Lucene search
+L
AlpinelinuxRecent

13063 matches found

AlpineLinux
AlpineLinux
added 2025/07/28 7:2 a.m.6 views

CVE-2025-8262

A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file src/resolvers/exotics/hosted-git-resolver.js. The manipulation leads to inefficient regular expression complexity. It is possible to launch...

7.5CVSS7.3AI score0.007EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2025/07/27 8:2 a.m.4 views

CVE-2025-8225

A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function processdebuginfo of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patc...

4.8CVSS3.8AI score0.00223EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/07/27 5:32 a.m.8 views

CVE-2025-8224

A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfdelfgetstrsection of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack...

5.5CVSS3.7AI score0.00225EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/07/27 12:0 a.m.13 views

CVE-2025-54597

LinuxServer.io Heimdall before 2.7.3 allows XSS via the q parameter...

7.2CVSS6.2AI score0.00565EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/07/25 5:19 p.m.9 views

CVE-2025-5449

A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash,...

6.5CVSS6.3AI score0.00777EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/07/25 3:15 a.m.5 views

CVE-2025-54567

hw/pci/pciesriov.c in QEMU through 10.0.3 mishandles the VF Enable bit write mask, a related issue to CVE-2024-26327...

5.4CVSS7.1AI score0.00529EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/07/25 3:15 a.m.8 views

CVE-2025-54566

hw/pci/pciesriov.c in QEMU through 10.0.3 has a migration state inconsistency, a related issue to CVE-2024-26327...

5.4CVSS7.1AI score0.00529EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/07/24 2:14 p.m.3 views

CVE-2025-8114

A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange KEX process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash...

4.7CVSS7AI score0.00217EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/07/23 8:35 p.m.5 views

CVE-2025-53537

LibHTP is a security-aware parser for the HTTP protocol and its related bits and pieces. In versions 0.5.50 and below, there is a traffic-induced memory leak that can starve the process of memory, leading to loss of visibility. To workaround this issue, set suricata.yaml...

7.5CVSS7AI score0.0042EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/07/23 1:19 p.m.2 views

CVE-2025-54090

A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue...

6.3CVSS7.2AI score0.00685EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/07/23 12:0 a.m.26 views

CVE-2025-46686

Redis through 8.0.3 allows memory consumption via a multi-bulk command composed of many bulks, sent by an authenticated user. This occurs because the server allocates memory for the command arguments of every bulk, even when the command is skipped because of insufficient permissions. NOTE: this i...

3.5CVSS7.4AI score0.00263EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/07/22 9:36 p.m.4 views

CVE-2025-53538

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions 7.0.10 and below and 8.0.0-beta1 through 8.0.0-rc1, mishandling of data on HTTP2 stream 0 can lead to uncontrolled memory usage, leading to loss of...

7.5CVSS7.1AI score0.00432EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/07/22 9:34 p.m.13 views

CVE-2025-54072

yt-dlp is a feature-rich command-line audio/video downloader. In versions 2025.06.25 and below, when the --exec option is used on Windows with the default placeholder or , insufficient sanitization is applied to the expanded filepath, allowing for remote code execution. This is a bypass of the...

8.1CVSS8.2AI score0.00562EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/07/22 9:15 p.m.5 views

CVE-2025-8044

Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 141 and Thunderbird 141...

9.8CVSS7.7AI score0.00435EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/07/22 9:15 p.m.5 views

CVE-2025-8040

Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox...

8.8CVSS7.7AI score0.00302EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2025/07/22 9:15 p.m.7 views

CVE-2025-8043

Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability affects Firefox 141 and Thunderbird 141...

9.8CVSS6.6AI score0.00367EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2025/07/22 9:15 p.m.5 views

CVE-2025-8039

In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability affects Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

8.1CVSS6.5AI score0.00277EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2025/07/22 9:15 p.m.1 views

CVE-2025-8033

The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability affects Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

6.5CVSS6.4AI score0.00351EPSS
Exploits0References9
AlpineLinux
AlpineLinux
added 2025/07/22 9:15 p.m.5 views

CVE-2025-8031

The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

9.8CVSS6.6AI score0.00431EPSS
Exploits0References8
AlpineLinux
AlpineLinux
added 2025/07/22 9:15 p.m.1 views

CVE-2025-8030

Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability affects Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

8.1CVSS6.5AI score0.00306EPSS
Exploits0References8
AlpineLinux
AlpineLinux
added 2025/07/22 9:15 p.m.3 views

CVE-2025-8029

Thunderbird executed javascript: URLs when used in object and embed tags. This vulnerability affects Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

8.1CVSS6.1AI score0.00306EPSS
Exploits0References8
AlpineLinux
AlpineLinux
added 2025/07/22 9:15 p.m.2 views

CVE-2025-8035

Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run...

8.8CVSS7.7AI score0.00326EPSS
Exploits0References9
AlpineLinux
AlpineLinux
added 2025/07/22 9:15 p.m.7 views

CVE-2025-8036

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

8.1CVSS6AI score0.00417EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2025/07/22 9:15 p.m.2 views

CVE-2025-8032

XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability affects Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

8.1CVSS6.5AI score0.00305EPSS
Exploits0References8
AlpineLinux
AlpineLinux
added 2025/07/22 9:15 p.m.9 views

CVE-2025-8037

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute. This vulnerability affects Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

9.1CVSS6.5AI score0.00217EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2025/07/22 9:15 p.m.1 views

CVE-2025-8034

Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

8.8CVSS7.7AI score0.00375EPSS
Exploits0References10
AlpineLinux
AlpineLinux
added 2025/07/22 9:15 p.m.6 views

CVE-2025-8038

Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

9.8CVSS6AI score0.00225EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2025/07/22 9:15 p.m.5 views

CVE-2025-8028

On arm64, a WASM brtable instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability affects Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird...

