Amazon Linux 2 : libpng12, --advisory ALAS2-2026-3243 (ALAS-2026-3243)

The version of libpng12 installed on the remote host is prior to 1.2.50-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3243 advisory. LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster ima...

Medium: firefox

Issue Overview: A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted XML content with empty external parameter entities. This could lead to a NULL pointer dereference, causing the application to crash and resulting in a Denial of Service...

Important: giflib

Issue Overview: Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible. CVE-2026-23868 Affected Packages: giflib Note: This advisory i...

Important: gstreamer1-plugins-good

Issue Overview: Heap-based buffer overflow and out-of-bounds write in the RTP QDM2 depayloader. CVE-2026-3083 Heap-based buffer overflow and out-of-bounds write in the RTP QDM2 depayloader. CVE-2026-3085 Affected Packages: gstreamer1-plugins-good Note: This advisory is applicable to Amazon Linux ...

Important: gstreamer1-plugins-bad-free

Issue Overview: GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack...

Amazon Linux 2 : rust, --advisory ALAS2-2026-3225 (ALAS-2026-3225)

The version of rust installed on the remote host is prior to 1.93.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3225 advisory. Decompressing invalid LZ4 data can leak data from uninitialized memory, or can leak content from previous decompression operations wh...

Medium: thunderbird

Issue Overview: A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted XML content with empty external parameter entities. This could lead to a NULL pointer dereference, causing the application to crash and resulting in a Denial of Service...

Amazon Linux 2 : gstreamer1-plugins-good, --advisory ALAS2-2026-3224 (ALAS-2026-3224)

The version of gstreamer1-plugins-good installed on the remote host is prior to 1.18.4-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3224 advisory. An out-of-bounds read in the WAV parser that can cause crashes for certain input files. CVE-2026-1940 Tenable has...

Amazon Linux 2 : gstreamer1-plugins-base, --advisory ALAS2-2026-3210 (ALAS-2026-3210)

The version of gstreamer1-plugins-base installed on the remote host is prior to 1.18.4-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3210 advisory. An integer overflow in the RIFF parser that can cause crashes for certain input files. CVE-2026-2921 Tenable has...

Amazon Linux 2 : wireshark, --advisory ALAS2-2026-3208 (ALAS-2026-3208)

The version of wireshark installed on the remote host is prior to 2.6.2-15. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3208 advisory. ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or...

Important: exiv2

Issue Overview: Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8...

Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2026-054 (ALASFIREFOX-2026-054)

The version of firefox installed on the remote host is prior to 140.8.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2026-054 advisory. Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability affects Firefox 148, Firefo...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2026-114 (ALASKERNEL-5.10-2026-114)

"The version of kernel installed on the remote host is prior to 5.10.251-248.983. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2026-114 advisory. In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Correct devm device...

Amazon Linux 2 : freerdp, --advisory ALAS2-2026-3199 (ALAS-2026-3199)

The version of freerdp installed on the remote host is prior to 2.11.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3199 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server can...

Amazon Linux 2 : libtiff, --advisory ALAS2-2026-3196 (ALAS-2026-3196)

The version of libtiff installed on the remote host is prior to 4.0.3-35. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3196 advisory. libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tifopen.c...

Amazon Linux 2 : gvfs, --advisory ALAS2-2026-3197 (ALAS-2026-3197)

The version of gvfs installed on the remote host is prior to 1.36.2-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3197 advisory. A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP...

Important: postgresql

Issue Overview: Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before...

Amazon Linux 2 : python, --advisory ALAS2-2026-3185 (ALAS-2026-3185)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3185 advisory. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be...

Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3177 (ALAS-2026-3177)

The version of thunderbird installed on the remote host is prior to 140.7.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3177 advisory. time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type...

Amazon Linux 2 : libpng, --advisory ALAS2-2026-3189 (ALAS-2026-3189)

The version of libpng installed on the remote host is prior to 1.5.13-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3189 advisory. libpng: An out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogra...