Lucene search
K
AlpinelinuxRecent

13018 matches found

AlpineLinux
AlpineLinux
added 2026/05/19 12:29 p.m.11 views

CVE-2026-8947

Use-after-free in the DOM: Bindings WebIDL component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

7.3CVSS5.8AI score0.00413EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2026/05/19 12:29 p.m.14 views

CVE-2026-8946

Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

7.5CVSS5.8AI score0.0056EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2026/05/19 12:29 p.m.27 views

CVE-2026-8945

Sandbox escape in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox 151...

7.5CVSS5.8AI score0.00369EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/05/15 8:52 p.m.15 views

CVE-2026-8696

radare2 6.1.5 contains a use-after-free vulnerability in the gdbrpidslist function within the GDB client core that allows remote attackers to cause a denial of service or potentially execute arbitrary code by sending malformed thread information responses. Attackers can trigger the vulnerability ...

9.8CVSS6.1AI score0.00603EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/05/15 5:1 p.m.13 views

CVE-2026-8695

radare2 6.1.5 contains a use-after-free vulnerability in the gdbrthreadslist function that allows remote attackers to trigger memory corruption by sending a valid qfThreadInfo response followed by a malformed qsThreadInfo response. Attackers can exploit this vulnerability through GDB remote...

9.8CVSS6.2AI score0.00626EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 2026/05/15 2:57 p.m.19 views

CVE-2026-46483

Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tarVimuntar in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using shellescapetartail without the...

7CVSS5.9AI score0.00552EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/05/15 1:11 a.m.10 views

CVE-2026-8612

WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution. With no explicit cache backend, WWW::Mechanize::Cached constructs a default Cache::FileCache under /tmp/FileCache without...

5.3CVSS6.1AI score0.00127EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/14 7:52 p.m.7 views

CVE-2026-8567

Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.5AI score0.00183EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/14 7:52 p.m.12 views

CVE-2026-8559

Integer overflow in Internationalization in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

4.3CVSS5.9AI score0.00176EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/14 7:52 p.m.8 views

CVE-2026-8556

Inappropriate implementation in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.8AI score0.002EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/14 7:52 p.m.9 views

CVE-2026-8557

Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. Chromium security severity: High...

7.5CVSS5.8AI score0.00207EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/14 7:52 p.m.10 views

CVE-2026-8553

Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.8AI score0.00158EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/14 7:52 p.m.8 views

CVE-2026-8532

Integer overflow in XML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.1AI score0.0028EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/14 7:52 p.m.14 views

CVE-2026-8518

Use after free in Blink in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6.2AI score0.0028EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/14 7:52 p.m.11 views

CVE-2026-8514

Use after free in Aura in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.8AI score0.00207EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/14 7:52 p.m.10 views

CVE-2026-8515

Use after free in HID in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.8AI score0.00207EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/14 7:52 p.m.13 views

CVE-2026-8513

Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.8AI score0.00207EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/14 7:52 p.m.7 views

CVE-2026-8512

Use after free in FileSystem in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.8AI score0.00207EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/14 7:52 p.m.8 views

CVE-2026-8510

Integer overflow in Skia in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical...

7.5CVSS5.9AI score0.00214EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/14 7:52 p.m.9 views

CVE-2026-8511

Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS5.8AI score0.00234EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/14 7:10 p.m.11 views

CVE-2026-43903

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, sgiinput.cpp:265,274 use OIIODASSERT for bounds checking in the RLE decode loop. In release builds, OIIODASSERT compiles to voidsizeofx...

8.4CVSS6AI score0.00126EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/14 7:9 p.m.10 views

CVE-2026-43904

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, softimageinput.cpp:469 mixed RLE and :345 pure RLE do not clamp the run length to remaining scanline width before writing pixels. The r...

8.4CVSS5.8AI score0.00173EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2026/05/14 7:9 p.m.13 views

CVE-2026-43905

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, jpeg2000input.cpp:395 computes buffer size as const int bufsize = w h ch bufferbpp using signed 32-bit arithmetic. When the product...

7.8CVSS6AI score0.00173EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2026/05/14 7:8 p.m.19 views

CVE-2026-43996

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, the bounds check in TGAInput::decodepixel computes k + palbytespp as unsigned 32-bit arithmetic. When k = 0xFFFFFFFC and palbytespp = 4...

5.5CVSS5.9AI score0.00177EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2026/05/14 7:7 p.m.10 views

CVE-2026-43907

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed integer overflow in QueryRGBBufferSizeInternal in DPXColorConverter.cpp leads to a heap-based out-of-bounds write when...

8.3CVSS6.6AI score0.0037EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2026/05/14 7:1 p.m.11 views

CVE-2026-43908

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the pixel-loop index expression i 3 inside ConvertCbYCrYToRGB causes the function to compute a larg...

