ALAS-2025-1972
ALAS · AL1Medium2025-04-29
ALAS-2025-1972: python26 (medium)
CVEs:CVE-2019-18348CVE-2019-20907
Affected products
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| python26 | affected | Amazon | python26 | — |
Every advisory below is enriched with the Vulnetix VDB exploit-intelligence chip (hover a CVE ID in the interactive page to see CVSS, EPSS, KEV status, and PoC maturity). 1 is already weaponised in the wild — see the Exploited section.
ALAS-2025-1972: python26 (medium)
CVEs:CVE-2019-18348CVE-2019-20907
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| python26 | affected | Amazon | python26 | — |
ALAS-2025-1973: kernel (important)
CVEs:CVE-2023-1611CVE-2023-39189CVE-2023-52975CVE-2024-47745CVE-2024-49882CVE-2024-50036CVE-2024-50278CVE-2024-50301CVE-2025-21759CVE-2025-21791CVE-2025-21796CVE-2025-21858CVE-2025-21991
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| kernel | affected | Amazon | kernel | — |
ALAS-2025-1974: ctags (important)
CVEs:CVE-2022-4515
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| ctags | affected | Amazon | ctags | — |
ALAS-2025-1975: kernel (important)
CVEs:CVE-2023-3567CVE-2023-52845CVE-2023-52973
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| kernel | affected | Amazon | kernel | — |
CVE-2025-3857 - Infinite loop condition in Amazon.IonDotnet
CVEs:CVE-2025-3857
ALAS-2025-1967: ghostscript (important)
CVEs:CVE-2025-27832CVE-2025-27836
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| ghostscript | affected | Amazon | ghostscript | — |
ALAS-2025-1968: libxslt (important)
CVEs:CVE-2024-55549CVE-2025-24855
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| libxslt | affected | Amazon | libxslt | — |
ALAS-2025-1969: tomcat8 (important)
CVEs:CVE-2025-24813
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| tomcat8 | affected | Amazon | tomcat8 | — |
ALAS-2025-1970: kernel (important)
CVEs:CVE-2022-49179CVE-2022-49390CVE-2022-49720CVE-2024-49883CVE-2024-50033CVE-2024-53057CVE-2024-53103CVE-2024-56650CVE-2024-56658CVE-2024-57979CVE-2025-21731CVE-2025-21753CVE-2025-21760CVE-2025-21762CVE-2025-21764
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| kernel | affected | Amazon | kernel | — |
ALAS-2025-1971: golang (important)
CVEs:CVE-2024-34156
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| golang | affected | Amazon | golang | — |
aws-cdk-lib's aspect order change causes different Permissions Boundary assigned to Role
CVEs:GHSA-qc59-cxj2-c2w4
Every CVE above is indexed in the Vulnetix VDB with KEV, EPSS, and PoC maturity. The interactive page surfaces that on hover.