8850 matches found
Medium: perl-Unicode-LineBreak
Issue Overview: Text::LineFold versions through 2019.001 for Perl duplicate the output based on the number of special break characters. Text::LineFold splits the input string by specific line break characters such as VT, FF and others into segments, but applies the break function to the entire...
Medium: lcms2
Issue Overview: Little CMS lcms2 through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication. CVE-2026-41254 Affected Packages: lcms2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section f...
Medium: libusbx
Issue Overview: libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claims bNumEndpoints greater than zero but is followed by a class-specific descriptor...
Medium: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ext4: drop extent cache when splitting extent fails CVE-2026-45899 In the Linux kernel, the following vulnerability has been resolved: ext4: fix dirtyclusters double decrement on fs shutdown CVE-2026-45920 In the...
Medium: perl-Cpanel-JSON-XS
Issue Overview: BOM-shift PV-corruption SIGABRT CVE-2026-9516 Affected Packages: perl-Cpanel-JSON-XS Issue Correction: Run dnf update perl-Cpanel-JSON-XS --releasever 2023.12.20260622 or dnf update --advisory ALAS2023-2026-1829 --releasever 2023.12.20260622 to update your system. More information...
Important: perl-GD
Issue Overview: command injection via 2-arg open in makefilehandle CVE-2026-11526 Affected Packages: perl-GD Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum...
Important: perl-GD
Issue Overview: command injection via 2-arg open in makefilehandle CVE-2026-11526 Affected Packages: perl-GD Issue Correction: Run dnf update perl-GD --releasever 2023.12.20260622 or dnf update --advisory ALAS2023-2026-1890 --releasever 2023.12.20260622 to update your system. More information on...
Medium: rust
Issue Overview: gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink into any existing directory the user has write access to. During checkout, all symlin...
Medium: rust
Issue Overview: gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink into any existing directory the user has write access to. During checkout, all symlin...
Important: poppler
Issue Overview: A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation,...
Important: compat-poppler22
Issue Overview: A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation,...
Important: libinput
Issue Overview: A flaw was found in libinput. A local attacker with access to /dev/uinput can inject arbitrary udev properties through the libinput-device-group helper. This injection can lead to root code execution, for example, by exploiting REMOVECMD properties that are executed when a device ...
Important: libinput
Issue Overview: A flaw was found in libinput. A local attacker with access to /dev/uinput can inject arbitrary udev properties through the libinput-device-group helper. This injection can lead to root code execution, for example, by exploiting REMOVECMD properties that are executed when a device ...
Important: graphite2
Issue Overview: Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the allowed slot-map range. CVE-2026-50593 Affected Packages: graphite2 Issue Correction: Run dnf update graphite2...
Medium: amazon-ssm-agent
Issue Overview: go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0...
Important: graphite2
Issue Overview: Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the allowed slot-map range. CVE-2026-50593 Affected Packages: graphite2 Note: This advisory is applicable to Amazon Linux...
Important: libnfs
Issue Overview: libnfs through 6.0.2 before 55c18ea does not validate a string size, leading to an integer overflow during a connection to a crafted NFS server. This occurs in libnfszdrstring in lib/libnfs-zdr.c. CVE-2026-53689 Affected Packages: libnfs Note: This advisory is applicable to Amazon...
Low: perl-HTML-Parser
Issue Overview: HTML::Entities versions before 3.84 for Perl read freed heap memory in decodeentities. The XS routine backing HTML::Entities::decodeentities cached a pointer repl into the entity-value SV returned by hvfetch on the entity2char hash. When the input SV was identical to a value SV in...
Medium: amazon-ssm-agent
Issue Overview: go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0...
Important: libnfs
Issue Overview: libnfs through 6.0.2 before 55c18ea does not validate a string size, leading to an integer overflow during a connection to a crafted NFS server. This occurs in libnfszdrstring in lib/libnfs-zdr.c. CVE-2026-53689 Affected Packages: libnfs Issue Correction: Run dnf update libnfs...
Low: perl-HTML-Parser
Issue Overview: HTML::Entities versions before 3.84 for Perl read freed heap memory in decodeentities. The XS routine backing HTML::Entities::decodeentities cached a pointer repl into the entity-value SV returned by hvfetch on the entity2char hash. When the input SV was identical to a value SV in...
Important: jpegxl
Issue Overview: Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras::DecodeImagePNM function in file lib/extras/dec/pnm.cc. CVE-2025-70103 Affected Packages: jpegxl Issue Correction: Run dnf update jpegxl --releasever 2023.12.20260622 or dnf update...
Important: poppler
Issue Overview: A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation,...
Medium: libusbx
Issue Overview: libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claims bNumEndpoints greater than zero but is followed by a class-specific descriptor...
