Amazon Linux 2 : dnsmasq, --advisory ALAS2DNSMASQ-2026-003 (ALASDNSMASQ-2026-003)

The version of dnsmasq installed on the remote host is prior to 2.90-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2DNSMASQ-2026-003 advisory. dnsmasqs extractname function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache...

Amazon Linux 2 : vim, --advisory ALAS2-2026-3292 (ALAS-2026-3292)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3292 advisory. Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is...

Amazon Linux 2 : rclone, --advisory ALAS2-2026-3285 (ALAS-2026-3285)

The version of rclone installed on the remote host is prior to 1.55.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3285 advisory. Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC...

Amazon Linux 2 : gimp, --advisory ALAS2GIMP-2026-015 (ALASGIMP-2026-015)

The version of gimp installed on the remote host is prior to 2.8.22-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2GIMP-2026-015 advisory. A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing ...

Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2026-058 (ALASFIREFOX-2026-058)

The version of firefox installed on the remote host is prior to 140.10.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2026-058 advisory. Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic...

Amazon Linux 2 : ImageMagick, --advisory ALAS2-2026-3288 (ALAS-2026-3288)

The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3288 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both...

Amazon Linux 2 : amazon-ecr-credential-helper, --advisory ALAS2DOCKER-2026-113 (ALASDOCKER-2026-113)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.12.0-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-113 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overfl...

Amazon Linux 2 : amazon-ecr-credential-helper, --advisory ALAS2NITRO-ENCLAVES-2026-099 (ALASNITRO-ENCLAVES-2026-099)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.12.0-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-099 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow o...

Amazon Linux 2 : xdg-desktop-portal, --advisory ALAS2-2026-3298 (ALAS-2026-3298)

The version of xdg-desktop-portal installed on the remote host is prior to 1.0.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3298 advisory. Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host...

Amazon Linux 2 : java-17-amazon-corretto, --advisory ALAS2-2026-3299 (ALAS-2026-3299)

The version of java-17-amazon-corretto installed on the remote host is prior to 17.0.19+10-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3299 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produc...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2026-118 (ALASKERNEL-5.10-2026-118)

The version of kernel installed on the remote host is prior to 5.10.253-252.1015. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2026-118 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: add seqadj...

Amazon Linux 2 : kernel, --advisory ALAS2-2026-3302 (ALAS-2026-3302)

The version of kernel installed on the remote host is prior to 4.14.355-282.728. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3302 advisory. In the Linux kernel, the following vulnerability has been resolved:xfrm: esp: avoid in-place decrypt on shared skb...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2026-101 (ALASKERNEL-5.15-2026-101)

The version of kernel installed on the remote host is prior to 5.15.202-142.235. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2026-101 advisory. In the Linux kernel, the following vulnerability has been resolved:crypto: algifaead - Revert to operati...

Important: edk2

Issue Overview: Potential use-after-free in DANE client code CVE-2026-28387 NULL Pointer Dereference When Processing a Delta CRL NOTE: https://openssl-library.org/news/secadv/20260407.txt CVE-2026-28388 Possible NULL dereference when processing CMS KeyAgreeRecipientInfo CVE-2026-28389 Possible NU...

Low: python-pip

Issue Overview: When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical...

Medium: python3-pytest

Issue Overview: pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-user name pattern, which allows local users to cause a denial of service or possibly gain privileges. CVE-2025-71176 Affected Packages: python3-pytest Note: This advisory is applicable to Amazon Linux 2 AL2...

Important: openssh

Issue Overview: In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode. CVE-2026-35385 Affected Packages: openssh Note: This...

Amazon Linux 2 : OpenEXR, --advisory ALAS2-2026-3267 (ALAS-2026-3267)

The version of OpenEXR installed on the remote host is prior to 1.7.1-8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3267 advisory. OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the...

Amazon Linux 2 : openssl-snapsafe, --advisory ALAS2OPENSSL-SNAPSAFE-2026-010 (ALASOPENSSL-SNAPSAFE-2026-010)

The version of openssl-snapsafe installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2OPENSSL-SNAPSAFE-2026-010 advisory. NULL Pointer Dereference When Processing a Delta CRL NOTE:...

Amazon Linux 2 : vim, --advisory ALAS2-2026-3251 (ALAS-2026-3251)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3251 advisory. A modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The complete, guitabtooltip and printheader options are missing the PMLE flag, allowing a modeline ...