Lucene search
+L
AlpinelinuxRecent

13061 matches found

AlpineLinux
AlpineLinux
•added 2025/11/06 10:8 p.m.•9 views

CVE-2025-11219

Use after free in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: Low...

3.1CVSS8.8AI score0.00257EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/11/06 10:8 p.m.•5 views

CVE-2025-11216

Inappropriate implementation in Storage in Google Chrome on Mac prior to 141.0.7390.54 allowed a remote attacker to perform domain spoofing via a crafted video file. Chromium security severity: Low...

6.3CVSS8.2AI score0.00222EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/11/06 10:8 p.m.•6 views

CVE-2025-11206

Heap buffer overflow in Video in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

7.1CVSS9AI score0.00212EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/11/06 10:8 p.m.•37 views

CVE-2025-11207

Side-channel information leakage in Storage in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS8.1AI score0.00243EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/11/06 8:23 p.m.•4 views

CVE-2025-52881

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts we have also verified thi...

7.5CVSS6.3AI score0.00523EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2025/11/06 8:2 p.m.•3 views

CVE-2025-52565

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...

8.4CVSS6.2AI score0.00523EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2025/11/06 6:47 p.m.•2 views

CVE-2025-31133

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount i.e., the container's /dev/null was...

7.8CVSS6.5AI score0.0067EPSS
Exploits2
AlpineLinux
AlpineLinux
•added 2025/11/06 6:36 p.m.•2 views

CVE-2024-25621

containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths /var/lib/containerd,...

7.8CVSS6.8AI score0.00159EPSS
Exploits1References3
AlpineLinux
AlpineLinux
•added 2025/11/05 6:32 p.m.•5 views

CVE-2025-12745

A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function jsarraybufferslice of the file quickjs.c. This manipulation causes buffer over-read. The attack is restricted to local execution. The exploit has been made available to the public a...

7.8CVSS6.5AI score0.00196EPSS
Exploits1References7
AlpineLinux
AlpineLinux
•added 2025/11/05 3:9 p.m.•11 views

CVE-2025-64459

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q, are subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector argument...

9.1CVSS8AI score0.19396EPSS
Exploits10
AlpineLinux
AlpineLinux
•added 2025/11/05 3:7 p.m.•14 views

CVE-2025-64458

An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence, django.http.HttpResponseRedirect, django.http.HttpResponsePermanentRedirect, and the shortcut django.shortcuts.redirect were subject to a...

7.5CVSS7.5AI score0.0193EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2025/11/04 9:24 p.m.•6 views

CVE-2025-62507

Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution. This issue is fixed in version 8.2.3. To workaround this...

8.8CVSS8.2AI score0.06867EPSS
Exploits2
AlpineLinux
AlpineLinux
•added 2025/10/31 9:2 a.m.•7 views

CVE-2025-30189

When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...

7.4CVSS6.7AI score0.00548EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/10/31 12:0 a.m.•5 views

CVE-2025-57106

Kitware VTK Visualization Toolkit up to 9.5.0 is vulnerable to Buffer Overflow in vtkGLTFDocumentLoader. The vulnerability occurs in the BufferDataExtractionWorker template function when processing GLTF accessor data...

7.5CVSS6.7AI score0.00392EPSS
Exploits1References2
AlpineLinux
AlpineLinux
•added 2025/10/31 12:0 a.m.•5 views

CVE-2025-57107

Kitware VTK Visualization Toolkit through 9.5.0 contains a heap buffer overflow vulnerability in vtkGLTFDocumentLoader. When processing specially crafted GLTF files, the copy constructor of Accessor objects fails to properly validate buffer boundaries before performing memory read operations...

7.1CVSS7AI score0.00164EPSS
Exploits1References1
AlpineLinux
AlpineLinux
•added 2025/10/30 5:28 a.m.•6 views

CVE-2025-62229

A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an...

7.3CVSS7.3AI score0.00481EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/10/30 5:19 a.m.•5 views

CVE-2025-62230

A flaw was discovered in the X.Org X server’s X Keyboard Xkb extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected...

7.3CVSS6.5AI score0.00267EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/10/30 5:8 a.m.•11 views

CVE-2025-62231

A flaw was identified in the X.Org X server’s X Keyboard Xkb extension where improper bounds checking in the XkbSetCompatMap function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a cras...

7.3CVSS6.5AI score0.00281EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/10/29 10:10 p.m.•2 views

CVE-2025-61724

The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption...

5.3CVSS6.6AI score0.00526EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/10/29 10:10 p.m.•1 views

CVE-2025-58188

Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains...

7.5CVSS6.7AI score0.00361EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/10/29 10:10 p.m.•2 views

CVE-2025-58183

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...

4.3CVSS6.4AI score0.00419EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/10/29 10:10 p.m.•1 views

CVE-2025-58185

Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion...

5.3CVSS6.6AI score0.00526EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/10/29 10:10 p.m.•4 views

CVE-2025-61723

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs...

7.5CVSS6.6AI score0.00626EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/10/29 10:10 p.m.•2 views

CVE-2025-47912

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses and hostnames mus...

5.3CVSS6.5AI score0.00443EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/10/29 10:10 p.m.•2 views

CVE-2025-58186

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption...

