Amazon Linux 2023 : openexr, openexr-devel, openexr-libs (ALAS2023-2026-1364)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1364 advisory. Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on...

Amazon Linux 2023 : python3-pip, python3-pip-wheel (ALAS2023-2026-1366)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1366 advisory. urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server...

Amazon Linux 2023 : composer (ALAS2023-2026-1365)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1365 advisory. Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI contro...

Amazon Linux 2023 : python3.12-pip, python3.12-pip-wheel (ALAS2023-2026-1367)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1367 advisory. urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server...

Amazon Linux 2023 : net-snmp, net-snmp-agent-libs, net-snmp-devel (ALAS2023-2026-1362)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1362 advisory. net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to...

Amazon Linux 2023 : python3.11-pip, python3.11-pip-wheel (ALAS2023-2026-1368)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1368 advisory. urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server...

Medium: python-pip

Issue Overview: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage an...

Amazon Linux 2 : docker, --advisory ALAS2NITRO-ENCLAVES-2026-085 (ALASNITRO-ENCLAVES-2026-085)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-085 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which may caus...

Important: docker

Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...

Amazon Linux 2 : gimp, --advisory ALAS2GIMP-2026-010 (ALASGIMP-2026-010)

The version of gimp installed on the remote host is prior to 2.8.22-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2GIMP-2026-010 advisory. GIMP PNM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute...

Important: gimp

Issue Overview: GIMP PNM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious...

Important: docker

Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...

Amazon Linux 2 : docker, --advisory ALAS2ECS-2026-094 (ALASECS-2026-094)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-094 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the progr...

Medium: php

Issue Overview: NOTE: https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7 NOTE: https://github.com/php/php-src/commit/c5f28c7cf0a052f48e47877c7aa5c5bcc54f1cfc DEBIANBUG: 1123574 CVE-2025-14177 NOTE: https://github.com/php/php-src/security/advisories/GHSA-h96m-rvf9-jgm2 NOTE:...

Amazon Linux 2 : docker, --advisory ALAS2DOCKER-2026-095 (ALASDOCKER-2026-095)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-095 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the...

Amazon Linux 2 : php, --advisory ALAS2PHP8.2-2026-009 (ALASPHP8.2-2026-009)

The version of php installed on the remote host is prior to 8.2.30-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.2-2026-009 advisory. NOTE: https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7NOTE:...

Medium: php

Issue Overview: NOTE: https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7 NOTE: https://github.com/php/php-src/commit/c5f28c7cf0a052f48e47877c7aa5c5bcc54f1cfc DEBIANBUG: 1123574 CVE-2025-14177 NOTE: https://github.com/php/php-src/security/advisories/GHSA-h96m-rvf9-jgm2 NOTE:...

Important: docker

Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...

Amazon Linux 2 : php, --advisory ALAS2PHP8.1-2026-008 (ALASPHP8.1-2026-008)

The version of php installed on the remote host is prior to 8.1.34-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.1-2026-008 advisory. NOTE: https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7NOTE:...

Amazon Linux 2 : python3-urllib3, --advisory ALAS2-2026-3127 (ALAS-2026-3127)

The version of python3-urllib3 installed on the remote host is prior to 1.25.6-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3127 advisory. urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager,...