Lucene search
+L
AlpinelinuxRecent

13061 matches found

AlpineLinux
AlpineLinux
•added 2025/11/18 2:24 p.m.•4 views

CVE-2025-10158

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue...

4.3CVSS6.9AI score0.00319EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/11/18 12:0 a.m.•6 views

CVE-2025-64076

Multiple vulnerabilities exist in cbor2 through version 5.7.0 in the decodedefinitelongstring function of the C extension decoder source/decoder.c: 1 Integer Underflow Leading to Out-of-Bounds Read CWE-191, CWE-125: An incorrect variable reference and missing state reset in the chunk processing...

7.5CVSS7.1AI score0.00466EPSS
Exploits1References3
AlpineLinux
AlpineLinux
•added 2025/11/17 11:3 p.m.•6 views

CVE-2025-13224

Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.1AI score0.00454EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2025/11/17 6:15 p.m.•5 views

CVE-2025-64756

Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c are...

7.5CVSS8.1AI score0.03136EPSS
Exploits1References3
AlpineLinux
AlpineLinux
•added 2025/11/17 5:3 p.m.•3 views

CVE-2025-13193

A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information disclosure vulnerability...

5.5CVSS8.1AI score0.00118EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/11/14 9:15 p.m.•6 views

CVE-2025-63745

A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the info function of binne.c. A crafted binary input can trigger a segmentation fault, leading to a denial of service when the tool processes malformed data...

5.5CVSS6.7AI score0.00145EPSS
Exploits0References4
AlpineLinux
AlpineLinux
•added 2025/11/14 9:15 p.m.•5 views

CVE-2025-63744

A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the load function of bindyldcache.c. Processing a crafted file can cause a segmentation fault and crash the program...

4.3CVSS6.8AI score0.00281EPSS
Exploits0References4
AlpineLinux
AlpineLinux
•added 2025/11/13 9:48 p.m.•7 views

CVE-2025-64754

Jitsi Meet is an open source video conferencing application. A vulnerability present in versions prior to 2.0.10532 allows attackers to hijack the OAuth authentication window for Microsoft accounts. This is fixed in version 2.0.10532. No known workarounds are available...

6.9CVSS6.9AI score0.00499EPSS
Exploits0References1
AlpineLinux
AlpineLinux
•added 2025/11/13 1:0 p.m.•3 views

CVE-2025-12818

Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions...

5.9CVSS6.6AI score0.00332EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/11/13 1:0 p.m.•2 views

CVE-2025-12817

Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before...

3.1CVSS6.5AI score0.00222EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/11/12 10:4 p.m.•5 views

CVE-2025-64503

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In cups-filters prior to 1.28.18, by crafting a PDF file with a large MediaBox value, an attacker can cause CUPS-Filter 1.x’s pdftoraster tool to...

4CVSS7AI score0.00208EPSS
Exploits1References6
AlpineLinux
AlpineLinux
•added 2025/11/12 6:28 p.m.•7 views

CVE-2024-47866

Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...

7.5CVSS5.2AI score0.0044EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2025/11/12 4:48 p.m.•3 views

CVE-2025-13042

Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.1AI score0.00257EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/11/11 7:49 p.m.•3 views

CVE-2025-12748

A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too...

5.5CVSS8.7AI score0.00204EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/11/11 5:59 p.m.•7 views

CVE-2025-60722

Improper limitation of a pathname to a restricted directory 'path traversal' in OneDrive for Android allows an authorized attacker to elevate privileges over a network...

6.5CVSS6.9AI score0.00804EPSS
Exploits0References1
AlpineLinux
AlpineLinux
•added 2025/11/11 4:15 p.m.•6 views

CVE-2025-13025

Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox 145 and Thunderbird 145...

7.5CVSS6AI score0.0027EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2025/11/11 4:15 p.m.•2 views

CVE-2025-13019

Same-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5...

8.1CVSS6AI score0.00251EPSS
Exploits0References5
AlpineLinux
AlpineLinux
•added 2025/11/11 4:15 p.m.•3 views

CVE-2025-13026

Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox 145 and Thunderbird 145...

9.8CVSS6AI score0.00347EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2025/11/11 4:15 p.m.•4 views

CVE-2025-13027

Memory safety bugs present in Firefox 144 and Thunderbird 144. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 145 and Thunderbird 145...

8.1CVSS7.1AI score0.00324EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2025/11/11 4:15 p.m.•1 views

CVE-2025-13020

Use-after-free in the WebRTC: Audio/Video component. This vulnerability affects Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5...

8.8CVSS6.1AI score0.00279EPSS
Exploits0References5
AlpineLinux
AlpineLinux
•added 2025/11/11 4:15 p.m.•3 views

CVE-2025-13017

Same-origin policy bypass in the DOM: Notifications component. This vulnerability affects Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5...

8.1CVSS6AI score0.00251EPSS
Exploits0References5
AlpineLinux
AlpineLinux
•added 2025/11/11 4:15 p.m.•3 views

CVE-2025-13014

Use-after-free in the Audio/Video component. This vulnerability affects Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5...

8.8CVSS6.1AI score0.00288EPSS
Exploits0References6
AlpineLinux
AlpineLinux
•added 2025/11/11 4:15 p.m.•2 views

CVE-2025-13018

Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5...

