Lucene search
K
AlpinelinuxRecent

13016 matches found

AlpineLinux
AlpineLinux
•added yesterday•2 views

CVE-2026-40553

Buffer overflow vulnerability has been found in "extension/readdir.c" program file of gawk ftype routine. This issue could be used to crash the program and potentially to achieve code execution, although the latter has not been confirmed to be feasible. It affects gawk in versions 5.4.0 and below...

7.5CVSS6AI score
Exploits0References2
AlpineLinux
AlpineLinux
•added yesterday•4 views

CVE-2026-40469

Integer overflow vulnerability has been found in "builtin.c" program file of gawk dosub routine. This issue could be used to overwrite gawk heap metadata and objects causing the program to crash. It affects 32-bit builds of gawk in versions 5.4.0 and below...

9.1CVSS6AI score
Exploits0References2
AlpineLinux
AlpineLinux
•added yesterday•3 views

CVE-2026-40468

Integer overflow vulnerability has been found in "builtin.c" program file of gawk. This issue may lead to memory exhaustion on the hosting operating system and could be used to overwrite gawk heap metadata and objects with attacker-controlled bytes. It affects gawk in versions 5.4.0 and below...

9.1CVSS6AI score
Exploits0References2
AlpineLinux
AlpineLinux
•added yesterday•3 views

CVE-2026-40467

Use After Free vulnerability has been found in "io.c" program file of gawk dogetlineredir routine. This issue may lead to a crash. It affects gawk in versions 5.4.0 and below...

7.5CVSS6AI score
Exploits0References2
AlpineLinux
AlpineLinux
•added 3 days ago•2 views

CVE-2026-61861

ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption method when memory allocation fails. Attackers can trigger memory allocation failures to cause a dangling pointer to reference freed memory, potentially enabling denial of service or code execution...

7.5CVSS6.2AI score0.00277EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 3 days ago•3 views

CVE-2026-61870

ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the VIFF encoder when memory allocation fails. Attackers can trigger allocation failures by processing specially crafted VIFF images to exhaust available memory and cause denial of service...

7.5CVSS6.1AI score0.00104EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 3 days ago•3 views

CVE-2026-61858

ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassing configured policy restrictions through the APNG encoding process...

5.3CVSS6.1AI score0.00133EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 3 days ago•3 views

CVE-2026-61857

ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP profiles. Attackers can craft malicious image files with specially crafted XMP data to trigger the vulnerability and cause application crashes...

7.5CVSS6.1AI score0.00226EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 3 days ago•1 views

CVE-2026-61465

ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation limit in matrix-backed operations such as -canny. An attacker can supply a crafted image that causes ImageMagick to allocate more memory than permitted by the configured policy, resulting in a denial of...

6.5CVSS6.1AI score0.00105EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 3 days ago•3 views

CVE-2026-56372

ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers to read out of bounds memory. An unrecognized magnify:method value triggers an out of bounds read, potentially exposing sensitive information or causing denial of service...

9.1CVSS6.2AI score0.00116EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 4 days ago•5 views

CVE-2026-57156

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0 on 32-bit builds, FreeRDP clients contain an integer overflow in updatereaddeltapoints in libfreerdp/core/orders.c when multiplying an attacker-controlled point count by sizeofDELTAPOINT, allowing a malicious RDP pee...

9.8CVSS6.2AI score0.00528EPSS
Exploits1References4
AlpineLinux
AlpineLinux
•added 4 days ago•3 views

CVE-2026-57157

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server implementations with the MS-RDPECAM camera device enumerator channel enabled scan attacker-supplied DeviceName and VirtualChannelName fields for a NUL terminator in...

6.5CVSS6.1AI score0.00522EPSS
Exploits1References6
AlpineLinux
AlpineLinux
•added 4 days ago•3 views

CVE-2026-57158

FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, FreeRDP clients using the GFX pipeline contain an incomplete fix for CVE-2026-23530 in planardecompressplanerleonly in libfreerdp/codec/planar.c, allowing a malicious RDP server to send a truncated...

9.8CVSS7AI score0.00528EPSS
Exploits2References4
AlpineLinux
AlpineLinux
•added 4 days ago•6 views

CVE-2026-55827

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data while allocating bitmap-data only for the smaller DstWidth and...

