Lucene search
+L
AlpinelinuxRecent

13063 matches found

AlpineLinux
AlpineLinux
added 2025/08/11 12:21 p.m.6 views

CVE-2025-8672

MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the application...

7.8CVSS7.4AI score0.00322EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2025/08/11 8:15 a.m.7 views

CVE-2025-8837

A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpcdecdump of the file src/libjasper/jpc/jpcdec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public...

7.8CVSS7.2AI score0.00221EPSS
Exploits1References7
AlpineLinux
AlpineLinux
added 2025/08/11 8:15 a.m.6 views

CVE-2025-8836

A vulnerability was determined in JasPer up to 4.2.5. Affected by this issue is the function jpcfloorlog2 of the file src/libjasper/jpc/jpcenc.c of the component JPEG2000 Encoder. The manipulation leads to reachable assertion. The attack needs to be approached locally. The exploit has been...

4.8CVSS7.2AI score0.002EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2025/08/11 7:15 a.m.8 views

CVE-2025-8835

A vulnerability was found in JasPer up to 4.2.5. Affected by this vulnerability is the function jasimagechclrspc of the file src/libjasper/base/jasimage.c of the component Image Color Space Conversion Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack...

5.5CVSS7.1AI score0.0021EPSS
Exploits1References7
AlpineLinux
AlpineLinux
added 2025/08/09 3:15 a.m.4 views

CVE-2025-55001

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao allowed the assignment of policies and MFA attribution based upon entity aliases, chosen by the underlying auth method. Whe...

6.5CVSS7AI score0.00221EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/08/09 2:1 a.m.18 views

CVE-2025-55003

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao's Login Multi-Factor Authentication MFA system allows enforcing MFA using Time-based One Time Password TOTP. Due to...

5.7CVSS6.8AI score0.00199EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/08/09 2:1 a.m.5 views

CVE-2025-55000

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, OpenBao's TOTP secrets engine could accept valid codes multiple times rather than strictly-once. This was caused by unexpected...

6.5CVSS6.8AI score0.00209EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/08/09 2:0 a.m.7 views

CVE-2025-54999

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, when using OpenBao's userpass auth method, user enumeration was possible due to timing difference between non-existent users an...

3.7CVSS6.6AI score0.00193EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/08/09 2:0 a.m.9 views

CVE-2025-54998

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP auth systems. This was caused by...

5.3CVSS6.9AI score0.00211EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/08/09 1:56 a.m.12 views

CVE-2025-54997

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, some OpenBao deployments intentionally limit privileged API operators from executing system code or making network connections...

9.1CVSS7.1AI score0.00371EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/08/09 1:32 a.m.12 views

CVE-2025-54996

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, accounts with access to highly-privileged identity entity systems in root namespaces were able to increase their scope directly to...

7.2CVSS6.7AI score0.00308EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/08/08 7:2 p.m.5 views

CVE-2025-8736

A vulnerability, which was classified as critical, has been found in GNU cflow up to 1.8. Affected by this issue is the function yylex of the file c.c of the component Lexer. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclose...

5.3CVSS7.3AI score0.0016EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2025/08/08 6:32 p.m.6 views

CVE-2025-8735

A vulnerability classified as problematic was found in GNU cflow up to 1.8. Affected by this vulnerability is the function yylex of the file c.c of the component Lexer. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to th...

4.8CVSS7.2AI score0.00145EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2025/08/08 6:2 p.m.7 views

CVE-2025-8734

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Additional analysis indicates that the files referenced in the stack trace do not exist in Bison...

4.3AI score0.00019EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2025/08/08 5:32 p.m.8 views

CVE-2025-8733

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Additional analysis indicates that the files referenced in the stack trace do not exist in Bison...

4.3AI score0.00019EPSS
Exploits0References8
AlpineLinux
AlpineLinux
added 2025/08/08 4:32 p.m.5 views

CVE-2025-8732

A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has been disclosed to...

