Amazon Linux 2023

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2025-1285 Related CVEs: CVE-2025-46404 CVE-2025-46705 CVE-2025-47151 Upstream summary: A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2025-1230 Related CVEs: CVE-2025-55247 CVE-2025-55248 CVE-2025-55315 CVE-2026-26171 CVE-2026-32178 CVE-2026-32203 CVE-2026-33116 CVE-2026-26130  +12 more Upstream summary: Improper link resolution before file access ('link following') in .NET allows an authorized attacker to […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2025-1231 Related CVEs: CVE-2025-55247 CVE-2025-55248 CVE-2025-55315 CVE-2026-26171 CVE-2026-32178 CVE-2026-32203 CVE-2026-33116 CVE-2026-26127  +1 more Upstream summary: Improper link resolution before file access ('link following') in .NET allows an authorized attacker to […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023NVIDIA-2025-126 Related CVEs: CVE-2025-23266 CVE-2025-23267 CVE-2025-23359 CVE-2024-0135 CVE-2024-0136 CVE-2024-0137 CVE-2024-0132 Upstream summary: NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023NVIDIA-2025-125 Related CVEs: CVE-2025-23266 CVE-2025-23267 CVE-2025-23359 CVE-2024-0135 CVE-2024-0136 CVE-2024-0137 CVE-2024-0132 Upstream summary: NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-402 Related CVEs: CVE-2023-46847 CVE-2026-32748 CVE-2026-33526 CVE-2025-62168 CVE-2025-59362 CVE-2023-49285 CVE-2023-49288 CVE-2023-5824  +12 more Upstream summary: Due to a buffer overflow bug Squid is vulnerable to a Denial of Service attack […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-016 Related CVEs: CVE-2017-12613 CVE-2021-35940 CVE-2022-24963 CVE-2023-49582 Upstream summary: An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-112 Related CVEs: CVE-2023-20032 CVE-2023-20052 CVE-2023-20197 CVE-2022-20698 CVE-2022-20770 CVE-2022-20771 CVE-2022-20785 CVE-2022-20796  +3 more Upstream summary: Possible remote code execution vulnerability in the ClamAV HFS+ file parser. The issue affects ClamAV […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-058 Related CVEs: CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827  +12 more Upstream summary: In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-077 Related CVEs: CVE-2022-29599 Upstream summary: org.apache.maven.shared:maven-shared-utils is a functional replacement for plexus-utils in Maven. Affected versions of this package are vulnerable to Command Injection. The Commandline class can emit […]