Important: qt5-qtbase

Issue Overview: Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component ...

Amazon Linux 2 : grub2, --advisory ALAS2-2025-3107 (ALAS-2025-3107)

The version of grub2 installed on the remote host is prior to 2.06-14. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3107 advisory. A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service DoS...

Amazon Linux 2 : amazon-ssm-agent, --advisory ALAS2-2025-3121 (ALAS-2025-3121)

The version of amazon-ssm-agent installed on the remote host is prior to 3.3.3572.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3121 advisory. Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy...

Medium: docker

Issue Overview: Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a...

Amazon Linux 2 : golang-github-cpuguy83-go-md2man, --advisory ALAS2-2025-3118 (ALAS-2025-3118)

The version of golang-github-cpuguy83-go-md2man installed on the remote host is prior to 1.0.4-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3118 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain...

Important: amazon-ecr-credential-helper

Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...

Amazon Linux 2 : nerdctl, --advisory ALAS2-2025-3100 (ALAS-2025-3100)

The version of nerdctl installed on the remote host is prior to 2.1.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3100 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certifica...

Medium: python3

Issue Overview: When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents. CVE-2025-12084 When loading a plist file, the plistlib module...

Amazon Linux 2 : docker, --advisory ALAS2NITRO-ENCLAVES-2025-084 (ALASNITRO-ENCLAVES-2025-084)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2025-084 advisory. Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be...

Important: glib2

Issue Overview: Buffer underflow on Glib through glib/gvariant via bytestringparse or stringparse leads to OOB Write. CVE-2025-14087 Affected Packages: glib2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2...

Amazon Linux 2 : containerd, --advisory ALAS2NITRO-ENCLAVES-2025-083 (ALASNITRO-ENCLAVES-2025-083)

The version of containerd installed on the remote host is prior to 2.1.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2025-083 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which may...

Medium: runc

Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2025-096 (ALASKERNEL-5.15-2025-096)

The version of kernel installed on the remote host is prior to 5.15.197-138.220. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2025-096 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: reject duplicat...

Amazon Linux 2 : libpng, --advisory ALAS2-2025-3112 (ALAS-2025-3112)

The version of libpng installed on the remote host is prior to 1.5.13-8. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3112 advisory. A heap buffer over-read vulnerability exists in libpng's pngdoquantize function when processing PNG files with malformed...

Amazon Linux 2 : qt5-qtbase, --advisory ALAS2-2025-3102 (ALAS-2025-3102)

The version of qt5-qtbase installed on the remote host is prior to 5.15.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3102 advisory. Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Q...

Amazon Linux 2 : docker, --advisory ALAS2NITRO-ENCLAVES-2025-082 (ALASNITRO-ENCLAVES-2025-082)

The version of docker installed on the remote host is prior to 25.0.13-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2025-082 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a...

Amazon Linux 2 : amazon-ecr-credential-helper, --advisory ALAS2DOCKER-2025-087 (ALASDOCKER-2025-087)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.11.0-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-087 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomai...

Important: kernel-livepatch-5.10.245-241.976

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/ip6tunnel: Prevent perpetual tunnel growth CVE-2025-40173 Affected Packages: kernel-livepatch-5.10.245-241.976 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Amazon Linux 2 : oci-add-hooks, --advisory ALAS2NITRO-ENCLAVES-2025-080 (ALASNITRO-ENCLAVES-2025-080)

The version of oci-add-hooks installed on the remote host is prior to 0-0.6.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2025-080 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded...

Amazon Linux 2 : oci-add-hooks, --advisory ALAS2ECS-2025-086 (ALASECS-2025-086)

The version of oci-add-hooks installed on the remote host is prior to 0-0.6.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2025-086 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain...