Lucene search
+L
AlpinelinuxRecent

13061 matches found

AlpineLinux
AlpineLinux
added 2025/10/21 8:3 p.m.2 views

CVE-2025-53057

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracl...

5.9CVSS5.9AI score0.00487EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/10/21 12:0 a.m.6 views

CVE-2025-59438

Mbed TLS through 3.6.4 has an Observable Timing Discrepancy...

5.3CVSS7AI score0.0024EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/10/20 2:4 p.m.3 views

CVE-2025-11680

Out-of-bounds Write in unfilterscanline in warmcat libwebsockets allows, when the LWSWITHUPNG flag is enabled during compilation and the HTML display stack is used, to write past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a...

5.9CVSS7.3AI score0.00364EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/10/20 1:58 p.m.7 views

CVE-2025-11679

Out-of-bounds Read in lwsupngemitnextline in warmcat libwebsockets allows, when the LWSWITHUPNG flag is enabled during compilation and the HTML display stack is used, to read past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a...

5.9CVSS6.9AI score0.00364EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/10/20 1:41 p.m.4 views

CVE-2025-11677

Use After Free in WebSocket server implementation in lwshandshakeserver in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWSCALLBACKHTTPCONFIRMUPGRADE, to achieve denial of service...

6.3CVSS6.8AI score0.00374EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/10/20 12:0 a.m.6 views

CVE-2025-54764

Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtlsmpimodinv or mbedtlsmpigcd...

6.2CVSS6.6AI score0.00206EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/10/17 4:30 p.m.4 views

CVE-2025-62171

ImageMagick is an open source software suite for displaying, converting, and editing raster image files. In ImageMagick versions prior to 7.1.2-7 and 6.9.13-32, an integer overflow vulnerability exists in the BMP decoder on 32-bit systems. The vulnerability occurs in coders/bmp.c when calculating...

7.5CVSS7AI score0.00755EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/10/17 4:21 p.m.3 views

CVE-2025-62168

Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to...

10CVSS6.8AI score0.62871EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2025/10/17 4:3 p.m.8 views

CVE-2025-59043

OpenBao is an open source identity-based secrets management system. In OpenBao versions prior to 2.4.1, JSON objects after decoding may use significantly more memory than their serialized version. It is possible to craft a JSON payload to maximize the factor between serialized memory usage and...

7.5CVSS6.8AI score0.00647EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/10/17 3:30 p.m.3 views

CVE-2025-26625

Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links...

8.6CVSS7.1AI score0.00697EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/10/17 3:15 p.m.4 views

CVE-2025-60361

radare2 v5.9.8 and before contains a memory leak in the function bochsopen...

3.3CVSS6.9AI score0.00152EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/10/17 2:15 p.m.3 views

CVE-2025-60360

radare2 v5.9.8 and before contains a memory leak in the function r2rsubprocessinit...

5.5CVSS6.7AI score0.00155EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/10/17 2:15 p.m.4 views

CVE-2025-60359

radare2 v5.9.8 and before contains a memory leak in the function rbinobjectnew...

5.5CVSS6.9AI score0.00155EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/10/16 9:59 p.m.13 views

CVE-2025-11896

In Xpdf 4.05 and earlier, a PDF object loop in a CMap, via the "UseCMap" entry, leads to infinite recursion and a stack overflow...

2.1CVSS7AI score0.0016EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/10/16 9:17 p.m.3 views

CVE-2025-62506

MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performin...

8.1CVSS7.3AI score0.00515EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2025/10/16 8:15 p.m.8 views

CVE-2025-60358

radare2 v.5.9.8 and before contains a memory leak in the function loadrelocations...

5.5CVSS6.9AI score0.00148EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/10/16 6:15 p.m.5 views

CVE-2025-61909

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, the safe-reload script also used during systemctl reload icinga2 and logrotate configuration shipped with Icinga 2 read the PID of the main Icinga 2 process from a PID file writable by the daemon user...

