Lucene search
+L
AlpinelinuxRecent

13061 matches found

AlpineLinux
AlpineLinux
•added 2025/10/01 12:0 a.m.•7 views

CVE-2025-59681

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the kwarg...

9.8CVSS8AI score0.00583EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/10/01 12:0 a.m.•4 views

CVE-2025-46205

A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0.10.0 to v0.10.5 allows attackers to cause a Denial of Service DoS by supplying a crafted PDF file. NOTE: this is disputed by the Supplier because there is no available file to reproduce the issue...

8.1CVSS6.5AI score0.00373EPSS
Exploits1References3
AlpineLinux
AlpineLinux
•added 2025/09/30 1:17 p.m.•6 views

CVE-2025-9232

Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'noproxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash...

5.9CVSS7AI score0.02093EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/09/30 1:17 p.m.•11 views

CVE-2025-9231

Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private...

6.5CVSS6.7AI score0.02234EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/09/30 1:17 p.m.•4 views

CVE-2025-9230

Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a...

7.5CVSS7.2AI score0.01744EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/09/30 1:15 p.m.•7 views

CVE-2025-11152

Sandbox escape due to integer overflow in the Graphics: Canvas2D component. This vulnerability affects Firefox 143.0.3...

8.6CVSS6.2AI score0.00252EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2025/09/30 1:15 p.m.•6 views

CVE-2025-11153

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox 143.0.3...

7.5CVSS6AI score0.00217EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2025/09/27 11:15 p.m.•2 views

CVE-2025-11083

A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elfswapshdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public an...

7.8CVSS7.2AI score0.00235EPSS
Exploits1References8
AlpineLinux
AlpineLinux
•added 2025/09/27 11:15 p.m.•5 views

CVE-2025-11082

A flaw has been found in GNU Binutils 2.45. Impacted is the function bfdelfparseehframe of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be use...

7.8CVSS6.6AI score0.00234EPSS
Exploits1References8
AlpineLinux
AlpineLinux
•added 2025/09/27 10:15 p.m.•3 views

CVE-2025-11081

A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dumpdwarfsection of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named...

5.5CVSS6.3AI score0.00189EPSS
Exploits1References8
AlpineLinux
AlpineLinux
•added 2025/09/26 4:15 p.m.•4 views

CVE-2025-59842

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to version 4.4.8, links generated with LaTeX typesetters in Markdown files and Markdown cells in JupyterLab and Jupyter Notebook did not include the noopener...

4.3CVSS6.9AI score0.0021EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2025/09/26 12:0 a.m.•5 views

CVE-2025-59362

Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asnbuildobjid in lib/snmplib/asn1.c...

4CVSS7AI score0.00362EPSS
Exploits1References2
AlpineLinux
AlpineLinux
•added 2025/09/24 4:17 p.m.•26 views

CVE-2025-10892

Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.4AI score0.00266EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/09/24 4:17 p.m.•3 views

CVE-2025-10891

Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.4AI score0.06608EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/09/24 4:17 p.m.•4 views

CVE-2025-10890

Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

9.1CVSS6.3AI score0.00293EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/09/24 4:17 p.m.•6 views

CVE-2025-10502

Heap buffer overflow in ANGLE in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. Chromium security severity: High...

8.8CVSS7.2AI score0.00261EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/09/24 4:17 p.m.•3 views

CVE-2025-10500

Use after free in Dawn in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7AI score0.00256EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/09/24 4:17 p.m.•4 views

CVE-2025-10501

Use after free in WebRTC in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7AI score0.0027EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/09/23 6:15 p.m.•26 views

CVE-2025-55780

A null pointer dereference occurs in the function breakwordforoverflowwrap in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function calls fzhtmlsplitflow to split a FLOWWORD node, but does not check if node-next is valid before accessing node-next-overflowwrap, resulti...

7.5CVSS6.3AI score0.00399EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2025/09/23 4:31 a.m.•4 views

CVE-2025-1131

A local privilege escalation vulnerability exists in the safeasterisk script included with the Asterisk toolkit package. When Asterisk is started via this script common in SysV init or FreePBX environments, it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating...

