Important: python-pillow

Issue Overview: Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1. CVE-2026-25990 Affected Packages: python-pillow Issue Correction: Run dnf update python-pillo...

Medium: python-jwt

Issue Overview: pyjwt v2.10.1 was discovered to contain weak encryption. CVE-2025-45768 Affected Packages: python-jwt Issue Correction: Run dnf update python-jwt --releasever 2023.10.20260302 or dnf update --advisory ALAS2023-2026-1467 --releasever 2023.10.20260302 to update your system. More...

Important: freerdp

Issue Overview: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdpwritelogoninfov2 allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0. Th...

Medium: libpng

Issue Overview: libpng: An out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to...

Low: firefox

Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...

Medium: wireshark

Issue Overview: MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service CVE-2025-11626 Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service CVE-2025-13499 BPv7 dissector crash in Wireshark 4.6.0 allows denial of servi...

Amazon Linux 2 : soci-snapshotter, --advisory ALAS2DOCKER-2026-100 (ALASDOCKER-2026-100)

The version of soci-snapshotter installed on the remote host is prior to 0.12.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-100 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing...

Amazon Linux 2 : amazon-ecr-credential-helper, --advisory ALAS2DOCKER-2026-098 (ALASDOCKER-2026-098)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.11.0-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-098 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service...

Amazon Linux 2023 : libsoup, libsoup-devel (ALAS2023-2026-1439)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1439 advisory. A flaw was found in libsoup. The libsoup appendparamquoted function may contain an overflow bug resulting in a buffer under-read. CVE-2025-32050 A flaw was found in libsoup. A vulnerability in...

Amazon Linux 2023 : python3.13, python3.13-devel, python3.13-freethreading (ALAS2023-2026-1437)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1437 advisory. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email message...

Amazon Linux 2023 : python3.12, python3.12-devel, python3.12-idle (ALAS2023-2026-1444)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1444 advisory. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email message...

Amazon Linux 2023 : firefox (ALAS2023-2026-1429)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1429 advisory. Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox 146. CVE-2025-14327 Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox 147...

Amazon Linux 2 : openssl, --advisory ALAS2-2026-3168 (ALAS-2026-3168)

The version of openssl installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3168 advisory. Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writ...

Amazon Linux 2 : openssl-snapsafe, --advisory ALAS2OPENSSL-SNAPSAFE-2026-009 (ALASOPENSSL-SNAPSAFE-2026-009)

The version of openssl-snapsafe installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2OPENSSL-SNAPSAFE-2026-009 advisory. Writing large, newline-free data into a BIO chain using the line-buffering filter where the next...

Important: openssl

Issue Overview: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. CVE-2025-68160 A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TY...

Important: openssl-snapsafe

Issue Overview: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. CVE-2025-68160 A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TY...

Medium: docker

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

Important: fontforge

Issue Overview: FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the...

Amazon Linux 2 : amazon-cloudwatch-agent, --advisory ALAS2-2026-3174 (ALAS-2026-3174)

The version of amazon-cloudwatch-agent installed on the remote host is prior to 1.300064.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3174 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported...

Amazon Linux 2 : openssh, --advisory ALAS2-2026-3175 (ALAS-2026-3175)

The version of openssh installed on the remote host is prior to 7.4p1-22. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3175 advisory. In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it...