8.1CVSS6AI score0.00251EPSS
Exploits0References5
AlpineLinux
AlpineLinux
•added 2025/11/11 3:47 p.m.•5 views

CVE-2025-13016

Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5...

7.5CVSS7.2AI score0.00449EPSS
Exploits0References5
AlpineLinux
AlpineLinux
•added 2025/11/11 3:47 p.m.•3 views

CVE-2025-13024

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 145 and Thunderbird 145...

9.8CVSS7.3AI score0.00347EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2025/11/11 3:47 p.m.•4 views

CVE-2025-13021

Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145...

9.8CVSS7.3AI score0.00347EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2025/11/11 3:47 p.m.•4 views

CVE-2025-13023

Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145...

9.8CVSS7.3AI score0.00347EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2025/11/11 3:47 p.m.•4 views

CVE-2025-13022

Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145...

9.8CVSS7.3AI score0.00347EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2025/11/11 3:47 p.m.•1 views

CVE-2025-13015

Spoofing issue in Firefox. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, and Firefox ESR 115.30...

3.4CVSS5.8AI score0.00256EPSS
Exploits0References6
AlpineLinux
AlpineLinux
•added 2025/11/11 3:47 p.m.•5 views

CVE-2025-13012

Race condition in the Graphics component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5...

7.5CVSS7.1AI score0.00229EPSS
Exploits0References6
AlpineLinux
AlpineLinux
•added 2025/11/11 3:47 p.m.•4 views

CVE-2025-13013

Mitigation bypass in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5...

6.1CVSS6.4AI score0.00198EPSS
Exploits0References6
AlpineLinux
AlpineLinux
•added 2025/11/10 9:56 p.m.•3 views

CVE-2025-64507

Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the security.shifted property set to true...

8.6CVSS6.8AI score0.00164EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2025/11/10 9:29 p.m.•4 views

CVE-2025-64183

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, there is a use-after-free in PyObjectStealAttrString of pyOpenEXRold.cpp...

7.5CVSS6.9AI score0.00294EPSS
Exploits1References2
AlpineLinux
AlpineLinux
•added 2025/11/10 9:27 p.m.•9 views

CVE-2025-64182

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, a memory safety bug in the legacy OpenEXR Python adapter the deprecated...

7.8CVSS8.1AI score0.00237EPSS
Exploits1References2
AlpineLinux
AlpineLinux
•added 2025/11/10 9:23 p.m.•7 views

CVE-2025-64181

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing openexrexrcheckfuzzer, Valgrind reports a conditional branch depending on...

7.5CVSS6.5AI score0.00373EPSS
Exploits1References6
AlpineLinux
AlpineLinux
•added 2025/11/10 8:0 p.m.•5 views

CVE-2025-12726

Inappropriate implementation in Views in Google Chrome on Windows prior to 142.0.7444.137 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. Chromium security severity: High...

7.5CVSS5.2AI score0.00225EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/11/10 8:0 p.m.•9 views

CVE-2025-12443

Out of bounds read in WebXR in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS6.1AI score0.00217EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/11/10 8:0 p.m.•5 views

CVE-2025-12441

Out of bounds read in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS6.1AI score0.00195EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/11/10 8:0 p.m.•5 views

CVE-2025-12438

Use after free in Ozone in Google Chrome on Linux and ChromeOS prior to 142.0.7444.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6.9AI score0.00248EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/11/10 8:0 p.m.•8 views

CVE-2025-12432

Race in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.7AI score0.0023EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/11/10 8:0 p.m.•7 views

CVE-2025-12433

Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

4.3CVSS6.1AI score0.00278EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/11/10 8:0 p.m.•7 views

CVE-2025-12429

Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00296EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/11/10 12:0 a.m.•5 views

CVE-2025-60876

BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request-target path/query, allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw spac...

6.5CVSS6.9AI score0.00285EPSS
Exploits1References4
AlpineLinux
AlpineLinux
•added 2025/11/07 7:42 p.m.•17 views

CVE-2025-10230

A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active...

10CVSS6.9AI score0.40121EPSS
Exploits2
AlpineLinux
AlpineLinux
•added 2025/11/07 7:26 a.m.•5 views

CVE-2025-10966

curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more...

4.3CVSS7.1AI score0.0039EPSS
Exploits1References5
AlpineLinux
AlpineLinux
•added 2025/11/07 4:15 a.m.•2 views

CVE-2025-64329

containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is...

6.9CVSS6.4AI score0.00162EPSS
Exploits1References2
AlpineLinux
AlpineLinux
•added 2025/11/06 10:26 p.m.•10 views

CVE-2025-11460

Use after free in Storage in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to execute arbitrary code via a crafted video file. Chromium security severity: High...

8.8CVSS8.9AI score0.00314EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2025/11/06 10:26 p.m.•3 views

CVE-2025-11458

Heap buffer overflow in Sync in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

8.1CVSS8.6AI score0.00278EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/11/06 10:26 p.m.•5 views

CVE-2025-11756

Use after free in Safe Browsing in Google Chrome prior to 141.0.7390.107 allowed a remote attacker who had compromised the renderer process to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.8AI score0.00419EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/11/06 10:24 p.m.•5 views

CVE-2025-12036

Out of bounds memory access in V8 in Google Chrome prior to 141.0.7390.122 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.1AI score0.03638EPSS
Exploits0
Total number of security vulnerabilities13061