Amazon Linux 2023

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1428 Related CVEs: CVE-2026-22702 Upstream summary: virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU (Time-of-Check-Time-of-Use) vulnerabilities in virtualenv allow local attackers to perform […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1432 Related CVEs: CVE-2025-14242 CVE-2021-3618 Upstream summary: A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer overflow in the ls command parameter […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1372 Related CVEs: CVE-2025-67873 Upstream summary: Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make cs_disasm/cs_disasm_iter memcpy […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1415 Related CVEs: CVE-2025-68146 CVE-2026-22701 Upstream summary: filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use (TOCTOU) race condition allows local attackers to corrupt […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2026-1363 Related CVEs: CVE-2025-68431 CVE-2026-3949 Upstream summary: libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2025-1331 Related CVEs: CVE-2025-13699 CVE-2026-21968 CVE-2025-30722 CVE-2023-52971 Upstream summary: A flaw was found in MariaDB. This vulnerability allows remote attackers to execute arbitrary code on affected installations via improper validation […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2025-1352 Related CVEs: CVE-2025-14177 CVE-2025-14178 CVE-2025-14180 CVE-2025-1220 CVE-2025-1735 CVE-2025-6491 Upstream summary: NOTE: https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7 NOTE: https://github.com/php/php-src/commit/c5f28c7cf0a052f48e47877c7aa5c5bcc54f1cfc DEBIANBUG: [1123574] (CVE-2025-14177) NOTE: https://github.com/php/php-src/security/advisories/GHSA-h96m-rvf9-jgm2 NOTE: Fixed by: https://github.com/php/php-src/commit/e6d7d34c1ae46281993036189e3bcb6528911ce8 (php-8.4.16) DEBIANBUG: [1123574] (CVE-2025-14178) NOTE: https://github.com/php/php-src/security/advisories/ […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2025-1339 Related CVEs: CVE-2025-66453 Upstream summary: Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2025-1301 Related CVEs: CVE-2025-11412 CVE-2025-7546 CVE-2025-1176 CVE-2025-1182 CVE-2024-57360 CVE-2025-0840 CVE-2023-1579 CVE-2022-45703  +8 more Upstream summary: A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of […]