8 matches found
Medium: ecs-init
Issue Overview: Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder Affected Packages: ecs-init Note: This advisory is applicable to Amazon Linux 2 - Ecs Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL...
Amazon Linux 2 : ecs-init, --advisory ALAS2ECS-2026-120 (ALASECS-2026-120)
The version of ecs-init installed on the remote host is prior to 1.103.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-120 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory an...
Medium: docker
Issue Overview: Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may...
Amazon Linux 2 : ecs-init, --advisory ALAS2ECS-2026-101 (ALASECS-2026-101)
"The version of ecs-init installed on the remote host is prior to 1.102.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-101 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Un...
Amazon Linux 2 : containerd, --advisory ALAS2ECS-2026-098 (ALASECS-2026-098)
The version of containerd installed on the remote host is prior to 2.1.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-098 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary...
Amazon Linux 2 : oci-add-hooks, --advisory ALAS2ECS-2025-086 (ALASECS-2025-086)
The version of oci-add-hooks installed on the remote host is prior to 0-0.6.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2025-086 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain...
Amazon Linux 2 : runc (ALASECS-2025-073)
The version of runc installed on the remote host is prior to 1.2.6-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-073 advisory. Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...
Medium: ecs-init
Issue Overview: No CVE was issued for this update. Affected Packages: ecs-init Note: This advisory is applicable to Amazon Linux 2 - Ecs Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue...