Lucene search
+L
AlpinelinuxRecent

13033 matches found

alpinelinux
alpinelinux
•added 2026/04/01 1:54 p.m.•2 views

CVE-2026-35093

A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such ...

8.8CVSS5.9AI score0.00184EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/04/01 1:54 p.m.•6 views

CVE-2026-35094

A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system logs. This could...

5.5CVSS5.8AI score0.00146EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/04/01 4:41 a.m.•14 views

CVE-2026-5291

Inappropriate implementation in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.9AI score0.00193EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/04/01 4:41 a.m.•6 views

CVE-2026-5292

Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS5.9AI score0.00248EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/04/01 4:41 a.m.•8 views

CVE-2026-5289

Use after free in Navigation in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS5.9AI score0.00275EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/04/01 4:41 a.m.•6 views

CVE-2026-5290

Use after free in Compositing in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS5.9AI score0.00248EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/04/01 4:41 a.m.•13 views

CVE-2026-5287

Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

8.8CVSS6.3AI score0.00417EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/04/01 4:41 a.m.•11 views

CVE-2026-5273

Use after free in CSS in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.3CVSS6.2AI score0.00291EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/04/01 4:41 a.m.•12 views

CVE-2026-5285

Use after free in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.3AI score0.00403EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/04/01 4:41 a.m.•9 views

CVE-2026-5284

Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

7.5CVSS6.3AI score0.0028EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/04/01 4:41 a.m.•7 views

CVE-2026-5283

Inappropriate implementation in ANGLE in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

6.5CVSS5.9AI score0.002EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/04/01 4:41 a.m.•11 views

CVE-2026-5272

Heap buffer overflow in GPU in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.6AI score0.0045EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/04/01 4:41 a.m.•9 views

CVE-2026-5282

Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

8.1CVSS5.9AI score0.00193EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/04/01 4:41 a.m.•7 views

CVE-2026-5280

Use after free in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.3AI score0.00395EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/04/01 4:41 a.m.•9 views

CVE-2026-5281

Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.5AI score0.05036EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/04/01 4:41 a.m.•11 views

CVE-2026-5276

Insufficient policy enforcement in WebUSB in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.5CVSS5.9AI score0.00189EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/04/01 4:41 a.m.•9 views

CVE-2026-5277

Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

7.5CVSS6AI score0.00255EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/04/01 4:41 a.m.•9 views

CVE-2026-5279

Object corruption in V8 in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.3AI score0.0034EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/04/01 4:41 a.m.•8 views

CVE-2026-5275

Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.6AI score0.0035EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/04/01 4:41 a.m.•7 views

CVE-2026-5274

Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.1AI score0.00336EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/04/01 12:0 a.m.•19 views

CVE-2026-25833

Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509inetptonipv6 function...

7.5CVSS6.1AI score0.00308EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/04/01 12:0 a.m.•7 views

CVE-2026-25834

Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade...

6.5CVSS5.8AI score0.00135EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/04/01 12:0 a.m.•16 views

CVE-2026-25835

Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator PRNG...

7.7CVSS5.9AI score0.0017EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/03/31 7:30 p.m.•12 views

CVE-2026-34204

MinIO is a high-performance object storage system. Prior to version RELEASE.2026-03-26T21-24-40Z, a flaw in extractMetadataFromMime allows any authenticated user with s3:PutObject permission to inject internal server-side encryption metadata into objects by sending crafted X-Minio-Replication-...

7.1CVSS5.8AI score0.00124EPSS
Exploits0References1
alpinelinux
alpinelinux
•added 2026/03/31 3:36 p.m.•9 views

CVE-2026-34235

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap out-of-bounds read vulnerability exists in PJSIP's VP9 RTP unpacketizer that occurs when parsing crafted VP9 Scalability Structure SS data. Insufficient bounds checking on the payload...

9.1CVSS5.3AI score0.00405EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/03/31 12:6 p.m.•2 views

CVE-2026-27854

An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getEDNSOptions method in custom Lua code. In some cases DNSQuestion:getEDNSOptions might refer to a version of the DNS packet that has been modified, thus triggering a...

7.5CVSS5.7AI score0.00471EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/03/31 12:4 p.m.•2 views

CVE-2026-27853

An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. In some cases the rewritten packet might become larger than the initial response and even exceed 65535...

7.5CVSS5.8AI score0.00489EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/03/31 12:1 p.m.•3 views

CVE-2026-24030

An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a denial of service. In setups with a large quantity of memory available this usually results in an exception and the QUIC connection is properly...

7.5CVSS5.8AI score0.00537EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/03/31 11:59 a.m.•3 views

CVE-2026-24029

When the earlyacldrop earlyACLDrop in Lua option is disabled default is enabled on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL...

6.5CVSS5.8AI score0.00148EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/03/31 11:57 a.m.•4 views

CVE-2026-24028

An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leading to potential...

8.2CVSS5.8AI score0.01028EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/03/31 11:53 a.m.•10 views

CVE-2026-0397

When the internal webserver is enabled default is disabled, an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration o...

4.3CVSS5.8AI score0.00161EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/03/31 11:50 a.m.•6 views

CVE-2026-0396

An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI...

