Lucene search
K
AlpinelinuxRecent

13033 matches found

AlpineLinux
AlpineLinux
•added 2026/04/07 12:0 a.m.•8 views

CVE-2026-46472

This candidate has been reserved by an organization or individual " "that will use it when announcing a new security problem. When the candidate has been " "publicized, the details for this candidate will be provided...

Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/06 9:44 p.m.•3 views

CVE-2026-35444

SDLimage is a library to load images of various formats as SDL surfaces. In dolayersurface in src/IMGxcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size cmnum. A crafted .xcf file with a small colormap and...

7.1CVSS5.7AI score0.00262EPSS
Exploits0References1
AlpineLinux
AlpineLinux
•added 2026/04/06 7:49 p.m.•3 views

CVE-2026-35201

Discount is an implementation of John Gruber's Markdown markup language in C. From 1.3.1.1 to before 2.2.7.4, a signed length truncation bug causes an out-of-bounds read in the default Markdown parse path. Inputs larger than INTMAX are truncated to a signed int before entering the native parser,...

5.9CVSS7.3AI score0.00275EPSS
Exploits1References1
AlpineLinux
AlpineLinux
•added 2026/04/06 5:54 p.m.•3 views

CVE-2026-35177

Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280...

7.1CVSS6AI score0.00731EPSS
Exploits1References1
AlpineLinux
AlpineLinux
•added 2026/04/06 5:37 p.m.•7 views

CVE-2026-35166

Hugo is a static site generator. From 0.60.0 to before 0.159.2, links and image links in the default markdown to HTML renderer are not properly escaped. Hugo users who trust their Markdown content or have custom render hooks for links and images are not affected. This vulnerability is fixed in...

5.4CVSS5.7AI score0.00185EPSS
Exploits0References1
AlpineLinux
AlpineLinux
•added 2026/04/06 4:22 p.m.•6 views

CVE-2026-34986

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption JWE object will panic if t...

7.5CVSS7.1AI score0.00651EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/06 3:33 p.m.•4 views

CVE-2026-34589

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. Fo...

8.8CVSS5.9AI score0.00419EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2026/04/06 3:31 p.m.•17 views

CVE-2026-34588

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internalexrundopiz advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and...

8.8CVSS5.9AI score0.00482EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2026/04/06 3:30 p.m.•5 views

CVE-2026-34444

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...

10CVSS6.1AI score0.00613EPSS
Exploits1References5
AlpineLinux
AlpineLinux
•added 2026/04/06 3:22 p.m.•4 views

CVE-2026-34380

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a signed integer overflow exists in undopxr24impl in src/lib/OpenEXRCore/internalpxr24.c at line 377. The...

5.9CVSS5.9AI score0.00255EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2026/04/06 3:21 p.m.•3 views

CVE-2026-34379

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability exists in LossyDctDecoderexecute in...

7.1CVSS6AI score0.00283EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2026/04/06 3:19 p.m.•5 views

CVE-2026-34378

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signed integer overfl...

6.5CVSS6AI score0.00262EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2026/04/06 3:16 p.m.•7 views

CVE-2026-34982

Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The complete, guitabtooltip and printheader options are missing the PMLE flag, allowing a modeline to be executed...

8.2CVSS6.3AI score0.0047EPSS
Exploits0References28
AlpineLinux
AlpineLinux
•added 2026/04/03 10:43 p.m.•38 views

CVE-2026-34933

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileged local user can crash avahi-daemon by sending a single D-Bus method call with conflicting publish flags. This issue has been patched in version...

5.5CVSS5.7AI score0.00203EPSS
Exploits1References4
AlpineLinux
AlpineLinux
•added 2026/04/03 9:23 p.m.•4 views

CVE-2026-27456

util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check-Time-of-Use vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privilege...

4.7CVSS5.7AI score0.00118EPSS
Exploits1References3
AlpineLinux
AlpineLinux
•added 2026/04/03 9:18 p.m.•6 views

CVE-2026-34980

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a shared target queue, an unauthorized client can send a Print-Job to that shared PostScript queue without authentication. The server...