4.4CVSS6.8AI score0.002EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2025/10/16 6:15 p.m.7 views

CVE-2025-61907

Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information tha...

7.1CVSS6.4AI score0.00373EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/10/16 6:15 p.m.7 views

CVE-2025-61908

Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing results in a segmentation fault. This can be used by any API user with access to an API endpoint that allows specifying a...

7.1CVSS6.8AI score0.00498EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/10/16 4:15 p.m.5 views

CVE-2025-11840

A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This pat...

5.5CVSS6.5AI score0.00256EPSS
Exploits1References7
AlpineLinux
AlpineLinux
added 2025/10/16 3:52 p.m.4 views

CVE-2025-62496

A vulnerability exists in the QuickJS engine's BigInt string parsing logic jsbigintfromstring when attempting to create a BigInt from a string with an excessively large number of digits. The function calculates the necessary number of bits nbits required to store the BigInt using the formula:...

8.8CVSS6.8AI score0.00447EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2025/10/16 3:51 p.m.7 views

CVE-2025-62495

An integer overflow vulnerability exists in the QuickJS regular expression engine libregexp due to an inconsistent representation of the bytecode buffer size. The regular expression bytecode is stored in a DynBuf structure, which correctly uses a $\textsize\textt$ an unsigned type, typically...

8.8CVSS7.5AI score0.00427EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2025/10/16 3:51 p.m.4 views

CVE-2025-62494

A type confusion vulnerability exists in the handling of the string addition + operation within the QuickJS engine. The code first checks if the left-hand operand is a string. It then attempts to convert the right-hand operand to a primitive value using JSToPrimitiveFree. This conversion can...

8.8CVSS7.9AI score0.0048EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2025/10/16 3:51 p.m.4 views

CVE-2025-62493

A vulnerability exists in the QuickJS engine's BigInt string conversion logic jsbiginttostring1 due to an incorrect calculation of the required number of digits, which in turn leads to reading memory past the allocated BigInt structure. The function determines the number of characters ndigits...

6.5CVSS6.5AI score0.00356EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2025/10/16 3:51 p.m.5 views

CVE-2025-62492

A vulnerability stemming from floating-point arithmetic precision errors exists in the QuickJS engine's implementation of TypedArray.prototype.indexOf when a negative fromIndex argument is supplied. The fromIndex argument read as a double variable, $d$ is used to calculate the starting position f...

6.5CVSS6.6AI score0.00364EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2025/10/16 3:51 p.m.4 views

CVE-2025-62491

A Use-After-Free UAF vulnerability exists in the QuickJS engine's standard library when iterating over the global list of unhandled rejected promises ts-rejectedpromiselist. The function jsstdpromiserejectioncheck attempts to iterate over the rejectedpromiselist to report unhandled rejections usi...

8.8CVSS7.3AI score0.0038EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2025/10/16 3:51 p.m.7 views

CVE-2025-62490

In quickjs, in jsprintobject, when printing an array, the function first fetches the array length and then loops over it. The issue is, printing a value is not side-effect free. An attacker-defined callback could run during jsprintvalue, during which the array could get resized and len1 become ou...

8.8CVSS7.1AI score0.0038EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2025/10/16 2:15 p.m.7 views

CVE-2025-11839

A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tgtagtype of the file prdbg.c. Performing manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be exploited...

5.5CVSS6.5AI score0.00256EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2025/10/15 12:47 p.m.3 views

CVE-2025-9640

A flaw was found in Samba, in the vfsstreamsxattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vulnerability...

4.3CVSS5.5AI score0.00431EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/10/15 2:15 a.m.2 views

CVE-2025-54268

Bridge versions 14.1.8, 15.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS7.7AI score0.00249EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/10/15 2:15 a.m.3 views

CVE-2025-54278

Bridge versions 14.1.8, 15.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that ...

5.5CVSS6AI score0.00223EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/10/14 5:15 p.m.6 views

CVE-2025-25004

Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally...

