Lucene search
+L
AlpinelinuxRecent

13033 matches found

AlpineLinux
AlpineLinux
•added 2026/03/26 5:10 p.m.•35 views

CVE-2026-33481

Syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack those...

5.3CVSS6.2AI score0.00408EPSS
Exploits0References4
AlpineLinux
AlpineLinux
•added 2026/03/26 4:51 p.m.•1 views

CVE-2026-33636

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit...

7.6CVSS6AI score0.00585EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2026/03/26 4:48 p.m.•3 views

CVE-2026-33416

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. In versions 1.2.1 through 1.6.55, pngsettRNS and pngsetPLTE each alias a heap-allocated buffer between pngstruct and pnginfo, sharing a single allocation acros...

7.5CVSS5.9AI score0.01052EPSS
Exploits1References6
AlpineLinux
AlpineLinux
•added 2026/03/26 1:36 p.m.•5 views

CVE-2026-33413

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users may bypass authentication or authorization checks and call certain etcd functions in clusters that expose the gRPC API to untrusted or partially trusted...

8.8CVSS5.8AI score0.00249EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/03/26 1:23 p.m.•3 views

CVE-2026-33343

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, an authenticated user with RBAC restricted permissions on key ranges can use nested transactions to bypass all key-level authorization. This allows any authenticated user with...

6.5CVSS5.8AI score0.0021EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/03/26 12:8 p.m.•8 views

CVE-2026-4887

A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible...

7.1CVSS5.9AI score0.00634EPSS
Exploits1References13
AlpineLinux
AlpineLinux
•added 2026/03/26 12:16 a.m.•1 views

CVE-2026-33526

Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP...

9.2CVSS5.9AI score0.08942EPSS
Exploits0References18
AlpineLinux
AlpineLinux
•added 2026/03/26 12:13 a.m.•3 views

CVE-2026-33515

Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid is vulnerable to out of bounds read when handling ICP traffic. This problem allows a remote attacker to receive small amounts of memory potentially containing sensitive information when responding...

6.9CVSS5.9AI score0.01039EPSS
Exploits0References5
AlpineLinux
AlpineLinux
•added 2026/03/26 12:11 a.m.•3 views

CVE-2026-32748

Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable...

8.7CVSS5.8AI score0.08931EPSS
Exploits0References18
AlpineLinux
AlpineLinux
•added 2026/03/25 11:57 p.m.•3 views

CVE-2026-30892

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...

7.8CVSS5.8AI score0.00159EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2026/03/25 8:21 p.m.•4 views

CVE-2026-33249

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.11.0 and prior to versions 2.11.15 and 2.12.6, a valid client which uses message tracing headers can indicate that the trace messages can be sent to an arbitrary valid subject,...

4.3CVSS5.9AI score0.00228EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/03/25 8:20 p.m.•5 views

CVE-2026-33223

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, the NATS message header Nats-Request-Info: is supposed to be a guarantee of identity by the NATS server, but the stripping of this header from inbound messages was...

6.4CVSS5.8AI score0.00211EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/03/25 8:18 p.m.•8 views

CVE-2026-33248

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with verifyandmap to derive a NATS identity from the client certificate's Subject DN, certain patterns of RDN would not be...

4.2CVSS5.8AI score0.00143EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/03/25 8:10 p.m.•1 views

CVE-2026-33222

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, users with JetStream admin API access to restore one stream could restore to other stream names, impacting data which should have been protected against them...

4.9CVSS5.8AI score0.00306EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/03/25 8:2 p.m.•9 views

CVE-2026-33247

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, if a nats-server is run with static credentials for all clients provided via argv the command-line, then those credentials are visible to any user who can see the...

7.5CVSS5.8AI score0.00414EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/03/25 7:55 p.m.•6 views

CVE-2026-33219

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a malicious client which can connect to the WebSockets port can cause unbounded memory use in the nats-server before authentication; this requires sending a...

7.5CVSS5.8AI score0.00532EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/03/25 7:53 p.m.•1 views

CVE-2026-33218

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a client which can connect to the leafnode port can crash the nats-server with a certain malformed message pre-authentication. Versions 2.11.15 and 2.12.6 contain ...

7.5CVSS5.8AI score0.00616EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/03/25 7:50 p.m.•3 views

CVE-2026-33246

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server offers a Nats-Request-Info: message header, providing information about a request. This is supposed to provide enough information to allow for account/user identification, such that NAT...

6.4CVSS5.8AI score0.00143EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/03/25 7:43 p.m.•11 views

CVE-2026-33217

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using ACLs on message subjects, these ACLs were not applied in the $MQTT. namespace, allowing MQTT clients to bypass ACL checks for MQTT subjects. Versions...

8.1CVSS5.8AI score0.00259EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/03/25 7:41 p.m.•2 views

CVE-2026-33216

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, for MQTT deployments using usercodes/passwords: MQTT passwords are incorrectly classified as a non-authenticating identity statement JWT and exposed via monitoring...

8.6CVSS5.8AI score0.00365EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/03/25 7:38 p.m.•3 views

CVE-2026-29785

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.14 and 2.12.5, if the nats-server has the "leafnode" configuration enabled not default, then anyone who can connect can crash the nats-server by triggering a panic. This happens...

7.5CVSS5.8AI score0.00658EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2026/03/25 7:36 p.m.•4 views

CVE-2026-27889

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.2.0 and prior to versions 2.11.14 and 2.12.5, a missing sanity check on a WebSockets frame could trigger a server panic in the nats-server. This happens before authentication, and...

7.5CVSS5.8AI score0.00582EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2026/03/25 6:24 p.m.•8 views

CVE-2026-33809

A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error...

