Lucene search
K
AlpinelinuxRecent

13011 matches found

AlpineLinux
AlpineLinux
added 2026/05/28 10:25 p.m.8 views

CVE-2026-9873

Use after free in Network in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6AI score0.00301EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/28 10:25 p.m.7 views

CVE-2026-9872

Out of bounds write in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS5.5AI score0.00326EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/28 7:25 a.m.16 views

CVE-2026-4408

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...

9.8CVSS5.9AI score0.02501EPSS
Exploits0References18
AlpineLinux
AlpineLinux
added 2026/05/27 6:33 p.m.14 views

CVE-2026-9759

ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service...

5.5CVSS5.8AI score0.00092EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/05/27 4:34 p.m.10 views

CVE-2026-44378

Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such BER encodings were accepted even in structures which are required to be encoded as DER, which...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/27 2:14 p.m.27 views

CVE-2026-9674

A cross-site request forgery CSRF vulnerability in Jenkins Multijob Plugin 662.vd2e0001f6bbd and earlier allows attackers to resume failed Multijob builds...

4.3CVSS5.7AI score0.00152EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/27 2:13 p.m.11 views

CVE-2026-48926

Jenkins Job Import Plugin 143.v044a2e819b27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS5.8AI score0.00178EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/27 2:13 p.m.17 views

CVE-2026-48922

Jenkins Credentials Binding Plugin 720.v3f6decef43ea and earlier does not properly sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution i...

7.5CVSS6.5AI score0.00364EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/27 2:13 p.m.18 views

CVE-2026-48921

Jenkins Pipeline: Groovy Libraries Plugin 797.v90eaa9be45a0 and earlier does not prohibit symbolic links in shared libraries, allowing attackers able to control the content of a library used by a Pipeline job to read arbitrary files on the Jenkins controller filesystem...

7.5CVSS5.9AI score0.00301EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/27 2:13 p.m.16 views

CVE-2026-48920

Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as base64 in email content by setting the data-inline attribute, without restrictions on the image URLs that can be inlined, allowing attackers able to control the email content to specify file: URLs for images t...

8.8CVSS5.9AI score0.00299EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/27 2:13 p.m.11 views

CVE-2026-48917

Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation...

6.6CVSS5.8AI score0.0027EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/27 2:13 p.m.10 views

CVE-2026-48916

Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referrals...

6.6CVSS5.8AI score0.00285EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/27 1:21 p.m.15 views

CVE-2026-23679

libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claims bNumEndpoints greater than zero but is followed by a class-specific descriptor whose bLength...

6.9CVSS5.9AI score0.00184EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2026/05/27 1:20 p.m.18 views

CVE-2026-47104

libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parseiadarray in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed USB descriptor whose bLength equals size minus one, causing the bounds check to use the original buffer...

5.5CVSS5.9AI score0.0013EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2026/05/27 12:28 p.m.18 views

CVE-2026-1933

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...

7.1CVSS5.7AI score0.00862EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/27 12:9 p.m.16 views

CVE-2026-2340

A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

6.5CVSS5.7AI score0.00939EPSS
Exploits0References13
AlpineLinux
AlpineLinux
added 2026/05/27 10:2 a.m.14 views

CVE-2026-3012

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...

8CVSS5.8AI score0.00261EPSS
Exploits0References14
AlpineLinux
AlpineLinux
added 2026/05/27 1:39 a.m.10 views

CVE-2026-49014

In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry...

7.8CVSS6.7AI score0.00102EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/26 9:54 p.m.17 views

CVE-2026-48710

Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header...

6.5CVSS5.8AI score0.01438EPSS
Exploits2
AlpineLinux
AlpineLinux
added 2026/05/26 2:8 p.m.19 views

CVE-2026-40033

FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using unclamped cache entry...

8.8CVSS6.5AI score0.00827EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/05/26 1:56 p.m.20 views

CVE-2026-4480

A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by...

9.8CVSS6.4AI score0.12797EPSS
Exploits9
AlpineLinux
AlpineLinux
added 2026/05/25 11:53 p.m.30 views

CVE-2026-8376

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perlstudychunk in regcompstudy.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a lar...

9.8CVSS6AI score0.00398EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2026/05/25 8:19 p.m.25 views

CVE-2026-48852

PuTTY 0.71 before 0.84 has an assertion failure in ECDSA signature verification...

3.7CVSS5.8AI score0.00274EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/05/25 8:16 p.m.20 views

CVE-2026-48851

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session...

3.1CVSS5.8AI score0.00224EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/05/25 8:13 p.m.22 views

CVE-2026-48850

PuTTY 0.72 before 0.84 has a double free in RSA KEX...

5.9CVSS5.8AI score0.0032EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/05/25 2:5 p.m.18 views

CVE-2026-9078

Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This...

5.4CVSS5.8AI score0.00199EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/05/25 8:57 a.m.15 views

CVE-2026-5223

Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability is medium for users of third-party registries. Users of crates.io a...