9.8CVSS6.4AI score0.00472EPSS
Exploits0References9
AlpineLinux
AlpineLinux
added 2025/07/22 9:15 p.m.4 views

CVE-2025-8027

On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability affects Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbi...

6.5CVSS6.4AI score0.00351EPSS
Exploits0References9
AlpineLinux
AlpineLinux
added 2025/07/22 9:11 p.m.6 views

CVE-2025-8010

Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7AI score0.0025EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/07/22 2:17 p.m.3 views

CVE-2025-4878

A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption...

3.6CVSS6.1AI score0.00181EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/07/22 12:0 a.m.3 views

CVE-2025-48964

ping in iputils before 20250602 allows a denial of service application error in adaptive ping mode or incorrect data collection via a crafted ICMP Echo Reply packet, because a zero timestamp can lead to large intermediate values that have an integer overflow when squared during statistics...

6.5CVSS6.6AI score0.01455EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2025/07/21 12:49 p.m.4 views

CVE-2025-30192

An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries. The updated version include various mitigations against spoofing attempts of ECS enabled queries by chaining ECS enabled requests and enforcing stricter...

7.5CVSS7.2AI score0.00229EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/07/20 12:0 a.m.10 views

CVE-2025-49087

In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS7 padding mode is used...

4CVSS7.1AI score0.00395EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/07/20 12:0 a.m.10 views

CVE-2025-47917

Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtlsx509stringtonames takes a head argument that is documented as an output argument. The documentation does not suggest that the function...

9.8CVSS7.5AI score0.0199EPSS
Exploits2References4
AlpineLinux
AlpineLinux
added 2025/07/20 12:0 a.m.6 views

CVE-2025-48965

Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtlsasn1storenameddata can trigger conflicting data with val.p of NULL but val.len greater than zero...

7.5CVSS7.3AI score0.00461EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/07/18 10:51 p.m.5 views

CVE-2025-7396

In wolfSSL release 5.8.2 blinding support is turned on by default for Curve25519 in applicable builds. The blinding configure option is only for the base C implementation of Curve25519. It is not needed, or available with; ARM assembly builds, Intel assembly builds, and the small Curve25519...

5.6CVSS6.8AI score0.00182EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/07/18 10:34 p.m.5 views

CVE-2025-7394

In the OpenSSL compatibility layer implementation, the function RANDpoll was not behaving as expected and leading to the potential for predictable values returned from RANDbytes after fork is called. This can lead to weak or predictable random numbers generated in applications that are both using...

9.8CVSS7.4AI score0.00387EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/07/18 10:15 p.m.5 views

CVE-2025-7395

A certificate verification error in wolfSSL when building with the WOLFSSLSYSCACERTS and WOLFSSLAPPLENATIVECERTVALIDATION options results in the wolfSSL client failing to properly verify the server certificate's domain name, allowing any certificate issued by a trusted CA to be accepted regardles...

9.2CVSS7.2AI score0.00222EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/07/18 8:15 p.m.5 views

CVE-2025-54310

qBittorrent before 5.1.2 does not prevent access to a local file that is referenced in a link URL. This affects rsswidget.cpp and searchjobwidget.cpp...

5.3CVSS7AI score0.00398EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/07/18 8:15 a.m.4 views

CVE-2025-6197

An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: - Multiple organizations must exist in the Grafana instance - Victim must be on a different organization than the one specified in the URL...

7.6CVSS7.2AI score0.37565EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/07/18 8:15 a.m.4 views

CVE-2025-6023

An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XSS. Fixed in versions 12.0.2+security-01,...

7.6CVSS6.5AI score0.37565EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/07/17 6:15 p.m.7 views

CVE-2025-53644

OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability...

9.8CVSS7AI score0.00371EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 2025/07/17 11:15 a.m.20 views

CVE-2025-3415

Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01,...

4.3CVSS7.2AI score0.0089EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/07/16 5:38 p.m.4 views

CVE-2025-40777

If a named caching resolver is configured with serve-stale-enable yes, and with stale-answer-client-timeout set to 0 the only allowable value other than disabled, and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or...

7.5CVSS6.5AI score0.0087EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/07/16 2:38 p.m.5 views

CVE-2025-5994

A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet ECS. Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along with queries to...

8.7CVSS7AI score0.00188EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/07/16 2:0 p.m.6 views

CVE-2025-40918

Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, i...

6.5CVSS5.5AI score0.00394EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/07/16 1:41 p.m.5 views

CVE-2025-40776

A named caching resolver that is configured to send ECS EDNS Client Subnet options may be vulnerable to a cache-poisoning attack. This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20.9-S1 through 9.20.10-S1...

8.6CVSS7.2AI score0.00196EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/07/15 8:52 p.m.3 views

CVE-2025-53906

Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. However, successful...

4.1CVSS8AI score0.00731EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 2025/07/15 8:49 p.m.6 views

CVE-2025-30761

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Scripting. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf and 11.0.27; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows...

5.9CVSS6.6AI score0.00551EPSS
Exploits0
Total number of security vulnerabilities13063