Lucene search
+L
AlpinelinuxRecent

13063 matches found

AlpineLinux
AlpineLinux
added 2025/06/19 1:8 a.m.2 views

CVE-2025-50181

urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attemptin...

6.1CVSS5.5AI score0.00409EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2025/06/18 6:16 p.m.4 views

CVE-2025-6191

Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

8.8CVSS7AI score0.09224EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/06/18 6:16 p.m.6 views

CVE-2025-6192

Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.2AI score0.00448EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/06/18 5:15 p.m.4 views

CVE-2025-20234

A vulnerability in Universal Disk Format UDF processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability...

7.5CVSS7.3AI score0.00663EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/06/18 5:8 p.m.7 views

CVE-2025-20260

A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service DoS condition, or execute arbitrary code on an affected device. This vulnerability exists because memory buffers are allocated...

9.8CVSS8.8AI score0.01535EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/06/18 3:47 p.m.3 views

CVE-2025-4821

Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating ...

7.5CVSS7.5AI score0.00723EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/06/18 3:45 p.m.8 views

CVE-2025-4820

Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating ...

5.3CVSS7.2AI score0.00673EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/06/18 10:15 a.m.5 views

CVE-2025-1088

In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana. This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher...

2.7CVSS7.3AI score0.00394EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/06/17 3:0 p.m.3 views

CVE-2025-49180

A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate...

7.8CVSS6.4AI score0.00279EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/06/17 2:54 p.m.3 views

CVE-2025-49179

A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks...

7.3CVSS6.6AI score0.00285EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/06/17 2:54 p.m.5 views

CVE-2025-49178

A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service...

5.5CVSS5.4AI score0.00204EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/06/17 2:49 p.m.2 views

CVE-2025-49176

A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check...

7.3CVSS6.6AI score0.00306EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/06/17 2:49 p.m.3 views

CVE-2025-49177

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests...

6.1CVSS5.4AI score0.00369EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/06/17 2:39 p.m.4 views

CVE-2025-49175

A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash...

6.1CVSS5.4AI score0.00285EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/06/16 10:16 p.m.3 views

CVE-2025-6140

A vulnerability, which was classified as problematic, was found in spdlog up to 1.15.1. This affects the function scopedpadder in the library include/spdlog/patternformatter-inl.h. The manipulation leads to resource consumption. It is possible to launch the attack on the local host. The exploit h...

4.8CVSS7.1AI score0.00202EPSS
Exploits1References7
AlpineLinux
AlpineLinux
added 2025/06/16 3:24 p.m.2 views

CVE-2025-49794

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's...

9.1CVSS6.9AI score0.00669EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/06/16 3:24 p.m.6 views

CVE-2025-6170

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare...

2.5CVSS6.7AI score0.00202EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/06/16 3:19 p.m.1 views

CVE-2025-49795

A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service...

7.5CVSS6.8AI score0.00475EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/06/16 3:14 p.m.3 views

CVE-2025-49796

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined...

9.1CVSS6.8AI score0.01437EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/06/16 2:50 p.m.5 views

CVE-2025-4565

Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashin...

8.2CVSS7.3AI score0.00281EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/06/16 12:15 p.m.4 views

CVE-2025-6120

A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function readmeshes in the library assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to heap-based buffer overflow. It is possible to...

5.3CVSS7.3AI score0.0021EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2025/06/16 11:15 a.m.8 views

CVE-2025-6119

A vulnerability classified as critical has been found in Open Asset Import Library Assimp up to 5.4.3. Affected is the function Assimp::BVHLoader::ReadNodeChannels in the library assimp/code/AssetLib/BVH/BVHLoader.cpp. The manipulation of the argument pNode leads to use after free. Attacking...

5.3CVSS7.4AI score0.00189EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2025/06/13 3:40 p.m.7 views

CVE-2025-6052

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be writte...

7.5CVSS7.3AI score0.00419EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2025/06/13 8:15 a.m.10 views

CVE-2024-38824

Directory traversal vulnerability in recvfile method allows arbitrary files to be written to the master cache directory...

9.6CVSS7.3AI score0.00982EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/06/13 7:15 a.m.12 views

CVE-2025-22241

File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location a...

