Amazon Linux 2023

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1391 Related CVEs: CVE-2025-14523 CVE-2026-0719 CVE-2025-32049 CVE-2025-4948 CVE-2025-32906 CVE-2025-32907 CVE-2025-32911 CVE-2025-32913  +12 more Upstream summary: A flaw in libsoup's HTTP header handling allows multiple Host: headers in a request and […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1395 Related CVEs: CVE-2025-13151 CVE-2021-46848 CVE-2024-12133 Upstream summary: Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1399 Related CVEs: CVE-2026-21876 CVE-2026-33691 Upstream summary: The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1417 Related CVEs: CVE-2026-23490 CVE-2026-30922 Upstream summary: pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1418 Related CVEs: CVE-2025-66418 CVE-2025-66471 CVE-2026-21441 CVE-2025-50181 CVE-2024-37891 CVE-2023-43804 Upstream summary: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1414 Related CVEs: CVE-2026-24049 Upstream summary: wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.46.1 and below, the unpack function […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1362 Related CVEs: CVE-2025-68615 Upstream summary: net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp snmptrapd daemon […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1369 Related CVEs: CVE-2022-50798 Upstream summary: SoX 14.4.2 contains a division by zero vulnerability when handling WAV files that can cause program crashes. Attackers can trigger a floating point exception […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2025-1327 Related CVEs: CVE-2025-61727 CVE-2025-61729 CVE-2025-65637 CVE-2025-47912 CVE-2025-58183 CVE-2025-58185 CVE-2025-58186 CVE-2025-58187  +12 more Upstream summary: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2025-1330 Related CVEs: CVE-2025-14010 Upstream summary: A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running […]