Amazon Linux 2023 : mariadb114, mariadb114-backup, mariadb114-client-utils (ALAS2023-2026-1827)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1827 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable...

Important: docker

Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt ...

Amazon Linux 2 : docker, --advisory ALAS2DOCKER-2026-129 (ALASDOCKER-2026-129)

The version of docker installed on the remote host is prior to 25.0.16-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-129 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing...

Important: docker

Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt ...

Amazon Linux 2 : docker, --advisory ALAS2NITRO-ENCLAVES-2026-110 (ALASNITRO-ENCLAVES-2026-110)

The version of docker installed on the remote host is prior to 25.0.16-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-110 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680...

Amazon Linux 2023 : docker (ALAS2023-2026-1835)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1835 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an...

SUSE-SU-2026:2327-1 Security update for go1.26

This update for go1.26 fixes the following issues Update to go1.26.4 bsc1255111: - CVE-2026-27145: crypto/x509: split candidate hostname only once bsc1267450. - CVE-2026-42504: mime: quadratic complexity in WordDecoder.DecodeHeader bsc1267442. - CVE-2026-42507: net/textproto: arbitrary input are...

Important: nginx

Issue Overview: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string...

Important: perl-HTTP-Daemon

Issue Overview: HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix a race condition between loginwork and the login thread CVE-2022-50350 In the Linux kernel, the following vulnerability has been resolved: fuse: reject oversized dirents in page cache...

Medium: python-mako

Issue Overview: Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the...

Important: rsync

Issue Overview: Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outsi...

Important: atril

Issue Overview: CVE-2026-46529 is a command injection vulnerability in Evince, Atril, and Xreader caused by missing quoting of shell-like input in evspawn in ev-application.c. CVE-2026-46529 Affected Packages: atril Note: This advisory is applicable to Amazon Linux 2 - Mate-desktop1.x Extra. Visi...

Medium: python3.9

Issue Overview: http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie valu...

Medium: capstone

Issue Overview: Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, an unchecked vsnprintf return in SStreamconcat lets a malicious csoptmem.vsnprintf drive SStream's index negative or past the end, leading to a stack buffer underflow/overflow when the next write occurs. Comm...

Medium: device-mapper-persistent-data

Issue Overview: An unsoundness issue RUSTSEC-2026-0097 was found in the bundled Rust rand crate used by device-mapper-persistent-data. ThreadRng methods use unsafe code that can create aliased mutable references when a custom logger accesses rand::rng or rand::threadrng during reseeding, resultin...

Medium: perl-libwww-perl

Issue Overview: LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and Proxy-Authorizatio...

Medium: perl-Crypt-PasswdMD5

Issue Overview: Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The built-in rand function is predictable, and unsuitable for cryptography. CVE-2026-6659 Affected Packages: perl-Crypt-PasswdMD5 Note: This advisory is applicable to Amazon Linux 2 AL2 Cor...

Medium: composer

Issue Overview: Github Actions issued GITHUBTOKEN disclosure in GitHub Actions logs CVE-2026-45793 Affected Packages: composer Issue Correction: Run dnf update composer --releasever 2023.12.20260608 or dnf update --advisory ALAS2023-2026-1800 --releasever 2023.12.20260608 to update your system...

Medium: bind

Issue Overview: Limit resolver server list size CVE-2026-3592 Avoid unbounded recursion loop CVE-2026-5950 Affected Packages: bind Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue...