Lucene search
+L
AlpinelinuxRecent

13055 matches found

alpinelinux
alpinelinux
added 2025/12/31 6:59 a.m.3 views

CVE-2025-15273

FontForge PFB File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

8.8CVSS7.6AI score0.0058EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2025/12/31 6:59 a.m.6 views

CVE-2025-15272

FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

8.8CVSS7.6AI score0.00579EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2025/12/31 6:58 a.m.6 views

CVE-2025-15271

FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit ...

8.8CVSS7.5AI score0.00581EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2025/12/31 6:58 a.m.3 views

CVE-2025-15270

FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit ...

8.8CVSS7.5AI score0.00581EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2025/12/31 6:58 a.m.3 views

CVE-2025-15269

FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...

8.8CVSS7.6AI score0.00474EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2025/12/31 5:50 a.m.10 views

CVE-2025-69277

libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group...

4.5CVSS7AI score0.00166EPSS
Exploits0References8
alpinelinux
alpinelinux
added 2025/12/31 12:58 a.m.3 views

CVE-2025-11964

On Windows only, if libpcap needs to convert a Windows error message to UTF-8 and the message includes characters that UTF-8 represents using 4 bytes, utf16letoutf8truncated can write data beyond the end of the provided buffer...

1.9CVSS7AI score0.00102EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2025/12/31 12:56 a.m.4 views

CVE-2025-11961

pcapetheraton is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented. If an application calls the function...

1.9CVSS6.9AI score0.00098EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2025/12/30 10:41 p.m.40 views

CVE-2022-50798

This candidate is a duplicate of CVE-2017-11359...

5.5CVSS6.6AI score0.06599EPSS
Exploits4References5
alpinelinux
alpinelinux
added 2025/12/30 9:3 p.m.4 views

CVE-2025-61594

URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier bundled in Ruby 3.2 series 0.13.2 and earlier bundled in Ruby 3.3 series, 1.0.3 and earlier bundled in Ruby 3.4 series, when using the + operator to combine URIs, sensitive information like...

7.5CVSS6.3AI score0.0051EPSS
Exploits0
alpinelinux
alpinelinux
added 2025/12/30 4:56 p.m.2 views

CVE-2025-69204

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, in the WriteSVGImage function, using an int variable to store numberattributes caused an integer overflow. This, in turn, triggered a buffer overflow and caused a DoS attack...

7.5CVSS7.4AI score0.00524EPSS
Exploits1
alpinelinux
alpinelinux
added 2025/12/30 4:50 p.m.4 views

CVE-2025-68950

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, Magick fails to check for circular references between two MVGs, leading to a stack overflow. This is a DoS vulnerability, and any situation that allows reading the mvg file wi...

6.2CVSS6.9AI score0.00164EPSS
Exploits0
alpinelinux
alpinelinux
added 2025/12/30 4:14 p.m.4 views

CVE-2025-68618

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, using Magick to read a malicious SVG file resulted in a DoS attack. Version 7.1.2-12 fixes the issue...

7.5CVSS6.8AI score0.00552EPSS
Exploits1
alpinelinux
alpinelinux
added 2025/12/30 4:11 p.m.8 views

CVE-2025-67746

Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangled output and...

5.3CVSS6.7AI score0.00405EPSS
Exploits0
alpinelinux
alpinelinux
added 2025/12/30 12:41 a.m.5 views

CVE-2025-69217

coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...

7.7CVSS7AI score0.00363EPSS
Exploits0References3
alpinelinux
alpinelinux
added 2025/12/30 12:0 a.m.8 views

CVE-2025-65409

A divide-by-zero in the encryption/decryption routines of GNU Recutils v1.9 allows attackers to cause a Denial of Service DoS via inputting an empty value as a password...

7.5CVSS6.9AI score0.00317EPSS
Exploits2References4
alpinelinux
alpinelinux
added 2025/12/30 12:0 a.m.5 views

CVE-2025-65411

A NULL pointer dereference in the src/path.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service DoS via injecting a crafted payload into the searchpath parameter...

7.5CVSS6.8AI score0.00522EPSS
Exploits2References5
alpinelinux
alpinelinux
added 2025/12/29 7:9 p.m.3 views

CVE-2025-68431

libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path triggers a heap buffer over-read in HeifPixelImage::overlay. The function computes a negative row length likely from an unclipped overlay rectangle or...

