Lucene search
+L
AlpinelinuxRecent

13049 matches found

alpinelinux
alpinelinux
•added 2026/01/16 10:0 p.m.•5 views

CVE-2026-23745

node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwri...

8.2CVSS5.6AI score0.00334EPSS
Exploits2References2
alpinelinux
alpinelinux
•added 2026/01/16 4:44 p.m.•6 views

CVE-2026-23528

Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting XSS bug in the Dask...

6.1CVSS5.8AI score0.00205EPSS
Exploits0References2
alpinelinux
alpinelinux
•added 2026/01/16 5:0 a.m.•7 views

CVE-2026-0858

Versions of the package net.sourceforge.plantuml:plantuml before 1.2026.0 are vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams. As a result, a crafted PlantUML diagram can inject malicious JavaScript into generated SVG output, leading to...

6.1CVSS5.8AI score0.00303EPSS
Exploits0References3
alpinelinux
alpinelinux
•added 2026/01/16 12:0 a.m.•9 views

CVE-2025-62291

In the eap-mschapv2 plugin client-side in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow...

8.1CVSS6.8AI score0.00879EPSS
Exploits0References4
alpinelinux
alpinelinux
•added 2026/01/15 11:25 p.m.•9 views

CVE-2021-47793

Telegram Desktop 2.9.2 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized message payload. Attackers can generate a 9 million byte buffer and paste it into the messaging interface to trigger an application crash...

7.5CVSS6.9AI score0.00451EPSS
Exploits1References3
alpinelinux
alpinelinux
•added 2026/01/15 10:58 p.m.•4 views

CVE-2026-22864

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.5.6, a prior patch aimed to block spawning Windows batch/shell files by returning an error when a spawned path’s extension matched .bat or .cmd. That check performs a case-sensitive comparison against lowercase literals and...

9.8CVSS6.8AI score0.00619EPSS
Exploits1References2
alpinelinux
alpinelinux
•added 2026/01/15 10:53 p.m.•6 views

CVE-2026-22863

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.6.0, node:crypto doesn't finalize cipher. The vulnerability allows an attacker to have infinite encryptions. This can lead to naive attempts at brute forcing, as well as more refined attacks with the goal to learn the server...

9.2CVSS6.9AI score0.00195EPSS
Exploits1References2
alpinelinux
alpinelinux
•added 2026/01/15 10:44 p.m.•6 views

CVE-2026-22045

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.35 and 3.6.7, there is a potential vulnerability in Traefik ACME TLS certificates' automatic generation: the ACME TLS-ALPN fast path can allow unauthenticated clients to tie up go routines and file descriptors indefinitely when the...

7.5CVSS5.6AI score0.00321EPSS
Exploits0References4
alpinelinux
alpinelinux
•added 2026/01/15 2:20 p.m.•4 views

CVE-2026-0989

A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may...

3.7CVSS5.8AI score0.00419EPSS
Exploits1References4
alpinelinux
alpinelinux
•added 2026/01/14 8:23 p.m.•4 views

CVE-2026-0961

BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service...

6.5CVSS6.9AI score0.00174EPSS
Exploits1References2
alpinelinux
alpinelinux
•added 2026/01/14 8:23 p.m.•3 views

CVE-2026-0962

SOME/IP-SD protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service...

6.5CVSS6.9AI score0.00206EPSS
Exploits1References2
alpinelinux
alpinelinux
•added 2026/01/14 8:23 p.m.•5 views

CVE-2026-0960

HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service...

5.5CVSS6.8AI score0.00122EPSS
Exploits1References2
alpinelinux
alpinelinux
•added 2026/01/14 8:23 p.m.•5 views

CVE-2026-0959

IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service...

6.5CVSS6.9AI score0.00178EPSS
Exploits0References2
alpinelinux
alpinelinux
•added 2026/01/14 5:57 p.m.•3 views

CVE-2026-22859

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, the URBDRC client does not perform bounds checking on server‑supplied MSUSBINTERFACEDESCRIPTOR values and uses them as indices in libusbudevcompletemsconfigsetup, causing an out‑of‑bounds read. This vulnerability is...

9.1CVSS6.9AI score0.00756EPSS
Exploits1
alpinelinux
alpinelinux
•added 2026/01/14 5:56 p.m.•4 views

CVE-2026-22858

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c = ...

9.1CVSS7AI score0.00599EPSS
Exploits1
alpinelinux
alpinelinux
•added 2026/01/14 5:53 p.m.•3 views

CVE-2026-22857

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irpthreadfunc because the IRP is freed by irp-Complete and then accessed again on the error path. This vulnerability is fixed in 3.20.1...

