Lucene search
+L
AlpinelinuxRecent

13035 matches found

alpinelinux
alpinelinux
•added 2026/02/10 1:2 p.m.•5 views

CVE-2025-15570

A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzmadecompressbuf of the file stream.c. Performing a manipulation results in use after free. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the...

7.8CVSS5.6AI score0.00202EPSS
Exploits1References6
alpinelinux
alpinelinux
•added 2026/02/09 6:23 p.m.•4 views

CVE-2026-24684

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave. This vulnerability is fixed in 3.22.0...

8.7CVSS5.6AI score0.00534EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/02/09 6:22 p.m.•3 views

CVE-2026-24683

FreeRDP is a free implementation of the Remote Desktop Protocol. ainputsendinputevent caches channelcallback in a local variable and later uses it without synchronization; a concurrent channel close can free or reinitialize the callback, leading to a use after free. Prior to 3.22.0, This...

8.7CVSS5.6AI score0.00467EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/02/09 6:21 p.m.•5 views

CVE-2026-24682

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audinserverrecvformats frees an incorrect number of audio formats on parse failure i + i, leading to out-of-bounds access in audioformatsfree. This vulnerability is fixed in 3.22.0...

8.7CVSS5.6AI score0.00467EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/02/09 6:20 p.m.•4 views

CVE-2026-24681

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completions can use a freed channel callback after URBDRC channel close, leading to a use after free in urbwritecompletion. This vulnerability is fixed in 3.22.0...

8.7CVSS5.6AI score0.00467EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/02/09 6:19 p.m.•5 views

CVE-2026-24680

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, sdlPointerNew frees data on failure, then pointerfree calls sdlPointerFree and frees it again, triggering ASan UAF. This vulnerability is fixed in 3.22.0...

8.7CVSS5.6AI score0.00423EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/02/09 6:19 p.m.•4 views

CVE-2026-24679

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, The URBDRC client uses server-supplied interface numbers as array indices without bounds checks, causing an out-of-bounds read in libusbudevselectinterface. This vulnerability is fixed in 3.22.0...

9.1CVSS5.6AI score0.00489EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/02/09 6:17 p.m.•8 views

CVE-2026-24678

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, A capture thread sends sample responses using a freed channel callback after a device channel close, leading to a use after free in ecamchannelwrite. This vulnerability is fixed in 3.22.0...

8.7CVSS5.6AI score0.00628EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/02/09 6:16 p.m.•5 views

CVE-2026-24677

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, ecamencodercompressh264 trusts server-controlled dimensions and does not validate the source buffer size, leading to an out-of-bounds read in swsscale. This vulnerability is fixed in 3.22.0...

9.1CVSS5.8AI score0.00489EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/02/09 6:15 p.m.•4 views

CVE-2026-24676

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, AUDIN format renegotiation frees the active format list while the capture thread continues using audin-format, leading to a use after free in audioformatcompatible. This vulnerability is fixed in 3.22.0...

8.7CVSS5.6AI score0.00467EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/02/09 6:14 p.m.•5 views

CVE-2026-24675

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, urbselectinterface can free the device's MS config on error but later code still dereferences it, leading to a use after free in libusbudevselectinterface. This vulnerability is fixed in 3.22.0...

8.7CVSS5.7AI score0.00467EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/02/09 6:13 p.m.•2 views

CVE-2026-24491

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, videotimer can send client notifications after the control channel is closed, dereferencing a freed callback and triggering a use after free. This vulnerability is fixed in 3.22.0...

8.7CVSS5.6AI score0.00467EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/02/09 6:12 p.m.•8 views

CVE-2026-23948

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdpwritelogoninfov2 allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0. This vulnerability...

7.5CVSS5.6AI score0.00467EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/02/09 5:2 p.m.•5 views

CVE-2026-2242

A vulnerability was determined in janet-lang janet up to 1.40.1. This impacts the function janetcif of the file src/core/specials.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. This...

6.1CVSS5AI score0.00157EPSS
Exploits1References8
alpinelinux
alpinelinux
•added 2026/02/09 4:2 p.m.•6 views

CVE-2026-2241

A vulnerability was found in janet-lang janet up to 1.40.1. This affects the function osstrftime of the file src/core/os.c. Performing a manipulation results in out-of-bounds read. The attack must be initiated from a local position. The exploit has been made public and could be used. The patch is...

