Amazon Linux 2

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2026-3240 Related CVEs: CVE-2026-5201 CVE-2022-48622 CVE-2025-7345 Upstream summary: A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2026-3244 Related CVEs: CVE-2026-33416 CVE-2015-8540 CVE-2026-34757 CVE-2026-25646 CVE-2025-64505 CVE-2025-64720 CVE-2017-12652 Upstream summary: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2026-3243 Related CVEs: CVE-2026-33416 CVE-2025-64505 CVE-2025-64720 Upstream summary: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2026-3235 Related CVEs: CVE-2026-4775 CVE-2025-61143 CVE-2025-61144 CVE-2025-9900 CVE-2023-6277 CVE-2022-1355 CVE-2022-3970 CVE-2022-2867  +12 more Upstream summary: A flaw was found in the libtiff library. A remote attacker could exploit a signed […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2026-3232 Related CVEs: CVE-2026-27135 CVE-2024-28182 CVE-2023-44487 CVE-2023-35945 CVE-2020-11080 CVE-2019-9511 CVE-2019-9513 CVE-2018-1000168 Upstream summary: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2NGINX1-2026-011 Related CVEs: CVE-2026-27651 CVE-2026-27654 CVE-2026-27784 CVE-2026-28753 CVE-2026-28755 CVE-2026-32647 CVE-2023-44487 CVE-2021-23017  +9 more Upstream summary: When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2026-3249 Related CVEs: CVE-2026-28387 CVE-2026-28388 CVE-2026-28389 CVE-2026-28390 CVE-2025-68160 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420  +12 more Upstream summary: Potential use-after-free in DANE client code (CVE-2026-28387) NULL Pointer Dereference When Processing a Delta CRL […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2026-3230 Related CVEs: CVE-2006-10002 CVE-2006-10003 Upstream summary: XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes. A […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2026-3233 Related CVEs: CVE-2025-67030 Upstream summary: Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code (CVE-2025-67030) Table of […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2DOCKER-2026-106 Related CVEs: CVE-2026-33186 CVE-2025-47912 CVE-2025-58183 CVE-2025-58185 CVE-2025-58186 CVE-2025-58187 CVE-2025-58188 CVE-2025-58189  +12 more Upstream summary: gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization […]