Amazon Linux 2023 : aspnetcore-runtime-9.0, aspnetcore-runtime-dbg-9.0, aspnetcore-targeting-pack-9.0 (ALAS2023-2026-1802)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1802 advisory. Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. CVE-2026-32177 Loop with unreachable exit condition 'infinite loop' in ASP.NET Core allows an...

Amazon Linux 2 : unbound, --advisory ALAS2-2026-3322 (ALAS-2026-3322)

The version of unbound installed on the remote host is prior to 1.7.3-15. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3322 advisory. NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables...

Amazon Linux 2023 : composer (ALAS2023-2026-1800)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1800 advisory. Github Actions issued GITHUBTOKEN disclosure in GitHub Actions logs CVE-2026-45793 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that...

Amazon Linux 2023 : libssh2, libssh2-devel (ALAS2023-2026-1779)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1779 advisory. A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauthpassword of the file src/userauth.c. Such manipulation of the argument...

Amazon Linux 2023 : device-mapper-persistent-data (ALAS2023-2026-1791)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1791 advisory. An unsoundness issue RUSTSEC-2026-0097 was found in the bundled Rust rand crate used by device-mapper- persistent-data. ThreadRng methods use unsafe code that can create aliased mutable references when...

Amazon Linux 2023 : aspnetcore-runtime-10.0, aspnetcore-runtime-dbg-10.0, aspnetcore-targeting-pack-10.0 (ALAS2023-2026-1803)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1803 advisory. Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. CVE-2026-32177 Loop with unreachable exit condition 'infinite loop' in ASP.NET Core allows an...

Amazon Linux 2023 : libnvsdm, libnvsdm-devel (ALAS2023NVIDIA-2026-290)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2026-290 advisory. NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successfu...

Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3340 (ALAS-2026-3340)

The version of thunderbird installed on the remote host is prior to 140.11.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3340 advisory. Three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming th...

Amazon Linux 2 : perl-HTTP-Daemon, --advisory ALAS2-2026-3341 (ALAS-2026-3341)

The version of perl-HTTP-Daemon installed on the remote host is prior to 6.01-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3341 advisory. HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with...

Medium: perl-Template-Toolkit

Issue Overview: emplate::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The htmlfilter function did not escape single quotes. HTML attributes inside of single quotes could be have code injected. For example, the variable "var" in would not be properly...

Amazon Linux 2023 : perl-XML-LibXML, perl-XML-LibXML-tests (ALAS2023-2026-1795)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1795 advisory. XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8...

Medium: sendmail

Issue Overview: sendmail through at least 8.14.7 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail...

Important: mesa

Issue Overview: In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca. CVE-2026-40393 Affected Packages: mesa Note: This advisory is applicable to Amazon Lin...

Amazon Linux 2023 : libsolv, libsolv-demo, libsolv-devel (ALAS2023-2026-1798)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1798 advisory. A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffe...

Amazon Linux 2 : perl, --advisory ALAS2-2026-3352 (ALAS-2026-3352)

The version of perl installed on the remote host is prior to 5.16.3-299. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3352 advisory. Buffer overflow in Perlstudychunk CVE-2026-8376 Tenable has extracted the preceding description block directly from the tested...

Amazon Linux 2023 : perl-HTTP-Tiny, perl-HTTP-Tiny-tests (ALAS2023-2026-1765)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1765 advisory. HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host that...

Amazon Linux 2 : 389-ds-base, --advisory ALAS2-2026-3339 (ALAS-2026-3339)

The version of 389-ds-base installed on the remote host is prior to 1.3.10.2-17. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3339 advisory. A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound ...

Amazon Linux 2 : perl-XML-LibXML, --advisory ALAS2-2026-3342 (ALAS-2026-3342)

The version of perl-XML-LibXML installed on the remote host is prior to 2.0018-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3342 advisory. XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncat...

Amazon Linux 2 : bind, --advisory ALAS2-2026-3353 (ALAS-2026-3353)

The version of bind installed on the remote host is prior to 9.11.4-26.P2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3353 advisory. Limit resolver server list size CVE-2026-3592 Avoid unbounded recursion loop CVE-2026-5950 Tenable has extracted the...

Amazon Linux 2 : postgresql, --advisory ALAS2POSTGRESQL14-2026-024 (ALASPOSTGRESQL14-2026-024)

The version of postgresql installed on the remote host is prior to 14.23-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL14-2026-024 advisory. Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use...