CVE-2026-41178 vulnerabilities

Vulnerabilities for packages: trivy-operator-fips, neuvector-scanner-fips, gcp-compute-persistent-disk-csi-driver-fips, helm-operator, gitlab-pages-fips, databricks-cli-fips, kgateway, tw, crossplane-provider-azure-relay, tekton-pipelines, knative-serving, opentofu, dapr-fips,...

Important: amazon-cloudwatch-agent

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

CLEANSTART-2026-GA28186 Security fixes for CVE-2026-41602 applied in versions: 1.300066.1-r0

Security vulnerability affects the amazon-cloudwatch-agent package. This issue is resolved in later releases. See references for vulnerability details...

OPENSUSE-SU-2026:10699-1 amazon-cloudwatch-agent-1.300066.1-1.1 on GA media

These are all security issues fixed in the amazon-cloudwatch-agent-1.300066.1-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-38516

These are all security issues fixed in the amazon-cloudwatch-agent-1.300066.1-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-29181 vulnerabilities

Vulnerabilities for packages: cilium, datadog-agent, crossplane-provider-aws-dynamodb, vault-env, buildah, crossplane-provider-aws-cloudwatchlogs, crossplane-provider-aws-route53, falco-no-driver, k8ssandra-client, prometheus, act, eksctl, db-operator, gitlab-kas, rancher-webhook,...

GHSA-MH2Q-Q3FH-2475 vulnerabilities

Vulnerabilities for packages: cilium, datadog-agent, crossplane-provider-aws-dynamodb, vault-env, buildah, crossplane-provider-aws-cloudwatchlogs, crossplane-provider-aws-route53, falco-no-driver, k8ssandra-client, prometheus, act, eksctl, db-operator, gitlab-kas, rancher-webhook,...

Amazon Linux 2 : amazon-cloudwatch-agent, --advisory ALAS2-2026-3248 (ALAS-2026-3248)

"The version of amazon-cloudwatch-agent installed on the remote host is prior to 1.300064.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3248 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs...

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: trivy-operator-fips, pgpool2exporter, verticadb-operator-fips, task, crossplane-provider-aws-dynamodb-fips, crossplane-provider-aws-wafv2-fips, goose, kubernetes-csi-driver-nfs-fips, dex-k8s-authenticator, cadence, databricks-cli-fips, fscrypt, libnvidia-container,...

GHSA-65XW-VW82-R86X vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-kms-fips, crossplane-provider-aws-dynamodb-fips, crossplane-provider-aws-wafv2-fips, crossplane-provider-aws-sqs, crossplane-provider-aws-sns, crossplane-provider-aws-elbv2, amazon-cloudwatch-agent-fips, crossplane-provider-aws-eks-fips,...

amazon-cloudwatch-agent-1.300064.0-2.1 on GA media (moderate)

amazon-cloudwatch-agent-1.300064.0-2.1 on GA media Announcement ID: openSUSE-SU-2026:10420-1 Rating: moderate Cross-References: CVE-2026-33186 CVSS scores: CVE-2026-33186 SUSE : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2026-33186 SUSE : 8.6...

Medium: amazon-cloudwatch-agent

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

OPENSUSE-SU-2026:10420-1 amazon-cloudwatch-agent-1.300064.0-2.1 on GA media

These are all security issues fixed in the amazon-cloudwatch-agent-1.300064.0-2.1 package on the GA media of openSUSE Tumbleweed...

Medium: amazon-cloudwatch-agent

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

GHSA-J4J7-VW47-RHFQ vulnerabilities

Vulnerabilities for packages: trivy-operator-fips, verticadb-operator-fips, crossplane-provider-aws-dynamodb-fips, goose, kubernetes-csi-driver-nfs-fips, dex-k8s-authenticator, databricks-cli-fips, fscrypt, k8sgpt, libnvidia-container, newrelic-infrastructure-agent,...

CVE-2026-25679 vulnerabilities

Vulnerabilities for packages: trivy-operator-fips, pgpool2exporter, verticadb-operator-fips, kube-mgmt, crossplane-provider-aws-dynamodb-fips, goose, kubernetes-csi-driver-nfs-fips, dex-k8s-authenticator, databricks-cli-fips, fscrypt, k8sgpt, libnvidia-container, local-static-provisioner,...

Low: amazon-cloudwatch-agent

Issue Overview: No CVE associated with this advisory Affected Packages: amazon-cloudwatch-agent Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update...

Low: amazon-cloudwatch-agent

Issue Overview: No CVE associated with this advisory Affected Packages: amazon-cloudwatch-agent Issue Correction: Run dnf update amazon-cloudwatch-agent --releasever 2023.10.20260216 or dnf update --advisory ALAS2023-2026-1442 --releasever 2023.10.20260216 to update your system. More information ...

GHSA-XVQR-69V8-F3GV vulnerabilities

Vulnerabilities for packages: secrets-store-csi-driver-provider-aws, crossplane-provider-aws-dynamodb, knative-operator, prometheus, azurefile-csi, dapr, db-operator, dkron, steampipe, modelmesh-runtime-adapter, helm-docs, boring-registry, rancher-loglevel, apache-exporter, pgpool2exporter,...

GHSA-GR56-3GP6-6GMJ vulnerabilities

Vulnerabilities for packages: dynamic-localpv-provisioner, redis-operator, secrets-store-csi-driver-provider-aws, crossplane-provider-aws-dynamodb, lazygit, kapp-controller, azure-service-operator, metacontroller, ytt, crossplane-provider-aws-cloudwatchlogs, dockerize, knative-operator,...