Amazon Linux

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-177 Related CVEs: CVE-2021-27212 CVE-2023-2953 Upstream summary: In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion … NOTE: https://bugs.openldap.org/show_bug.cgi?id=9454 NOTE: trunk: https://git.openldap.org/openldap/openldap/-/commit/3539fc33212b528c56b716584f2c2994af7c30b0 NOTE: REL_ENG 2.4.x: https://git.openldap.org/openldap/openldap/-/commit/9badb73425a67768c09bcaed1a9c26c684af6c30 (CVE-2021-27212) Table of […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-155 Related CVEs: CVE-2022-31622 CVE-2022-31623 CVE-2022-32091 CVE-2022-38791 CVE-2022-47015 CVE-2021-2372 CVE-2021-2389 CVE-2021-35604  +12 more Upstream summary: MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. (CVE-2022-32091) In […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-153 Related CVEs: CVE-2022-48303 CVE-2023-39804 Upstream summary: GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-105 Related CVEs: CVE-2022-42920 Upstream summary: Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-063 Related CVEs: CVE-2022-24407 Upstream summary: A flaw was found in the SQL plugin shipped with Cyrus SASL. Failure to properly escape the SQL input allows a remote attacker to […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-126 Related CVEs: CVE-2022-3787 CVE-2022-41973 CVE-2022-41974 Upstream summary: A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-047 Related CVEs: CVE-2022-1705 CVE-2022-1962 CVE-2022-1996 CVE-2022-24675 CVE-2022-27191 CVE-2022-28131 CVE-2022-28327 CVE-2022-29526  +7 more Upstream summary: 2023-05-11: CVE-2022-1996 has changed status to NOT AFFECTED for this package and has been removed […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-043 Related CVEs: CVE-2022-1271 Upstream summary: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-107 Related CVEs: CVE-2022-44617 CVE-2022-46285 CVE-2022-4883 CVE-2026-4367 CVE-2023-43786 CVE-2023-43787 CVE-2023-43789 CVE-2023-43788 Upstream summary: A flaw was found in libXpm. When processing a file with width of 0 and a very […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2023 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2023-2023-088 Related CVEs: CVE-2022-3515 Upstream summary: A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for […]