Medium: qt

Issue Overview: In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont munitsPerEm initialization is mishandled. CVE-2023-32573 Affected Packages: qt Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ secti...

Medium: nss-softokn

Issue Overview: new tlsfuzzer code can still detect timing issues in RSA operations CVE-2023-4421 Affected Packages: nss-softokn Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue...

Important: kernel

Issue Overview: A use-after-free flaw was found in vcsread in drivers/tty/vt/vcscreen.c in vcscreen in the Linux Kernel. In this flaw an attacker with local user access may lead to a system crash or a leak of internal kernel information. CVE-2023-3567 In the Linux kernel, the following...

Amazon Linux 2 : python-requests (ALAS-2025-2845)

The version of python-requests installed on the remote host is prior to 2.6.0-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2845 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: nbd: Fix NULL pointer in flushworkqueue CVE-2021-46981 A use-after-free flaw was found in btrfssearchslot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and...

Low: python-requests

Issue Overview: No CVE associated with this advisory Affected Packages: python-requests Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update python-requests t...

Medium: grub2

Issue Overview: When reading the language .mo file in grubmofileopen, grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to leak...

Amazon Linux 2 : grub2 (ALAS-2025-2844)

The version of grub2 installed on the remote host is prior to 2.06-14. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2844 advisory. When reading the language .mo file in grubmofileopen, grub2 fails to verify an integer overflow when allocating its internal...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dmaengine: Fix double increment of clientcount in dmachanget CVE-2022-49753 A memory corruption flaw was found in the Linux kernel's human interface device HID subsystem in how a user inserts a malicious USB devic...

Amazon Linux 2 : java-17-amazon-corretto (ALAS-2025-2838)

The version of java-17-amazon-corretto installed on the remote host is prior to 17.0.15+6-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2838 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product...

Important: libsoup

Issue Overview: A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skipinsightwhitespace function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server. CVE-2025-2784 Affected Packages...

Amazon Linux 2 : libsoup (ALAS-2025-2841)

The version of libsoup installed on the remote host is prior to 2.56.0-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2841 advisory. A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the...

Amazon Linux 2 : kernel (ALASKERNEL-5.15-2025-070)

The version of kernel installed on the remote host is prior to 5.15.180-122.191. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2025-070 advisory. In the Linux kernel, the following vulnerability has been resolved: blk-throttle: Set BIOTHROTTLED when...

Amazon Linux 2 : runfinch-finch (ALASDOCKER-2025-057)

The version of runfinch-finch installed on the remote host is prior to 1.7.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-057 advisory. golang-jwt is a Go implementation of JSON Web Tokens. Prior to5.2.2 and 4.5.2, the function parse.ParseUnverified split...

Important: firefox

Issue Overview: An issue was discovered in libexpat before 2.6.4. There is a crash within the XMLResumeParser function because XMLStopParser can stop/suspend an unstarted parser. CVE-2024-50602 ochufftreeunpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left...

Amazon Linux 2 : runc (ALASECS-2025-062)

The version of runc installed on the remote host is prior to 1.0.0-0.3.20210225.git12644e6. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-062 advisory. The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2025-100)

The version of kernel installed on the remote host is prior to 5.4.292-208.414. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2025-100 advisory. In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix use-after-free of encap...

Important: docker

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Important: docker

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Medium: docker

Issue Overview: A flaw was found in Docker when it creates network bridges that accept IPv6 router advertisements by default. This flaw allows an attacker who can execute code in a container to possibly spoof rogue IPv6 router advertisements to perform a man-in-the-middle MitM attack against the...