Lucene search
+L
AlpinelinuxRecent

13063 matches found

AlpineLinux
AlpineLinux
added 2025/08/19 9:15 p.m.5 views

CVE-2025-9186

Spoofing issue in the Address Bar component of Firefox Focus for Android. This vulnerability affects Firefox 142...

6.5CVSS6.7AI score0.00197EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/08/19 9:15 p.m.2 views

CVE-2025-9179

An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability affects Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14,...

9.8CVSS6.7AI score0.0053EPSS
Exploits0References10
AlpineLinux
AlpineLinux
added 2025/08/19 9:15 p.m.2 views

CVE-2025-9184

Memory safety bugs present in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox...

8.1CVSS7.7AI score0.00343EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2025/08/19 9:15 p.m.4 views

CVE-2025-9181

Uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox 142, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2...

6.5CVSS6.5AI score0.00337EPSS
Exploits0References9
AlpineLinux
AlpineLinux
added 2025/08/19 9:15 p.m.2 views

CVE-2025-9182

Denial-of-service due to out-of-memory in the Graphics: WebRender component. This vulnerability affects Firefox 142, Firefox ESR 140.2, Thunderbird 142, and Thunderbird 140.2...

7.5CVSS6AI score0.00351EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2025/08/19 9:15 p.m.6 views

CVE-2025-9183

Spoofing issue in the Address Bar component. This vulnerability affects Firefox 142 and Firefox ESR 140.2...

6.5CVSS6.7AI score0.00231EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/08/19 9:15 p.m.4 views

CVE-2025-9180

Same-origin policy bypass in the Graphics: Canvas2D component. This vulnerability affects Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2...

8.1CVSS6.2AI score0.00231EPSS
Exploits0References10
AlpineLinux
AlpineLinux
added 2025/08/19 9:15 p.m.6 views

CVE-2025-8364

A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack. Note: This issue only affected Android operating systems. Other operating systems are unaffected. This vulnerability affects Firefox 141...

4.3CVSS6.6AI score0.00208EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/08/19 9:15 p.m.8 views

CVE-2025-8042

Firefox for Android allowed a sandboxed iframe without the allow-downloads attribute to start downloads. This vulnerability affects Firefox 141...

9.8CVSS6.5AI score0.00423EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/08/19 9:15 p.m.36 views

CVE-2025-8041

In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. This vulnerability affects Firefox 141...

5.3CVSS6.7AI score0.00255EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/08/19 9:15 p.m.4 views

CVE-2025-55031

Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker's computer into the target account. This vulnerability affects...

9.8CVSS6.7AI score0.00386EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2025/08/19 9:15 p.m.6 views

CVE-2025-55029

Malicious scripts could bypass the popup blocker to spam new tabs, potentially resulting in denial of service attacks This vulnerability affects Firefox for iOS 142...

7.5CVSS6.7AI score0.00315EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/08/19 9:15 p.m.6 views

CVE-2025-55030

Firefox for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline rather than downloading, potentially allowing for XSS attacks This vulnerability affects Firefox for iOS 142...

6.1CVSS6AI score0.00147EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/08/19 9:15 p.m.3 views

CVE-2025-54143

Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page This vulnerability affects Firefox for iOS 141...

9.8CVSS6.7AI score0.00449EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/08/19 9:15 p.m.7 views

CVE-2025-54144

The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link This vulnerability affects Firefox for iOS 141...

5.4CVSS6.8AI score0.0021EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/08/19 9:15 p.m.3 views

CVE-2025-55028

Malicious scripts utilizing repetitive JavaScript alerts could prevent client user interaction in some scenarios and allow for denial of service attacks This vulnerability affects Firefox for iOS 142...

6.5CVSS6.7AI score0.00207EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/08/19 9:15 p.m.9 views

CVE-2025-54145

The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a malicious link that leveraged Firefox's open-text URL scheme This vulnerability affects Firefox for iOS 141...

9.1CVSS6.7AI score0.00367EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/08/19 8:2 p.m.2 views

CVE-2025-9165

A flaw has been found in LibTIFF 4.7.0. This affects the function TIFFmallocExt/TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak. The attack is restricted to local execution. This attack is...

2.5CVSS3.9AI score0.00196EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/08/19 11:32 a.m.6 views

CVE-2025-9136

A flaw has been found in libretro RetroArch 1.18.0/1.19.0/1.20.0. This affects the function filestreamvscanf of the file libretro-common/streams/filestream.c. This manipulation causes out-of-bounds read. The attack needs to be launched locally. Upgrading to version 1.21.0 mitigates this issue. It...

7.8CVSS7.1AI score0.00176EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2025/08/15 7:2 a.m.9 views

CVE-2025-9019

A vulnerability has been found in tcpreplay 4.5.1. This vulnerability affects the function maskcidr6 of the file cidr.c of the component tcpprep. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitatio...

5.9CVSS7.4AI score0.00997EPSS
Exploits1References11
AlpineLinux
AlpineLinux
added 2025/08/14 1:0 p.m.4 views

CVE-2025-8714

Untrusted data inclusion in pgdump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pgdumpall is also affected. pgrestore is affected...

8.8CVSS7.8AI score0.00736EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/08/14 1:0 p.m.4 views

CVE-2025-8715

Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks...

8.8CVSS8.7AI score0.00412EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/08/14 1:0 p.m.5 views

CVE-2025-8713

PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this...

3.1CVSS7.1AI score0.0022EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/08/14 12:2 p.m.2 views

CVE-2025-8961

A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be exploited...

