Amazon Linux 2023

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1549 Related CVEs: CVE-2026-33952 CVE-2026-33977 CVE-2026-33982 CVE-2026-33983 CVE-2026-33984 CVE-2026-33985 CVE-2026-33986 CVE-2026-33987  +12 more Upstream summary: DoS via WINPR_ASSERT in rts_read_auth_verifier_no_checks NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4v4p-9v5x-hc93 (CVE-2026-33952) DoS via WINPR_ASSERT in IMA ADPCM audio […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1553 Related CVEs: CVE-2022-48622 CVE-2025-6199 CVE-2025-7345 CVE-2026-5201 CVE-2021-44648 CVE-2021-46829 Upstream summary: In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1585 Related CVEs: CVE-2026-33164 CVE-2026-33165 CVE-2025-61147 Upstream summary: libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1563 Related CVEs: CVE-2026-33416 CVE-2026-33636 CVE-2025-66293 CVE-2025-64505 CVE-2025-64506 CVE-2025-64720 CVE-2025-65018 CVE-2026-34757  +5 more Upstream summary: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1547 Related CVEs: CVE-2026-4775 CVE-2025-61143 CVE-2025-61144 CVE-2025-9900 CVE-2022-3570 CVE-2022-3598 CVE-2022-48281 CVE-2023-30775  +12 more Upstream summary: A flaw was found in the libtiff library. A remote attacker could exploit a signed […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1542 Related CVEs: CVE-2026-27135 CVE-2024-28182 CVE-2023-44487 CVE-2023-35945 Upstream summary: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1540 Related CVEs: CVE-2026-27651 CVE-2026-27654 CVE-2026-27784 CVE-2026-28753 CVE-2026-28755 CVE-2026-32647 CVE-2023-44487 CVE-2026-1642  +6 more Upstream summary: When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1577 Related CVEs: CVE-2024-36137 CVE-2026-21710 CVE-2026-21713 CVE-2026-21714 CVE-2026-21715 CVE-2026-21716 CVE-2026-21717 CVE-2026-1525  +12 more Upstream summary: A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1586 Related CVEs: CVE-2026-28387 CVE-2026-28388 CVE-2026-28389 CVE-2026-28390 CVE-2026-31790 CVE-2025-15468 CVE-2025-66199 CVE-2025-68160  +12 more Upstream summary: Potential use-after-free in DANE client code (CVE-2026-28387) NULL Pointer Dereference When Processing a Delta CRL […]