9.8CVSS7AI score0.00453EPSS
Exploits1
alpinelinux
alpinelinux
•added 2026/01/14 5:53 p.m.•4 views

CVE-2026-22856

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial-IrpThreads while another reads it. This vulnerability is fixed in 3.20.1...

8.1CVSS6.8AI score0.00286EPSS
Exploits1
alpinelinux
alpinelinux
•added 2026/01/14 5:50 p.m.•5 views

CVE-2026-22855

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length. This vulnerability is fixed in 3.20.1...

9.1CVSS7AI score0.00756EPSS
Exploits1
alpinelinux
alpinelinux
•added 2026/01/14 5:47 p.m.•5 views

CVE-2026-22854

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap...

9.8CVSS7AI score0.00453EPSS
Exploits1
alpinelinux
alpinelinux
•added 2026/01/14 5:46 p.m.•5 views

CVE-2026-22853

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndrreaduint8Array. This vulnerabilit...

9.8CVSS7.4AI score0.00662EPSS
Exploits1
alpinelinux
alpinelinux
•added 2026/01/14 5:45 p.m.•9 views

CVE-2026-22852

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client when processing Audio Input AUDIN format lists. audinprocessformats reuses callback-formatscount across multiple MSGSNDINFORMATS...

9.8CVSS7.1AI score0.00365EPSS
Exploits1
alpinelinux
alpinelinux
•added 2026/01/14 5:43 p.m.•3 views

CVE-2026-22851

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race condition between the RDPGFX dynamic virtual channel thread and the SDL render thread leads to a heap use-after-free. Specifically, an escaped pointer to sdl-primary SDLSurface is accessed after it has been...

8.2CVSS6.8AI score0.00247EPSS
Exploits1
alpinelinux
alpinelinux
•added 2026/01/14 11:34 a.m.•4 views

CVE-2025-67859

A Improper Authentication vulnerability in TLP allows local users to arbitrarily control the power profile in use as well as the daemon’s log settings.This issue affects TLP: from 1.9 before 1.9.1...

5.1CVSS6.7AI score0.00203EPSS
Exploits0References2
alpinelinux
alpinelinux
•added 2026/01/14 12:0 a.m.•4 views

CVE-2025-70968

FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE...

9.8CVSS5.4AI score0.00451EPSS
Exploits1References1
alpinelinux
alpinelinux
•added 2026/01/14 12:0 a.m.•4 views

CVE-2025-56226

Libsndfile =1.2.2 contains a memory leak vulnerability in the mpegl3encoderinit function within the mpegl3encode.c file...

5.3CVSS5.4AI score0.00312EPSS
Exploits1References2
alpinelinux
alpinelinux
•added 2026/01/13 1:30 p.m.•3 views

CVE-2026-0890

Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

5.4CVSS5.8AI score0.00261EPSS
Exploits0References5
alpinelinux
alpinelinux
•added 2026/01/13 1:30 p.m.•6 views

CVE-2026-0892

Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 147 and Thunderbird 147...

9.8CVSS5.9AI score0.00404EPSS
Exploits0References3
alpinelinux
alpinelinux
•added 2026/01/13 1:30 p.m.•4 views

CVE-2026-0891

Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in...

8.1CVSS5.9AI score0.00414EPSS
Exploits0References31
alpinelinux
alpinelinux
•added 2026/01/13 1:30 p.m.•5 views

CVE-2026-0888

Information disclosure in the XML component. This vulnerability was fixed in Firefox 147 and Thunderbird 147...

5.3CVSS5.8AI score0.00313EPSS
Exploits0References3
alpinelinux
alpinelinux
•added 2026/01/13 1:30 p.m.•5 views

CVE-2026-0889

Denial-of-service in the DOM: Service Workers component. This vulnerability was fixed in Firefox 147 and Thunderbird 147...

7.5CVSS5.8AI score0.00537EPSS
Exploits1References3
alpinelinux
alpinelinux
•added 2026/01/13 1:30 p.m.•3 views

CVE-2026-0886

Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

5.3CVSS5.8AI score0.00437EPSS
Exploits0References6
alpinelinux
alpinelinux
•added 2026/01/13 1:30 p.m.•6 views

CVE-2026-0887

Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

4.3CVSS5.8AI score0.00284EPSS
Exploits0References5
alpinelinux
alpinelinux
•added 2026/01/13 1:30 p.m.•1 views

CVE-2026-0884

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

9.8CVSS5.8AI score0.00423EPSS
Exploits0References5
alpinelinux
alpinelinux
•added 2026/01/13 1:30 p.m.•5 views

CVE-2026-0883

Information disclosure in the Networking component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

5.3CVSS5.8AI score0.00411EPSS
Exploits0References5
alpinelinux
alpinelinux
•added 2026/01/13 1:30 p.m.•5 views

CVE-2026-0885

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

6.5CVSS5.8AI score0.00361EPSS
Exploits0References5
alpinelinux
alpinelinux
•added 2026/01/13 1:30 p.m.•5 views

CVE-2026-0881

Sandbox escape in the Messaging System component. This vulnerability was fixed in Firefox 147 and Thunderbird 147...