6.1CVSS5.1AI score0.00169EPSS
Exploits1References8
alpinelinux
alpinelinux
•added 2026/02/09 3:32 p.m.•8 views

CVE-2026-2240

A vulnerability has been found in janet-lang janet up to 1.40.1. The impacted element is the function janetcpopfuncdef of the file src/core/compile.c. Such manipulation leads to out-of-bounds read. The attack must be carried out locally. The exploit has been disclosed to the public and may be use...

6.1CVSS4.9AI score0.00157EPSS
Exploits1References8
alpinelinux
alpinelinux
•added 2026/02/09 2:44 p.m.•3 views

CVE-2025-59024

Crafted delegations or IP fragments can poison cached delegations in Recursor...

6.5CVSS5.4AI score0.00122EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/02/09 2:44 p.m.•8 views

CVE-2025-59023

Crafted delegations or IP fragments can poison cached delegations in Recursor...

8.2CVSS5.4AI score0.00266EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/02/09 2:25 p.m.•3 views

CVE-2026-24027

Crafted zones can lead to increased incoming network traffic...

5.3CVSS5.4AI score0.00396EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/02/09 2:20 p.m.•5 views

CVE-2026-0398

Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor...

5.3CVSS5.4AI score0.00407EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/02/06 10:55 p.m.•3 views

CVE-2026-25793

Nebula is a scalable overlay networking tool. In versions from 1.7.0 to 1.10.2, when using P256 certificates which is not the default configuration, it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability to use a copy of th...

8.1CVSS5.5AI score0.00133EPSS
Exploits0References2
alpinelinux
alpinelinux
•added 2026/02/06 10:43 p.m.•5 views

CVE-2026-25749

Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the gettagfname function in src/tag.c. When processing help file tags,...

6.6CVSS5.5AI score0.00213EPSS
Exploits1References3
alpinelinux
alpinelinux
•added 2026/02/06 4:47 p.m.•2 views

CVE-2026-23741

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/astcoredumper runs as root, as noted by the NOTES tag on line 689 of the astcoredumper file. The script will source the conten...

8.8CVSS5.9AI score0.00173EPSS
Exploits0References1
alpinelinux
alpinelinux
•added 2026/02/06 4:42 p.m.•6 views

CVE-2026-23739

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the astxmlopen function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing...

6.5CVSS5.5AI score0.00176EPSS
Exploits0References1
alpinelinux
alpinelinux
•added 2026/02/06 4:41 p.m.•7 views

CVE-2026-23738

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using aststrappend. The...

6.1CVSS5.5AI score0.0016EPSS
Exploits0References1
alpinelinux
alpinelinux
•added 2026/02/06 4:11 p.m.•3 views

CVE-2026-25556

MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fzfillpixmapfromdisplaylist when an exception occurs during display list rendering. The function accepts a caller-owned fzpixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing the...

7.5CVSS5.6AI score0.00477EPSS
Exploits1References4
alpinelinux
alpinelinux
•added 2026/02/06 1:13 p.m.•6 views

CVE-2026-1337

Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs in a tool that treats them as HTML. There is no security impact on Neo4j products, but this advisory is released as a precaution to treat...

5.4CVSS5.5AI score0.00207EPSS
Exploits2References1
alpinelinux
alpinelinux
•added 2026/02/06 6:2 a.m.•7 views

CVE-2026-1998

A flaw has been found in micropython up to 1.27.0. This vulnerability affects the function mpimportall of the file py/runtime.c. This manipulation causes memory corruption. The attack needs to be launched locally. The exploit has been published and may be used. Patch name:...

5.5CVSS5AI score0.00203EPSS
Exploits1References8
alpinelinux
alpinelinux
•added 2026/02/05 5:48 p.m.•15 views

CVE-2025-68121

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the...

10CVSS8.2AI score0.00765EPSS
Exploits1
alpinelinux
alpinelinux
•added 2026/02/05 3:42 a.m.•6 views

CVE-2025-61732

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary...

8.6CVSS5.4AI score0.00472EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/02/04 11:5 p.m.•8 views

CVE-2025-22873

It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open"../" would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained with...