6.5CVSS5.9AI score0.00294EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/25 8:54 a.m.16 views

CVE-2026-5222

Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an attacker able to publish crates in a registry could obtain the...

6.5CVSS5.9AI score0.00328EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/22 8:59 p.m.21 views

CVE-2026-41071

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

8.1CVSS5.7AI score0.00302EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2026/05/22 8:49 p.m.15 views

CVE-2026-41069

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS. A malformed file can have stco.entrycount == 0 creating no chunks while still passing validation...

6.5CVSS5.8AI score0.00253EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2026/05/22 3:1 p.m.6 views

CVE-2026-39821

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

9.6CVSS5.4AI score0.00478EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/22 2:11 p.m.36 views

CVE-2026-9256

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...

9.2CVSS6.2AI score0.04261EPSS
Exploits3
AlpineLinux
AlpineLinux
added 2026/05/21 9:27 a.m.15 views

CVE-2026-41999

Incorrect Behaviour of Views with TCP PROXY Requests...

4.8CVSS5.8AI score0.00142EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/21 9:27 a.m.17 views

CVE-2026-42002

Concurrency and locking defects in GSS-TSIG...

7.5CVSS5.8AI score0.00264EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/21 9:26 a.m.17 views

CVE-2026-42001

Insufficient Validation of Autoprimary SOA Queries...

7.5CVSS5.8AI score0.00365EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/21 9:25 a.m.14 views

CVE-2026-42000

Insufficient Validation of Names During AXFR...

8.6CVSS5.8AI score0.00242EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/21 9:25 a.m.16 views

CVE-2026-42396

Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail...

6.5CVSS5.8AI score0.00353EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/21 8:14 a.m.14 views

CVE-2026-7837

A time-of-check time-of-use TOCTOU condition in the adflush function in Netatalk 3.0.0 through 4.4.2 involves root-privileged file operations, which may allow a remote attacker to cause limited data modification under specific race conditions...

3.7CVSS5.8AI score0.00236EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/21 8:14 a.m.10 views

CVE-2026-44075

A missing break statement in DSI OpenSession processing in Netatalk 1.5.0 through 4.4.2 causes a DSIOPTATTNQUANT switch case to fall through into DSIOPTSERVQUANT, resulting in unintended session option handling that may allow a remote attacker to cause a minor service disruption via crafted DSI...

3.7CVSS5.8AI score0.00329EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/21 8:14 a.m.11 views

CVE-2026-44074

Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which may allow a remote attacker to cause a minor service disruption via conditions that trigger incorrect error-handling paths...

3.7CVSS5.8AI score0.00329EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/21 8:14 a.m.11 views

CVE-2026-44071

Netatalk 3.1.2 through 4.4.2 is compiled without FORTIFYSOURCE, which disables built-in buffer overflow detection at runtime, potentially allowing a remote attacker to cause a minor denial of service via memory errors that would otherwise be caught and safely terminated by runtime protection...

3.7CVSS6AI score0.00335EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/21 8:14 a.m.19 views

CVE-2026-44057

A dead bounds check in the Spotlight RPC unmarshaller in Netatalk 3.0.0 through 4.4.2 results in an unreachable code path that provides no effective bounds protection, which may allow a remote authenticated attacker to obtain limited information via crafted Spotlight RPC requests...

3.1CVSS5.9AI score0.00186EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/21 7:35 a.m.14 views

CVE-2026-7836

An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification via crafted hexadecimal input...

3.1CVSS5.8AI score0.00257EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/21 7:35 a.m.15 views

CVE-2026-7835

A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string processing...

3.1CVSS5.8AI score0.00294EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/21 7:35 a.m.17 views

CVE-2026-44076

Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute arbitrary code via a crafted volume path...

6.7CVSS6.2AI score0.0013EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/21 7:35 a.m.10 views

CVE-2026-44073

Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid, which may allow a remote authenticated attacker to retain elevated privileges under error conditions...

5CVSS5.8AI score0.00277EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/21 7:35 a.m.10 views

CVE-2026-44072

Netatalk 2.2.1 through 4.4.2 calls system after a failed chdir without properly handling the error condition, which allows a local privileged user to execute unintended commands or cause a minor service disruption under specific conditions...

3CVSS5.9AI score0.00091EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/21 7:35 a.m.10 views

CVE-2026-44070

An unbounded memory reallocation in the charset conversion code in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted character conversion requests...

3.1CVSS5.9AI score0.00318EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/21 7:34 a.m.10 views

CVE-2026-44069

An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or cause a minor service disruption via crafted volume translation input...

3.9CVSS5.8AI score0.00094EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/21 7:34 a.m.15 views

CVE-2026-44068

Incomplete sanitization of extended attribute EA path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to files outside the intended metadata namespace via crafted EA names...

7.6CVSS5.8AI score0.00322EPSS
Exploits0
Total number of security vulnerabilities13011