Amazon Linux

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2018-981 Related CVEs: CVE-2018-5146 Upstream summary: Vorbis audio processing out of bounds write (MFSA 2018-08): An out of bounds write flaw was found in the processing of vorbis audio data. […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2026-3282 Related CVEs: CVE-2026-41651 CVE-2018-1106 CVE-2024-0217 Upstream summary: PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2ECS-2026-109 Related CVEs: CVE-2026-27143 CVE-2026-27144 CVE-2026-32280 CVE-2026-32281 CVE-2026-32282 CVE-2026-32283 CVE-2026-32288 CVE-2026-32289  +12 more Upstream summary: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2ECS-2026-108 Related CVEs: CVE-2026-27143 CVE-2026-27144 CVE-2026-32280 CVE-2026-32281 CVE-2026-32282 CVE-2026-32283 CVE-2026-32288 CVE-2026-32289  +12 more Upstream summary: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2026-3280 Related CVEs: CVE-2026-4519 CVE-2026-4786 CVE-2026-6100 CVE-2025-13462 CVE-2026-3479 CVE-2025-8194 CVE-2022-48565 CVE-2022-45061  +12 more Upstream summary: Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2026-3297 Related CVEs: CVE-2026-41066 CVE-2014-3146 CVE-2018-19787 CVE-2021-43818 CVE-2021-28957 CVE-2020-27783 Upstream summary: lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2026-3281 Related CVEs: CVE-2026-4519 CVE-2026-4786 CVE-2026-6100 CVE-2025-13462 CVE-2026-3479 CVE-2025-8194 CVE-2024-6232 CVE-2023-6597  +12 more Upstream summary: Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2026-3285 Related CVEs: CVE-2026-41176 CVE-2026-41179 CVE-2026-33186 CVE-2025-47912 CVE-2025-58183 CVE-2025-58185 CVE-2025-58186 CVE-2025-58187  +7 more Upstream summary: Rclone is a command-line program to sync files and directories to and from different cloud […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2026-3284 Related CVEs: CVE-2026-41316 CVE-2024-47220 CVE-2021-33621 CVE-2017-17742 CVE-2019-15845 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255  +12 more Upstream summary: ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read  •  Source: Amazon Linux advisory ALAS2-2026-3296 Related CVEs: CVE-2026-6654 CVE-2024-24575 CVE-2024-24577 CVE-2023-38497 CVE-2025-62518 CVE-2026-0810 CVE-2026-33055 CVE-2026-33056  +12 more Upstream summary: Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` functions in the thin_vec crate. A […]