4.3CVSS5.8AI score0.00136EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/03/31 2:4 a.m.•2 views

CVE-2026-34073

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography...

6.3CVSS5.8AI score0.00154EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/03/31 1:43 a.m.•4 views

CVE-2026-34041

act is a project which allows for local running of github actions. Prior to version 0.2.86, act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which was disabled due to environment injection risks. When a workflow step echoes untrusted data to stdout, an...

9.8CVSS6AI score0.00619EPSS
Exploits1References3
alpinelinux
alpinelinux
•added 2026/03/31 1:36 a.m.•3 views

CVE-2026-33997

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a...

8.4CVSS5.7AI score0.00387EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/03/31 1:36 a.m.•3 views

CVE-2026-34040

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins AuthZ. This issue has been patched in version 29.3.1...

8.8CVSS5.8AI score0.08123EPSS
Exploits1
alpinelinux
alpinelinux
•added 2026/03/30 9:43 p.m.•3 views

CVE-2026-33995

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a double-free vulnerability in kerberosAcceptSecurityContext and kerberosInitializeSecurityContextA WinPR, winpr/libwinpr/sspi/Kerberos/kerberos.c can cause a crash in any FreeRDP clients on systems where...

5.3CVSS5.8AI score0.00282EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/03/30 9:43 p.m.•4 views

CVE-2026-33987

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in persistentcachereadentryv3 in libfreerdp/cache/persistent.c, persistent-bmpSize is updated before winpralignedrecalloc. If realloc fails, bmpSize is inflated while bmpData points to the old buffer. This...

7.1CVSS5.8AI score0.001EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/03/30 9:43 p.m.•4 views

CVE-2026-33986

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in yuvensurebuffer in libfreerdp/codec/h264.c, h264-width and h264-height are updated before the reallocation loop. If any winpralignedrecalloc call fails, the function returns FALSE but width/height are...

7.5CVSS5.8AI score0.00265EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/03/30 9:43 p.m.•5 views

CVE-2026-33985

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap memory is rendered to screen, potentially leaking sensitive data to the attacker. This issue has been patched in version 3.24.2...

7.1CVSS5.8AI score0.00205EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/03/30 9:42 p.m.•4 views

CVE-2026-33984

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in resizevbarentry in libfreerdp/codec/clear.c, vBarEntry-size is updated to vBarEntry-count before the winpralignedrecalloc call. If realloc fails, size is inflated while pixels still points to the old,...

7.5CVSS6AI score0.00398EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/03/30 9:42 p.m.•3 views

CVE-2026-33983

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, progressivedecompresstileupgrade detects a mismatch via progressiverfxquantcmpequal but only emits WLogWARN, execution continues. The wrapped value 247 is used as a shift exponent, causing undefined behavior...

7.5CVSS6AI score0.00426EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/03/30 9:42 p.m.•5 views

CVE-2026-33982

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, there is a heap-buffer-overflow READ vulnerability at 24 bytes before the allocation, in winpralignedoffsetrecalloc. This issue has been patched in version 3.24.2...

8.1CVSS5.8AI score0.00191EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/03/30 9:42 p.m.•2 views

CVE-2026-33952

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated authlength field read from the network triggers a WINPRASSERT failure in rtsreadauthverifiernochecks, causing any FreeRDP client connecting through a malicious RDP Gateway to crash with SIGABR...

6.5CVSS5.8AI score0.00271EPSS
Exploits1
alpinelinux
alpinelinux
•added 2026/03/30 9:41 p.m.•2 views

CVE-2026-33977

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can crash the FreeRDP client by sending audio data in IMA ADPCM format with an invalid initial step index value = 89. The unvalidated step index is read directly from the network and...

6.9CVSS5.8AI score0.00256EPSS
Exploits1
alpinelinux
alpinelinux
•added 2026/03/30 8:36 p.m.•3 views

CVE-2026-32877

Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checked the authentication code value C3 failed to check that the encoded value was of the expected length prior to comparison. An invalid ciphertext can cause a heap over-read o...

8.2CVSS5.7AI score0.00278EPSS
Exploits0References1
alpinelinux
alpinelinux
•added 2026/03/30 8:36 p.m.•4 views

CVE-2026-32883

Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0, during X509 path validation, OCSP responses were checked for an appropriate status code, but critically omitted verifying the signature of the OCSP response itself. This issue has been patched in version 3.11.0...

5.9CVSS5.3AI score0.00154EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/03/30 8:36 p.m.•3 views

CVE-2026-32884

Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of allowable DNS names, if no subject alternative name is defined in the end-entity certificate Botan would check that the CN was allowed by t...

5.9CVSS5.7AI score0.00158EPSS
Exploits0References1
alpinelinux
alpinelinux
•added 2026/03/30 7:7 p.m.•1 views

CVE-2026-21710

A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called on a non-array...

7.5CVSS7AI score0.26356EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/03/30 7:7 p.m.•3 views

CVE-2026-21713

A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior...

5.9CVSS6.5AI score0.00385EPSS
Exploits0
Total number of security vulnerabilities13033