4.8CVSS4.8AI score0.00202EPSS
Exploits1References7
AlpineLinux
AlpineLinux
added 2025/08/08 12:15 a.m.5 views

CVE-2025-54368

uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. An attacker could contrive a ZIP archive that would extract with...

6.8CVSS6.9AI score0.00196EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2025/08/07 3:25 p.m.2 views

CVE-2025-47907

Cancelling a query e.g. by cancelling the context passed to one of the query methods during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with...

7CVSS6.5AI score0.00355EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/08/07 3:19 p.m.4 views

CVE-2025-7054

Cloudflare quiche was discovered to be vulnerable to an infinite loop when sending packets containing RETIRECONNECTIONID frames. QUIC connections possess a set of connection identifiers IDs; see Section 5.1 of RFC 9000 https://datatracker.ietf.org/doc/html/rfc9000section-5.1 . Once the QUIC...

8.7CVSS7AI score0.00385EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/08/07 1:30 a.m.13 views

CVE-2025-8580

Inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS6.5AI score0.00234EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/08/07 1:30 a.m.11 views

CVE-2025-8582

Insufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Low...

4.3CVSS6.4AI score0.00232EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/08/07 1:30 a.m.6 views

CVE-2025-8576

Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: Medium...

8.8CVSS7.2AI score0.00313EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/08/07 1:30 a.m.8 views

CVE-2025-8578

Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS7.2AI score0.00326EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/08/07 1:15 a.m.11 views

CVE-2025-54799

Let's Encrypt client and ACME library written in Go Lego. In versions 4.25.1 and below, the github.com/go-acme/lego/v4/acme/api package thus the lego library and the lego cli as well don't enforce HTTPS when talking to CAs as an ACME client. Unlike the http-01 challenge which solves an ACME...

6CVSS7.1AI score0.00214EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/08/07 12:0 a.m.1 views

CVE-2025-50952

openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c...

6.5CVSS7.7AI score0.00262EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/08/07 12:0 a.m.4 views

CVE-2025-47808

In GStreamer through 1.26.1, the subparse plugin's tmplayerparseline function may dereference a NULL pointer while parsing a subtitle file, leading to a crash...

5.6CVSS6.3AI score0.00459EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2025/08/07 12:0 a.m.1 views

CVE-2025-47807

In GStreamer through 1.26.1, the subparse plugin's subripunescapeformatting function may dereference a NULL pointer while parsing a subtitle file, leading to a crash...

5.5CVSS6.3AI score0.00198EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2025/08/07 12:0 a.m.2 views

CVE-2025-47806

In GStreamer through 1.26.1, the subparse plugin's parsesubriptime function may write data past the bounds of a stack buffer, leading to a crash...

5.6CVSS6.3AI score0.00277EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2025/08/07 12:0 a.m.3 views

CVE-2025-47183

In GStreamer through 1.26.1, the isomp4 plugin's qtdemuxparsetree function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure...

6.6CVSS6AI score0.002EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2025/08/07 12:0 a.m.5 views

CVE-2025-47219

In GStreamer through 1.26.1, the isomp4 plugin's qtdemuxparsetrak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure...

8.1CVSS6.1AI score0.00625EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2025/08/05 2:33 p.m.9 views

CVE-2025-54874

OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opjjp2readheader may lead to OOB heap memory write when the data stream pstream is too short and pimage is not initialized...

9.8CVSS6.6AI score0.00636EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2025/08/05 12:32 a.m.7 views

CVE-2025-8537

A vulnerability, which was classified as problematic, was found in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4DataBuffer::SetDataSize of the file Mp4Decrypt.cpp of the component mp4decrypt. The manipulation leads to allocation of resources. It is possible to launch the attack...

6.3CVSS6.3AI score0.00599EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2025/08/04 6:15 p.m.5 views

CVE-2025-46206

An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the mutool clean utility. When processing a crafted PDF file containing cyclic /Next references in the outline structure, the stripoutline function enters infinite recursion...

