Important: sox

Issue Overview: SoX 14.4.2 contains a division by zero vulnerability when handling WAV files that can cause program crashes. Attackers can trigger a floating point exception by providing a specially crafted WAV file that causes arithmetic errors during sound file processing. CVE-2022-50798 Affect...

Medium: python-pip

Issue Overview: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage an...

Amazon Linux 2 : ImageMagick, --advisory ALAS2-2026-3123 (ALAS-2026-3123)

The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3123 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version...

Amazon Linux 2 : net-snmp, --advisory ALAS2-2026-3124 (ALAS-2026-3124)

The version of net-snmp installed on the remote host is prior to 5.7.2-49. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3124 advisory. net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an...

Amazon Linux 2 : python, --advisory ALAS2-2026-3128 (ALAS-2026-3128)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3128 advisory. When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorith...

Amazon Linux 2 : libxml2, --advisory ALAS2-2026-3122 (ALAS-2026-3122)

The version of libxml2 installed on the remote host is prior to 2.9.1-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3122 advisory. A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function...

Important: gnupg2

Issue Overview: In GnuPG before 2.4.9, armorfilter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. For ExtendedLTS, 2.2.51 and later are fixed versions. CVE-2025-68973 Affected Packages: gnupg2 Note: This advisory ...

Amazon Linux 2 : python-pip, --advisory ALAS2-2026-3126 (ALAS-2026-3126)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3126 advisory. urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to...

Amazon Linux 2 : libtiff, --advisory ALAS2-2026-3130 (ALAS-2026-3130)

The version of libtiff installed on the remote host is prior to 4.0.3-35. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3130 advisory. LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to caus...

CVE-2019-3887 vulnerabilities

Vulnerabilities for packages: linux-qemu-melange, linux-qemu, linux-vmware...

Amazon Linux 2023 : cups, cups-client, cups-devel (ALAS2023-2025-1320)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1320 advisory. A client that connects to cupsd but sends slow messages, e.g. only one byte per second, delays cupsd as a whole, such that it becomes unusable by other clients. CVE-2025-58436 A user in the...

Amazon Linux 2023 : rhino, rhino-engine, rhino-javadoc (ALAS2023-2025-1339)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1339 advisory. Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the...

Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2025-1356)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1356 advisory. When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building...

Amazon Linux 2023 : python3.12, python3.12-devel, python3.12-idle (ALAS2023-2025-1344)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1344 advisory. When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building...

Amazon Linux 2023 : runc (ALAS2023-2025-1328)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1328 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf...

Amazon Linux 2023 : captree, libcap, libcap-devel (ALAS2023-2025-1322)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1322 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf...

Amazon Linux 2023 : amazon-ssm-agent (ALAS2023-2025-1359)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1359 advisory. Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which a...

Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2025-1318)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1318 advisory. Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd=... directives. CVE-2025-58098 Improper...

Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2025-1346)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1346 advisory. Use after free due to connection being cleaned up after error CVE-2025-62408 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus h...

Amazon Linux 2023 : php8.3, php8.3-bcmath, php8.3-cli (ALAS2023-2025-1353)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1353 advisory. NOTE: https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7NOTE: https://github.com/php/php-src/commit/c5f28c7cf0a052f48e47877c7aa5c5bcc54f1cfcDEBIANBUG: 1123574 CVE-2025-1417...