7.5CVSS6.1AI score0.00502EPSS
Exploits1References1
AlpineLinux
AlpineLinux
•added 2026/04/03 9:16 p.m.•2 views

CVE-2026-34979

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-based buffer overflow in the CUPS scheduler when building filter option strings from job attribute. At time of publication, there are no publicly...

5.3CVSS6AI score0.00379EPSS
Exploits1References1
AlpineLinux
AlpineLinux
•added 2026/04/03 9:15 p.m.•4 views

CVE-2026-34978

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri e.g., rss:///../job.cache, letting a remote IPP client write RSS XML bytes outside CacheDir/rss...

6.5CVSS5.8AI score0.00406EPSS
Exploits1References1
AlpineLinux
AlpineLinux
•added 2026/04/03 9:14 p.m.•4 views

CVE-2026-34990

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local ... token. That...

7.8CVSS6.2AI score0.00289EPSS
Exploits1References1
AlpineLinux
AlpineLinux
•added 2026/04/03 9:11 p.m.•3 views

CVE-2026-27447

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon cupsd contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an...

6.3CVSS5.7AI score0.00317EPSS
Exploits1References2
AlpineLinux
AlpineLinux
•added 2026/04/03 6:38 p.m.•11 views

CVE-2026-2625

A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager RPM file. During the RPM signature verification process, this crafted file can trigger an error in the OpenPGP signature parsing code, leading to an...

5.5CVSS5.7AI score0.00085EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/03 5:0 a.m.•16 views

CVE-2026-35549

An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the cachingsha2password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because sha256cryptr uses allo...

6.5CVSS5.8AI score0.00256EPSS
Exploits0References1
AlpineLinux
AlpineLinux
•added 2026/04/02 6:36 p.m.•3 views

CVE-2026-34743

XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzmaindexdecoder was used to decode an Index that contained no Records, the resulting lzmaindex was left in a state where where a subsequent lzmaindexappend would allocate too little...

6.3CVSS5.8AI score0.00351EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/02 5:8 p.m.•9 views

CVE-2026-35414

OpenSSH before 10.3 mishandles the authorizedkeys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters...

8.1CVSS5.8AI score0.00176EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2026/04/02 4:57 p.m.•3 views

CVE-2026-35388

OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions...

2.5CVSS5.2AI score0.0013EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2026/04/02 4:52 p.m.•5 views

CVE-2026-35387

OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms...

6.5CVSS5.3AI score0.00237EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2026/04/02 4:44 p.m.•3 views

CVE-2026-35386

In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in sshconfig...

8.1CVSS5.5AI score0.00247EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2026/04/02 4:30 p.m.•8 views

CVE-2026-35385

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode...

8.1CVSS5.2AI score0.00419EPSS
Exploits0References35
AlpineLinux
AlpineLinux
•added 2026/04/02 2:57 p.m.•10 views

CVE-2026-33641

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...

7.8CVSS6AI score0.00866EPSS
Exploits3References3
AlpineLinux
AlpineLinux
•added 2026/04/02 2:56 p.m.•10 views

CVE-2026-33533

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, the Glances XML-RPC server activated with glances -s or glances --server sends Access-Control-Allow-Origin: on every HTTP response. Because the XML-RPC handler does not validate the Content-Type header, an...

7.1CVSS5.8AI score0.00409EPSS
Exploits1References3
AlpineLinux
AlpineLinux
•added 2026/04/02 2:36 p.m.•1 views

CVE-2026-31935

Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft HTTP2 continuation frames can lead to memory exhaustion, usually resulting in the Suricata process being shut down by the operating system. This issue has been patched in versions 7.0.15 and 8.0.4...

7.5CVSS5.8AI score0.00272EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2026/04/02 2:30 p.m.•7 views

CVE-2026-5342

A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikonloadpaddedpackedraw of the file src/decoders/decoderslibraw.cpp of the component TIFF/NEF. Executing a manipulation of the argument loadflags/rawwidth can lead to out-of-bounds read. It is possible to launch the...