7.8CVSS7.1AI score0.002EPSS
Exploits1References2
AlpineLinux
AlpineLinux
•added 2025/09/23 12:2 a.m.•5 views

CVE-2025-10824

A vulnerability was determined in axboe fio up to 3.41. This impacts the function parsejobsini of the file init.c. Executing manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized...

5.3CVSS6.7AI score0.00133EPSS
Exploits0References5
AlpineLinux
AlpineLinux
•added 2025/09/23 12:0 a.m.•11 views

CVE-2025-51005

A heap-buffer-overflow vulnerability exists in the tcpliveplay utility of the tcpreplay-4.5.1. When a crafted pcap file is processed, the program incorrectly handles memory in the checksum calculation logic at dochecksummathliveplay in tcpliveplay.c, leading to a possible denial of service...

7.5CVSS6.4AI score0.00359EPSS
Exploits1References2
AlpineLinux
AlpineLinux
•added 2025/09/22 11:32 p.m.•3 views

CVE-2025-10823

A vulnerability was found in axboe fio up to 3.41. This affects the function strbufferpatterncb of the file options.c. Performing manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been made public and could be used...

4.8CVSS6.3AI score0.00136EPSS
Exploits0References5
AlpineLinux
AlpineLinux
•added 2025/09/22 9:1 p.m.•5 views

CVE-2025-47910

When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections...

5.4CVSS6.7AI score0.00308EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/09/22 6:23 p.m.•5 views

CVE-2025-58245

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bestweblayout Portfolio allows DOM-Based XSS. This issue affects Portfolio : from n/a through 2.58...

5.9CVSS6.4AI score0.0021EPSS
Exploits0References1
AlpineLinux
AlpineLinux
•added 2025/09/22 12:0 a.m.•5 views

CVE-2025-51006

Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the dltlinuxsll2cleanup function in plugins/dltlinuxsll2/linuxsll2.c. This vulnerability is triggered when tcpeditdltcleanup indirectly invokes the cleanup routine multiple times on the same memory region. By...

7.8CVSS6.7AI score0.00172EPSS
Exploits1References2
AlpineLinux
AlpineLinux
•added 2025/09/22 12:0 a.m.•18 views

CVE-2025-59801

In Artifex GhostXPS before 10.06.0, there is a stack-based buffer overflow in xpsunpredicttiff in xpstiff.c because the samplesperpixel value is not checked...

4.3CVSS7.4AI score0.00188EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/09/22 12:0 a.m.•6 views

CVE-2025-59798

Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfwritecmap in devices/vector/gdevpdtw.c...

5.5CVSS7.5AI score0.00188EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2025/09/22 12:0 a.m.•2 views

CVE-2025-59799

Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmarkcoercedest in devices/vector/gdevpdfm.c via a large size value...

5.5CVSS7.5AI score0.00188EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2025/09/22 12:0 a.m.•3 views

CVE-2025-59800

In Artifex Ghostscript through 10.05.1, ocrbeginpage in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in ocrline8...

5.5CVSS7.5AI score0.00166EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2025/09/18 6:41 p.m.•3 views

CVE-2025-47906

If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...

6.5CVSS6.2AI score0.00489EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2025/09/18 2:15 p.m.•6 views

CVE-2025-4444

A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Impacted is an unknown function of the component Onion Service Descriptor Handler. Performing manipulation results in resource consumption. The attack may be initiated remotely. The attack's complexity is rated as high. The...

6.3CVSS6.6AI score0.00437EPSS
Exploits0References6
AlpineLinux
AlpineLinux
•added 2025/09/18 9:21 a.m.•13 views

CVE-2025-30187

In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...

3.7CVSS6.8AI score0.00271EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/09/17 5:45 p.m.•4 views

CVE-2025-58767

REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these...

5.3CVSS7.3AI score0.00231EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2025/09/17 2:15 p.m.•5 views

CVE-2025-59476

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not restrict or transform the characters that can be inserted from user-specified content in log messages, allowing attackers able to control log message contents to insert line break characters, followed by forged log messages that may...

