🟡 Medium ⏱ 10–30 min Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read • Source: Amazon Linux advisory ALAS2023-2026-1642 Related CVEs: CVE-2023-0341 CVE-2026-40489 Upstream summary: editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer […]
🟡 Medium ⏱ 10–30 min Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read • Source: Amazon Linux advisory ALAS2023-2026-1636 Related CVEs: CVE-2026-4948 Upstream summary: A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus (Desktop Bus) setters, setZoneSettings2 and […]
🟡 Medium ⏱ 10–30 min Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read • Source: Amazon Linux advisory ALAS2023-2026-1680 Related CVEs: CVE-2026-40355 CVE-2026-40356 CVE-2025-24528 CVE-2025-3576 CVE-2024-37370 CVE-2024-37371 CVE-2024-26458 CVE-2024-26461 +3 more Upstream summary: In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if […]
🟡 Medium ⏱ 10–30 min Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read • Source: Amazon Linux advisory ALAS2023-2026-1657 Related CVEs: CVE-2026-41254 CVE-2025-29070 Upstream summary: Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication. (CVE-2026-41254) […]
🟡 Medium ⏱ 10–30 min Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read • Source: Amazon Linux advisory ALAS2023-2026-1663 Related CVEs: CVE-2025-56005 Upstream summary: An undocumented and unsafe feature in the PLY (Python Lex-Yacc) library 3.11 allows Remote Code Execution (RCE) via the `picklefile` parameter in the `yacc()` […]
🟡 Medium ⏱ 10–30 min Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read • Source: Amazon Linux advisory ALAS2023-2026-1669 Related CVEs: CVE-2026-40354 Upstream summary: Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host context via a symlink attack […]
🟡 Medium ⏱ 10–30 min Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read • Source: Amazon Linux advisory ALAS2023-2026-1631 Related CVEs: CVE-2026-20031 CVE-2025-62518 CVE-2026-33055 CVE-2026-33056 Upstream summary: A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a […]
🟡 Medium ⏱ 10–30 min Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read • Source: Amazon Linux advisory ALAS2023-2026-1624 Related CVEs: CVE-2021-47154 CVE-2026-40198 CVE-2026-40199 Upstream summary: Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. _pack_ipv6() does not check […]
🟡 Medium ⏱ 10–30 min Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read • Source: Amazon Linux advisory ALAS2023-2026-1595 Related CVEs: CVE-2026-29145 Upstream summary: CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue […]
🟡 Medium ⏱ 10–30 min Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read • Source: Amazon Linux advisory ALAS2023-2026-1567 Related CVEs: CVE-2025-62518 CVE-2026-33055 CVE-2026-33056 CVE-2026-25727 Upstream summary: tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size […]
Progressive Robot: Your Gateway to Comprehensive IT Solutions — Specializing in Web Development, Mobile App Development, and Expert IT Services.
© All Copyright by Progressiverobot.com
VAT Number ( 506152326 )
