Amazon Linux 2023

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-082 Related CVEs: CVE-2022-3179 CVE-2022-31799 Upstream summary: Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.2. (CVE-2022-3179) Bottle before 0.12.20 mishandles errors during early request binding. (CVE-2022-31799) Table of […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-062 Related CVEs: CVE-2022-23491 Upstream summary: Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-056 Related CVEs: CVE-2022-21712 CVE-2022-21716 CVE-2022-24801 CVE-2024-41671 CVE-2024-41810 CVE-2023-46137 CVE-2022-39348 Upstream summary: A flaw was found in the twisted Python library when WebClient redirects via the RedirectAgent and BrowserLikeRedirectAgent methods. […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-001 Related CVEs: CVE-2014-3634 CVE-2022-24903 Upstream summary: A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-011 Related CVEs: CVE-2021-28544 CVE-2022-24070 Upstream summary: A flaw was found in Subversion. When using path-based authorization (authz), the helper function detect_changed() does not omit potentially sensitive information from log […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-042 Related CVEs: CVE-2022-1271 Upstream summary: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-003 Related CVEs: CVE-2018-25032 CVE-2022-37434 CVE-2023-45853 Upstream summary: An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating (ex: when compressing) if the input has many […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023NVIDIA-2026-278 Related CVEs: CVE-2024-0110 CVE-2025-23272 CVE-2025-23247 CVE-2024-53870 CVE-2024-53871 CVE-2024-53872 CVE-2024-53874 CVE-2024-53875  +4 more Upstream summary: NVIDIA CUDA Toolkit contains a vulnerability in command `cuobjdump` where a user may cause an […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1705 Related CVEs: CVE-2026-41989 CVE-2024-2236 Upstream summary: Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt. (CVE-2026-41989) Table of contents […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1697 Related CVEs: CVE-2026-7111 Upstream summary: CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory […]