Amazon Linux 2

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2024-2649 Related CVEs: CVE-2012-0881 CVE-2022-23437 Upstream summary: Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2MATE-DESKTOP1.X-2024-009 Related CVEs: CVE-2022-48682 Upstream summary: In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows arbitrary file deletion via a symlink. (CVE-2022-48682) Table of contents Symptom & Impact […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2024-2610 Related CVEs: CVE-2000-0476 CVE-2024-37535 Upstream summary: GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2024-2596 Related CVEs: CVE-2024-3652 CVE-2023-38712 Upstream summary: The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2024-2590 Related CVEs: CVE-2024-5742 Upstream summary: nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2024-2587 Related CVEs: CVE-2023-25193 Upstream summary: hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2024-2566 Related CVEs: CVE-2023-5992 CVE-2023-40660 CVE-2023-40661 CVE-2019-15945 CVE-2019-15946 CVE-2019-19479 CVE-2019-20792 CVE-2020-26570  +12 more Upstream summary: A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2024-2565 Related CVEs: CVE-2024-1013 CVE-2018-7409 CVE-2018-7485 Upstream summary: An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2024-2546 Related CVEs: CVE-2024-34402 CVE-2024-34403 CVE-2018-19198 CVE-2018-19199 CVE-2021-46141 CVE-2021-46142 Upstream summary: An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2024-2529 Related CVEs: CVE-2023-50967 Upstream summary: latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value. (CVE-2023-50967) […]