Amazon Linux 2023

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1504 Related CVEs: CVE-2026-2921 CVE-2025-47806 CVE-2025-47807 CVE-2025-47808 Upstream summary: An integer overflow in the RIFF parser that can cause crashes for certain input files. (CVE-2026-2921) Table of contents Symptom & […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1503 Related CVEs: CVE-2026-3083 CVE-2026-3085 CVE-2026-1940 CVE-2025-47183 CVE-2025-47219 Upstream summary: Heap-based buffer overflow and out-of-bounds write in the RTP QDM2 depayloader. (CVE-2026-3083) Heap-based buffer overflow and out-of-bounds write in the […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1510 Related CVEs: CVE-2026-25727 CVE-2026-3336 CVE-2026-3337 CVE-2026-3338 CVE-2026-4428 Upstream summary: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1517 Related CVEs: CVE-2026-4177 CVE-2025-11683 Upstream summary: YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1502 Related CVEs: CVE-2026-31958 CVE-2025-67724 CVE-2025-67725 CVE-2025-67726 CVE-2026-35536 CVE-2025-47287 CVE-2024-52804 CVE-2023-28370 Upstream summary: Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1528 Related CVEs: CVE-2025-67724 CVE-2025-67725 CVE-2025-67726 CVE-2026-31958 CVE-2026-35536 Upstream summary: Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1480 Related CVEs: CVE-2026-25884 CVE-2026-27596 CVE-2026-27631 CVE-2025-54080 CVE-2025-55304 CVE-2025-26623 Upstream summary: Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1479 Related CVEs: CVE-2026-28364 Upstream summary: In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1492 Related CVEs: CVE-2025-69534 Upstream summary: Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1497 Related CVEs: CVE-2025-66614 CVE-2026-24733 CVE-2026-24734 CVE-2025-55752 CVE-2025-61795 CVE-2025-48989 CVE-2025-52520 CVE-2025-53506  +12 more Upstream summary: mproper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 […]