Amazon Linux 2 : oci-add-hooks (ALASDOCKER-2025-065)

The version of oci-add-hooks installed on the remote host is prior to 0-0.3.20200504git325a340. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-065 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size li...

Medium: edk2

Issue Overview: EDK2 contains a vulnerability in the HashPeImageByType. A user may cause a read out of bounds when a corrupted data pointer and length are sent via an adjecent network. A successful exploit of this vulnerability may lead to a loss of Integrity and/or Availability. CVE-2024-38797...

Medium: pcs

Issue Overview: Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host XFH header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrar...

Medium: pcs

Issue Overview: Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host XFH header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrar...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clean up repair bio if submit fails CVE-2022-49168 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amazon Linux ...

Amazon Linux 2 : kernel (ALAS-2025-2854)

The version of kernel installed on the remote host is prior to 4.14.355-277.643. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2854 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clean up repair bio if submit...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clean up repair bio if submit fails CVE-2022-49168 In the Linux kernel, the following vulnerability has been resolved: bfq: Update cgroup information before merging bio CVE-2022-49413 In the Linux...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2025-091)

The version of kernel installed on the remote host is prior to 5.10.236-228.935. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-091 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clean up repair bio if...

Amazon Linux 2 : edk2 (ALAS-2025-2852)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2852 advisory. EDK2 contains a vulnerability in the HashPeImageByType. A user may cause a read out of bounds when a corrupted data pointer and length are sent via an adjecent network. A successful exploit of this...

Amazon Linux 2 : kernel (ALASKERNEL-5.15-2025-071)

The version of kernel installed on the remote host is prior to 5.15.180-123.192. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.15-2025-071 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clean up repair bio if submit...

Amazon Linux 2 : jetty (ALAS-2025-2855)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2855 advisory. For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On...

Low: jetty

Issue Overview: For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2025-099)

The version of kernel installed on the remote host is prior to 5.4.156-83.273. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2025-099 advisory. A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users d...

Amazon Linux 2 : kernel, --advisory ALAS2-2025-2837 (ALAS-2025-2837)

The version of kernel installed on the remote host is prior to 4.14.305-227.531. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2837 advisory. In the Linux kernel, the following vulnerability has been resolved: dmaengine: Fix double increment of clientcount...

Amazon Linux 2 : kernel (ALAS-2025-2834)

The version of kernel installed on the remote host is prior to 4.14.330-250.540. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2834 advisory. A use-after-free flaw was found in vcsread in drivers/tty/vt/vcscreen.c in vcscreen in the Linux Kernel. In this...

Amazon Linux 2 : nss-softokn (ALAS-2025-2835)

The version of nss-softokn installed on the remote host is prior to 3.67.0-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2835 advisory. new tlsfuzzer code can still detect timing issues in RSA operations CVE-2023-4421 Tenable has extracted the preceding...

Low: python-requests

Issue Overview: No CVE associated with this advisory Affected Packages: python-requests Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update python-requests o...

Low: python-requests

Issue Overview: No CVE associated with this advisory Affected Packages: python-requests Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update python-requests t...

Medium: python3-requests

Issue Overview: Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to th...

Amazon Linux 2 : qt (ALAS-2025-2847)

The version of qt installed on the remote host is prior to 4.8.5-15. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2847 advisory. In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont munitsPerEm initialization...