Lucene search
K
AlpinelinuxRecent

13018 matches found

AlpineLinux
AlpineLinux
•added 2026/05/11 4:48 p.m.•11 views

CVE-2026-4893

An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information...

5.3CVSS5.8AI score0.02681EPSS
Exploits2
AlpineLinux
AlpineLinux
•added 2026/05/11 4:47 p.m.•12 views

CVE-2026-4892

A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet...

8.8CVSS6.2AI score0.00812EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2026/05/11 4:47 p.m.•17 views

CVE-2026-4891

A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet...

7.5CVSS5.8AI score0.06226EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/05/11 4:47 p.m.•17 views

CVE-2026-4890

A Denial of Service DoS vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet...

7.5CVSS5.8AI score0.07237EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/05/11 4:47 p.m.•9 views

CVE-2026-2291

dnsmasqs extractname function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS...

7.3CVSS5.9AI score0.00754EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2026/05/10 8:15 p.m.•13 views

CVE-2026-45191

Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass. Mask forms like "/00" and "/01" pass validation and parse to the same prefix as their unpadded value. See also CVE-2026-45190...

6.5CVSS5.8AI score0.00311EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2026/05/10 8:15 p.m.•13 views

CVE-2026-45190

Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. Inputs containing a trailing newline or non-ASCII digit characters pass the validators but are then re-encoded by the parser to a different address than the inp...

6.5CVSS5.8AI score0.00311EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2026/05/10 6:36 a.m.•7 views

CVE-2026-45186

In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input...

7.5CVSS5.7AI score0.00428EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2026/05/10 4:43 a.m.•28 views

CVE-2026-7263

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, DOMNode::C14N method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial ...

7.5CVSS5.8AI score0.00353EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/05/10 4:35 a.m.•10 views

CVE-2026-6104

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mbconvertencoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...

9.1CVSS5.9AI score0.00469EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/05/10 4:28 a.m.•16 views

CVE-2026-7258

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, some functions, including urldecode, pass signed char to ctype functions like isxdigit. On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can...

7.5CVSS5.8AI score0.00337EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/05/10 4:19 a.m.•16 views

CVE-2026-6722

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains duplicate keys,...

9.8CVSS6.1AI score0.00739EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/05/10 4:13 a.m.•13 views

CVE-2026-7259

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when...

6.5CVSS5.8AI score0.00202EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/05/10 4:7 a.m.•12 views

CVE-2026-7261

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when SoapServer is configured with SOAPPERSISTENCESESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in an error, the persistanc...

9.8CVSS5.8AI score0.00302EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/05/10 4:0 a.m.•19 views

CVE-2026-7262

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element. This leads to dereferences a NULL pointer,...

7.5CVSS5.8AI score0.0078EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/05/10 3:42 a.m.•16 views

CVE-2026-7568

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the metaphone function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed...

7.5CVSS5.8AI score0.00455EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/05/10 3:27 a.m.•9 views

CVE-2026-6735

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...

8.8CVSS6.2AI score0.0021EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2026/05/09 11:0 p.m.•8 views

CVE-2026-8213

A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit h...

5.5CVSS5.5AI score0.00258EPSS
Exploits1References8
AlpineLinux
AlpineLinux
•added 2026/05/09 10:30 p.m.•11 views

CVE-2026-8212

A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been published and may be...

5.5CVSS5.8AI score0.00205EPSS
Exploits1References8
AlpineLinux
AlpineLinux
•added 2026/05/09 3:56 a.m.•12 views

CVE-2026-41163

bubblewrap is a low-level unprivileged sandboxing tool. From version 0.11.0 to before version 0.11.2, if bubblewrap is installed in setuid mode then the user can use ptrace to attach to bubblewrap and control the unprivileged part of the sandbox setup phase. This allows the attacker to arbitraril...

8.7CVSS5.7AI score0.00274EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/05/09 12:43 a.m.•16 views

CVE-2026-6667

PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILLCLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the adminusers...

4.3CVSS5.8AI score0.00287EPSS
Exploits0References1
AlpineLinux
AlpineLinux
•added 2026/05/09 12:43 a.m.•12 views

CVE-2026-6666

A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE field...

7.5CVSS5.8AI score0.00369EPSS
Exploits0References1
AlpineLinux
AlpineLinux
•added 2026/05/09 12:43 a.m.•12 views

CVE-2026-6665

The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow...

9.8CVSS6AI score0.00372EPSS
Exploits0References1
AlpineLinux
AlpineLinux
•added 2026/05/09 12:43 a.m.•20 views

CVE-2026-6664

An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet...

7.5CVSS6AI score0.00698EPSS
Exploits1References1
AlpineLinux
AlpineLinux
•added 2026/05/08 10:42 p.m.•11 views

CVE-2026-45130

Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in readcompound in src/spellfile.c when loading a crafted spell file .spl with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-b...

6.6CVSS5.9AI score0.00248EPSS
Exploits1References4
AlpineLinux
AlpineLinux
•added 2026/05/08 10:40 p.m.•14 views

CVE-2026-44656

Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name completion. Because the pat...