4.8CVSS4AI score0.00202EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/08/14 12:15 a.m.22 views

CVE-2025-55199

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory OOM termination. This issue has been resolved in Helm 3.18.5. A workaround involves...

6.5CVSS7.2AI score0.00334EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/08/14 12:15 a.m.4 views

CVE-2025-55198

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatted as Helm expect...

6.5CVSS7.2AI score0.00331EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/08/13 5:16 p.m.3 views

CVE-2025-23304

NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously crafted metadata. A successful exploit of this vulnerability may lead to remote code execution and data tampering...

9.8CVSS8.3AI score0.0103EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/08/13 2:46 p.m.4 views

CVE-2025-53859

NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...

6.3CVSS5.7AI score0.00394EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/08/13 2:0 p.m.3 views

CVE-2025-55160

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, there is undefined behavior function-type-mismatch in splay tree cloning callback. This results in a deterministic abort under UBSan DoS in sanitizer builds, wit...

6.1CVSS7.1AI score0.00407EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2025/08/13 2:0 p.m.3 views

CVE-2025-55154

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage in coders/png.c are unsafe and can overflow, leading to memory corruption. This issue has been patched in...

8.8CVSS7.2AI score0.00967EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2025/08/13 1:59 p.m.4 views

CVE-2025-55005

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or reference-white value is larger than 1024...

5.5CVSS7.2AI score0.0026EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2025/08/13 1:59 p.m.1 views

CVE-2025-55004

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in ReadOneMNGIMage. This c...

7.6CVSS7.3AI score0.00522EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2025/08/13 12:3 p.m.63 views

CVE-2025-8671

A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service DoS. By opening streams and then rapidly triggering the serv...

7.5CVSS6.6AI score0.0351EPSS
Exploits3
AlpineLinux
AlpineLinux
added 2025/08/13 2:43 a.m.5 views

CVE-2025-8881

Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS6.4AI score0.00239EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/08/13 2:43 a.m.6 views

CVE-2025-8901

Out of bounds write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.6AI score0.00301EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/08/13 2:43 a.m.5 views

CVE-2025-8880

Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.6AI score0.00258EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/08/13 2:43 a.m.9 views

CVE-2025-8879

Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures. Chromium security severity: High...

8.8CVSS7.5AI score0.00276EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/08/12 4:59 p.m.6 views

CVE-2025-32086

Improperly implemented security check for standard in the DDRIO configuration for some IntelR XeonR 6 Processors when using IntelR SGX or IntelR TDX may allow a privileged user to potentially enable escalation of privilege via local access...

7.2CVSS7.6AI score0.00142EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/08/12 4:59 p.m.3 views

CVE-2025-26403

Out-of-bounds write in the memory subsystem for some IntelR XeonR 6 processors when using IntelR SGX or IntelR TDX may allow a privileged user to potentially enable escalation of privilege via local access...

7.2CVSS7.5AI score0.00142EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/08/12 4:58 p.m.3 views

CVE-2025-24305

Insufficient control flow management in the Alias Checking Trusted Module ACTM firmware for some IntelR XeonR processors may allow a privileged user to potentially enable escalation of privilege via local access...

7.2CVSS7.5AI score0.00143EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/08/12 4:58 p.m.3 views

CVE-2025-22889

Improper handling of overlap between protected memory ranges for some IntelR XeonR 6 processor with IntelR TDX may allow a privileged user to potentially enable escalation of privilege via local access...

7.9CVSS7.5AI score0.0015EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/08/12 4:58 p.m.6 views

CVE-2025-22840

Sequence of processor instructions leads to unexpected behavior for some IntelR XeonR 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access...

7.4CVSS7.5AI score0.00134EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/08/12 4:58 p.m.3 views

CVE-2025-22839

Insufficient granularity of access control in the OOB-MSM for some IntelR XeonR 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access...

7.5CVSS7.6AI score0.00181EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/08/12 4:58 p.m.4 views

CVE-2025-21090

Missing reference to active allocated resource for some IntelR XeonR processors may allow an authenticated user to potentially enable denial of service via local access...

6.5CVSS6.9AI score0.00144EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/08/12 4:58 p.m.8 views

CVE-2025-20109

Improper Isolation or Compartmentalization in the stream cache mechanism for some IntelR Processors may allow an authenticated user to potentially enable escalation of privilege via local access...

7.8CVSS7.5AI score0.00139EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/08/12 4:58 p.m.7 views

CVE-2025-20053

Improper buffer restrictions for some IntelR XeonR Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access...

7.2CVSS7.8AI score0.00154EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/08/12 3:48 p.m.6 views

CVE-2025-54864

Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding forge without HTTP Basic authentication. Both forges do however feature HMAC signing with a secret key. Triggering an evaluation can be...

7.5CVSS6.8AI score0.00382EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/08/12 3:47 p.m.7 views

CVE-2025-54800

Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...

7.1CVSS7AI score0.00202EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/08/11 11:15 p.m.3 views

CVE-2025-55158

Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, an error during evaluation can trigger a double-free in Vim’s internal typed value typvalT management. Specifically, the cleartv...

8.8CVSS7.4AI score0.00351EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/08/11 11:15 p.m.3 views

CVE-2025-55157

Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim script, an error during evaluation can trigger a use-after-free in Vim’s internal tuple reference management. Specifically, the tupleunref function may access alread...

8.8CVSS7.2AI score0.00341EPSS
Exploits0References3
Total number of security vulnerabilities13063