Lucene search
+L
AlpinelinuxRecent

13063 matches found

AlpineLinux
AlpineLinux
•added 2025/06/09 8:15 p.m.•4 views

CVE-2025-5915

A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber LZSS window. This means the library may attempt to read beyond the allocated memory buffer, which can...

6.6CVSS6.9AI score0.00163EPSS
Exploits0References4
AlpineLinux
AlpineLinux
•added 2025/06/09 5:57 p.m.•3 views

CVE-2024-47081

Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be...

5.3CVSS7.2AI score0.00845EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2025/06/07 7:49 a.m.•13 views

CVE-2025-5399

Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS...

7.5CVSS6.3AI score0.01287EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2025/06/06 7:15 p.m.•3 views

CVE-2025-5473

GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

8.8CVSS8.1AI score0.11066EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2025/06/06 6:15 p.m.•6 views

CVE-2025-47950

CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service DoS vulnerability exists in the CoreDNS DNS-over-QUIC DoQ server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any limits on the number of...

7.5CVSS7.3AI score0.01132EPSS
Exploits0References5
AlpineLinux
AlpineLinux
•added 2025/06/06 1:32 p.m.•2 views

CVE-2025-5806

Jenkins Gatling Plugin 136.vb9009b3d33ae serves Gatling reports in a manner that bypasses the Content-Security-Policy protection introduced in Jenkins 1.641 and 1.625, resulting in a cross-site scripting XSS vulnerability exploitable by users able to change report content...

8CVSS5.9AI score0.0046EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2025/06/06 1:10 p.m.•48 views

CVE-2025-0620

A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again...

4.9CVSS6.4AI score0.00616EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/06/05 11:57 a.m.•9 views

CVE-2011-10007

File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep encounters a crafted filename. A file handle is opened with the 2 argument form of open allowing an attacker controlled filename to provide the MODE parameter to open, turning the filename into a command to...

8.8CVSS7.7AI score0.00762EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/06/05 12:0 a.m.•2 views

CVE-2025-49466

aerc before 93bec0d allows directory traversal in commands/msgview/open.go because of direct path concatenation of the name of an attachment part,...

5.8CVSS7.3AI score0.00592EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/06/05 12:0 a.m.•66 views

CVE-2025-48432

An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are...

5.3CVSS4.9AI score0.00629EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/06/04 8:15 p.m.•3 views

CVE-2025-48934

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to versions 2.1.13 and 2.2.13, the Deno.env.toObject method ignores any variables listed in the --deny-env option of the deno run command. When looking at the documentation of the --deny-env option this might lead to a false...

6.9CVSS7.3AI score0.00359EPSS
Exploits1References6
AlpineLinux
AlpineLinux
•added 2025/06/04 7:15 p.m.•3 views

CVE-2025-48888

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.41.3 and prior to versions 2.1.13, 2.2.13, and 2.3.2, deno run --allow-read --deny-read main.ts results in allowed, even though 'deny' should be stronger. The result is the same with all global unary permissions give...

6.9CVSS7.2AI score0.00342EPSS
Exploits1References6
AlpineLinux
AlpineLinux
•added 2025/06/04 10:30 a.m.•4 views

CVE-2025-5601

Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file...

7.8CVSS7.6AI score0.00297EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2025/06/03 11:15 p.m.•6 views

CVE-2025-24015

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions 1.46.0 through 2.1.6 have an issue that affects AES-256-GCM and AES-128-GCM in Deno in which the authentication tag is not being validated. This means tampered ciphertexts or incorrect keys might not be detected, which breaks the...

8.7CVSS7.3AI score0.0024EPSS
Exploits1References4
AlpineLinux
AlpineLinux
•added 2025/06/03 12:59 p.m.•9 views

CVE-2024-12718

Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

5.3CVSS7.8AI score0.00637EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2025/06/03 12:59 p.m.•13 views

CVE-2025-4138

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

7.5CVSS8.5AI score0.01149EPSS
Exploits7
AlpineLinux
AlpineLinux
•added 2025/06/03 12:58 p.m.•8 views

CVE-2025-4330

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...

7.5CVSS8.2AI score0.00805EPSS
Exploits2
AlpineLinux
AlpineLinux
•added 2025/06/03 12:58 p.m.•15 views

CVE-2025-4517

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...

9.4CVSS7.7AI score0.01227EPSS
Exploits11
AlpineLinux
AlpineLinux
•added 2025/06/02 11:36 p.m.•5 views

CVE-2025-5419

Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.1AI score0.0645EPSS
Exploits3
AlpineLinux
AlpineLinux
•added 2025/06/02 11:36 p.m.•5 views

CVE-2025-5068

Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS7.4AI score0.02707EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/06/02 1:15 p.m.•2 views

CVE-2025-46806

A Use of Out-of-range Pointer Offset vulnerability in sslh leads to denial of service on some architectures.This issue affects sslh before 2.2.4...

6.9CVSS7.2AI score0.00404EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2025/06/02 12:15 p.m.•7 views

CVE-2025-46807

A Allocation of Resources Without Limits or Throttling vulnerability in sslh allows attackers to easily exhaust the file descriptors in sslh and deny legitimate users service.This issue affects sslh before 2.2.4...

8.7CVSS7.2AI score0.00393EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2025/06/02 10:34 a.m.•51 views

CVE-2025-3454

This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...

5CVSS5.4AI score0.00414EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/06/02 10:6 a.m.•39 views

CVE-2025-3260

A security vulnerability in the /apis/dashboard.grafana.app/ endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions v0alpha1, v1alpha1, v2alpha1. Impact: - Viewers can view all dashboards/folders regardless of permissions -...

