Amazon Linux 2

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2DOCKER-2026-107 Related CVEs: CVE-2026-25679 CVE-2026-27139 CVE-2026-27142 CVE-2026-33186 CVE-2025-47912 CVE-2025-58183 CVE-2025-58185 CVE-2025-58186  +12 more Upstream summary: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. (CVE-2026-25679) On Unix platforms, […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2ECS-2026-100 Related CVEs: CVE-2026-26308 CVE-2026-26309 CVE-2026-26310 CVE-2026-26311 CVE-2026-26330 CVE-2024-11407 CVE-2024-25176 CVE-2024-25177  +12 more Upstream summary: Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2026-3212 Related CVEs: CVE-2026-23868 CVE-2021-40633 CVE-2023-48161 Upstream summary: Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2026-3222 Related CVEs: CVE-2026-3082 CVE-2024-0444 CVE-2023-44429 CVE-2023-44446 CVE-2023-40474 CVE-2023-40475 CVE-2023-40476 Upstream summary: GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2026-3210 Related CVEs: CVE-2026-2921 CVE-2024-4453 CVE-2024-47538 CVE-2024-47607 CVE-2024-47615 CVE-2023-37327 CVE-2023-37328 CVE-2025-47806  +7 more Upstream summary: An integer overflow in the RIFF parser that can cause crashes for certain input files. […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2026-3209 Related CVEs: CVE-2026-3083 CVE-2026-3085 CVE-2024-47540 CVE-2024-47606 CVE-2024-47537 CVE-2024-47613 CVE-2023-37327 CVE-2026-1940  +12 more Upstream summary: Heap-based buffer overflow and out-of-bounds write in the RTP QDM2 depayloader. (CVE-2026-3083) Heap-based buffer overflow […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2026-3216 Related CVEs: CVE-2026-4177 CVE-2025-11683 Upstream summary: YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2026-3214 Related CVEs: CVE-2026-31958 CVE-2025-67724 CVE-2025-67725 CVE-2025-67726 CVE-2026-35536 CVE-2025-47287 CVE-2023-28370 Upstream summary: Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2026-3213 Related CVEs: CVE-2026-31958 CVE-2025-67724 CVE-2025-67725 CVE-2025-67726 CVE-2026-35536 CVE-2025-47287 CVE-2024-52804 CVE-2023-28370 Upstream summary: Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, […]