3.8CVSS5.2AI score0.00238EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/02/04 9:58 p.m.•3 views

CVE-2026-25578

Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, a cross-site scripting vulnerability in the frontend allows a malicious attacker to inject code through the comment metadata of a song to exfiltrate user credentials. This issue has been patched i...

6.1CVSS5.2AI score0.00297EPSS
Exploits1
alpinelinux
alpinelinux
•added 2026/02/04 9:58 p.m.•7 views

CVE-2026-25579

Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, authenticated users can crash the Navidrome server by supplying an excessively large size parameter to /rest/getCoverArt or to a shared-image URL /share/img/. When processing such requests, the...

9.2CVSS5.5AI score0.00455EPSS
Exploits1
alpinelinux
alpinelinux
•added 2026/02/04 3:2 p.m.•14 views

CVE-2026-1642

A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security TLS servers. An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data in...

8.2CVSS5.5AI score0.00339EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/02/03 8:56 p.m.•4 views

CVE-2026-1861

Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score0.00413EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/02/03 2:38 p.m.•26 views

CVE-2025-14550

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. ASGIRequest allows a remote attacker to cause a potential denial-of-service via a crafted request with multiple duplicate headers. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not...

7.5CVSS5.5AI score0.00993EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/02/03 2:36 p.m.•8 views

CVE-2026-1312

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. .QuerySet.orderby is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in FilteredRelation. Earlier,...

8.5CVSS5.6AI score0.00802EPSS
Exploits1
alpinelinux
alpinelinux
•added 2026/02/03 2:36 p.m.•13 views

CVE-2026-1287

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. FilteredRelation is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet methods annotate, aggregat...

8.3CVSS5.6AI score0.00754EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/02/03 2:35 p.m.•16 views

CVE-2026-1285

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. django.utils.text.Truncator.chars and Truncator.words methods with html=True and the truncatecharshtml and truncatewordshtml template filters allow a remote attacker to cause a potential denial-of-service via...

7.5CVSS5.5AI score0.00993EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/02/03 2:35 p.m.•9 views

CVE-2026-1207

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on RasterField only implemented on PostGIS allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluate...

8.3CVSS5.7AI score0.09436EPSS
Exploits1
alpinelinux
alpinelinux
•added 2026/02/03 2:32 p.m.•6 views

CVE-2025-13473

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series such as 5.0.x,...

5.3CVSS5.5AI score0.00713EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/01/30 6:59 p.m.•10 views

CVE-2025-62349

Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enabling minion impersonation and circumventing protections introduced in response to prior issues...

7.5CVSS5.9AI score0.00407EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/01/30 6:57 p.m.•7 views

CVE-2025-62348

Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process...

7.8CVSS6.3AI score0.00179EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/01/30 6:40 a.m.•3 views

CVE-2026-25210

In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation...

7.8CVSS5.6AI score0.00193EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/01/29 9:42 p.m.•3 views

CVE-2026-25061

tcpflow is a TCP/IP packet demultiplexer. In versions up to and including 1.61, wifipcap parses 802.11 management frame elements and performs a length check on the wrong field when handling the TIM element. A crafted frame with a large TIM length can cause a 1-byte out-of-bounds write past...

7.5CVSS6.2AI score0.00517EPSS
Exploits1References2
alpinelinux
alpinelinux
•added 2026/01/29 9:2 p.m.•11 views

CVE-2026-24845

malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 0.10.0 and prior to version 1.20.3, malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI image reference. malcontent uses...

6.5CVSS5.9AI score0.00336EPSS
Exploits0References2
alpinelinux
alpinelinux
•added 2026/01/28 7:30 p.m.•5 views

CVE-2025-61728

archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive...

6.5CVSS7.3AI score0.00643EPSS
Exploits1
alpinelinux
alpinelinux
•added 2026/01/28 7:30 p.m.•11 views

CVE-2025-61726

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...

7.5CVSS7.3AI score0.00761EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/01/28 7:30 p.m.•7 views

CVE-2025-61730

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries for instance the Client Hello and Encrypted Extensions messages, the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosu...

5.3CVSS7.3AI score0.00276EPSS
Exploits0
alpinelinux
alpinelinux
•added 2026/01/28 7:30 p.m.•10 views

CVE-2025-68119

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...

7CVSS7.8AI score0.00335EPSS
Exploits0
Total number of security vulnerabilities13035