6.9CVSS5.1AI score0.00735EPSS
Exploits1References9
AlpineLinux
AlpineLinux
•added 2026/04/02 2:21 p.m.•2 views

CVE-2026-31934

Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is a quadratic complexity issue when searching for URLs in mime encoded messages over SMTP leading to a performance impact. This issue has been patched in version 8.0.4...

7.5CVSS5.7AI score0.00272EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2026/04/02 2:3 p.m.•2 views

CVE-2026-31933

Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, specially crafted traffic can cause Suricata to slow down, affecting performance in IDS mode. This issue has been patched in versions 7.0.15 and 8.0.4...

7.5CVSS5.8AI score0.00351EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2026/04/02 2:2 p.m.•3 views

CVE-2026-31932

Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, inefficiency in KRB5 buffering can lead to performance degradation. This issue has been patched in versions 7.0.15 and 8.0.4...

7.5CVSS5.8AI score0.00267EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2026/04/02 2:1 p.m.•2 views

CVE-2026-31931

Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the "tls.alpn" rule keyword can cause Suricata to crash with a NULL dereference. This issue has been patched in version 8.0.4...

7.5CVSS5.8AI score0.00351EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2026/04/02 1:45 a.m.•5 views

CVE-2026-5318

A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation of the argument bits causes out-of-bounds write. It is possible to initiate the attack remotely. T...

5.3CVSS5AI score0.00629EPSS
Exploits1References9
AlpineLinux
AlpineLinux
•added 2026/04/01 8:56 p.m.•9 views

CVE-2026-34543

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, sensitive information from heap memory may be leaked through the decoded pixel data information disclosure...

8.7CVSS5.7AI score0.00482EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2026/04/01 8:55 p.m.•7 views

CVE-2026-34544

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that decodes it via...

8.4CVSS5.8AI score0.00244EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2026/04/01 8:51 p.m.•15 views

CVE-2026-34545

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.7, an attacker providing a crafted .exr file with HTJ2K compression and a channel width of 32768 can write...

8.4CVSS6.5AI score0.00611EPSS
Exploits1References3
AlpineLinux
AlpineLinux
•added 2026/04/01 8:28 p.m.•6 views

CVE-2026-34525

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4...

6.3CVSS5.4AI score0.00288EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/01 8:27 p.m.•2 views

CVE-2026-34520

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser the default for most installs accepted null bytes and control characters in response headers. This issue has been patched in version 3.13.4...

9.1CVSS5.4AI score0.00461EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/01 8:26 p.m.•3 views

CVE-2026-34519

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the reason parameter when creating a Response may be able to inject extra headers or similar exploits. This issue has been patched in version 3.13.4...

6.9CVSS5.3AI score0.00292EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/01 8:15 p.m.•4 views

CVE-2026-34518

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in version 3.13.4...

6.9CVSS5.3AI score0.00337EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/01 8:14 p.m.•7 views

CVE-2026-34517

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, for some multipart form fields, aiohttp read the entire field into memory before checking clientmaxsize. This issue has been patched in version 3.13.4...

6.9CVSS5.3AI score0.00384EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/01 8:13 p.m.•4 views

CVE-2026-34516

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vulnerability. This issue has been patched in version 3.13....

8.7CVSS5.4AI score0.0044EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/01 8:10 p.m.•5 views

CVE-2026-34515

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, on Windows the static resource handler may expose information about a NTLMv2 remote path. This issue has been patched in version 3.13.4...

8.7CVSS5.5AI score0.00433EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/01 8:9 p.m.•5 views

CVE-2026-34514

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the contenttype parameter in aiohttp could use this to inject extra headers or similar exploits. This issue has been patched in version 3.13.4...

6.9CVSS5.4AI score0.00315EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/01 8:8 p.m.•5 views

CVE-2026-22815

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4...

7.5CVSS5.3AI score0.0044EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/01 8:6 p.m.•5 views

CVE-2026-34513

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation. This issue has been patched in version 3.13.4...

7.5CVSS5.4AI score0.0044EPSS
Exploits0
Total number of security vulnerabilities13033