8850 matches found
Medium: ecs-init
Issue Overview: No CVE associated with this advisory Affected Packages: ecs-init Note: This advisory is applicable to Amazon Linux 2 - Ecs Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue...
Medium: ecs-init
Issue Overview: No CVE associated with this advisory Affected Packages: ecs-init Issue Correction: Run dnf update ecs-init --releasever 2023.12.20260629 or dnf update --advisory ALAS2023-2026-1906 --releasever 2023.12.20260629 to update your system. More information on how to update your system c...
Critical: rclone
Issue Overview: Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: /remote:path/object. The remote value is parsed from th...
Critical: rclone
Issue Overview: Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form: /remote:path/object. The remote value is parsed from th...
Important: containerd
Issue Overview: Memory exhaustion DoS causing OOM kill of containerd process NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-jpcc-p29g-p8mq CVE-2026-47262 Image cache poisoning via unvalidated checkpoint image references, enabling cross-pod code execution NOTE:...
Important: containerd
Issue Overview: Memory exhaustion DoS causing OOM kill of containerd process NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-jpcc-p29g-p8mq CVE-2026-47262 Image cache poisoning via unvalidated checkpoint image references, enabling cross-pod code execution NOTE:...
Important: perl-Sereal-Decoder
Issue Overview: Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srldecoder.c, srlreadobject and srlreadhash process a COPY tag, a back-reference whose target byte the decoder re-decodes as a fresh tag. When that target byte matches t...
Important: containerd
Issue Overview: The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated client...
Important: amazon-cloudwatch-agent
Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause severa...
Important: amazon-cloudwatch-agent
Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause severa...
Important: mod_http2
Issue Overview: Use After Free vulnerability in Apache HTTP Server module modhttp2 when file handles are already exhausted. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.67. CVE-2026-48913 Denial of service in HTTP/2 cookie request header counting CVE-2026-49975 Affected Packages...
Medium: golang
Issue Overview: x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically bas...
Medium: golist
Issue Overview: x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically bas...
Medium: golang-github-burntsushi-toml-test
Issue Overview: x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically bas...
Medium: golang-github-cpuguy83-md2man
Issue Overview: x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically bas...
Medium: golang
Issue Overview: x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically bas...
Medium: golist
Issue Overview: x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically bas...
Medium: golang-github-burntsushi-toml
Issue Overview: x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically bas...
Important: kernel6.12
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: xfrm: hold dev ref until after transportfinish NFHOOK CVE-2026-31663 In the Linux kernel, the following vulnerability has been resolved: rtnetlink: add missing netlinknscapable check for peer netns CVE-2026-31692 ...
Important: freerdp
Issue Overview: FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using...
Important: freerdp
Issue Overview: FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using...
Medium: httpd
Issue Overview: Use After Free vulnerability in Apache HTTP Server with modldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue. CVE-2026-29167 A cross-site scripting...
Important: ansible-core
Issue Overview: A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags throu...
Important: mariadb114
Issue Overview: During the SST the donor node is interpolating parameters that the joiner sent into the command line. Not all parameters were properly validated which could allow a malicious joiner to execute arbitrary shell commands on the donor side via the mariabackup SST method. CVE-2026-4416...
Important: dotnet10.0
Issue Overview: Improper authorization in .NET allows an authorized attacker to elevate privileges locally. CVE-2026-45490 Improper link resolution before file access 'link following' in .NET allows an unauthorized attacker to perform tampering locally. CVE-2026-45491 Uncontrolled resource...
Important: openssl
Issue Overview: Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platforms. Impact summary: The heap buffer over-read may crash the application Denial of...
Important: edk2
Issue Overview: Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platforms. Impact summary: The heap buffer over-read may crash the application Denial of...
Important: dotnet9.0
Issue Overview: Improper authorization in .NET allows an authorized attacker to elevate privileges locally. CVE-2026-45490 Improper link resolution before file access 'link following' in .NET allows an unauthorized attacker to perform tampering locally. CVE-2026-45491 Uncontrolled resource...
Important: openssl11
Issue Overview: Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platforms. Impact summary: The heap buffer over-read may crash the application Denial of...
Important: openssl-snapsafe
Issue Overview: Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platforms. Impact summary: The heap buffer over-read may crash the application Denial of...
Important: dotnet8.0
Issue Overview: Improper authorization in .NET allows an authorized attacker to elevate privileges locally. CVE-2026-45490 Improper link resolution before file access 'link following' in .NET allows an unauthorized attacker to perform tampering locally. CVE-2026-45491 Uncontrolled resource...
Important: evince
Issue Overview: CVE-2026-46529 is a command injection vulnerability in Evince, Atril, and Xreader caused by missing quoting of shell-like input in evspawn in ev-application.c. CVE-2026-46529 Affected Packages: evince Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit...
Important: perl-DBI
Issue Overview: DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. Placeholders...
Important: perl-DBI
Issue Overview: DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. Placeholders...
Important: ImageMagick
Issue Overview: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, an infinite loop in the subimage-search operation can happen when using a crafted image. This issue has been patched in versions 6.9.13-49 and...
Important: tigervnc
Issue Overview: A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but...
Important: ecs-service-connect-agent
Issue Overview: A denial-of-service vulnerability was found in Envoy's HTTP/2 HPACK header compression implementation. A remote attacker could send a specially crafted HTTP/2 request that triggers disproportionately large memory allocations on the server, leading to resource exhaustion and denial...
Important: ecs-service-connect-agent
Issue Overview: A denial-of-service vulnerability was found in Envoy's HTTP/2 HPACK header compression implementation. A remote attacker could send a specially crafted HTTP/2 request that triggers disproportionately large memory allocations on the server, leading to resource exhaustion and denial...
Important: kernel-livepatch-6.18.25-52.107
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry CVE-2026-46316 In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Reassign nestedmmus array behind...
Important: kernel-livepatch-6.18.33-63.124
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry CVE-2026-46316 In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Reassign nestedmmus array behind...
Important: kernel-livepatch-6.12.77-99.140
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry CVE-2026-46316 In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Reassign nestedmmus array behind...
Important: kernel-livepatch-6.12.83-111.159
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry CVE-2026-46316 In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Reassign nestedmmus array behind...
Important: kernel-livepatch-6.12.83-115.161
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry CVE-2026-46316 In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Reassign nestedmmus array behind...
Important: kernel-livepatch-6.18.30-61.116
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry CVE-2026-46316 In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Reassign nestedmmus array behind...
Important: kernel-livepatch-6.18.20-41.237
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry CVE-2026-46316 In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Reassign nestedmmus array behind...
Important: kernel-livepatch-6.18.25-55.108
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry CVE-2026-46316 In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Reassign nestedmmus array behind...
Important: kernel-livepatch-6.18.16-18.222
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry CVE-2026-46316 In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Reassign nestedmmus array behind...
Important: kernel-livepatch-6.12.79-101.147
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry CVE-2026-46316 In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Reassign nestedmmus array behind...
Important: kernel-livepatch-6.12.80-105.147
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry CVE-2026-46316 In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Reassign nestedmmus array behind...
Important: kernel-livepatch-6.18.30-61.119
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry CVE-2026-46316 In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Reassign nestedmmus array behind...