Important: perl-File-Find-Rule-Perl

Issue Overview: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep encounters a crafted filename. A file handle is opened with the 2 argument form of open allowing an attacker controlled filename to provide the MODE parameter to open, turning the filename...

Important: perl-File-Find-Rule-Perl

Issue Overview: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep encounters a crafted filename. A file handle is opened with the 2 argument form of open allowing an attacker controlled filename to provide the MODE parameter to open, turning the filename...

Important: python2-setuptools

Issue Overview: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in PackageIndex is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the...

Important: amazon-ssm-agent

Issue Overview: SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted. CVE-2025-22869 Affected Packages:...

Medium: glibc

Issue Overview: In iconvdata/iso-2022-jp-3.c in the GNU C Library aka glibc 2.34, remote attackers can force iconv to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv use cases. NOTE: the...

Important: oci-add-hooks

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Important: kernel

Issue Overview: A use-after-free flaw was found in vcsread in drivers/tty/vt/vcscreen.c in vcscreen in the Linux Kernel. In this flaw an attacker with local user access may lead to a system crash or a leak of internal kernel information. CVE-2023-3567 In the Linux kernel, the following...

Medium: python

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

Important: ghostscript

Issue Overview: Buffer overflow in Ghostscript new PDF Interpreter PDFI. CVE-2025-27833 Affected Packages: ghostscript Issue Correction: Run dnf update ghostscript --releasever 2023.7.20250331 to update your system. New Packages: aarch64: ghostscript-tools-dvipdf-9.56.1-7.amzn2023.0.13.aarch64...

Important: tomcat9

Issue Overview: Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from...

Medium: golang

Issue Overview: NOTE: https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ NOTE: https://github.com/golang/go/issues/71984 NOTE: Fixed by: https://github.com/golang/go/commit/334de7982f8ec959c74470dd709ceedfd6dbd50a go1.24.1 NOTE: Fixed by:...

Medium: perl-App-cpanminus

Issue Overview: The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass. CVE-2020-16154 Affected Packages: perl-App-cpanminus Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras...

Important: libcap

Issue Overview: The PAM module pamcap.so of libcap configuration supports group names starting with "@", during actual parsing, configurations not starting with "@" are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potential...

Medium: golang

Issue Overview: net/http: sensitive headers incorrectly sent after cross-domain redirect The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to...

Medium: microcode_ctl

Issue Overview: Improper Finite State Machines FSMs in Hardware Logic for some IntelR Processors may allow privileged user to potentially enable denial of service via local access. CVE-2024-31068 Sequence of processor instructions leads to unexpected behavior in the IntelR DSA V1.0 for some Intel...

Medium: python-pillow

Issue Overview: PIL/IcnsImagePlugin.py in Python Imaging Library PIL and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size. CVE-2014-3589 Affected Packages: python-pillow Note: This advisory is applicable to Amazon Linux 2 AL2...

Important: postgresql

Issue Overview: Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system...

Medium: ghostscript

Issue Overview: PS interpreter - check Indexed colour space index NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707990 NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=85bd9d2f4b792fe67aef22f1a4117457461b8ba6 NOTE:...

Important: dotnet8.0

Issue Overview: .NET and Visual Studio Remote Code Execution Vulnerability CVE-2025-21172 .NET Elevation of Privilege Vulnerability CVE-2025-21173 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability CVE-2025-21176 Affected Packages: dotnet8.0 Issue Correction: Run dnf upda...

Medium: zziplib

Issue Overview: Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows attackers to cause a denial of service via the zzipparserootdirectory function at /zzip/zip.c. CVE-2024-39133 A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via t...