CVE-2026-41178 vulnerabilities

Vulnerabilities for packages: argo-cd, azure-service-operator-fips, gitlab-cng, aws-iam-authenticator, docker-compose-fips, azurefile-csi-fips, cloudbeat-fips, cadvisor-fips, knative-serving, crossplane-provider-azure-signalrservice, boring-registry-fips, k9s-fips, flux-notification-controller,...

Important: amazon-cloudwatch-agent

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

CLEANSTART-2026-MJ26242 Security fixes for CVE-2026-41602, ghsa-wf45-q9ch-q8gh applied in versions: 1.300066.1-r0

Multiple security vulnerabilities affect the amazon-cloudwatch-agent-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-GA28186 Security fixes for CVE-2026-41602 applied in versions: 1.300066.1-r0

Security vulnerability affects the amazon-cloudwatch-agent package. This issue is resolved in later releases. See references for vulnerability details...

PT-2026-38516

These are all security issues fixed in the amazon-cloudwatch-agent-1.300066.1-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10699-1 amazon-cloudwatch-agent-1.300066.1-1.1 on GA media

These are all security issues fixed in the amazon-cloudwatch-agent-1.300066.1-1.1 package on the GA media of openSUSE Tumbleweed...

GHSA-MH2Q-Q3FH-2475 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-route53, flux-image-reflector-controller, db-operator, opentofu, aws-privateca-issuer, crossplane-provider-aws-sqs, aws-efs-csi-driver, undock, k8ssandra-client, yunikorn-k8shim, crossplane-provider-aws-cloudfront, ipfs-cluster, emissary, src,...

Amazon Linux 2 : amazon-cloudwatch-agent, --advisory ALAS2-2026-3248 (ALAS-2026-3248)

"The version of amazon-cloudwatch-agent installed on the remote host is prior to 1.300064.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3248 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs...

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: ko, chaos-mesh, logstash-exporter, kuberay-operator-fips, nri-rabbitmq, rancher-agent, openbao-k8s, prometheus-adapter, tekton-pipelines-fips, aws-efs-csi-driver-fips, nrdot-collector-k8s-fips, fluxcd-kustomize-mutating-webhook-fips, crossplane-provider-azure-storage...

CVE-2026-32287 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-efs-fips, nrdot-collector-k8s-fips, crossplane-provider-aws-sqs-fips, crossplane-provider-azure-storage, crossplane-provider-aws-efs, crossplane-provider-aws-eks-fips, crossplane-provider-aws-ecs-fips,...

amazon-cloudwatch-agent-1.300064.0-2.1 on GA media (moderate)

amazon-cloudwatch-agent-1.300064.0-2.1 on GA media Announcement ID: openSUSE-SU-2026:10420-1 Rating: moderate Cross-References: CVE-2026-33186 CVSS scores: CVE-2026-33186 SUSE : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2026-33186 SUSE : 8.6...

Medium: amazon-cloudwatch-agent

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

Amazon Linux 2 : amazon-cloudwatch-agent, --advisory ALAS2-2026-3191 (ALAS-2026-3191)

The version of amazon-cloudwatch-agent installed on the remote host is prior to 1.300064.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3191 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when...

Medium: amazon-cloudwatch-agent

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

Low: amazon-cloudwatch-agent

Issue Overview: No CVE associated with this advisory Affected Packages: amazon-cloudwatch-agent Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update...

Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2026-1442)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1442 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks...

Amazon Linux 2 : amazon-cloudwatch-agent, --advisory ALAS2-2026-3174 (ALAS-2026-3174)

The version of amazon-cloudwatch-agent installed on the remote host is prior to 1.300064.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3174 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported...

Low: amazon-cloudwatch-agent

Issue Overview: No CVE associated with this advisory Affected Packages: amazon-cloudwatch-agent Issue Correction: Run dnf update amazon-cloudwatch-agent --releasever 2023.10.20260216 or dnf update --advisory ALAS2023-2026-1442 --releasever 2023.10.20260216 to update your system. More information ...

CVE-2025-68119 vulnerabilities

Vulnerabilities for packages: minio-operator, db-operator, azcopy, kuma, newrelic-infra-operator, nri-f5, flux-image-automation-controller, runc, crossplane-provider-aws-iam, grafana-rollout-operator, podinfo, linkerd2-proxy-init, nats-top, timoni, docker-credential-gcr, k3s, vale,...

CVE-2025-61726 vulnerabilities

Vulnerabilities for packages: k8sgateway, verticadb-operator, grafana-operator, minio-operator, minio, openbao-k8s, croc, azcopy, db-operator, aws-privateca-issuer, git-sync, grpcurl, opentofu, sftpgo-plugin-kms, spqr, helm-set-status, undock, kuma, container-object-storage-interface,...