Important: valkey

Issue Overview: Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with...

Important: redis6

Issue Overview: Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with...

Low: docker

Issue Overview: Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads, Docker fails...

Important: libtiff

Issue Overview: Write-What-Where in libtiff via TIFFReadRGBAImageOriented CVE-2025-9900 Affected Packages: libtiff Issue Correction: Run dnf update libtiff --releasever 2023.9.20251014 or dnf update --advisory ALAS2023-2025-1215 --releasever 2023.9.20251014 to update your system. More information...

Medium: amazon-cloudwatch-agent

Issue Overview: go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data CVE-2025-11065 Affected Packages: amazon-cloudwatch-agent Issue Correction: Run dnf update amazon-cloudwatch-agent --releasever 2023.9.20251014 or dnf update --advisory ALAS2023-2025-1224...

Medium: cuda-toolkit

Issue Overview: NVIDIA nvJPEG library contains a vulnerability where an attacker can cause an out-of-bounds read by means of a specially crafted JPEG file. A successful exploit of this vulnerability might lead to information disclosure or denial of service. CVE-2025-23272 Affected Packages:...

Critical: 389-ds-base

Issue Overview: A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM...

Critical: ipa

Issue Overview: A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM...

Medium: cups

Issue Overview: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, an unsafe deserialization and validation of printer attributes causes null dereference in the libcups library. This is a remote DoS vulnerability...

Important: kernel-livepatch-5.10.238-234.956

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cifsoplockbreak CVE-2025-38527 In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdiscdequeueinternal CVE-2025-39677 In the...

Important: kernel-livepatch-5.10.238-231.953

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cifsoplockbreak CVE-2025-38527 In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdiscdequeueinternal CVE-2025-39677 In the...

Important: kernel-livepatch-6.1.144-170.251

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: bridge: mcast: Fix use-after-free during router port configuration CVE-2025-38248 In the Linux kernel, the following vulnerability has been resolved: ppp: fix race conditions in pppfillforwardpath CVE-2025-39673 I...

Important: kernel-livepatch-6.12.31-35.92

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdiscdequeueinternal CVE-2025-39677 Affected Packages: kernel-livepatch-6.12.31-35.92 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Medium: perl-Cpanel-JSON-XS

Issue Overview: Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact CVE-2025-40929 Affected Packages: perl-Cpanel-JSON-XS Issue Correction: Run dnf update...

Medium: glycin

Issue Overview: tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be...

Important: kernel-livepatch-6.12.40-63.107

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdiscdequeueinternal CVE-2025-39677 Affected Packages: kernel-livepatch-6.12.40-63.107 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Medium: GraphicsMagick

Issue Overview: ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits. CVE-2025-27795 ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob. CVE-2025-27796...

Low: optipng

Issue Overview: OptiPNG v0.7.7 was discovered to contain a global buffer overflow via the 'buffer' variable at gifread.c. CVE-2023-43907 Affected Packages: optipng Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core a...

Medium: cups

Issue Overview: A flaw was found in CUPS, a widely used printing service on Linux and UNIX-like systems. The issue arises when authentication is configured to use a method other than Basic, but the attacker sends an HTTP request with a Basic authentication header. Due to improper validation in th...

Medium: perl-JSON-XS

Issue Overview: JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact CVE-2025-40928 Affected Packages: perl-JSON-XS Issue Correction: Run dnf update perl-JSON-XS --releasev...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: iavf: Fix reset error handling CVE-2022-50053 In the Linux kernel, the following vulnerability has been resolved: netsched: Flush gsoskb list too during -change CVE-2025-37992 In the Linux kernel, the following...

Important: kernel-livepatch-5.10.240-238.955

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cifsoplockbreak CVE-2025-38527 In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdiscdequeueinternal CVE-2025-39677 In the...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: iavf: Fix reset error handling CVE-2022-50053 In the Linux kernel, the following vulnerability has been resolved: module: ensure that kobjectput is safe for module type kobjects CVE-2025-37995 In the Linux kernel,...

Important: kernel-livepatch-6.1.148-173.267

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdiscdequeueinternal CVE-2025-39677 In the Linux kernel, the following vulnerability has been resolved: fs/buffer: fix use-after-free when call bhread helper CVE-2025-39691...

