Amazon Linux 2

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2026-3262 Related CVEs: CVE-2026-35385 CVE-2016-10009 CVE-2023-38408 CVE-2025-26465 CVE-2023-51385 CVE-2023-48795 CVE-2019-6111 CVE-2023-35812  +7 more Upstream summary: In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2026-3254 Related CVEs: CVE-2024-28102 CVE-2026-39373 CVE-2023-6681 Upstream summary: JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2026-3273 Related CVEs: CVE-2026-33999 CVE-2026-34001 CVE-2026-34002 CVE-2026-34003 CVE-2025-62229 CVE-2025-62230 CVE-2025-62231 CVE-2024-9632  +12 more Upstream summary: XKB Integer Underflow in XkbSetCompatMap() (CVE-2026-33999) XSYNC Use-after-free in miSyncTriggerFence() (CVE-2026-34001) XKB Out-of-bounds read in […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2026-3268 Related CVEs: CVE-2026-33999 CVE-2026-34001 CVE-2026-34002 CVE-2026-34003 CVE-2025-62229 CVE-2025-62230 CVE-2025-62231 CVE-2025-26594  +12 more Upstream summary: XKB Integer Underflow in XkbSetCompatMap() (CVE-2026-33999) XSYNC Use-after-free in miSyncTriggerFence() (CVE-2026-34001) XKB Out-of-bounds read in […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2026-3248 Related CVEs: CVE-2026-25679 CVE-2026-27139 CVE-2026-27142 CVE-2026-33186 CVE-2025-47914 CVE-2025-58181 CVE-2025-61727 CVE-2025-61729  +12 more Upstream summary: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. (CVE-2026-25679) On Unix platforms, […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2026-3245 Related CVEs: CVE-2026-25727 CVE-2026-3336 CVE-2026-3337 CVE-2026-3338 CVE-2026-4428 CVE-2022-24713 CVE-2025-3416 CVE-2022-46174 Upstream summary: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2026-3234 Related CVEs: CVE-2026-4775 CVE-2025-61143 CVE-2025-61144 CVE-2025-9900 CVE-2023-6277 CVE-2025-61145 CVE-2025-8961 CVE-2025-8851  +9 more Upstream summary: A flaw was found in the libtiff library. A remote attacker could exploit a signed […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2026-3236 Related CVEs: CVE-2026-32285 CVE-2026-33186 CVE-2025-47912 CVE-2025-58183 CVE-2025-58185 CVE-2025-58186 CVE-2025-58187 CVE-2025-58188  +12 more Upstream summary: The Delete function fails to properly validate offsets when processing malformed JSON input. This can […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2ECS-2026-101 Related CVEs: CVE-2026-25679 CVE-2026-27139 CVE-2026-27142 CVE-2026-33186 CVE-2025-65637 CVE-2025-47912 CVE-2025-58183 CVE-2025-58185  +12 more Upstream summary: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. (CVE-2026-25679) On Unix platforms, […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2026-3238 Related CVEs: CVE-2026-33952 CVE-2026-33977 CVE-2026-33983 CVE-2026-33984 CVE-2026-33985 CVE-2026-33986 CVE-2026-25941 CVE-2026-25942  +12 more Upstream summary: DoS via WINPR_ASSERT in rts_read_auth_verifier_no_checks NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4v4p-9v5x-hc93 (CVE-2026-33952) DoS via WINPR_ASSERT in IMA ADPCM audio […]