5.3CVSS6.8AI score0.00335EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2025/09/17 2:15 p.m.•10 views

CVE-2025-59475

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check for the authenticated user profile dropdown menu, allowing attackers without Overall/Read permission to obtain limited information about the Jenkins configuration by listing available options in this menu e.g.,...

4.3CVSS6.3AI score0.00448EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2025/09/17 2:15 p.m.•5 views

CVE-2025-59474

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel executors widget...

5.3CVSS6.8AI score0.04735EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2025/09/16 5:15 p.m.•6 views

CVE-2025-59161

Element Web is a Matrix web client built using the Matrix React SDK. Element Web and Element Desktop before version 1.11.112 have insufficient validation of room predecessor links, allowing a remote attacker to attempt to impermanently replace a room's entry in the room list with an unrelated...

6.9CVSS7AI score0.0038EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2025/09/16 4:15 p.m.•6 views

CVE-2025-58749

WebAssembly Micro Runtime WAMR is a lightweight standalone WebAssembly Wasm runtime. In WAMR versions prior to 2.4.2, when running in LLVM-JIT mode, the runtime cannot exit normally when executing WebAssembly programs containing a memory.fill instruction where the first operand memory address...

5.3CVSS6.8AI score0.00344EPSS
Exploits1References2
AlpineLinux
AlpineLinux
•added 2025/09/16 1:15 p.m.•2 views

CVE-2025-10537

Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox...

8.8CVSS7.5AI score0.00306EPSS
Exploits0References7
AlpineLinux
AlpineLinux
•added 2025/09/16 1:15 p.m.•3 views

CVE-2025-10536

Information disclosure in the Networking: Cache component. This vulnerability affects Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...

6.2CVSS5.9AI score0.00154EPSS
Exploits0References7
AlpineLinux
AlpineLinux
•added 2025/09/16 1:15 p.m.•7 views

CVE-2025-10535

Information disclosure, mitigation bypass in the Privacy component in Firefox for Android. This vulnerability affects Firefox 143...

7.5CVSS5.9AI score0.00293EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2025/09/16 1:15 p.m.•3 views

CVE-2025-10534

Spoofing issue in the Site Permissions component. This vulnerability affects Firefox 143 and Thunderbird 143...

8.1CVSS6AI score0.00328EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2025/09/16 1:15 p.m.•3 views

CVE-2025-10532

Incorrect boundary conditions in the JavaScript: GC component. This vulnerability affects Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...

6.5CVSS6.1AI score0.00291EPSS
Exploits0References7
AlpineLinux
AlpineLinux
•added 2025/09/16 1:15 p.m.•2 views

CVE-2025-10533

Integer overflow in the SVG component. This vulnerability affects Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...

8.8CVSS6.4AI score0.00687EPSS
Exploits0References7
AlpineLinux
AlpineLinux
•added 2025/09/16 1:15 p.m.•4 views

CVE-2025-10530

Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox 143 and Thunderbird 143...

6.5CVSS6AI score0.00275EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2025/09/16 1:15 p.m.•5 views

CVE-2025-10531

Mitigation bypass in the Web Compatibility: Tooling component. This vulnerability affects Firefox 143 and Thunderbird 143...

5.4CVSS6AI score0.00255EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2025/09/16 1:15 p.m.•1 views

CVE-2025-10529

Same-origin policy bypass in the Layout component. This vulnerability affects Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...

6.5CVSS6.1AI score0.00281EPSS
Exploits0References7
AlpineLinux
AlpineLinux
•added 2025/09/16 1:15 p.m.•1 views

CVE-2025-10528

Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability affects Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...

7.3CVSS6.1AI score0.00329EPSS
Exploits0References7
AlpineLinux
AlpineLinux
•added 2025/09/16 1:15 p.m.•18 views

CVE-2025-10527

Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...

7.1CVSS6.2AI score0.00258EPSS
Exploits0References7
Total number of security vulnerabilities13061