7.1CVSS7AI score0.00267EPSS
Exploits1
alpinelinux
alpinelinux
added 2025/12/28 4:19 p.m.5 views

CVE-2025-68973

In GnuPG before 2.4.9, armorfilter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. For ExtendedLTS, 2.2.51 and later are fixed versions...

7.8CVSS6.9AI score0.00129EPSS
Exploits1References9
alpinelinux
alpinelinux
added 2025/12/27 10:52 p.m.6 views

CVE-2025-68972

In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds although an "invalid armor" message is printed...

5.9CVSS6.7AI score0.00104EPSS
Exploits0References3
alpinelinux
alpinelinux
added 2025/12/27 7:33 p.m.7 views

CVE-2025-14177

In PHP versions:8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1, the getimagesize function may leak uninitialized heap memory into the APPn segments e.g., APP1 when reading images in multi-chunk mode such as via php://filter. This occurs due to a...

7.5CVSS6.2AI score0.00474EPSS
Exploits3
alpinelinux
alpinelinux
added 2025/12/27 7:27 p.m.4 views

CVE-2025-14178

In PHP versions:8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1, a heap buffer overflow occurs in arraymerge when the total element count of packed arrays exceeds 32-bit limits or HTMAXSIZE, due to an integer overflow in the precomputation of...

8.2CVSS7.2AI score0.00428EPSS
Exploits1
alpinelinux
alpinelinux
added 2025/12/27 7:21 p.m.4 views

CVE-2025-14180

In PHP versions 8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTREMULATEPREPARES enabled, an invalid character sequence such as \x99 in a prepared statement parameter may cause the quoting function...

8.2CVSS6.5AI score0.00573EPSS
Exploits2
alpinelinux
alpinelinux
added 2025/12/26 1:19 a.m.3 views

CVE-2025-68938

Gitea before 1.25.2 mishandles authorization for deletion of releases...

5.3CVSS7AI score0.00349EPSS
Exploits0References3
alpinelinux
alpinelinux
added 2025/12/23 10:41 p.m.5 views

CVE-2025-68617

FluidSynth is a software synthesizer based on the SoundFont 2 specifications. From versions 2.5.0 to before 2.5.2, a race condition during unloading of a DLS file can trigger a heap-based use-after-free. A concurrently running thread may be pending to unload a DLS file, leading to use of freed...

7CVSS6.7AI score0.00179EPSS
Exploits1References5
alpinelinux
alpinelinux
added 2025/12/23 9:41 p.m.4 views

CVE-2025-12840

Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this...

7.8CVSS7.8AI score0.00158EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2025/12/23 9:41 p.m.7 views

CVE-2025-12839

Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this...

7.8CVSS7.8AI score0.00158EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2025/12/23 9:41 p.m.4 views

CVE-2025-12495

Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this...

7.8CVSS7.8AI score0.00158EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2025/12/23 9:40 p.m.8 views

CVE-2025-13699

MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but attack vectors m...

7CVSS7.1AI score0.00414EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2025/12/23 9:31 p.m.4 views

CVE-2025-14425

GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

7.8CVSS7.6AI score0.00539EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2025/12/23 9:31 p.m.3 views

CVE-2025-14424

GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

7.8CVSS7.8AI score0.00539EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2025/12/23 9:31 p.m.3 views

CVE-2025-14423

GIMP LBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page ...

7.8CVSS7.8AI score0.00544EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2025/12/23 9:31 p.m.2 views

CVE-2025-14422

GIMP PNM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

7.8CVSS7.9AI score0.00508EPSS
Exploits1References2
alpinelinux
alpinelinux
added 2025/12/23 11:44 a.m.3 views

CVE-2025-68556

Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through 1.0.9...

5.3CVSS7AI score0.00191EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2025/12/23 12:0 a.m.7 views

CVE-2025-65410

A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service DoS via injecting a crafted input into the filename parameter...

6.2CVSS7.1AI score0.00197EPSS
Exploits2References5
alpinelinux
alpinelinux
added 2025/12/22 11:55 p.m.7 views

CVE-2025-68615

net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to crash. This issue has been patched in versions 5.9.5 and 5.10.pre2...

9.8CVSS7.2AI score0.4269EPSS
Exploits2References5
alpinelinux
alpinelinux
added 2025/12/19 5:2 p.m.3 views

CVE-2025-14957

A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builder.cpp of the component IRBuilder. Such manipulation of the argument Index leads to null pointer...

