Lucene search
K
AlpinelinuxMost viewed

12901 matches found

AlpineLinux
AlpineLinux
added 2022/03/23 12:0 a.m.1068 views

CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

7.4CVSS7.8AI score0.02037EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2023/07/20 12:0 a.m.979 views

CVE-2023-38408

The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. Code in /usr/lib is not necessarily safe for loading into ssh-agent. NOTE: this issue exists because o...

9.8CVSS8.7AI score0.76768EPSS
Exploits10
AlpineLinux
AlpineLinux
added 2018/01/03 3:0 p.m.890 views

CVE-2017-1000501

Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution...

9.8CVSS7.8AI score0.04352EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2022/07/26 9:32 p.m.795 views

CVE-2022-1486

Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...

8.8CVSS7.8AI score0.00786EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2023/02/28 5:19 p.m.788 views

CVE-2022-41725

A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request...

7.5CVSS8.8AI score0.01231EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2021/11/17 7:20 p.m.782 views

CVE-2021-41190

The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents...

5CVSS6AI score0.02085EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2020/11/20 3:40 p.m.775 views

CVE-2020-13671

Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to...

8.8CVSS8.8AI score0.04269EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2022/07/22 11:35 p.m.768 views

CVE-2022-1096

Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS8.9AI score0.24237EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2022/02/14 9:47 p.m.768 views

CVE-2021-46463

njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njspromiseperformthen...

9.8CVSS9.6AI score0.01663EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2021/08/03 7:41 p.m.768 views

CVE-2021-30588

Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS8.8AI score0.01992EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2021/08/03 6:25 p.m.767 views

CVE-2021-30563

Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS8.8AI score0.08928EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2021/06/15 9:40 p.m.767 views

CVE-2021-30551

Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS8.9AI score0.64701EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2021/06/24 1:25 p.m.766 views

CVE-2021-23997

Due to unexpected data type conversions, a use-after-free could have occurred when interacting with the font cache. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox 88...

8.8CVSS6.7AI score0.00816EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2019/04/26 4:13 p.m.764 views

CVE-2019-9791

The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time JIT compiler and when the constructor function is entered through on-stack replacement OSR. This allows for possible arbitrary...

9.8CVSS9.6AI score0.19762EPSS
Exploits6
AlpineLinux
AlpineLinux
added 2022/04/05 12:51 a.m.761 views

CVE-2022-0457

Type confusion in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS8.8AI score0.00745EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2019/07/23 1:20 p.m.751 views

CVE-2019-11707

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 60.7.1, Firefox 67.0.3, and Thunderbird 60.7.2...

8.8CVSS8.8AI score0.37951EPSS
Exploits7
AlpineLinux
AlpineLinux
added 2020/09/30 12:57 p.m.750 views

CVE-2020-26160

jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with string for m"aud" which is allowed by the specification. Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lac...

7.5CVSS7.4AI score0.02158EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2022/07/27 9:19 p.m.748 views

CVE-2022-1869

Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

6.5CVSS7.4AI score0.0078EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2021/08/03 6:25 p.m.745 views

CVE-2021-30561

Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS8.6AI score0.04737EPSS
Exploits2
AlpineLinux
AlpineLinux
added 2021/06/24 1:19 p.m.745 views

CVE-2021-29945

The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. Note: This issue only affected x86-32 platforms. Other platforms are unaffected.. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

6.5CVSS6.6AI score0.01208EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2020/06/08 4:3 p.m.743 views

CVE-2020-13625

PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message...

7.5CVSS7.6AI score0.0378EPSS
Exploits1References9
AlpineLinux
AlpineLinux
added 2021/10/08 8:50 p.m.742 views

CVE-2021-30627

Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS8.9AI score0.00876EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2018/06/15 3:0 p.m.739 views

CVE-2018-12458

An improper integer type in the mpeg4encodegopheader function in libavcodec/mpeg4videoenc.c in FFmpeg 2.8 and 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service...

6.5CVSS6.5AI score0.01533EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2022/07/28 12:40 a.m.737 views

CVE-2022-2158

Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS8.6AI score0.00863EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2022/06/16 12:0 a.m.734 views

CVE-2022-32545

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior...

7.8CVSS7.7AI score0.01327EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2021/08/26 5:40 p.m.734 views

CVE-2021-30598

Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

8.8CVSS8.7AI score0.07003EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2019/04/26 4:13 p.m.734 views

CVE-2019-9795

A vulnerability where type-confusion in the IonMonkey just-in-time JIT compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird 60.6, Firefox ESR 60.6, and Firefox 66...

