Amazon Linux 2

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2019-1318 Related CVEs: CVE-2019-12222 CVE-2019-13616 CVE-2022-4743 Upstream summary: An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9. There is an out-of-bounds read in the function SDL_InvalidateMap at […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2019-1317 Related CVEs: CVE-2016-10713 CVE-2018-1000156 CVE-2018-20969 CVE-2018-6952 CVE-2019-13638 CVE-2015-1418 CVE-2019-13636 Upstream summary: do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2019-1274 Related CVEs: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-10132 CVE-2019-10161 CVE-2019-10166 CVE-2019-10167 CVE-2019-10168  +12 more Upstream summary: Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2019-1275 Related CVEs: CVE-2018-16877 CVE-2018-16878 CVE-2019-3885 CVE-2020-25654 Upstream summary: A flaw was found in pacemaker. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS. (CVE-2018-16878) A use-after-free […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2019-1227 Related CVEs: CVE-2019-5953 CVE-2018-0494 Upstream summary: Buffer overflow in GNU Wget allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors. (CVE-2019-5953) […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2019-1200 Related CVEs: CVE-2019-3877 CVE-2019-3878 CVE-2021-3639 CVE-2019-13038 Upstream summary: A vulnerability was found in a previous version of mod_auth_mellon. An open redirect in the logout URL allows requests with backslashes […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2019-1196 Related CVEs: CVE-2019-3816 CVE-2019-3833 Upstream summary: Earlier versions of Openwsman are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2019-1190 Upstream summary: Images built for the Amazon Linux 2.0.20190313 release included system files with incorrect permissions applied. Incorrect permissions were applied to the following file: /etc/shadow All users should […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2019-1154 Related CVEs: CVE-2018-19115 CVE-2021-44225 CVE-2018-19044 Upstream summary: Heap-based buffer overflow vulnerability in extract_status_code() function in lib/html.c that parses HTTP status code returned from web server allows malicious web server […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2019-1144 Related CVEs: CVE-2018-15688 CVE-2020-10754 Upstream summary: It was discovered that systemd-network does not correctly keep track of a buffer size when constructing DHCPv6 packets. This flaw may lead to […]