6.5CVSS6.8AI score0.00384EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2025/08/04 12:0 a.m.6 views

CVE-2025-50422

Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unscaled-face == NULL" assertion failure for cairoftunscaledfontfini in cairo-ft-font.c...

2.9CVSS6.9AI score0.00213EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2025/08/04 12:0 a.m.6 views

CVE-2025-50420

An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted PDF file. This can lead to a Denial of Service DoS...

6.5CVSS6.8AI score0.00301EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2025/08/03 12:0 a.m.9 views

CVE-2025-54350

In iperf before 3.19.1, iperfauth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt...

5.3CVSS6.8AI score0.00395EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/08/03 12:0 a.m.3 views

CVE-2025-54349

In iperf before 3.19.1, iperfauth.c has an off-by-one error and resultant heap-based buffer overflow...

10CVSS6.8AI score0.00378EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/08/03 12:0 a.m.12 views

CVE-2025-54351

In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used for MSGTRUNC in recv...

10CVSS7AI score0.00397EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/08/02 12:15 a.m.5 views

CVE-2025-54386

Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik’s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../...

9.8CVSS8.3AI score0.01071EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2025/08/02 12:0 a.m.7 views

CVE-2025-54955

OpenNebula Community Edition CE before 7.0.0 and Enterprise Edition EE before 6.10.3 have a critical FireEdge race condition that can lead to full account takeover. By exploiting this, an unauthenticated attacker can obtain a valid JSON Web Token JWT belonging to a legitimate user without knowled...

8.1CVSS7.4AI score0.00343EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2025/08/01 5:57 p.m.10 views

CVE-2025-49832

Asterisk is an open source private branch exchange and telephony toolkit. In versions up to and including 18.26.2, between 20.00.0 and 20.15.0, 20.7-cert6, 21.00.0, 22.00.0 through 22.5.0, there is a remote DoS and possible RCE condition in asterisk/res/resstirshaken /verification.c that can be...

6.5CVSS7.2AI score0.00446EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2025/08/01 4:32 p.m.6 views

CVE-2025-48074

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, which can lead to excessive memory allocation and performance...

5.5CVSS7.2AI score0.00259EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/08/01 12:0 a.m.7 views

CVE-2025-53399

In Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic of the media-relay core allows remote attackers to inject or intercept RTP/SRTP media streams via RTP packets except when the relay is configured for strict source and learning disabled. Version 13.4.1...

6.9CVSS7.3AI score0.04982EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2025/07/31 8:25 p.m.6 views

CVE-2025-48073

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, when reading a deep scanline image with a large sample count in reduceMemory mode, it is possible to crash a target application with a...

6.2CVSS7.2AI score0.00198EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/07/31 8:18 p.m.5 views

CVE-2025-48072

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Version 3.3.2 is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math when decompressing DWAA-packed scan-line EXR...

9.1CVSS7.6AI score0.00496EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/07/31 8:13 p.m.12 views

CVE-2025-48071

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files...

8.4CVSS7.7AI score0.00312EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/07/30 1:24 p.m.8 views

CVE-2025-54388

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. In versions 28.2.0 through 28.3.2, when the firewalld service is reloaded it removes all iptables rules including...

5.1CVSS6AI score0.00215EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/07/29 10:15 p.m.5 views

CVE-2025-54126

The WebAssembly Micro Runtime's WAMR iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface WASI and command line interface. In versions 2.4.0 and below, iwasm uses --addr-pool with an IPv4 address that lacks a subnet mask, allowing the system to...

6.9CVSS7.2AI score0.0061EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2025/07/29 9:19 p.m.4 views

CVE-2025-4674

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

8.6CVSS6.9AI score0.00273EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/07/28 12:40 p.m.5 views

CVE-2025-4056

A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines...

7.5CVSS7.2AI score0.00436EPSS
Exploits0References3
Total number of security vulnerabilities13063