5.3CVSS6.6AI score0.00534EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/10/29 10:10 p.m.•1 views

CVE-2025-58189

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...

5.3CVSS6.4AI score0.00443EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/10/29 10:10 p.m.•2 views

CVE-2025-61725

The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption...

7.5CVSS8.5AI score0.00613EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/10/29 10:10 p.m.•3 views

CVE-2025-58187

Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains...

7.5CVSS6.9AI score0.00384EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/10/29 7:34 p.m.•14 views

CVE-2025-9870

Razer Synapse 3 RazerPhilipsHueUninstall Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target...

7.8CVSS7.5AI score0.00175EPSS
Exploits0References1
AlpineLinux
AlpineLinux
•added 2025/10/29 7:33 p.m.•16 views

CVE-2025-9871

Razer Synapse 3 Chroma Connect Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target system in...

7.8CVSS7.5AI score0.00175EPSS
Exploits0References1
AlpineLinux
AlpineLinux
•added 2025/10/29 7:33 p.m.•12 views

CVE-2025-9869

Razer Synapse 3 Macro Module Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target system in ord...

7.8CVSS7.5AI score0.00175EPSS
Exploits0References1
AlpineLinux
AlpineLinux
•added 2025/10/29 7:29 p.m.•1 views

CVE-2025-10925

GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page...

7.8CVSS7.6AI score0.02751EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2025/10/29 7:29 p.m.•6 views

CVE-2025-10924

GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

7.8CVSS7.8AI score0.00371EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2025/10/29 7:29 p.m.•4 views

CVE-2025-10923

GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

7.8CVSS7.8AI score0.00371EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2025/10/29 7:29 p.m.•1 views

CVE-2025-10920

GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...

7.8CVSS7.8AI score0.00371EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2025/10/29 6:2 p.m.•4 views

CVE-2025-11232

To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "^A-Za-z0-9.-"; "hostname-char-replacement" must be empty the default; and "ddns-qualifying-suffix" must NOT be empty the default is empty. DDNS...

7.5CVSS7AI score0.00387EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2025/10/29 1:29 p.m.•5 views

CVE-2025-64133

A cross-site request forgery CSRF vulnerability in Jenkins Extensible Choice Parameter Plugin 239.v5f5c278708cf and earlier allows attackers to execute sandboxed Groovy code...

5.4CVSS7.1AI score0.00236EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2025/10/29 1:29 p.m.•6 views

CVE-2025-64131

Jenkins SAML Plugin 4.583.vc68232f7018a and earlier does not implement a replay cache, allowing attackers able to obtain information about the SAML authentication flow between a user's web browser and Jenkins to replay those requests, authenticating to Jenkins as that user...

7.5CVSS6.8AI score0.00387EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2025/10/28 2:15 p.m.•6 views

CVE-2025-12380

Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. This vulnerability affects Firefox 144.0.2...

9.8CVSS6.4AI score0.00308EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2025/10/27 8:0 p.m.•4 views

CVE-2025-62594

ImageMagick is a software suite to create, edit, compose, or convert bitmap images. ImageMagick versions prior to 7.1.2-8 are vulnerable to denial-of-service due to unsigned integer underflow and division-by-zero in the CLAHEImage function. When tile width or height is zero, unsigned underflow...

5.5CVSS6.8AI score0.00334EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2025/10/23 4:18 a.m.•11 views

CVE-2025-62820

Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network...

4.9CVSS7.1AI score0.00199EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2025/10/23 12:0 a.m.•5 views

CVE-2025-62813

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

6.6AI score
Exploits0References3
AlpineLinux
AlpineLinux
•added 2025/10/22 9:23 p.m.•6 views

CVE-2025-62705

OpenBao is an open source identity-based secrets management system. Prior to version 2.4.2, OpenBao's audit log did not appropriately redact fields when relevant subsystems sent byte response parameters rather than strings. This includes, but is not limited to sys/raw with use of encoding=base64,...

5.7CVSS6.8AI score0.00299EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/10/22 7:18 p.m.•7 views

CVE-2025-62513

OpenBao is an open source identity-based secrets management system. In versions 2.2.0 to 2.4.1, OpenBao's audit log experienced a regression wherein raw HTTP bodies used by few endpoints were not correctly redacted HMAC'd. This impacts those using the ACME functionality of PKI, resulting in...

7.5CVSS6.8AI score0.00286EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/10/22 3:48 p.m.•5 views

CVE-2025-40780

In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.1...

8.6CVSS6.8AI score0.00454EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/10/22 3:47 p.m.•7 views

CVE-2025-40778

Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through...

8.6CVSS7AI score0.00509EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2025/10/22 3:43 p.m.•14 views

CVE-2025-8677

Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion. This issue affects BIND 9 versions 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1...

7.5CVSS6.9AI score0.1096EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/10/22 12:28 p.m.•1 views

CVE-2025-11411

NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually these RRSets are...

7.1CVSS6.4AI score0.00311EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/10/21 8:3 p.m.•2 views

CVE-2025-61748

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 21.0.8 and 25; Oracle GraalVM for JDK: 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15...

3.7CVSS5.3AI score0.00355EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/10/21 8:3 p.m.•2 views

CVE-2025-53066

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle...

7.5CVSS6.4AI score0.00633EPSS
Exploits0
Total number of security vulnerabilities13061