5.6CVSS7.4AI score0.00166EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/06/13 7:15 a.m.3 views

CVE-2025-22242

Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pubret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by...

5.6CVSS7.2AI score0.00122EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/06/13 7:15 a.m.8 views

CVE-2025-22238

Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory...

4.2CVSS7.2AI score0.00266EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/06/13 7:15 a.m.7 views

CVE-2025-22237

An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process...

6.7CVSS7.4AI score0.00157EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/06/13 7:15 a.m.4 views

CVE-2025-22239

Arbitrary event injection on Salt Master. The master's "minionevent" method can be used by and authorized minion to send arbitrary events onto the master's event bus...

8.1CVSS7.7AI score0.00159EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/06/13 7:15 a.m.5 views

CVE-2025-22240

Arbitrary directory creation or file deletion. In the findfile method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgtenv” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to...

6.3CVSS7.2AI score0.00143EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/06/13 7:15 a.m.3 views

CVE-2024-38825

The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication...

6.4CVSS7.4AI score0.00132EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/06/13 7:15 a.m.2 views

CVE-2024-38823

Salt's request server is vulnerable to replay attacks when not using a TLS encrypted transport...

2.7CVSS7.2AI score0.00214EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/06/13 7:15 a.m.5 views

CVE-2025-22236

Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions = 3007.0...

8.1CVSS7.4AI score0.00149EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/06/13 7:15 a.m.6 views

CVE-2024-38822

Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion...

2.7CVSS7.3AI score0.00214EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/06/13 1:8 a.m.9 views

CVE-2025-30399

Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network...

7.5CVSS7.7AI score0.0089EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/06/12 12:49 p.m.4 views

CVE-2025-6021

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input...

7.5CVSS7AI score0.01067EPSS
Exploits1References28
AlpineLinux
AlpineLinux
added 2025/06/11 5:17 p.m.9 views

CVE-2025-0913

os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with OCREATE and OEXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would...

5.5CVSS7.2AI score0.00245EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/06/11 4:42 p.m.5 views

CVE-2025-4673

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information...

6.8CVSS7.3AI score0.0056EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/06/11 4:42 p.m.6 views

CVE-2025-22874

Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon...

7.5CVSS7.3AI score0.00311EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/06/11 2:32 p.m.2 views

CVE-2025-49146

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required default value is prefer, the driver would incorrectly allow connections to proceed with authentication methods that do not support...

8.2CVSS7.6AI score0.00461EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/06/11 12:15 p.m.4 views

CVE-2025-5986

A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data e.g. using /dev/urandom on Linux or to...

6.5CVSS6.7AI score0.00466EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2025/06/11 12:15 p.m.3 views

CVE-2025-49710

An integer overflow was present in OrderedHashTable used by the JavaScript engine This vulnerability affects Firefox 139.0.4...

9.8CVSS6.9AI score0.00651EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/06/11 12:15 p.m.3 views

CVE-2025-49709

Certain canvas operations could have lead to memory corruption. This vulnerability affects Firefox 139.0.4...

9.8CVSS6.6AI score0.0058EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/06/11 2:59 a.m.6 views

CVE-2024-1244

Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an attacker in with control over the OSSEC server or in possession of the agent's key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2...

9.5CVSS8.4AI score0.00297EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/06/11 1:15 a.m.4 views

CVE-2025-49091

KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code...

8.2CVSS8.6AI score0.00551EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2025/06/10 7:46 p.m.3 views

CVE-2025-49133

Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by the Trusted Computing Group, is prone to a potential out of bounds OOB read vulnerability. The...

5.9CVSS7.6AI score0.00135EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/06/09 8:15 p.m.4 views

CVE-2025-5917

A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to...

5CVSS7.5AI score0.00165EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2025/06/09 8:15 p.m.5 views

CVE-2025-5918

A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memo...

6.6CVSS7.1AI score0.00341EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2025/06/09 8:15 p.m.4 views

CVE-2025-5916

A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive WARC file that claims to have more than INT64MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow,...

5.6CVSS7.3AI score0.00155EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2025/06/09 8:15 p.m.3 views

CVE-2025-5914

A vulnerability has been identified in the libarchive library, specifically within the archivereadformatrarseekdata function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enablin...

9.8CVSS8.2AI score0.00326EPSS
Exploits2References27
Total number of security vulnerabilities13063