Amazon Linux 2 : open-vm-tools, --advisory ALAS2-2025-3036 (ALAS-2025-3036)

The version of open-vm-tools installed on the remote host is prior to 12.3.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3036 advisory. VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with...

Important: open-vm-tools

Issue Overview: VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability ...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: NFSD: Protect against send buffer overflow in NFSv2 READ CVE-2022-50410 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon...

Critical: ipa

Issue Overview: A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM...

EUVD-2023-39807

Malicious code in bioql PyPI...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2025-106 (ALASKERNEL-5.10-2025-106)

The version of kernel installed on the remote host is prior to 5.10.220-209.867. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-106 advisory. In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix the behavior of READ near...

Amazon Linux 2 : ImageMagick, --advisory ALAS2-2025-3009 (ALAS-2025-3009)

The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3009 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower...

Amazon Linux 2 : libsoup, --advisory ALAS2-2025-3006 (ALAS-2025-3006)

The version of libsoup installed on the remote host is prior to 2.56.0-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3006 advisory. A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate...

Low: libtiff

Issue Overview: A flaw has been found in LibTIFF 4.7.0. This affects the function TIFFmallocExt/TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. The...

Medium: redis

Issue Overview: TOCTOU in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopen"w" on the history path and subsequent chmod on the same path. CVE-2025-9810 Affected Packages: redis Note: This advisory is...

Amazon Linux 2 : udisks2, --advisory ALAS2-2025-2992 (ALAS-2025-2992)

The version of udisks2 installed on the remote host is prior to 2.7.3-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2992 advisory. A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is...

Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2025-042 (ALASFIREFOX-2025-042)

The version of firefox installed on the remote host is prior to 140.2.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2025-042 advisory. Improper Input Validation vulnerability in Mozilla neqo leads to an unexploitable crash..This issue affects neqo:...

Amazon Linux 2 : pki-core, --advisory ALAS2-2025-2995 (ALAS-2025-2995)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2995 advisory. Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Bootstrap allows Cross-Site Scripting XSS.This issue affects Bootstrap: from 3.4.1 before 4.0.0...

Amazon Linux 2 : mock, --advisory ALAS2MOCK-2025-001 (ALASMOCK-2025-001)

The version of mock installed on the remote host is prior to 1.4.19-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2MOCK-2025-001 advisory. The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the...

Low: giflib

Issue Overview: Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c CVE-2023-48161 Affected Packages: giflib Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Vis...

Amazon Linux 2 : samba, --advisory ALAS2-2025-2979 (ALAS-2025-2979)

The version of samba installed on the remote host is prior to 4.10.16-24. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2979 advisory. All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be...

Medium: rust

Issue Overview: There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above. CVE-2025-6965 Affected Packages: rust...

Amazon Linux 2 : ImageMagick, --advisory ALAS2-2025-2980 (ALAS-2025-2980)

The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2980 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27...

Amazon Linux 2 : ruby, --advisory ALAS2-2025-2990 (ALAS-2025-2990)

The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2990 advisory. An exploitable heap overflow vulnerability exists in the Psych::Emitter startdocument function of Ruby. In Psych::Emitter...

Important: kernel-livepatch-5.10.237-230.948

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new fence is really later CVE-2022-49935 Affected Packages: kernel-livepatch-5.10.237-230.948 Issue Correction: Please ensure you have live patching enabled. Run yum update...