9.8CVSS9.4AI score0.01699EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2021/08/17 7:12 p.m.733 views

CVE-2021-29982

Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox 91 and Thunderbird 91...

6.5CVSS6.7AI score0.01124EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2021/12/08 9:20 p.m.732 views

CVE-2021-43537

An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

8.8CVSS9.1AI score0.0202EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2017/08/31 3:0 p.m.732 views

CVE-2017-14054

In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivrreadheader due to lack of an EOF End of File check might cause huge CPU consumption. When a crafted IVR file, which claims a large "len" field in the header but does not contain sufficient backing data, is provided, the first type==4 loop would...

7.1CVSS7.2AI score0.01726EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2022/06/16 12:0 a.m.731 views

CVE-2022-32546

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior...

7.8CVSS6.6AI score0.01339EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2021/04/07 1:50 p.m.731 views

CVE-2021-21639

Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the config.xml REST API endpoint of a node, allowing attackers with Computer/Configure permission to replace a node with one of a different type...

4.3CVSS4.8AI score0.02725EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2022/08/04 6:45 p.m.727 views

CVE-2022-35929

cosign is a container signing and verification utility. In versions prior to 1.10.1 cosign can report a false positive if any attestation exists. cosign verify-attestation used with the --type flag will report a false positive verification when there is at least one attestation with a valid...

9.8CVSS8.2AI score0.0054EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2022/12/22 12:0 a.m.724 views

CVE-2022-22754

If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91.6...

6.5CVSS7.5AI score0.00644EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2021/06/24 1:20 p.m.724 views

CVE-2021-24000

A race condition with requestPointerLock and setTimeout could have resulted in a user interacting with one tab when they believed they were on a separate tab. In conjunction with certain elements such as input type="file" this could have led to an attack where a user was confused about the origin...

3.1CVSS5.4AI score0.00605EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2022/06/16 12:0 a.m.721 views

CVE-2022-32547

In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application...

7.8CVSS7.8AI score0.01327EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2021/02/26 2:10 a.m.720 views

CVE-2021-23954

Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 85, Thunderbird 78.7, and Firefox ESR 78.7...

8.8CVSS8.7AI score0.011EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2020/12/09 12:24 a.m.719 views

CVE-2020-26965

Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field wa...

6.5CVSS7.2AI score0.01236EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2022/12/07 4:11 p.m.716 views

CVE-2022-41720

On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS"C:/tmp".Open"COM1" opens the...

7.5CVSS7.6AI score0.0119EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2020/01/08 9:27 p.m.716 views

CVE-2019-17017

Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR 68.4 and Firefox 72...

8.8CVSS8.5AI score0.02489EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2022/07/28 1:0 a.m.715 views

CVE-2022-2295

Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS8.6AI score0.01236EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2021/03/26 9:34 p.m.709 views

CVE-2021-20206

An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the syste...

7.2CVSS7.1AI score0.01525EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2021/05/03 11:10 a.m.707 views

CVE-2021-25631

In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type...

9.3CVSS8.7AI score0.0417EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2019/02/20 6:0 p.m.707 views

CVE-2018-5817

A type confusion error within the "unpackedloadraw" function within LibRaw versions prior to 0.19.1 internal/dcrawcommon.cpp can be exploited to trigger an infinite loop...

7.5CVSS8AI score0.02505EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2020/03/02 4:5 a.m.703 views

CVE-2019-17026

Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 68.4.1, Thunderbird 68.4.1, and Firefox 72.0.1...

8.8CVSS8.3AI score0.46589EPSS
Exploits7
AlpineLinux
AlpineLinux
added 2021/11/15 12:0 a.m.702 views

CVE-2021-43618

GNU Multiple Precision Arithmetic Library GMP through 6.2.1 has an mpz/inpraw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms...

7.5CVSS8AI score0.03425EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2020/11/24 2:31 a.m.701 views

CVE-2020-28348

HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8...

6.5CVSS6.5AI score0.01631EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2021/02/26 1:54 a.m.696 views

CVE-2021-23972

One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://[email protected]'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached...

8.8CVSS8.2AI score0.01013EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2021/01/07 1:52 p.m.696 views

CVE-2020-26974

When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox 84, Thunderbird 78.6, and Firefox ESR...

8.8CVSS8.6AI score0.01455EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2022/11/11 12:0 a.m.693 views

CVE-2022-41882

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file...

7.8CVSS7AI score0.00466EPSS
Exploits0
Total number of security vulnerabilities5000