Amazon Linux 2 : containerd, --advisory ALAS2ECS-2024-040 (ALASECS-2024-040)

The version of containerd installed on the remote host is prior to 1.7.20-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2024-040 advisory. The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This...

Amazon Linux 2 : firefox (ALASFIREFOX-2024-027)

The version of firefox installed on the remote host is prior to 115.13.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2024-027 advisory. A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally...

Amazon Linux 2 : kernel (ALAS-2024-2613)

The version of kernel installed on the remote host is prior to 4.14.349-266.564. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2613 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: add ipvlanroutev6outbound helper...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-079)

The version of kernel installed on the remote host is prior to 5.4.274-187.369. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-079 advisory. In the Linux kernel, the following vulnerability has been resolved: vt: fix memory overlapping when deleti...

Amazon Linux 2 : tomcat (ALASTOMCAT9-2024-014)

The version of tomcat installed on the remote host is prior to 9.0.91-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2TOMCAT9-2024-014 advisory. Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processin...

Amazon Linux 2 : emacs (ALAS-2024-2608)

The version of emacs installed on the remote host is prior to 27.2-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2608 advisory. In Emacs before 29.3, Gnus treats inline MIME contents as trusted. CVE-2024-30203 In Emacs before 29.3, LaTeX preview is...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2024-066 (ALASKERNEL-5.10-2024-066)

The version of kernel installed on the remote host is prior to 5.10.223-211.872. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-066 advisory. A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the functi...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-068)

The version of kernel installed on the remote host is prior to 5.10.215-203.850. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-068 advisory. In the Linux kernel, the following vulnerability has been resolved: block: add check that partition leng...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2024-049 (ALASKERNEL-5.15-2024-049)

The version of kernel installed on the remote host is prior to 5.15.156-102.160. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2024-049 advisory. In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix panic when DSA master...

Amazon Linux 2 : ca-certificates (ALAS-2024-2607)

The version of ca-certificates installed on the remote host is prior to 2023.2.68-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2607 advisory. Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-078)

The version of kernel installed on the remote host is prior to 5.4.275-189.375. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-078 advisory. A flaw was found in the smb client in the Linux kernel. A potential out-of-bounds error was seen in the...

Amazon Linux 2 : python-lxml (ALAS-2024-2620)

The version of python-lxml installed on the remote host is prior to 3.2.1-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2620 advisory. An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and...

Amazon Linux 2 : ghostscript (ALAS-2024-2612)

The version of ghostscript installed on the remote host is prior to 9.54.0-9. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2612 advisory. NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.htmlNOTE: https://cgit.ghostscript.com/cgi-...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-067)

The version of kernel installed on the remote host is prior to 5.10.216-204.855. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-067 advisory. In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify a...

Amazon Linux 2 : openssl (ALAS-2024-2604)

The version of openssl installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2604 advisory. Issue summary: Calling the OpenSSL API function SSLselectnextproto with anempty supported client protocols buffer may cause a cra...

Amazon Linux 2 : ghostscript (ALAS-2024-2614)

The version of ghostscript installed on the remote host is prior to 9.54.0-9. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2614 advisory. Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure observable in a constructed BaseFont name in t...

Amazon Linux 2 : kernel, --advisory ALAS2-2024-2615 (ALAS-2024-2615)

The version of kernel installed on the remote host is prior to 4.14.345-262.561. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2615 advisory. In the Linux kernel, the following vulnerability has been resolved: vt: fix memory overlapping when deleting chars...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2024-080 (ALASKERNEL-5.4-2024-080)

The version of kernel installed on the remote host is prior to 5.4.281-193.378. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-080 advisory. In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix RPC client cleaned up the...

Amazon Linux 2 : openssl11 (ALAS-2024-2605)

The version of openssl11 installed on the remote host is prior to 1.1.1g-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2605 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

Amazon Linux 2 : freeradius (ALAS-2024-2611)

The version of freeradius installed on the remote host is prior to 3.0.27-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2611 advisory. RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response...