Important: kernel-livepatch-5.10.237-230.948

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new fence is really later CVE-2022-49935 Affected Packages: kernel-livepatch-5.10.237-230.948 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Important: kernel-livepatch-4.14.355-280.664

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new fence is really later CVE-2022-49935 Affected Packages: kernel-livepatch-4.14.355-280.664 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Important: libxslt

Issue Overview: A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may le...

Important: kernel-livepatch-5.10.240-238.955

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new fence is really later CVE-2022-49935 Affected Packages: kernel-livepatch-5.10.240-238.955 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Low: nginx

Issue Overview: NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server...

Amazon Linux 2 : python3 (ALAS-2025-2962)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2962 advisory. There is a defect in the CPython tarfile module affecting the TarFile extraction and entry enumeration APIs. The tar implementatio...

Amazon Linux 2 : LibRaw (ALAS-2025-2974)

The version of LibRaw installed on the remote host is prior to 0.19.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2974 advisory. In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser. CVE-2025-43961 In...

Low: gnupg2

Issue Overview: In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."...

Important: unbound

Issue Overview: A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet ECS. Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along wit...

Important: tomcat

Issue Overview: For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106...

Amazon Linux 2 : tomcat (ALASTOMCAT9-2025-021)

The version of tomcat installed on the remote host is prior to 9.0.107-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT9-2025-021 advisory. Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache...

Amazon Linux 2 : tomcat (ALAS-2025-2953)

The version of tomcat installed on the remote host is prior to 7.0.76-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2953 advisory. For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via...

Medium: pam

Issue Overview: A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. CVE-2025-6020 Affected Packages: pam Note: This advisor...

Amazon Linux 2 : kernel, --advisory ALAS2-2025-2955 (ALAS-2025-2955)

The version of kernel installed on the remote host is prior to 4.14.355-280.664. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2955 advisory. In the Linux kernel, the following vulnerability has been resolved: net: tap: NULL pointer derefence in...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2025-098 (ALASKERNEL-5.10-2025-098)

The version of kernel installed on the remote host is prior to 5.10.239-236.958. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-098 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: fix stuck flow...

Amazon Linux 2 : LibRaw (ALAS-2025-2954)

The version of LibRaw installed on the remote host is prior to 0.19.4-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2954 advisory. In LibRaw before 0.21.4, tag 0x412 processing in phaseonecorrect in decoders/loadmfbacks.cpp does not enforce minimum w0 and w1...

Amazon Linux 2 : java-1.8.0-amazon-corretto (ALASCORRETTO8-2025-020)

The version of java-1.8.0-amazon-corretto installed on the remote host is prior to 1.8.0462.b08-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2CORRETTO8-2025-020 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2025-100)

The version of kernel installed on the remote host is prior to 5.10.240-238.955. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.10-2025-100 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported...

Amazon Linux 2 : kernel (ALASKERNEL-5.15-2025-086)

The version of kernel installed on the remote host is prior to 5.15.189-131.202. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.15-2025-086 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported...

Amazon Linux 2 : php (ALASPHP8.2-2025-008)

The version of php installed on the remote host is prior to 8.2.29-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.2-2025-008 advisory. fsockopen doesn't regard hostname as well, hostname is terminated at the null byte. This can cause Server Side Request...