8.8CVSS6.1AI score0.00452EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 4 days ago•6 views

CVE-2026-8595

A user with Editor permissions can craft a dashboard whose table TableNG panel contains a malicious field name that executes as a script in the browser of any user who views the dashboard stored cross-site scripting...

6.8CVSS6AI score0.00221EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 4 days ago•4 views

CVE-2026-8609

An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique values, causing unbounded memory growth that can eventually exhaust memory and crash the Grafana instance denial of service...

7.5CVSS6.1AI score0.00359EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 4 days ago•4 views

CVE-2026-33382

Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and causing a denial of service...

7.5CVSS6.1AI score0.0038EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 4 days ago•2 views

CVE-2026-56366

ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion...

6.5CVSS6.1AI score0.00103EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 4 days ago•3 views

CVE-2026-56373

ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that uses a stale pointer when memory allocation fails. Attackers can trigger this vulnerability by processing malicious PDB files to cause crashes or write a single zero byte to freed memory...

6.3CVSS6.1AI score0.00221EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 5 days ago•4 views

CVE-2026-59856

Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search pattern that is run via winexecute without escaping. A name...

8.4CVSS6.3AI score0.00169EPSS
Exploits1References2
AlpineLinux
AlpineLinux
•added 5 days ago•5 views

CVE-2026-59858

Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a :vimgrep pattern that is run through :execute. Because :vimgrep honor...

8.4CVSS6.2AI score0.00137EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 5 days ago•4 views

CVE-2026-59857

Vim is an open source, command line text editor. Prior to 9.2.0725, the single-byte branch of spellsoundfoldsal in src/spell.c translates a word through a spell file's SAL sound-folding rules into a caller-owned result buffer, but its result writes are guarded with reslen MAXWLEN, allowing reslen...

5.6CVSS6.1AI score0.00107EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 5 days ago•3 views

CVE-2026-58459

gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof that allows attackers who control the GPS device subtype value to execute arbitrary shell commands by embedding backtick payloads in the gnuplot plot title without proper escaping. The...

9.6CVSS6.4AI score0.00726EPSS
Exploits1References5
AlpineLinux
AlpineLinux
•added 5 days ago•3 views

CVE-2026-56289

GNU patch is vulnerable to a denial of service DoS due to improper validation of hunk single block of changes in diff line offsets in unified-diff input. A specially crafted patch can specify an extremely large line number, causing the application to enter an effectively infinite processing loop...

5.5CVSS6AI score0.00125EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 5 days ago•3 views

CVE-2026-56288

GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file newline markers can corrupt internal hunk single block of changes in diff data structures, causing the application to pass a NULL pointer...

5.5CVSS6AI score0.00125EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 6 days ago•3 views

CVE-2026-15168

BLF file parser in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows possible information disclosure...

3.3CVSS6.1AI score0.00102EPSS
Exploits1References2
AlpineLinux
AlpineLinux
•added 6 days ago•3 views

CVE-2026-59818

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.5.32 and 3.6.13, when etcd is configured with --listen-client-http-urls to split HTTP and gRPC client endpoints onto separate listeners, the --client-crl-file Certificate Revocation List is not enforced on the...

8.1CVSS6.1AI score0.00364EPSS
Exploits0References9
AlpineLinux
AlpineLinux
•added 6 days ago•5 views

CVE-2026-15166

IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS6.1AI score0.00133EPSS
Exploits1References2
AlpineLinux
AlpineLinux
•added 6 days ago•5 views

CVE-2026-15174

Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS6.1AI score0.00092EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 6 days ago•3 views

CVE-2026-15172

FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS6.1AI score0.00097EPSS
Exploits1References2
AlpineLinux
AlpineLinux
•added 6 days ago•3 views

CVE-2026-15173

pcapng file parser crash in Wireshark 4.6.0 to 4.6.6 allows denial of service...

5.5CVSS6.1AI score0.00089EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 6 days ago•4 views

CVE-2026-15171

SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS6.1AI score0.00097EPSS
Exploits1References2
AlpineLinux
AlpineLinux
•added 6 days ago•3 views

CVE-2026-15169

UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

7.5CVSS6.1AI score0.00218EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 6 days ago•5 views

CVE-2026-15167

DBS Etherwatch file parser crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

7.5CVSS6.1AI score0.00156EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 6 days ago•3 views

CVE-2026-15170

Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS6.1AI score0.00133EPSS
Exploits1References2
AlpineLinux
AlpineLinux
•added 6 days ago•4 views

CVE-2026-15165

TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service...

