CVE-2026-41178 vulnerabilities

Vulnerabilities for packages: gotrue, azurefile-csi, kots, crossplane-fips, kubescape-server-fips, gitlab-operator, stunnerd, terraform-provider-databricks-fips, cluster-api-azure-controller-fips, argo-workflows-fips, kubescape-server, docker-fips, ansible-operator-fips, cadvisor,...

Important: amazon-cloudwatch-agent

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

CLEANSTART-2026-MJ26242 Security fixes for CVE-2026-41602, ghsa-wf45-q9ch-q8gh applied in versions: 1.300066.1-r0

Multiple security vulnerabilities affect the amazon-cloudwatch-agent-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-GA28186 Security fixes for CVE-2026-41602 applied in versions: 1.300066.1-r0

Security vulnerability affects the amazon-cloudwatch-agent package. This issue is resolved in later releases. See references for vulnerability details...

PT-2026-38516

These are all security issues fixed in the amazon-cloudwatch-agent-1.300066.1-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10699-1 amazon-cloudwatch-agent-1.300066.1-1.1 on GA media

These are all security issues fixed in the amazon-cloudwatch-agent-1.300066.1-1.1 package on the GA media of openSUSE Tumbleweed...

GHSA-MH2Q-Q3FH-2475 vulnerabilities

Vulnerabilities for packages: consul-k8s, k3d, metallb, flux, kapp, crossplane-provider-aws-sns, kuberay-operator, crossplane-provider-aws-route53, gitlab-runner, cloudflared, kubernetes-csi-external-snapshotter, haproxy-ingress, kubernetes-csi-driver-nfs, datadog-agent, argo-events,...

CVE-2026-29181 vulnerabilities

Vulnerabilities for packages: consul-k8s, k3d, metallb, flux, kapp, crossplane-provider-aws-sns, kuberay-operator, crossplane-provider-aws-route53, gitlab-runner, cloudflared, kubernetes-csi-external-snapshotter, haproxy-ingress, kubernetes-csi-driver-nfs, datadog-agent, argo-events,...

Amazon Linux 2 : amazon-cloudwatch-agent, --advisory ALAS2-2026-3248 (ALAS-2026-3248)

"The version of amazon-cloudwatch-agent installed on the remote host is prior to 1.300064.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3248 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs...

CVE-2026-32282 vulnerabilities

Vulnerabilities for packages: aws-flb-cloudwatch, zot, telegraf, gitaly, kubernetes, cilium-cli, istio, prometheus-operator, redka, flux, knative-operator, nerdctl, coredns, kubescape, fscrypt, cert-manager, gatekeeper, kube-fluentd-operator, net-kourier, ingress-nginx-controller,...

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: gke-gcloud-auth-plugin, memcached-exporter, kubernetes, terraform-provider-time, crossplane-provider-gcp, vendir, wal-g, amazon-k8s-cni, esbuild, haproxy-ingress, helm, datadog-agent, argo-events, gostatsd, influx, kube-logging-operator-custom-runner,...

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: flux-source-watcher-fips, kube-arangodb-fips, supercronic, crossplane-provider-sql, thanos-receive-controller-fips, crane-fips, kaf, wal-g, knative-storage-migrate-fips, gendesk, kubescape-server-fips, rke2-cloud-provider-fips, aws-eks-pod-identity-agent-fips,...

CVE-2026-32287 vulnerabilities

Vulnerabilities for packages: telegraf, amazon-cloudwatch-agent-fips, crossplane-provider-aws-ecr, grafana-alloy-fips, crossplane-provider-aws-efs, crossplane-provider-aws-cognitoidentity-fips, crossplane-provider-aws-memorydb, crossplane-provider-aws-lambda-fips, crossplane-provider-aws-iam-fips...

GHSA-65XW-VW82-R86X vulnerabilities

Vulnerabilities for packages: telegraf, amazon-cloudwatch-agent-fips, crossplane-provider-aws-ecr, grafana-alloy-fips, crossplane-provider-aws-efs, crossplane-provider-aws-cognitoidentity-fips, crossplane-provider-aws-memorydb, crossplane-provider-aws-lambda-fips, crossplane-provider-aws-iam-fips...

amazon-cloudwatch-agent-1.300064.0-2.1 on GA media (moderate)

amazon-cloudwatch-agent-1.300064.0-2.1 on GA media Announcement ID: openSUSE-SU-2026:10420-1 Rating: moderate Cross-References: CVE-2026-33186 CVSS scores: CVE-2026-33186 SUSE : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2026-33186 SUSE : 8.6...

Medium: amazon-cloudwatch-agent

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

OPENSUSE-SU-2026:10420-1 amazon-cloudwatch-agent-1.300064.0-2.1 on GA media

These are all security issues fixed in the amazon-cloudwatch-agent-1.300064.0-2.1 package on the GA media of openSUSE Tumbleweed...

Amazon Linux 2 : amazon-cloudwatch-agent, --advisory ALAS2-2026-3191 (ALAS-2026-3191)

The version of amazon-cloudwatch-agent installed on the remote host is prior to 1.300064.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3191 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when...

Medium: amazon-cloudwatch-agent

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

CVE-2026-25679 vulnerabilities

Vulnerabilities for packages: kubecolor, kube-arangodb-fips, supercronic, kaniko, thanos-receive-controller-fips, crane-fips, kaf, wal-g, prometheus-alertmanager, gendesk, kubernetes-csi-external-attacher-fips, kubescape-server-fips, aws-eks-pod-identity-agent-fips, memcached-exporter, ctop,...