Amazon Linux 2023 : runc (ALAS2023-2026-1419)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1419 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processe...

Amazon Linux 2 : docker, --advisory ALAS2NITRO-ENCLAVES-2026-090 (ALASNITRO-ENCLAVES-2026-090)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-090 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing...

Amazon Linux 2023 : python3.13-virtualenv (ALAS2023-2026-1428)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1428 advisory. virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform...

Amazon Linux 2023 : freerdp, freerdp-devel, freerdp-libs (ALAS2023-2026-1433)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1433 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race condition between the RDPGFX dynamic virtual channel thread and the SDL render thread leads to a heap...

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2026-1438)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1438 advisory. A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary. CVE-2025-61732 Tenable has extracted the preceding description block directly from...

Amazon Linux 2 : curl, --advisory ALAS2-2026-3173 (ALAS-2026-3173)

The version of curl installed on the remote host is prior to 8.3.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3173 advisory. curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host...

Amazon Linux 2023 : firefox (ALAS2023-2026-1424)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1424 advisory. In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation. CVE-2026-25210 Tenable has...

Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2026-050 (ALASFIREFOX-2026-050)

The version of firefox installed on the remote host is prior to 140.7.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2026-050 advisory. Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox 146. CVE-2025-14327 Mitigation...

Amazon Linux 2 : openssl11, --advisory ALAS2-2026-3169 (ALAS-2026-3169)

The version of openssl11 installed on the remote host is prior to 1.1.1zf-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3169 advisory. Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short...

Amazon Linux 2023 : nvidia, nvidia-fabric-manager (ALAS2023NVIDIA-2026-268)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2026-268 advisory. NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. A successful exploit of this vulnerability mig...

Important: kmod-nvidia-open-dkms

Issue Overview: NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of servic...

Amazon Linux 2023 : kmod-nvidia-open-dkms (ALAS2023NVIDIA-2026-272)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2026-272 advisory. NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. A successful exploit of this vulnerability mig...

Medium: firefox

Issue Overview: In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation. CVE-2026-25210 Affected Packages: firefox Issue Correction: Run dnf update firefox --releasever...

Medium: python3.12

Issue Overview: When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized. CVE-2025-11468 User-controlled...

Important: cuda

Issue Overview: NVIDIA Nsight Systems contains a vulnerability in the gfxhotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the processnsysrepcli.py script if the script is invoked manually. A successful exploit of this vulnerability might lea...

Amazon Linux 2023 : nvidia-libXNVCtrl, nvidia-libXNVCtrl-devel, nvidia-settings (ALAS2023NVIDIA-2026-265)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2026-265 advisory. NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. A successful exploit of this vulnerability mig...

Important: nvidia-imex

Issue Overview: NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of servic...

Amazon Linux 2023 : nsight-systems (ALAS2023NVIDIA-2026-256)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2026-256 advisory. NVIDIA Nsight Systems contains a vulnerability in the gfxhotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the processnsysrepcli.py script if...

Medium: expat

Issue Overview: In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation. CVE-2026-25210 Affected Packages: expat Issue Correction: Run dnf update expat --releasever 2023.10.20260216...

Amazon Linux 2023 : cuda-compat-13-0 (ALAS2023NVIDIA-2026-275)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2026-275 advisory. NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. A successful exploit of this vulnerability mig...