Amazon Linux 2 : amazon-ecr-credential-helper, --advisory ALAS2DOCKER-2025-079 (ALASDOCKER-2025-079)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.10.1-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-079 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted value...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix invalid derefence of sblvbptr CVE-2022-50516 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.10 Extra. Visit this page to learn more about Amazon Linux 2 AL2...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix invalid derefence of sblvbptr CVE-2022-50516 In the Linux kernel, the following vulnerability has been resolved: ext4: fix possible double unlock when moving a directory CVE-2023-53626 Affected...

Important: gimp

Issue Overview: GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a...

Important: amazon-ecr-credential-helper

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

Important: runfinch-finch

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

Amazon Linux 2 : gimp, --advisory ALAS2GIMP-2025-009 (ALASGIMP-2025-009)

The version of gimp installed on the remote host is prior to 2.8.22-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2GIMP-2025-009 advisory. GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers t...

Low: firefox

Issue Overview: No CVE associated with this advisory Affected Packages: firefox Note: This advisory is applicable to Amazon Linux 2 - Firefox Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories...

Low: unbound

Issue Overview: No CVE associated with this advisory Affected Packages: unbound Note: This advisory is applicable to Amazon Linux 2 - Unbound-1.17 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisorie...

Amazon Linux 2 : java-17-amazon-corretto, --advisory ALAS2-2025-3047 (ALAS-2025-3047)

The version of java-17-amazon-corretto installed on the remote host is prior to 17.0.17+10-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3047 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produc...

Amazon Linux 2 : qt5-qtsvg, --advisory ALAS2-2025-3051 (ALAS-2025-3051)

The version of qt5-qtsvg installed on the remote host is prior to 5.15.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3051 advisory. The module will parse a node which is not a child of a structural node. The node will be deleted after creation but might be...

Amazon Linux 2 : pcs, --advisory ALAS2-2025-3046 (ALAS-2025-3046)

The version of pcs installed on the remote host is prior to 0.9.169-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3046 advisory. Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser buffers...

Amazon Linux 2 : java-1.8.0-amazon-corretto, --advisory ALAS2CORRETTO8-2025-021 (ALASCORRETTO8-2025-021)

The version of java-1.8.0-amazon-corretto installed on the remote host is prior to 1.8.0472.b08-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2CORRETTO8-2025-021 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise...

Amazon Linux 2 : perl-YAML-Syck, --advisory ALAS2-2025-3049 (ALAS-2025-3049)

The version of perl-YAML-Syck installed on the remote host is prior to 1.27-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3049 advisory. YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential informati...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2025-113 (ALASKERNEL-5.4-2025-113)

The version of kernel installed on the remote host is prior to 5.4.300-220.446. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2025-113 advisory. In the Linux kernel, the following vulnerability has been resolved: sched, cpuset: Fix dlcpubusy panic due...

Amazon Linux 2 : sssd, --advisory ALAS2-2025-3050 (ALAS-2025-3050)

The version of sssd installed on the remote host is prior to 1.16.5-11. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3050 advisory. A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default...

Important: qt5-qtsvg

Issue Overview: The module will parse a node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free. CVE-2025-10729 Affected Packages: qt5-qtsvg Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

Important: sssd

Issue Overview: A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, SSSD does not enable the Kerberos local authentication plugin sssdkrb5localauthplugin, allowing an attacker with permission to modify...

Amazon Linux 2 : open-vm-tools, --advisory ALAS2-2025-3036 (ALAS-2025-3036)

The version of open-vm-tools installed on the remote host is prior to 12.3.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3036 advisory. VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with...

Amazon Linux 2 : squid, --advisory ALAS2-2025-3027 (ALAS-2025-3027)

The version of squid installed on the remote host is prior to 3.5.20-17. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3027 advisory. Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asnbuildobjid in lib/snmplib/asn1.c. CVE-2025-59362...