5.3CVSS6AI score0.00917EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2026/05/08 10:38 p.m.•13 views

CVE-2026-42307

Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the sftp:// or file:// protocol handlers, an attacker can execute arbitrary...

4.4CVSS6AI score0.00774EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2026/05/08 7:15 a.m.•10 views

CVE-2026-44928

In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal...

5.3CVSS5.8AI score0.00211EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/05/08 7:13 a.m.•10 views

CVE-2026-44927

In uriparser before 1.0.2, there is pointer difference truncation to int in various places...

5.3CVSS5.8AI score0.00211EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/05/07 7:41 p.m.•12 views

CVE-2026-42501

A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy GOMODPROXY or checksum database GOSUMDB. A malicious module proxy can serve altered versions o...

7.5CVSS5.8AI score0.00231EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/05/07 7:41 p.m.•8 views

CVE-2026-39820

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations...

7.5CVSS5.8AI score0.00784EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/05/07 7:41 p.m.•12 views

CVE-2026-39826

If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block...

6.1CVSS5.9AI score0.00371EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/05/07 7:41 p.m.•21 views

CVE-2026-39823

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS7.3AI score0.00328EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/05/07 7:41 p.m.•7 views

CVE-2026-33811

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash...

7.5CVSS5.8AI score0.00813EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/05/07 7:41 p.m.•7 views

CVE-2026-39825

ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery...

5.3CVSS5.8AI score0.0039EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/05/07 7:41 p.m.•9 views

CVE-2026-42499

Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322...

7.5CVSS5.8AI score0.00798EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/05/07 7:41 p.m.•12 views

CVE-2026-39817

The "go tool pack" subcommand usually used only by the compiler as an internal tool with known-good inputs does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to arbitrary locations on the filesystem...

5.9CVSS5.9AI score0.0017EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/05/07 7:41 p.m.•8 views

CVE-2026-39836

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...

7.5CVSS5.8AI score0.00588EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/05/07 7:41 p.m.•14 views

CVE-2026-39819

The "go bug" command writes to two files with predictable names in the system temporary directory for example, "/tmp". An attacker with access to the temporary directory can create a symlink in one of these names, causing "go bug" to overwrite the target of the symlink...

5.3CVSS5.8AI score0.00179EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/05/07 7:41 p.m.•9 views

CVE-2026-33814

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGSMAXFRAMESIZE with a value of 0...

7.5CVSS5.8AI score0.00781EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/05/07 7:30 p.m.•8 views

CVE-2026-8088

A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the...

5.5CVSS5.3AI score0.00246EPSS
Exploits1References8
AlpineLinux
AlpineLinux
•added 2026/05/07 7:0 p.m.•9 views

CVE-2026-8087

A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a local position. The...

7.8CVSS6.1AI score0.00223EPSS
Exploits1References8
AlpineLinux
AlpineLinux
•added 2026/05/07 6:45 p.m.•8 views

CVE-2026-8086

A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly...

7.8CVSS6.1AI score0.00237EPSS
Exploits1References9
AlpineLinux
AlpineLinux
•added 2026/05/07 6:30 p.m.•8 views

CVE-2026-8084

A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local execution. The exploit...

5.5CVSS5.3AI score0.00264EPSS
Exploits1References9
AlpineLinux
AlpineLinux
•added 2026/05/07 6:19 p.m.•8 views

CVE-2026-42284

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, clone validates multioptions as the original list, then executes shlex.split" ".joinmultioptions. A string like "--branch main --config core.hooksPath=/x" passes validation starts with --branch, but aft...

9.8CVSS5.7AI score0.00571EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2026/05/07 6:17 p.m.•8 views

CVE-2026-42215

GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs uploadpack and receivepack bypass that check. If an...

8.8CVSS6AI score0.00719EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2026/05/07 1:9 p.m.•10 views

CVE-2026-41685

Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking down the host system. The impact here is limited for anyone using storage.imagesvolume and...

4.3CVSS5.7AI score0.00333EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2026/05/07 1:8 p.m.•8 views

CVE-2026-41684

Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy backup/container/backup.yaml file if result.Config == nil. As a result, an archive can carry a valid...

6.5CVSS5.7AI score0.00408EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2026/05/07 1:5 p.m.•10 views

CVE-2026-41648

Incus is a system container and virtual machine manager. Prior to version 7.0.0, user provided image and backup tarballs would be unpacked and YAML files parsed without any size restrictions. This was making it easy for an authenticated user to provide a crafted image or backup tarball that when...

5.3CVSS5.7AI score0.00269EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2026/05/07 1:2 p.m.•9 views

CVE-2026-41647

Incus is a system container and virtual machine manager. Prior to version 7.0.0, a missing error handling could lead an authenticated Incus user to cause a daemon crash through the import of a truncated storage bucket backup file. This issue has been patched in version 7.0.0...

6.5CVSS5.7AI score0.00394EPSS
Exploits1
Total number of security vulnerabilities13018