Lucene search
+L
AlpinelinuxRecent

13063 matches found

AlpineLinux
AlpineLinux
added 2025/09/16 1:15 p.m.1 views

CVE-2025-10528

Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability affects Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...

7.3CVSS6.1AI score0.00329EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2025/09/16 1:15 p.m.18 views

CVE-2025-10527

Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...

7.1CVSS6.2AI score0.00258EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2025/09/15 12:0 a.m.6 views

CVE-2025-59378

In guix-daemon in GNU Guix before 1618ca7, a content-addressed-mirrors file can be written to create a setuid program that allows a regular user to gain the privileges of the build user that runs it even after the build has ended...

5.7CVSS7AI score0.00135EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/09/15 12:0 a.m.1 views

CVE-2025-59375

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing...

7.5CVSS6.9AI score0.01279EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/09/12 11:15 a.m.8 views

CVE-2025-27238

Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them...

3.5CVSS6.9AI score0.00169EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/09/12 11:15 a.m.26 views

CVE-2025-27240

A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field...

7.5CVSS7.7AI score0.01188EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/09/12 11:15 a.m.18 views

CVE-2025-27233

Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system...

5.7CVSS6.9AI score0.0016EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/09/12 5:10 a.m.19 views

CVE-2025-10148

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...

5.3CVSS7.1AI score0.00466EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/09/12 5:10 a.m.4 views

CVE-2025-9086

A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but using clear text HTTP using the same cookie set 3. The same cookie name is set - but with just a slash as path path="/",. Since this site is not...

7.5CVSS6.4AI score0.01301EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/09/11 5:26 p.m.3 views

CVE-2025-58364

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, an unsafe deserialization and validation of printer attributes causes null dereference in the libcups library. This is a remote DoS vulnerability available in local...

6.5CVSS6.8AI score0.01063EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 2025/09/11 5:6 p.m.6 views

CVE-2025-58060

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the AuthType is set to anything but Basic, if the request contains an Authorization: Basic ... header, the password is not checked. This results in...

8CVSS7.1AI score0.00964EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 2025/09/10 7:12 p.m.35 views

CVE-2025-10201

Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.5AI score0.00258EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/09/10 7:12 p.m.4 views

CVE-2025-10200

Use after free in Serviceworker in Google Chrome on Desktop prior to 140.0.7339.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS7.3AI score0.00589EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/09/10 6:43 p.m.3 views

CVE-2025-9714

Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions xmlXPathRunEval, xmlXPathCtxtCompile, and xmlXPathEvalExpr were resetting recursion depth to zero before...

6.2CVSS6.6AI score0.00144EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/09/09 7:27 p.m.8 views

CVE-2025-58063

CoreDNS is a DNS server that chains plugins. Starting in version 1.2.0 and prior to version 1.12.4, the CoreDNS etcd plugin contains a TTL confusion vulnerability where lease IDs are incorrectly used as TTL values, enabling DNS cache pinning attacks. This effectively creates a DoS condition for D...

7.1CVSS6.8AI score0.00407EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/09/09 5:15 p.m.5 views

CVE-2025-49734

Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally...

7CVSS6.9AI score0.00302EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/09/08 3:8 p.m.6 views

CVE-2025-40929

Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact...

5.6CVSS7.2AI score0.00405EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/09/05 9:16 p.m.1 views

CVE-2025-57807

ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob, which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob, which then expan...

9.8CVSS6.8AI score0.00274EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2025/09/05 7:54 p.m.2 views

CVE-2025-9566

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...

8.1CVSS6.8AI score0.01008EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/09/03 4:17 p.m.4 views

CVE-2025-9866

Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6.5AI score0.00353EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/09/03 3:15 p.m.8 views

CVE-2025-58458

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check f...

4.3CVSS6.5AI score0.00288EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/09/03 3:15 p.m.3 views

CVE-2025-58460

A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b92bcd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

4.2CVSS6.3AI score0.00223EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/09/03 3:15 p.m.5 views

CVE-2025-58459

Jenkins global-build-stats Plugin 322.v22f4db18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs...

4.3CVSS6.5AI score0.00258EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/09/03 8:15 a.m.2 views

CVE-2025-9817

SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service...

7.8CVSS6.6AI score0.00194EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2025/09/03 12:0 a.m.8 views

CVE-2025-57833

An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed QuerySet.annotate or QuerySet.alias...

8.1CVSS8AI score0.15602EPSS
Exploits4
AlpineLinux
AlpineLinux
added 2025/09/03 12:0 a.m.5 views

CVE-2025-57052

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decodearrayindexfrompointer function in cJSONUtils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters...

9.8CVSS7.1AI score0.00693EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/09/01 7:3 p.m.3 views

CVE-2025-9810

TOCTOU in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopen"w" on the history path and subsequent chmod on the same path...

6.8CVSS6.7AI score0.00099EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2025/08/30 12:32 p.m.3 views

CVE-2025-9688

A security vulnerability has been detected in Mupen64Plus up to 2.6.0. The affected element is the function writeisviewer of the file src/device/cart/isviewer.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The attack is considered to have high...