10CVSS5.8AI score0.00306EPSS
Exploits0References6
alpinelinux
alpinelinux
•added 2026/01/13 1:30 p.m.•3 views

CVE-2026-0882

Use-after-free in the IPC component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

8.8CVSS5.8AI score0.00405EPSS
Exploits0References32
alpinelinux
alpinelinux
•added 2026/01/13 1:30 p.m.•5 views

CVE-2026-0880

Sandbox escape due to integer overflow in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

8.8CVSS5.8AI score0.0057EPSS
Exploits0References32
alpinelinux
alpinelinux
•added 2026/01/13 1:30 p.m.•3 views

CVE-2026-0879

Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

9.8CVSS5.8AI score0.00525EPSS
Exploits0References32
alpinelinux
alpinelinux
•added 2026/01/13 1:30 p.m.•2 views

CVE-2026-0878

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

8CVSS5.8AI score0.00417EPSS
Exploits0References31
alpinelinux
alpinelinux
•added 2026/01/13 1:30 p.m.•2 views

CVE-2026-0877

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

8.1CVSS5.8AI score0.00421EPSS
Exploits0References32
alpinelinux
alpinelinux
•added 2026/01/12 11:3 p.m.•3 views

CVE-2025-15514

Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer dereference vulnerability in the multi-modal model image processing functionality. When processing base64-encoded image data via the /api/chat endpoint, the application fails to validate that the decoded data represents valid...

8.7CVSS7AI score0.00698EPSS
Exploits1References4
alpinelinux
alpinelinux
•added 2026/01/12 10:57 p.m.•10 views

CVE-2026-22801

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions pngwriteimage16bit and pngwriteimage8bit causes heap buffer...

7.8CVSS7.2AI score0.00114EPSS
Exploits0References1
alpinelinux
alpinelinux
•added 2026/01/12 10:55 p.m.•9 views

CVE-2026-22695

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function pngimagefinishread when processing interlaced 16-bit PNGs with...

7.1CVSS7.2AI score0.00229EPSS
Exploits5References4
alpinelinux
alpinelinux
•added 2026/01/12 5:39 p.m.•8 views

CVE-2025-68471

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending 2 unsolicited announcements with CNAME resource records 2 seconds apart...

6.5CVSS6.7AI score0.00353EPSS
Exploits1References3
alpinelinux
alpinelinux
•added 2026/01/12 5:38 p.m.•4 views

CVE-2025-68468

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending unsolicited announcements containing CNAME resource records pointing it to resource records with short TTLs. As soon as they...

6.5CVSS6.7AI score0.00331EPSS
Exploits0References3
alpinelinux
alpinelinux
•added 2026/01/12 5:31 p.m.•5 views

CVE-2025-68276

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged local users can crash avahi-daemon with wide-area disabled by creating record browsers with the AVAHILOOKUPUSEWIDEAREA flag set via D-Bus. This can ...

5.5CVSS6.7AI score0.0014EPSS
Exploits0References3
alpinelinux
alpinelinux
•added 2026/01/11 11:2 a.m.•8 views

CVE-2025-15506

A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects the function ConvertToRegularExpression of the file src/OpenColorIO/FileRules.cpp. Performing a manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has...

4.8CVSS6.5AI score0.00165EPSS
Exploits0References9
alpinelinux
alpinelinux
•added 2026/01/10 1:32 p.m.•6 views

CVE-2026-0822

A vulnerability was identified in quickjs-ng quickjs up to 0.11.0. This issue affects the function jstypedarraysort of the file quickjs.c. The manipulation leads to heap-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The...

8.8CVSS7.2AI score0.0041EPSS
Exploits1References8
alpinelinux
alpinelinux
•added 2026/01/10 1:2 p.m.•5 views

CVE-2026-0821

A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function jstypedarrayconstructor of the file quickjs.c. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed a...

9.8CVSS7AI score0.00443EPSS
Exploits1References8
Total number of security vulnerabilities13049