Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2026-108 (ALASKERNEL-5.15-2026-108)

The version of kernel installed on the remote host is prior to 5.15.204-143.229. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2026-108 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: drop extent cache when splitti...

Amazon Linux 2023 : mariadb114, mariadb114-backup, mariadb114-client-utils (ALAS2023-2026-1827)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1827 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable...

Amazon Linux 2 : docker, --advisory ALAS2DOCKER-2026-129 (ALASDOCKER-2026-129)

The version of docker installed on the remote host is prior to 25.0.16-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-129 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing...

Important: docker

Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt ...

Important: docker

Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt ...

Amazon Linux 2023 : docker (ALAS2023-2026-1835)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1835 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an...

Amazon Linux 2 : docker, --advisory ALAS2NITRO-ENCLAVES-2026-110 (ALASNITRO-ENCLAVES-2026-110)

The version of docker installed on the remote host is prior to 25.0.16-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-110 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680...

SUSE-SU-2026:2327-1 Security update for go1.26

This update for go1.26 fixes the following issues Update to go1.26.4 bsc1255111: - CVE-2026-27145: crypto/x509: split candidate hostname only once bsc1267450. - CVE-2026-42504: mime: quadratic complexity in WordDecoder.DecodeHeader bsc1267442. - CVE-2026-42507: net/textproto: arbitrary input are...

Medium: perl-Crypt-PasswdMD5

Issue Overview: Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The built-in rand function is predictable, and unsuitable for cryptography. CVE-2026-6659 Affected Packages: perl-Crypt-PasswdMD5 Note: This advisory is applicable to Amazon Linux 2 AL2 Cor...

Important: mesa

Issue Overview: In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca. CVE-2026-40393 Affected Packages: mesa Note: This advisory is applicable to Amazon Lin...

Important: dotnet8.0

Issue Overview: Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. CVE-2026-32177 Loop with unreachable exit condition 'infinite loop' in ASP.NET Core allows an unauthorized attacker to deny service over a network. CVE-2026-42899 Affected Packages:...

Important: libvncserver

Issue Overview: LibVNCClient is a library for easy implementation of a VNC client. In 0.9.15 and earlier, LibVNCClient's Tight encoding decoder uses fixed-size 2048-pixel scratch buffers for the Gradient filter, but it does not reject Tight rectangles whose width is larger than 2048 pixels. A...

Medium: python3.13

Issue Overview: http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie valu...

Medium: sendmail

Issue Overview: sendmail through at least 8.14.7 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail...

Medium: composer

Issue Overview: Github Actions issued GITHUBTOKEN disclosure in GitHub Actions logs CVE-2026-45793 Affected Packages: composer Issue Correction: Run dnf update composer --releasever 2023.12.20260608 or dnf update --advisory ALAS2023-2026-1800 --releasever 2023.12.20260608 to update your system...

Medium: perl

Issue Overview: Buffer overflow in Perlstudychunk CVE-2026-8376 Affected Packages: perl Issue Correction: Run dnf update perl --releasever 2023.12.20260608 or dnf update --advisory ALAS2023-2026-1819 --releasever 2023.12.20260608 to update your system. More information on how to update your syste...

Medium: perl

Issue Overview: Buffer overflow in Perlstudychunk CVE-2026-8376 Affected Packages: perl Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update perl or yum updat...

Medium: device-mapper-persistent-data

Issue Overview: An unsoundness issue RUSTSEC-2026-0097 was found in the bundled Rust rand crate used by device-mapper-persistent-data. ThreadRng methods use unsafe code that can create aliased mutable references when a custom logger accesses rand::rng or rand::threadrng during reseeding, resultin...

Amazon Linux 2 : rsync, --advisory ALAS2-2026-3332 (ALAS-2026-3332)

The version of rsync installed on the remote host is prior to 3.1.2-11. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3332 advisory. Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counte...

Important: rsync

Issue Overview: Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outsi...