Amazon Linux 2

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2023-2182 Related CVEs: CVE-2023-33460 CVE-2022-24795 Upstream summary: There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash. (CVE-2023-33460) Table […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2023-2174 Related CVEs: CVE-2020-14422 CVE-2024-4032 Upstream summary: A vulnerability was found in the way the ipaddress python module computes hash values in the IPv4Interface and IPv6Interface classes. This flaw allows […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2023-2164 Related CVEs: CVE-2022-40023 Upstream summary: Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2023-2160 Related CVEs: CVE-2023-29824 Upstream summary: A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. (CVE-2023-29824) Table of contents Symptom & Impact Environment & Reproduction […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2023-2173 Related CVEs: CVE-2020-21682 CVE-2021-32280 CVE-2021-3561 CVE-2019-19746 CVE-2019-19797 Upstream summary: 2023-08-03: CVE-2021-32280 was added to this advisory. A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2023-2135 Related CVEs: CVE-2023-27371 Upstream summary: GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2023-2144 Related CVEs: CVE-2016-20011 CVE-2021-39360 Upstream summary: In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2023-2145 Related CVEs: CVE-2021-38165 Upstream summary: Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2023-2147 Related CVEs: CVE-2021-36370 Upstream summary: An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2023-2115 Related CVEs: CVE-2022-24968 CVE-2022-26491 Upstream summary: An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a […]