Amazon Linux 2023

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1536 Related CVEs: CVE-2006-10002 CVE-2006-10003 Upstream summary: XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes. A […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1545 Related CVEs: CVE-2025-67030 Upstream summary: Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code (CVE-2025-67030) Table of […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1548 Related CVEs: CVE-2026-33186 CVE-2025-47912 CVE-2025-58183 CVE-2025-58185 CVE-2025-58186 CVE-2025-58187 CVE-2025-58188 CVE-2025-58189  +12 more Upstream summary: gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1573 Related CVEs: CVE-2026-25679 CVE-2026-27139 CVE-2026-27142 CVE-2026-33186 CVE-2025-47912 CVE-2025-58183 CVE-2025-58185 CVE-2025-58186  +12 more Upstream summary: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. (CVE-2026-25679) On Unix platforms, […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1559 Related CVEs: CVE-2026-35535 CVE-2025-32462 CVE-2025-32463 CVE-2022-43995 CVE-2023-22809 CVE-2023-27320 CVE-2023-28486 CVE-2023-28487  +1 more Upstream summary: In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1499 Related CVEs: CVE-2025-61731 CVE-2025-68119 CVE-2025-22874 CVE-2025-4673 CVE-2025-47912 CVE-2025-58183 CVE-2025-58185 CVE-2025-58186  +12 more Upstream summary: cmd/go: bypass of flag sanitization can lead to arbitrary code execution (CVE-2025-61731) cmd/go: unexpected code […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1532 Related CVEs: CVE-2026-26308 CVE-2026-26309 CVE-2026-26310 CVE-2026-26311 CVE-2026-26330 CVE-2024-11407 CVE-2024-25176 CVE-2024-25177  +12 more Upstream summary: Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1508 Related CVEs: CVE-2026-23868 CVE-2023-48161 CVE-2024-45993 CVE-2025-31344 CVE-2023-39742 CVE-2020-23922 CVE-2022-28506 Upstream summary: Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1521 Related CVEs: CVE-2026-2923 CVE-2026-3082 Upstream summary: Various out-of-bounds reads and writes in the DVB subtitle decoder that can cause crashes for certain input files. (CVE-2026-2923) GStreamer JPEG Parser Heap-based […]