Lucene search
+L
AlpinelinuxRecent

13063 matches found

AlpineLinux
AlpineLinux
•added 2025/07/15 8:48 p.m.•2 views

CVE-2025-53905

Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim’s tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires direct user interaction. However, successful...

4.1CVSS8AI score0.00242EPSS
Exploits1References3
AlpineLinux
AlpineLinux
•added 2025/07/15 7:27 p.m.•11 views

CVE-2025-50106

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1;...

8.1CVSS7.3AI score0.00611EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/07/15 7:27 p.m.•5 views

CVE-2025-50059

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1...

8.6CVSS7.4AI score0.00501EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/07/15 7:27 p.m.•8 views

CVE-2025-30754

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0....

4.8CVSS6AI score0.00381EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/07/15 7:27 p.m.•7 views

CVE-2025-30749

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1;...

8.1CVSS7.2AI score0.01058EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2025/07/15 6:12 p.m.•4 views

CVE-2025-7657

Use after free in WebRTC in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.2AI score0.00497EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/07/15 6:12 p.m.•7 views

CVE-2025-7656

Integer overflow in V8 in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.3AI score0.0863EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/07/15 6:12 p.m.•4 views

CVE-2025-6558

Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.9AI score0.09185EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/07/15 1:44 p.m.•7 views

CVE-2025-6965

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above...

7.7CVSS7.4AI score0.73495EPSS
Exploits3
AlpineLinux
AlpineLinux
•added 2025/07/14 7:51 p.m.•1 views

CVE-2025-53101

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's magick mogrify command, specifying multiple consecutive %d format specifiers in a filename template causes internal pointer arithmetic to...

9.8CVSS7.6AI score0.00792EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2025/07/14 7:42 p.m.•3 views

CVE-2025-53019

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's magick stream command, specifying multiple consecutive %d format specifiers in a filename template causes a memory leak. Versions 7.1.2-0 and...

7.5CVSS7.2AI score0.00462EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/07/14 7:31 p.m.•4 views

CVE-2025-53015

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0, infinite lines occur when writing during a specific XMP file conversion command. Version 7.1.2-0 fixes the issue...

7.5CVSS7.2AI score0.00707EPSS
Exploits1References2
AlpineLinux
AlpineLinux
•added 2025/07/14 5:59 p.m.•6 views

CVE-2025-53014

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the InterpretImageFilename function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processi...

9.8CVSS7.8AI score0.00617EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2025/07/13 10:27 p.m.•8 views

CVE-2025-1735

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid...

7.5CVSS9.6AI score0.00953EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/07/13 10:18 p.m.•3 views

CVE-2025-1220

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 some functions like fsockopen lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parseurl treat the hostname in different way, thus openin...

5.3CVSS6.6AI score0.00514EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2025/07/13 10:15 p.m.•4 views

CVE-2025-7546

A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfdelfsetgroupcontents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has bee...

7.8CVSS5AI score0.00172EPSS
Exploits0References8
AlpineLinux
AlpineLinux
•added 2025/07/13 10:15 p.m.•4 views

CVE-2025-7545

A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copysection of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the publ...

7.8CVSS5.3AI score0.00254EPSS
Exploits0References8
AlpineLinux
AlpineLinux
•added 2025/07/13 10:10 p.m.•11 views

CVE-2025-6491

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 when parsing XML data in SOAP extensions, overly large 2Gb XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server...

5.9CVSS9.5AI score0.00944EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2025/07/11 12:0 a.m.•3 views

CVE-2025-45582

GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file,...

4.1CVSS6.2AI score0.00433EPSS
Exploits1References6
AlpineLinux
AlpineLinux
•added 2025/07/10 7:32 p.m.•6 views

CVE-2025-53630

llama.cpp is an inference of several LLM models in C/C++. Integer Overflow in the ggufinitfromfileimpl function in ggml/src/gguf.cpp can lead to Heap Out-of-Bounds Read/Write. This vulnerability is fixed in commit 26a48ad699d50b6268900062661bd22f3e792579...

9.3CVSS5.8AI score0.00318EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2025/07/10 4:59 p.m.•10 views

CVE-2025-53020

Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63. Users are recommended to upgrade to version 2.4.64, which fixes the issue...

7.5CVSS6.5AI score0.04409EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2025/07/10 4:58 p.m.•3 views

CVE-2025-49812

In some modssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. Users are recommend...

7.4CVSS6.4AI score0.00512EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/07/10 4:57 p.m.•5 views

CVE-2025-49630

In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in modproxyhttp2. Configurations affected are a reverse proxy is configured for an HTTP/2 backend, with...

7.5CVSS6.5AI score0.01149EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/07/10 4:56 p.m.•6 views

CVE-2025-23048

In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when modssl is configured for multiple virtual hosts, with each restricted to a different set of...

9.1CVSS6.5AI score0.0097EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2025/07/10 4:56 p.m.•9 views

CVE-2024-43394

Server-Side Request Forgery SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via modrewrite or apache expressions that pass unvalidated request input. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.63. Note: The Apache HTTP Server...

7.5CVSS6.5AI score0.01094EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/07/10 4:55 p.m.•5 views

CVE-2024-47252

Insufficient escaping of user-supplied data in modssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to log variables...