5.5CVSS6.1AI score0.00133EPSS
Exploits1References2
AlpineLinux
AlpineLinux
•added 6 days ago•4 views

CVE-2026-15163

Multiple protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allow denial of service...

7.5CVSS6.1AI score0.00187EPSS
Exploits0References5
AlpineLinux
AlpineLinux
•added 6 days ago•3 views

CVE-2026-15164

Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS6.1AI score0.00097EPSS
Exploits1References2
AlpineLinux
AlpineLinux
•added 6 days ago•5 views

CVE-2026-58208

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a WebSocket listener could route requests for the MQTT-over-WebSocket path into MQTT handling even when MQTT was not configured, allowing an unauthenticated client with...

7.5CVSS6.1AI score0.00593EPSS
Exploits0References5
AlpineLinux
AlpineLinux
•added 6 days ago•6 views

CVE-2026-58211

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client could be registered as the configured noauthuser through a parser path used when the first client operation was not CONNECT, bypassing user-level connection...

5.4CVSS6.1AI score0.00292EPSS
Exploits0References1
AlpineLinux
AlpineLinux
•added 6 days ago•4 views

CVE-2026-58207

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client able to send account-scoped connection monitoring requests could crash the server by supplying Connz pagination Offset and Limit values that overflowed internal...

7.7CVSS6.1AI score0.0056EPSS
Exploits0References5
AlpineLinux
AlpineLinux
•added 6 days ago•2 views

CVE-2026-58210

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an unauthenticated MQTT client could cause the server to retain large incomplete MQTT CONNECT packets before authentication completed, consuming server memory while the...

7.5CVSS6.1AI score0.00732EPSS
Exploits0References5
AlpineLinux
AlpineLinux
•added 6 days ago•3 views

CVE-2026-58209

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, MQTT retained message delivery and QoS1+ durable replay could deliver messages whose original topics matched a subscriber configured subscribe deny rule because these...

4.3CVSS6.1AI score0.00342EPSS
Exploits0References5
AlpineLinux
AlpineLinux
•added 6 days ago•2 views

CVE-2026-58214

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an authenticated MQTT client could subscribe to the internal $MQTT.deliver.pubrel subject family, bypassing configured subscribe permissions and exposing MQTT QoS2 protoc...

4.3CVSS6.1AI score0.00367EPSS
Exploits0References5
AlpineLinux
AlpineLinux
•added 6 days ago•3 views

CVE-2026-58254

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.8, message trace destination checks were applied to ordinary client connections but not consistently to messages arriving through leafnode connections, allowing a leafnode...

6.5CVSS6.1AI score0.00428EPSS
Exploits0References4
AlpineLinux
AlpineLinux
•added 6 days ago•3 views

CVE-2026-58213

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.1 and 2.12.9, an MQTT client could include protocol control characters in subscription filters that were later forwarded as NATS protocol data to route or leafnode connections, corrupti...

7.1CVSS6.1AI score0.00439EPSS
Exploits0References8
AlpineLinux
AlpineLinux
•added 6 days ago•4 views

CVE-2026-59939

httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs unbounded decompression of HTTP response bodies encoded with Content-Encoding: gzip or deflate in decompressContent in httplib2/init.py, allowing a malicious or compromised HTTP server to return a small...

7.5CVSS6.1AI score0.00339EPSS
Exploits1References3
AlpineLinux
AlpineLinux
•added 6 days ago•3 views

CVE-2026-42505

Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello...

5.3CVSS6.1AI score0.00419EPSS
Exploits0References4
AlpineLinux
AlpineLinux
•added 6 days ago•4 views

CVE-2026-39822

On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of the Root when the final path component of the a path is a symbolic link and the path ends in /. For example, 'root.Open"symlink/"' will open "symlink" even when "symlink" is a symbolic link pointing...

7.8CVSS6.1AI score0.00181EPSS
Exploits0References4
AlpineLinux
AlpineLinux
•added 6 days ago•10 views

CVE-2026-49147

App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack prints a filename whose basename contains terminal control bytes such as ANSI escape sequences, those bytes reach the terminal unchanged. Version 3.10.0 added a...

7.5CVSS5.9AI score0.00329EPSS
Exploits0
Total number of security vulnerabilities13016