Important: squid
Issue Overview: Due to an Improper Input Validation bug, Squid is vulnerable to a Heap-based Buffer Overflow attack against cache digests. This problem allows a trusted server to perform a Heap-based Buffer Overflow when sending maliciously crafted replies to cachedigest request messages. This...
Low: libssh
Issue Overview: libssh Possible Denial of Service when parsing unexpected configuration files CVE-2026-0965 Affected Packages: libssh Issue Correction: Run dnf update libssh --releasever 2023.12.20260622 or dnf update --advisory ALAS2023-2026-1824 --releasever 2023.12.20260622 to update your...
Medium: python
Issue Overview: http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie valu...
Medium: python3.11
Issue Overview: The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class and so does not use io.opencode to read the .pyc files. sys.audit handlers for this audit event therefore do not fire. CVE-2026-2297...
Important: jq
Issue Overview: jq --rawfile invalid-state reuse after String too long causes heap-buffer-overflow CVE-2026-49839 Affected Packages: jq Issue Correction: Run dnf update jq --releasever 2023.12.20260622 or dnf update --advisory ALAS2023-2026-1860 --releasever 2023.12.20260622 to update your system...
Important: squid
Issue Overview: Due to an Improper Input Validation bug, Squid is vulnerable to a Heap-based Buffer Overflow attack against cache digests. This problem allows a trusted server to perform a Heap-based Buffer Overflow when sending maliciously crafted replies to cachedigest request messages. This...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache CVE-2026-46174 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to...
Important: rclone
Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Affected Packages: rclone Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras...
Important: git-lfs
Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Affected Packages: git-lfs Issue Correction: Run dnf update git-lfs --releasever 2023.12.20260622 or dnf update --advisory ALAS2023-2026-1889 --releasever 2023.12.20260622 ...
Important: yq
Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Affected Packages: yq Issue Correction: Run dnf update yq --releasever 2023.12.20260622 or dnf update --advisory ALAS2023-2026-1887 --releasever 2023.12.20260622 to update...
Important: kernel6.18
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smb: client: validate the whole DACL before rewriting it in cifsacl CVE-2026-31709 Affected Packages: kernel6.18 Issue Correction: Run dnf update kernel6.18 --releasever 2023.12.20260622 or dnf update --advisory...
Important: ImageMagick
Issue Overview: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, a crafted MVG file could result in a stack overflow due to a missing depth or visited-set check. This issue has been patched in versions 6.9.13-...
Medium: python-click
Issue Overview: Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands from an unprivileged account. CVE-2026-7246 Affected Packages: python-click Issue Correction: Run dnf update python-click...
Important: cri-tools
Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Affected Packages: cri-tools Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2...
Important: cni-plugins
Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Affected Packages: cni-plugins Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2...
Important: cni-plugins
Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Affected Packages: cni-plugins Issue Correction: Run dnf update cni-plugins --releasever 2023.12.20260622 or dnf update --advisory ALAS2023-2026-1888 --releasever...
Medium: python3-urllib3
Issue Overview: urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen..., assertsamehost=False still forward these sensitive headers. This vulnerability is fixed in 2.7.0...
Medium: python-urllib3
Issue Overview: urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen..., assertsamehost=False still forward these sensitive headers. This vulnerability is fixed in 2.7.0...
Medium: python-urllib3
Issue Overview: urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connectionfromurl.urlopen..., assertsamehost=False still forward these sensitive headers. This vulnerability is fixed in 2.7.0...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: IB/mad: Don't call to function that might sleep while in atomic context CVE-2022-50472 In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash when I/O abort times out...
Important: samba
Issue Overview: unauthenticated udp packet crashes AD DC nbt server CVE-2026-3238 Samba file servers and classic non-AD domain controllers offer the SamValidatePasswordChange and SamValidatePasswordReset RPC services on the SAMR DCE/RPC service when running over NCACNIPTCP. Both services pass a...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: arm64: mm: fix VA-range sanity check CVE-2023-53989 In the Linux kernel, the following vulnerability has been resolved: iommu/amd/pgtbl: Fix possible race while increase page table level CVE-2025-39961 In the Linu...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: blk-mq: use quiesced elevator switch when reinitializing queues CVE-2022-50552 In the Linux kernel, the following vulnerability has been resolved: net: clear the dst when changing skb protocol CVE-2025-38192 In th...
Medium: httpd
Issue Overview: Use After Free vulnerability in Apache HTTP Server with modldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue. CVE-2026-29167 A cross-site scripting...
Medium: ImageMagick
Issue Overview: When writing an IPTC output file a malicious input file could cause an out of bounds read of a single byte. as per: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7wff-wpr6-vmhm CVE-2026-42326 Due to a missing check in the PSD decoder it would be possible to...
Important: python-pip
Issue Overview: A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This...