8.8CVSS5.9AI score0.00371EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2026/05/14 7:0 p.m.10 views

CVE-2026-43909

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the loop index expression i 4 inside SwapRGBABytes causes the function to compute a large negative...

8.8CVSS5.9AI score0.00371EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2026/05/14 6:54 p.m.17 views

CVE-2026-43906

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a heap-based buffer overflow in the HEIF decoder of OpenImageIO allows out-of-bounds writes via crafted images due to a subimage metada...

8.5CVSS6.1AI score0.00188EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2026/05/14 5:40 p.m.8 views

CVE-2026-46470

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxaudiocaps function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero...

9.1CVSS5.8AI score0.00208EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/14 5:38 p.m.13 views

CVE-2026-46469

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxparsetrak function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero...

5.5CVSS5.8AI score0.00101EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/14 5:1 p.m.20 views

CVE-2026-44283

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user...

4.3CVSS5.8AI score0.00225EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/14 2:36 p.m.11 views

CVE-2026-42186

OpenBao is an open source identity-based secrets management system. Prior to 2.5.3, when OpenBao's initial namespace deletion fails, subsequent retries fail to properly remove all data before marking the namespace as deleted. This can affect any outstanding leases as well as potentially leaving...

7.5CVSS5.8AI score0.00248EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/05/14 1:0 p.m.14 views

CVE-2026-6638

SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials. The attack takes effect at the next REFRESH PUBLICATION. Within major versions 16, 17, and 18...

8.8CVSS6.1AI score0.0018EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/14 1:0 p.m.11 views

CVE-2026-6637

Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary key and facilitate...

8.8CVSS6.4AI score0.00378EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/14 1:0 p.m.12 views

CVE-2026-6575

Buffer over-read in PostgreSQL function pgrestoreattributestats accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintainer to infer memory values past that array end. Within major version 18, minor versions before PostgreSQL...

4.3CVSS5.8AI score0.00208EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/14 1:0 p.m.10 views

CVE-2026-6479

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18....

7.5CVSS5.8AI score0.00471EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/14 1:0 p.m.18 views

CVE-2026-6478

Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...

8.2CVSS5.8AI score0.00558EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/14 1:0 p.m.11 views

CVE-2026-6477

Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets, PQfn..., resultisint=0, ... stores arbitrary-lengt...

8.8CVSS6AI score0.00464EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/14 1:0 p.m.14 views

CVE-2026-6475

Symlink following in PostgreSQL pgbasebackup plain format and in pgrewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the orig...

8.8CVSS5.8AI score0.00324EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/14 1:0 p.m.18 views

CVE-2026-6476

SQL injection in PostgreSQL pgcreatesubscriber allows an attacker with pgcreatesubscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pgcreatesubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected...

7.2CVSS6.1AI score0.00287EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/14 1:0 p.m.13 views

CVE-2026-6474

Externally-controlled format string in PostgreSQL timeofday function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected...

4.3CVSS5.8AI score0.00208EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/14 1:0 p.m.13 views

CVE-2026-6473

Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gigabyte-scale user...

8.8CVSS6.2AI score0.00668EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/14 1:0 p.m.12 views

CVE-2026-6472

Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL...

5.4CVSS6.1AI score0.00159EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/14 4:49 a.m.13 views

CVE-2026-45793

This candidate has been reserved by an organization or individual " "that will use it when announcing a new security problem. When the candidate has been " "publicized, the details for this candidate will be provided...

0.00079EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/13 7:28 p.m.13 views

CVE-2026-28374

Editors could delete any annotation, even those they do not have read access to. The editor user cannot create or read the annotations...

4.3CVSS5.8AI score0.00198EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/13 7:28 p.m.11 views

CVE-2026-33378

Using the $timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impact is minimal or non-existent, as the attack can take upwards of half an hour to crash the server...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/13 7:28 p.m.12 views

CVE-2026-28383

A request to the Grafana plugin resources endpoint can cause unbounded memory allocation by reading the entire request body into memory. An authenticated user can exploit this to trigger an out-of-memory condition, potentially causing a denial of service...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/13 7:28 p.m.9 views

CVE-2026-33376

When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate easily, add the desired mask usually /128 to the addresses. Only auth proxy is affected; Okta, SAML, LDAP, etc are unaffected here...

7.4CVSS5.8AI score0.00271EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/13 7:28 p.m.14 views

CVE-2026-28380

Any Editor could delete any snapshot, even if they have no access to read or write them...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/13 7:28 p.m.12 views

CVE-2026-33377

An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege...

7.1CVSS5.8AI score0.00226EPSS
Exploits0References1
Total number of security vulnerabilities13018