Important: kernel-livepatch-6.1.147-172.259

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: bridge: mcast: Fix use-after-free during router port configuration CVE-2025-38248 In the Linux kernel, the following vulnerability has been resolved: ppp: fix race conditions in pppfillforwardpath CVE-2025-39673 I...

Low: cuda-cuobjdump-13-0

Issue Overview: Placeholder CVE. Details forthcoming CVE-2025-23280 Affected Packages: cuda-cuobjdump-13-0 Issue Correction: Run dnf update cuda-cuobjdump-13-0 --releasever latest or dnf update --advisory ALAS2023NVIDIA-2025-143 --releasever latest to update your system. More information on how t...

Important: kernel-livepatch-6.12.40-64.114

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdiscdequeueinternal CVE-2025-39677 Affected Packages: kernel-livepatch-6.12.40-64.114 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Medium: libvpx

Issue Overview: There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpximgalloc with a large value of the dw, dh, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpximaget struct may be...

Medium: loupe

Issue Overview: tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be...

Important: kernel-livepatch-5.10.242-239.961

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cifsoplockbreak CVE-2025-38527 In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdiscdequeueinternal CVE-2025-39677 Affect...

Medium: ImageMagick

Issue Overview: ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2, passing a geometry string containing only a colon ":" to montage -geometry leads GetGeometry to set width/height to 0. Later, ThumbnailImage...

Important: amazon-ssm-agent

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: fix NULL pointer dereference in l3mdevl3rcv CVE-2025-22103 In the Linux kernel, the following vulnerability has been resolved: ext4: avoid journaling sb update on error if journal is destroying CVE-2025-22113...

Important: kernel-livepatch-6.12.40-63.114

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdiscdequeueinternal CVE-2025-39677 Affected Packages: kernel-livepatch-6.12.40-63.114 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Important: kernel-livepatch-6.12.35-55.103

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdiscdequeueinternal CVE-2025-39677 Affected Packages: kernel-livepatch-6.12.35-55.103 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: fs: relax assertions on failure to encode file handles CVE-2024-57924 In the Linux kernel, the following vulnerability has been resolved: net: Fix null-ptr-deref by socklockinitclassandname and rmmod. CVE-2025-231...

Important: expat

Issue Overview: libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. CVE-2025-59375 Affected Packages: expat Issue Correction: Run dnf update expat --releasever 2023.9.20250929 or dnf update --advisory...

Medium: GraphicsMagick

Issue Overview: ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits. CVE-2025-27795 ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob. CVE-2025-27796...

Medium: binutils

Issue Overview: A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfdelfsetgroupcontents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The...

Medium: perl-JSON-XS

Issue Overview: JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact CVE-2025-40928 Affected Packages: perl-JSON-XS Note: This advisory is applicable to Amazon Linux 2 AL2...

Important: kernel

Issue Overview: A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfsattachlogwriter of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix the behavior of READ near OFFSETMAX CVE-2022-48827 In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix iasize underflow CVE-2022-48828 In the Linux kernel, the following...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix "KASAN: slab-use-after-free Read in ibregisterdevice" problem CVE-2025-38022 In the Linux kernel, the following vulnerability has been resolved: dma-buf: insert memory barrier before updating...

Low: ruby3.2

Issue Overview: REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches t...

Medium: redis6

Issue Overview: TOCTOU in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopen"w" on the history path and subsequent chmod on the same path. CVE-2025-9810 Affected Packages: redis6 Issue Correction: Run dnf...

Important: microcode_ctl

Issue Overview: Insufficient granularity of access control in the OOB-MSM for some IntelR XeonR 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. CVE-2025-22839 Sequence of processor instructions leads to unexpected behavior for...

Medium: libvpx

Issue Overview: A heap overflow vulnerability exists in libvpx - Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or above CVE-2023-6349 There exists interger overflows in...

Important: firefox

Issue Overview: Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. CVE-2025-10527 Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component...

Important: amazon-ssm-agent

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

Important: kernel-livepatch-5.10.240-238.959

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cifsoplockbreak CVE-2025-38527 In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdiscdequeueinternal CVE-2025-39677 In the...