8.3CVSS8.2AI score0.00501EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/06/02 12:0 a.m.•9 views

CVE-2025-49112

setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev-size - prev-used...

3.1CVSS7.4AI score0.00199EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2025/06/01 1:41 p.m.•4 views

CVE-2025-40908

YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified...

9.1CVSS9.2AI score0.00368EPSS
Exploits1References3
AlpineLinux
AlpineLinux
•added 2025/05/30 7:40 p.m.•7 views

CVE-2025-48949

Navidrome is an open source web-based music collection server and streamer. Versions 0.55.0 through 0.55.2 have a vulnerability due to improper input validation on the role parameter within the API endpoint /api/artist. Attackers can exploit this flaw to inject arbitrary SQL queries, potentially...

9.8CVSS7.7AI score0.00423EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/05/30 7:25 p.m.•8 views

CVE-2025-48948

Navidrome is an open source web-based music collection server and streamer. A permission verification flaw in versions prior to 0.56.0 allows any authenticated regular user to bypass authorization checks and perform administrator-only transcoding configuration operations, including creating,...

8.7CVSS7AI score0.00398EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2025/05/30 12:20 p.m.•11 views

CVE-2025-40909

Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any...

5.9CVSS6AI score0.0037EPSS
Exploits0References18
AlpineLinux
AlpineLinux
•added 2025/05/30 4:15 a.m.•3 views

CVE-2025-47952

Traefik pronounced traffic is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a...

9.1CVSS7.1AI score0.00784EPSS
Exploits0References4
AlpineLinux
AlpineLinux
•added 2025/05/30 1:16 a.m.•15 views

CVE-2024-12224

Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname...

8.8CVSS6.1AI score0.00201EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2025/05/29 9:7 a.m.•9 views

CVE-2025-27151

Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlenfilepath when copying a user-supplied file path into a fixed-size stack buffer. This allo...

9.8CVSS5.7AI score0.00797EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/05/28 5:8 p.m.•6 views

CVE-2025-32803

In some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8...

4CVSS4.5AI score0.00212EPSS
Exploits0References1
AlpineLinux
AlpineLinux
•added 2025/05/28 5:8 p.m.•10 views

CVE-2025-32802

Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions...

6.1CVSS6.4AI score0.00195EPSS
Exploits0References1
AlpineLinux
AlpineLinux
•added 2025/05/28 5:3 p.m.•8 views

CVE-2025-32801

Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through...

7.8CVSS7.7AI score0.00233EPSS
Exploits0References1
AlpineLinux
AlpineLinux
•added 2025/05/28 6:29 a.m.•18 views

CVE-2025-5025

libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC...

4.8CVSS7AI score0.00253EPSS
Exploits2
AlpineLinux
AlpineLinux
•added 2025/05/28 6:29 a.m.•24 views

CVE-2025-4947

libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks...

6.5CVSS6.9AI score0.00248EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2025/05/27 8:51 p.m.•4 views

CVE-2025-5222

A stack buffer overflow was found in Internationl components for unicode ICU . While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution...

7CVSS7.4AI score0.00304EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/05/27 8:43 p.m.•6 views

CVE-2025-5283

Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

5.4CVSS7.1AI score0.00513EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/05/27 8:43 p.m.•6 views

CVE-2025-5281

Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially obtain user information via a crafted HTML page. Chromium security severity: Medium...

5.4CVSS6AI score0.00188EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/05/27 8:43 p.m.•31 views

CVE-2025-5064

Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.4CVSS6AI score0.00322EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/05/27 8:43 p.m.•7 views

CVE-2025-5065

Inappropriate implementation in FileSystemAccess API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS6.7AI score0.00406EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/05/27 8:43 p.m.•7 views

CVE-2025-5063

Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS9.1AI score0.03073EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/05/27 5:15 p.m.•5 views

CVE-2025-48057

Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate function can be tricked into incorrectly treating certificates as vali...

9.8CVSS7.1AI score0.00429EPSS
Exploits0References6
AlpineLinux
AlpineLinux
•added 2025/05/27 2:31 p.m.•16 views

CVE-2025-5245

A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debugtypesamep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been...

7.8CVSS7.2AI score0.00235EPSS
Exploits1References9
AlpineLinux
AlpineLinux
•added 2025/05/27 1:15 p.m.•5 views

CVE-2025-5272

Memory safety bugs present in Firefox 138 and Thunderbird 138. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 139 and Thunderbird 139...

7.3CVSS7.7AI score0.00274EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2025/05/27 1:15 p.m.•3 views

CVE-2025-5269

Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR 128.11 and Thunderbird 128.11...

8.1CVSS7.4AI score0.0039EPSS
Exploits0References5
AlpineLinux
AlpineLinux
•added 2025/05/27 1:15 p.m.•0 views

CVE-2025-5266

Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11...

4.3CVSS6.2AI score0.00275EPSS
Exploits0References7
AlpineLinux
AlpineLinux
•added 2025/05/27 1:15 p.m.•3 views

CVE-2025-5267

A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability affects Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11...

5.4CVSS6.4AI score0.00227EPSS
Exploits0References7
AlpineLinux
AlpineLinux
•added 2025/05/27 1:15 p.m.•4 views

CVE-2025-5270

In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This vulnerability affects Firefox 139 and Thunderbird 139...

7.5CVSS6.6AI score0.00241EPSS
Exploits0References3
Total number of security vulnerabilities13063