7.3CVSS9.2AI score0.00444EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/10/14 5:0 p.m.3 views

CVE-2025-55248

Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network...

5.7CVSS8.9AI score0.00671EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/10/14 5:0 p.m.2 views

CVE-2025-55315

Inconsistent interpretation of http requests 'http request/response smuggling' in ASP.NET Core allows an authorized attacker to bypass a security feature over a network...

9.9CVSS9.2AI score0.65838EPSS
Exploits5
AlpineLinux
AlpineLinux
added 2025/10/14 5:0 p.m.0 views

CVE-2025-55247

Improper link resolution before file access 'link following' in .NET allows an authorized attacker to elevate privileges locally...

7.3CVSS8.9AI score0.00556EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/10/14 1:15 p.m.4 views

CVE-2025-11721

Memory safety bug present in Firefox 143 and Thunderbird 143. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox 144 and Thunderbird 144...

9.8CVSS7.1AI score0.0034EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/10/14 1:15 p.m.1 views

CVE-2025-11719

Starting in Thunderbird 143, the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-after-free memory corruption. This vulnerability affects Firefox 144 and Thunderbird 144...

9.8CVSS6AI score0.00331EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/10/14 1:15 p.m.4 views

CVE-2025-11718

When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in response to a visibilitychange event This vulnerability affects Firefox 144...

6.5CVSS6AI score0.00197EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/10/14 1:15 p.m.4 views

CVE-2025-11717

When switching between Android apps using the card carousel Firefox shows a black screen as its card image when a password-related screen was the last one being used. Prior to Firefox 144 the password edit screen was visible. This vulnerability affects Firefox 144...

9.1CVSS6.2AI score0.0025EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/10/14 1:15 p.m.2 views

CVE-2025-11720

The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname. User supplied content hosted on a subdomain of a site could have been used to fool a user into thinking it was content from a different subdomain of that site. This...

8.1CVSS6AI score0.0025EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/10/14 1:15 p.m.2 views

CVE-2025-11712

A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header. This vulnerabilit...

6.1CVSS5.4AI score0.00256EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2025/10/14 1:15 p.m.1 views

CVE-2025-11715

Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox...

8.8CVSS7.2AI score0.00306EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2025/10/14 1:15 p.m.1 views

CVE-2025-11711

There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability affects Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4...

6.5CVSS6AI score0.00215EPSS
Exploits0References8
AlpineLinux
AlpineLinux
added 2025/10/14 1:15 p.m.3 views

CVE-2025-11716

Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability affects Firefox 144 and Thunderbird 144...

6.5CVSS6AI score0.00219EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/10/14 1:15 p.m.14 views

CVE-2025-11713

Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows. This did not affect the application when running on other operating systems. This vulnerability affects Firefox 144, Firefox ESR 140.4, Thunderbird 144, and...

8.1CVSS6.3AI score0.00334EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2025/10/14 1:15 p.m.1 views

CVE-2025-11710

A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability affects Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4...

9.8CVSS6AI score0.00394EPSS
Exploits0References8
AlpineLinux
AlpineLinux
added 2025/10/14 1:15 p.m.1 views

CVE-2025-11709

A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability affects Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4...

9.8CVSS6.1AI score0.00394EPSS
Exploits0References8
AlpineLinux
AlpineLinux
added 2025/10/14 1:15 p.m.1 views

CVE-2025-11714

Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...

8.8CVSS7.2AI score0.00313EPSS
Exploits0References8
AlpineLinux
AlpineLinux
added 2025/10/14 1:15 p.m.1 views

CVE-2025-11708

Use-after-free in MediaTrackGraphImpl::GetInstance This vulnerability affects Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4...

9.8CVSS6.2AI score0.00475EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2025/10/10 11:15 p.m.2 views

CVE-2025-11626

MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service...

5.5CVSS6.8AI score0.00113EPSS
Exploits0References2
Total number of security vulnerabilities13061