Amazon Linux 2 : kernel (ALASKERNEL-5.4-2025-091)

The version of kernel installed on the remote host is prior to 5.4.288-202.389. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2025-091 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix fortify source warning...

Important: postgresql

Issue Overview: Time-of-check Time-of-use TOCTOU race condition in pgdump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack...

Important: python3-jinja2

Issue Overview: Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

Important: python3-jinja2

Issue Overview: Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

Important: python-jinja2

Issue Overview: Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2025-061 (ALASKERNEL-5.15-2025-061)

The version of kernel installed on the remote host is prior to 5.15.176-118.170. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2025-061 advisory. In the Linux kernel, the following vulnerability has been resolved: exfat: fix potential deadlock on...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2025-090 (ALASKERNEL-5.4-2025-090)

The version of kernel installed on the remote host is prior to 5.4.286-201.385. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2025-090 advisory. In the Linux kernel, the following vulnerability has been resolved: CDC-NCM: avoid overflow in sanity...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2025-079 (ALASKERNEL-5.10-2025-079)

The version of kernel installed on the remote host is prior to 5.10.233-223.887. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-079 advisory. In the Linux kernel, the following vulnerability has been resolved: exfat: fix potential deadlock on...

Amazon Linux 2 : rsync (ALAS-2025-2731)

The version of rsync installed on the remote host is prior to 3.1.2-11. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2731 advisory. A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an...

Important: rsync

Issue Overview: Placeholder CVE. Details forthcoming CVE-2024-12085 Placeholder CVE. Details forthcoming CVE-2024-12086 Placeholder CVE. Details forthcoming CVE-2024-12087 Placeholder CVE. Details forthcoming CVE-2024-12088 Placeholder CVE. Details forthcoming CVE-2024-12747 Affected Packages:...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2025-060 (ALASKERNEL-5.15-2025-060)

The version of kernel installed on the remote host is prior to 5.15.173-118.169. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2025-060 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential context UAFs...

Medium: exiv2

Issue Overview: Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, QuickTimeVideo::NikonTagsDecoder, was new in v0.28.0, so Exiv2 versions...

Medium: exiv2

Issue Overview: Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, QuickTimeVideo::NikonTagsDecoder, was new in v0.28.0, so Exiv2 versions...

Medium: orc

Issue Overview: Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. CVE-2024-40897...

Medium: bind

Issue Overview: Sending a flood of dynamic DNS updates may cause named to allocate large amounts of memory. This, in turn, may cause named to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access...

Medium: python3-tornado

Issue Overview: Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This...

Amazon Linux 2 : orc (ALAS-2025-2727)

The version of orc installed on the remote host is prior to 0.4.26-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2727 advisory. Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a...

Amazon Linux 2 : python-webob (ALAS-2025-2726)

The version of python-webob installed on the remote host is prior to 1.2.3-7. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2726 advisory. WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-089)

The version of kernel installed on the remote host is prior to 5.4.272-185.370. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-089 advisory. 2025-01-21: CVE-2024-26851 was added to this advisory. 2025-01-21: CVE-2024-27024 was added to this...

Amazon Linux 2 : kernel (ALASKERNEL-5.15-2024-057)

The version of kernel installed on the remote host is prior to 5.15.153-100.162. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2024-057 advisory. 2025-01-21: CVE-2024-27025 was added to this advisory. 2025-01-21: CVE-2024-26901 was added to this...