5.1CVSS5.4AI score0.00258EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2025/08/29 3:0 p.m.7 views

CVE-2025-55304

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A denial-of-service was found in Exiv2 version 0.28.5: a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetadata can cause Exiv2 to run for a long time...

5.5CVSS6.9AI score0.00226EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/08/29 2:50 p.m.3 views

CVE-2025-54080

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions 0.28.5 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An...

5.5CVSS6.6AI score0.00132EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/08/29 1:32 p.m.7 views

CVE-2025-9649

A security vulnerability has been detected in appneta tcpreplay 4.5.1. Impacted is the function calcsleeptime of the file sendpackets.c. Such manipulation leads to divide by zero. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. Upgrading to version...

5.5CVSS6.6AI score0.00225EPSS
Exploits1References7
AlpineLinux
AlpineLinux
added 2025/08/28 3:33 p.m.6 views

CVE-2025-57767

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, 21.10.2, and 22.5.2, if a SIP request is received with an Authorization header that contains a realm that wasn't in a previous 401 response's WWW-Authenticate header, or an Authorization header wi...

7.5CVSS6.8AI score0.00381EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/08/27 8:23 p.m.6 views

CVE-2025-40779

If a DHCPv4 client sends a request with some specific options, and Kea fails to find an appropriate subnet for the client, the kea-dhcp4 process will abort with an assertion failure. This happens only if the client request is unicast directly to Kea; broadcast messages do not cause the problem...

7.5CVSS6.6AI score0.00495EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/08/27 6:47 p.m.11 views

CVE-2025-58050

The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the scs:... Scan SubString verb when combined with...

9.1CVSS5.9AI score0.00693EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/08/26 5:25 p.m.6 views

CVE-2025-57803

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2 for ImageMagick's 32-bit build, a 32-bit integer overflow in the BMP encoder’s scanline-stride computation collapses bytesperline stride to a tiny value while the...

8.8CVSS7.7AI score0.00794EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/08/26 5:20 p.m.2 views

CVE-2025-55298

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper...

8.8CVSS8.3AI score0.04065EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/08/26 4:43 p.m.2 views

CVE-2025-55212

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2, passing a geometry string containing only a colon ":" to montage -geometry leads GetGeometry to set width/height to 0. Later, ThumbnailImage divides by these zer...

7.5CVSS7.1AI score0.00851EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/08/24 10:32 p.m.5 views

CVE-2025-9396

A security flaw has been discovered in ckolivas lrzip up to 0.651. This impacts the function GIstrtollinternal of the file strtoll.c. Performing manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be...

5.5CVSS3.7AI score0.00243EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2025/08/24 4:2 p.m.7 views

CVE-2025-9394

A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host...

5.5CVSS5.5AI score0.0019EPSS
Exploits1References7
AlpineLinux
AlpineLinux
added 2025/08/24 2:2 p.m.4 views

CVE-2025-9390

A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be...

5.5CVSS5.4AI score0.00246EPSS
Exploits1References8
AlpineLinux
AlpineLinux
added 2025/08/24 11:2 a.m.10 views

CVE-2025-9386

A vulnerability has been found in appneta tcpreplay up to 4.5.1. The impacted element is the function getl2lenprotocol of the file get.c of the component tcprewrite. Such manipulation leads to use after free. The attack must be carried out locally. The exploit has been disclosed to the public and...

5.5CVSS5.3AI score0.00216EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2025/08/24 10:32 a.m.8 views

CVE-2025-9385

A flaw has been found in appneta tcpreplay up to 4.5.1. The affected element is the function fixipv6checksums of the file editpacket.c of the component tcprewrite. This manipulation causes use after free. The attack is restricted to local execution. The exploit has been published and may be used...

5.5CVSS5.2AI score0.00218EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2025/08/24 10:2 a.m.7 views

CVE-2025-9384

A vulnerability was detected in appneta tcpreplay up to 4.5.1. Impacted is the function tcpeditpostargs of the file /src/tcpedit/parseargs.c. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit is now public and may be used. Upgrading t...

5.5CVSS3.7AI score0.00223EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2025/08/22 9:5 p.m.32 views

CVE-2025-4609

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sandbox escape via a malicious file. Chromium security severity: High...

9.6CVSS5.9AI score0.00375EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/08/21 4:2 p.m.6 views

CVE-2025-9308

A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects...

5.5CVSS7.2AI score0.00188EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 2025/08/21 12:0 a.m.2 views

CVE-2025-52194

A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircamreadheader function at src/ircam.c:164 during sample rate processing, leading to memory corruption and potential co...

7.5CVSS8.1AI score0.00585EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2025/08/20 12:19 p.m.24 views

CVE-2025-4877

There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash function. In such cases the bintobase64 function can experience an integer overflow leading to a memory under allocation, when that happens it's possibl...

4.5CVSS6.7AI score0.00178EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/08/20 1:15 a.m.6 views

CVE-2025-9132

Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7AI score0.02954EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/08/19 9:15 p.m.3 views

CVE-2025-9187

Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 142 and Thunderbird 142...

9.8CVSS7.7AI score0.00424EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/08/19 9:15 p.m.3 views

CVE-2025-9185

Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

8.1CVSS7.7AI score0.0044EPSS
Exploits0References10
Total number of security vulnerabilities13063