Medium: usbmuxd

Issue Overview: A Path Traversal vulnerability in usbmuxd allows local users to escalate to the service user. CVE-2025-66004 Affected Packages: usbmuxd Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extra...

Medium: docker

Issue Overview: Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a...

Amazon Linux 2 : python-tornado, --advisory ALAS2-2025-3106 (ALAS-2025-3106)

The version of python-tornado installed on the remote host is prior to 4.2.1-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3106 advisory. Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied...

Amazon Linux 2 : libvirt, --advisory ALAS2-2025-3115 (ALAS-2025-3115)

The version of libvirt installed on the remote host is prior to 4.5.0-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3115 advisory. A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was perform...

Amazon Linux 2 : ImageMagick, --advisory ALAS2-2025-3096 (ALAS-2025-3096)

The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3096 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and...

Medium: runc

Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...

Medium: cni-plugins

Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...

Amazon Linux 2 : amazon-ecr-credential-helper, --advisory ALAS2NITRO-ENCLAVES-2025-079 (ALASNITRO-ENCLAVES-2025-079)

The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.11.0-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2025-079 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded...

Medium: docker

Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...

Important: httpd

Issue Overview: An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures 30 days in default configurations, to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache...

Amazon Linux 2 : python3, --advisory ALAS2-2025-3103 (ALAS-2025-3103)

The version of python3 installed on the remote host is prior to 3.7.16-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3103 advisory. When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache th...

Amazon Linux 2 : aws-cfn-bootstrap, --advisory ALAS2-2025-3104 (ALAS-2025-3104)

The version of aws-cfn-bootstrap installed on the remote host is prior to 2.0-38. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3104 advisory. Issue summary: A timing side-channel which could potentially allow recoveringthe private key exists in the ECDSA...

Amazon Linux 2 : golang, --advisory ALAS2-2025-3105 (ALAS-2025-3105)

The version of golang installed on the remote host is prior to 1.24.11-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3105 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a...

Amazon Linux 2 : containerd, --advisory ALAS2DOCKER-2025-093 (ALASDOCKER-2025-093)

The version of containerd installed on the remote host is prior to 2.1.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-093 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the...

Amazon Linux 2 : glib2, --advisory ALAS2-2025-3117 (ALAS-2025-3117)

The version of glib2 installed on the remote host is prior to 2.56.1-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3117 advisory. Buffer underflow on Glib through glib/gvariant via bytestringparse or stringparse leads to OOB Write. CVE-2025-14087 Tenable has...

Amazon Linux 2 : amazon-cloudwatch-agent, --advisory ALAS2-2025-3120 (ALAS-2025-3120)

The version of amazon-cloudwatch-agent installed on the remote host is prior to 1.300062.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3120 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which m...

Amazon Linux 2023 : php8.3, php8.3-bcmath, php8.3-cli (ALAS2023-2025-873)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-873 advisory. The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode...

Amazon Linux 2023 : python3.13, python3.13-devel, python3.13-freethreading (ALAS2023-2025-1308)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1308 advisory. If the value passed to os.path.expandvars is user-controlled aperformance degradation is possible when expanding environmentvariables. CVE-2025-6075 Tenable has extracted the preceding description bloc...

Amazon Linux 2023 : aws-cfn-bootstrap (ALAS2023-2025-1303)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1303 advisory. Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to...

Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2025-1309)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1309 advisory. If the value passed to os.path.expandvars is user-controlled aperformance degradation is possible when expanding environmentvariables. CVE-2025-6075 Tenable has extracted the preceding description bloc...