 (ALASPOSTGRESQL14-2025-021)

The version of postgresql installed on the remote host is prior to 14.20-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL14-2025-021 advisory. Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of...

Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2025-045 (ALASFIREFOX-2025-045)

The version of firefox installed on the remote host is prior to 140.4.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2FIREFOX-2025-045 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version numbe...

Amazon Linux 2 : amazon-ecr-credential-helper, --advisory ALAS2DOCKER-2025-079 (ALASDOCKER-2025-079)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.10.1-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-079 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted value...

Amazon Linux 2 : fontforge, --advisory ALAS2-2025-3063 (ALAS-2025-3063)

The version of fontforge installed on the remote host is prior to 20120731b-13. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3063 advisory. FontForge v20230101 was discovered to contain a memory leak via the component DlgCreate8. CVE-2025-50949 Tenable has extract...

Amazon Linux 2 : qt5-qt3d, --advisory ALAS2-2025-3074 (ALAS-2025-3074)

The version of qt5-qt3d installed on the remote host is prior to 5.15.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3074 advisory. A weakness has been identified in Open Asset Import Library Assimp 6.0.2. This affects the function Q3DImporter::InternReadFile o...

Amazon Linux 2 : tomcat, --advisory ALAS2-2025-3067 (ALAS-2025-3067)

The version of tomcat installed on the remote host is prior to 7.0.76-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3067 advisory. Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred including exceeding limits during the...

Important: gimp

Issue Overview: GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a...