7.5CVSS6.4AI score0.00669EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/07/10 4:54 p.m.•7 views

CVE-2024-43204

SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where modheaders is configured to modify the Content-Type request or response header with a value provided in the HTTP request...

7.5CVSS6.3AI score0.00772EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/07/10 4:53 p.m.•8 views

CVE-2024-42516

HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP...

7.5CVSS7AI score0.00679EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/07/10 3:9 p.m.•4 views

CVE-2025-46835

Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permissio...

8.5CVSS6.2AI score0.00296EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/07/10 3:6 p.m.•5 views

CVE-2025-46334

Git GUI allows you to use the Git source control management tools via a GUI. A malicious repository can ship versions of sh.exe or typical textconv filter programs such as astextplain. Due to the unfortunate design of Tcl on Windows, the search path when looking for an executable always includes...

8.6CVSS6.2AI score0.00261EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/07/10 3:2 p.m.•4 views

CVE-2025-27614

Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script e.g., Bourne shell, Perl, Python, ... supplied by the attacker by invoking...

8.6CVSS6.1AI score0.00314EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/07/10 2:58 p.m.•6 views

CVE-2025-27613

Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled...

3.6CVSS6.4AI score0.00287EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/07/10 8:4 a.m.•2 views

CVE-2025-32988

A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name SAN entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1deletestructure on an ASN.1 node it do...

8.2CVSS7.2AI score0.01185EPSS
Exploits0References15
AlpineLinux
AlpineLinux
•added 2025/07/09 4:15 p.m.•5 views

CVE-2025-53651

Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about the Jenkins controller file system in the build log...

6.3CVSS6.8AI score0.00413EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2025/07/09 4:15 p.m.•7 views

CVE-2025-53652

Jenkins Git Parameter Plugin 439.vb0e46ca14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices, allowing attackers with Item/Build permission to inject arbitrary values into Git parameters...

8.2CVSS7.2AI score0.00618EPSS
Exploits1References2
AlpineLinux
AlpineLinux
•added 2025/07/09 4:15 p.m.•6 views

CVE-2025-53650

Jenkins Credentials Binding Plugin 687.v619cb15e923f and earlier does not properly mask i.e., replace with asterisks credentials present in exception error messages that are written to the build log...

7.3CVSS7.1AI score0.00321EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2025/07/09 4:15 p.m.•7 views

CVE-2025-53653

Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores Scanner Tokens for Aqua API unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

4.3CVSS7.1AI score0.00191EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2025/07/09 1:2 a.m.•6 views

CVE-2025-7209

A vulnerability has been found in 9fans plan9port up to 9da5b44 and classified as problematic. Affected by this vulnerability is the function valuedecode in the library src/libsec/port/x509.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. Th...

5.5CVSS4.1AI score0.00199EPSS
Exploits1References7
AlpineLinux
AlpineLinux
•added 2025/07/09 12:32 a.m.•5 views

CVE-2025-7208

A vulnerability was found in 9fans plan9port up to 9da5b44. It has been classified as critical. This affects the function edump in the library /src/plan9port/src/libsec/port/x509.c. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used...

9.8CVSS5.3AI score0.00553EPSS
Exploits1References8
AlpineLinux
AlpineLinux
•added 2025/07/08 9:39 p.m.•7 views

CVE-2025-53547

Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when...

8.6CVSS7.7AI score0.00363EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2025/07/08 6:23 p.m.•6 views

CVE-2025-48384

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed CRLF. When writing a config entry, values with ...

8CVSS7.1AI score0.02775EPSS
Exploits9
AlpineLinux
AlpineLinux
•added 2025/07/08 6:23 p.m.•4 views

CVE-2025-48385

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows the server-side to...

8.6CVSS8.7AI score0.00785EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/07/08 6:23 p.m.•5 views

CVE-2025-48386

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The wincred credential helper uses a static buffer target as a unique key for storing and comparing against internal storage. This...

6.3CVSS7.5AI score0.00324EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/07/07 3:25 p.m.•16 views

CVE-2025-48367

Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19...

7.5CVSS6.5AI score0.00733EPSS
Exploits0References6
AlpineLinux
AlpineLinux
•added 2025/07/07 3:22 p.m.•10 views

CVE-2025-32023

Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. The...

7.8CVSS7.2AI score0.03877EPSS
Exploits4References7
AlpineLinux
AlpineLinux
•added 2025/07/07 2:58 p.m.•8 views

CVE-2025-6663

GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...

7.8CVSS8AI score0.00325EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/07/07 2:24 p.m.•4 views

CVE-2025-5987

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...

8.1CVSS6.3AI score0.0144EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/07/07 12:0 a.m.•3 views

CVE-2024-25177

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IRFSTORE for NULL metatable, which leads to Denial of Service DoS...

7.5CVSS6.2AI score0.00455EPSS
Exploits1References5
AlpineLinux
AlpineLinux
•added 2025/07/07 12:0 a.m.•5 views

CVE-2024-25176

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in ljstrfmtwfnum in ljstrfmtnum.c...

9.8CVSS6.6AI score0.00483EPSS
Exploits1References5
AlpineLinux
AlpineLinux
•added 2025/07/07 12:0 a.m.•7 views

CVE-2024-25178

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in ljstate.c...

9.1CVSS6.6AI score0.00536EPSS
Exploits1References5
Total number of security vulnerabilities13063