5.5CVSS6.8AI score0.00179EPSS
Exploits1
alpinelinux
alpinelinux
added 2025/12/19 4:32 p.m.3 views

CVE-2025-14956

A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has...

7.1CVSS6.6AI score0.00181EPSS
Exploits1
alpinelinux
alpinelinux
added 2025/12/19 1:16 p.m.7 views

CVE-2025-14946

A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier URI. This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell SSH process,...

4.8CVSS7.1AI score0.00118EPSS
Exploits0References3
alpinelinux
alpinelinux
added 2025/12/19 12:0 a.m.6 views

CVE-2025-50681

igmpproxy 0.4 before commit 2b30c36 allows remote attackers to cause a denial of service application crash via a crafted IGMPv3 membership report packet with a malicious source address. Due to insufficient validation in the recvigmp function in src/igmpproxy.c, an invalid group record type can...

7.5CVSS6.8AI score0.0044EPSS
Exploits1References3
alpinelinux
alpinelinux
added 2025/12/18 9:16 p.m.4 views

CVE-2025-34451

rofl0r/proxychains-ng versions up to and including 4.17 and prior to commit cc005b7 contain a stack-based buffer overflow vulnerability in the function proxyfromstring located in src/libproxychains.c. When parsing crafted proxy configuration entries containing overly long username or password...

7.8CVSS7.5AI score0.00218EPSS
Exploits1References4
alpinelinux
alpinelinux
added 2025/12/18 9:15 p.m.4 views

CVE-2025-34450

merbanan/rtl433 versions up to and including 25.02 and prior to commit 25e47f8 contain a stack-based buffer overflow vulnerability in the function parserfraw located in src/rfraw.c. When processing crafted or excessively large raw RF input data, the application may write beyond the bounds of a...

7.8CVSS7.4AI score0.0019EPSS
Exploits1References4
alpinelinux
alpinelinux
added 2025/12/18 9:15 p.m.3 views

CVE-2025-34449

Genymobile/scrcpy versions up to and including 3.3.3, prior to commit 3e40b24, contain a buffer overflow vulnerability in the scdevicemsgdeserialize function. A compromised device can send crafted messages that cause out-of-bounds reads, which may result in memory corruption or a denial-of-servic...

9.1CVSS7AI score0.00345EPSS
Exploits1References4
alpinelinux
alpinelinux
added 2025/12/18 8:25 p.m.11 views

CVE-2025-59529

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions up to and including 0.9-rc2, the simple protocol server ignores the documented client limit and accepts unlimited connections, allowing for easy local DoS. Although CLIENTSMAX ...

5.5CVSS6.4AI score0.00152EPSS
Exploits1References4
alpinelinux
alpinelinux
added 2025/12/18 3:36 p.m.19 views

CVE-2025-68469

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.1-14, ImageMagick crashes when processing a crafted TIFF file. Version 7.1.1-14 fixes the issue...

5.1CVSS6.8AI score0.00178EPSS
Exploits1
alpinelinux
alpinelinux
added 2025/12/18 2:21 p.m.5 views

CVE-2025-14861

Memory safety bugs present in Firefox 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146.0.1...

8.8CVSS7.4AI score0.00208EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2025/12/18 2:21 p.m.4 views

CVE-2025-14860

Use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 146.0.1...

9.8CVSS7.3AI score0.00265EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2025/12/18 7:21 a.m.2 views

CVE-2025-58933

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Anubis anubis allows PHP Local File Inclusion.This issue affects Anubis: from n/a through = 1.25...

8.1CVSS7.2AI score0.00415EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2025/12/17 10:1 p.m.4 views

CVE-2025-68118

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.0, a vulnerability exists in FreeRDP’s certificate handling code on Windows platforms. The function freerdpcertificatedatahash uses the Microsoft-specific snprintf function to format certificate cache filenames...

9.1CVSS7.2AI score0.00223EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2025/12/17 9:14 p.m.4 views

CVE-2025-68114

Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, an unchecked vsnprintf return in SStreamconcat lets a malicious csoptmem.vsnprintf drive SStream’s index negative or past the end, leading to a stack buffer underflow/overflow when the next write occurs. Commit...

9.8CVSS7.2AI score0.0017EPSS
Exploits0
Total number of security vulnerabilities13055