5.3CVSS6AI score0.00328EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/03/25 6:12 p.m.•11 views

CVE-2026-1001

Domoticz versions prior to 2026.1 contain a stored cross-site scripting vulnerability in the Add Hardware and rename device functionality of the web interface that allows authenticated administrators to execute arbitrary scripts by supplying crafted names containing script or HTML markup. Attacke...

4.8CVSS6.3AI score0.00211EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2026/03/25 5:2 p.m.•7 views

CVE-2026-25645

Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...

5.5CVSS5.4AI score0.00182EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/03/25 4:54 p.m.•8 views

CVE-2026-34085

fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling, leading to a one-byte out-of-bounds write, and potentially a crash or code execution. This is in FcFontCapabilities in fcfreetype.c...

7.8CVSS5.9AI score0.00125EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2026/03/25 1:34 p.m.•20 views

CVE-2026-3591

A use-after-return vulnerability exists in the named server when handling DNS queries signed with SIG0. Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly mismatch an IP address. In a default-allow ACL denying only specific IP addresses, this may lead to...

5.4CVSS5.8AI score0.0036EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/03/25 1:31 p.m.•5 views

CVE-2026-3119

Under certain conditions, named may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature TSIG from a key declared in the named configuration. This issue affects BIND 9 versions 9.20....

6.5CVSS5.9AI score0.00576EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/03/25 1:29 p.m.•3 views

CVE-2026-3104

A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through...

7.5CVSS5.8AI score0.00698EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/03/25 1:25 p.m.•3 views

CVE-2026-1519

If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries see:...

7.5CVSS5.8AI score0.01545EPSS
Exploits0References28
AlpineLinux
AlpineLinux
•added 2026/03/25 8:46 a.m.•12 views

CVE-2026-3608

Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2...

7.5CVSS7.5AI score0.01361EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/03/24 8:55 p.m.•8 views

CVE-2026-33215

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issu...

6.5CVSS5.8AI score0.0024EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/03/24 8:27 p.m.•5 views

CVE-2026-4371

A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking...

7.4CVSS7.2AI score0.0036EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2026/03/24 8:27 p.m.•5 views

CVE-2026-3889

Spoofing issue in Thunderbird. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9...

6.5CVSS7.2AI score0.00202EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2026/03/24 7:43 p.m.•2 views

CVE-2026-33412

Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob function on Unix-like systems. By including a newline character \n in a pattern passed to glob, an attacker may be able to execute arbitrary shell commands. This...

7.3CVSS6AI score0.00834EPSS
Exploits0References37
AlpineLinux
AlpineLinux
•added 2026/03/24 2:42 p.m.•15 views

CVE-2026-4775

A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations,...

7.8CVSS6.1AI score0.00553EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/03/24 2:13 p.m.•2 views

CVE-2026-27651

When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the Auth-Wait...

8.7CVSS5.8AI score0.00921EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/03/24 2:13 p.m.•3 views

CVE-2026-27654

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names...

8.8CVSS6.1AI score0.21621EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/03/24 2:13 p.m.•3 views

CVE-2026-28753

NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation...

6.3CVSS5.9AI score0.00264EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/03/24 2:13 p.m.•3 views

CVE-2026-28755

NGINX Plus and NGINX Open Source have a vulnerability in the ngxstreamsslmodule module due to the improper handling of revoked certificates when configured with the sslverifyclient on and sslocsp on directives, allowing the TLS handshake to succeed even after an OCSP check identifies the...

5.4CVSS5.9AI score0.00133EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/03/24 2:13 p.m.•2 views

CVE-2026-32647

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially crafted MP4 file. This issue affect...

8.5CVSS6.1AI score0.00918EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/03/24 2:13 p.m.•3 views

CVE-2026-27784

The 32-bit implementation of NGINX Open Source has a vulnerability in the ngxhttpmp4module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its termination, using a specially crafted MP4 file. The issue only affects 32-bit NGINX Open Source if it i...

8.5CVSS5.8AI score0.01031EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/03/24 12:30 p.m.•4 views

CVE-2026-4721

Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...

9.8CVSS7.4AI score0.00424EPSS
Exploits0References6
AlpineLinux
AlpineLinux
•added 2026/03/24 12:30 p.m.•3 views

CVE-2026-4720

Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in...

9.8CVSS7.4AI score0.00424EPSS
Exploits0References5
AlpineLinux
AlpineLinux
•added 2026/03/24 12:30 p.m.•5 views

CVE-2026-4729

Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149 and Thunderbird 149...

9.8CVSS7.4AI score0.0033EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2026/03/24 12:30 p.m.•1 views

CVE-2026-4719

Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

7.5CVSS7.2AI score0.00433EPSS
Exploits0References5
AlpineLinux
AlpineLinux
•added 2026/03/24 12:30 p.m.•3 views

CVE-2026-4718

Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

8.1CVSS7.2AI score0.00299EPSS
Exploits0References5
AlpineLinux
AlpineLinux
•added 2026/03/24 12:30 p.m.•4 views

CVE-2026-4728

Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 149 and Thunderbird 149...

6.5CVSS7.2AI score0.00235EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2026/03/24 12:30 p.m.•2 views

CVE-2026-4727

Denial-of-service in the Libraries component in NSS. This vulnerability was fixed in Firefox 149 and Thunderbird 149...

7.5CVSS7.2AI score0.0053EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2026/03/24 12:30 p.m.•4 views

CVE-2026-4726

Denial-of-service in the XML component. This vulnerability was fixed in Firefox 149 and Thunderbird 149...

7.5CVSS7.2AI score0.0053EPSS
Exploits0References3
Total number of security vulnerabilities13033