Lucene search
+L
AlpinelinuxRecent

13068 matches found

AlpineLinux
AlpineLinux
added 2025/05/27 1:15 p.m.5 views

CVE-2025-5272

Memory safety bugs present in Firefox 138 and Thunderbird 138. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 139 and Thunderbird 139...

7.3CVSS7.7AI score0.00274EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/05/27 1:15 p.m.3 views

CVE-2025-5269

Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR 128.11 and Thunderbird 128.11...

8.1CVSS7.4AI score0.0039EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2025/05/27 1:15 p.m.0 views

CVE-2025-5266

Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11...

4.3CVSS6.2AI score0.00275EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2025/05/27 1:15 p.m.4 views

CVE-2025-5270

In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This vulnerability affects Firefox 139 and Thunderbird 139...

7.5CVSS6.6AI score0.00241EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/05/27 1:15 p.m.3 views

CVE-2025-5264

Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability affects Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbir...

4.8CVSS6.8AI score0.00238EPSS
Exploits0References8
AlpineLinux
AlpineLinux
added 2025/05/27 1:15 p.m.2 views

CVE-2025-5263

Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability affects Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11...

4.3CVSS6.6AI score0.00213EPSS
Exploits0References8
AlpineLinux
AlpineLinux
added 2025/05/27 1:15 p.m.3 views

CVE-2025-5268

Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox...

8.1CVSS7.7AI score0.00412EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2025/05/27 1:15 p.m.7 views

CVE-2025-5271

Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability affects Firefox 139 and Thunderbird 139...

6.5CVSS6.8AI score0.00257EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/05/27 1:15 p.m.5 views

CVE-2025-5265

Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This bug only affects Firefox for Windows. Other versions of Firefox are unaffected. Thi...

4.8CVSS6.9AI score0.00142EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2025/05/27 1:15 p.m.4 views

CVE-2025-5267

A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability affects Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11...

5.4CVSS6.4AI score0.00227EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2025/05/27 1:15 p.m.5 views

CVE-2025-5262

A double-free could have occurred in vpxcodecencinitmulti after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 139 and Thunderbird 128.11...

7.5CVSS6.7AI score0.00375EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2025/05/27 1:0 p.m.13 views

CVE-2025-5244

A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elfgcsweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed...

7.8CVSS7.1AI score0.00235EPSS
Exploits1References9
AlpineLinux
AlpineLinux
added 2025/05/26 9:15 p.m.6 views

CVE-2025-5204

A vulnerability classified as problematic has been found in Open Asset Import Library Assimp 5.4.3. This affects the function MDLImporter::ParseSkinLump3DGSMDL7 of the file assimp/code/AssetLib/MDL/MDLMaterialLoader.cpp. The manipulation leads to out-of-bounds read. Attacking locally is a...

7.8CVSS7.3AI score0.00221EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2025/05/26 8:15 p.m.4 views

CVE-2025-5203

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been rated as problematic. Affected by this issue is the function SkipSpaces in the library assimp/include/assimp/ParsingUtils.h. The manipulation leads to out-of-bounds read. Local access is required to approach this...

7.8CVSS7.3AI score0.00221EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2025/05/26 8:15 p.m.10 views

CVE-2025-5202

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been declared as problematic. Affected by this vulnerability is the function HL1MDLLoader::validateheader of the file assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to out-of-bounds read. An...

7.8CVSS7.3AI score0.00221EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2025/05/26 7:15 p.m.7 views

CVE-2025-5201

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function LWOImporter::CountVertsAndFacesLWO2 of the file assimp/code/AssetLib/LWO/LWOLoader.cpp. The manipulation leads to out-of-bounds read. The attack needs to be...

7.8CVSS7.3AI score0.00221EPSS
Exploits1References7
AlpineLinux
AlpineLinux
added 2025/05/26 7:15 p.m.6 views

CVE-2025-5200

A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDLImporter::InternReadFileQuake1 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation leads to out-of-bounds read. It is possible to launch the attac...

7.8CVSS7.2AI score0.00221EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2025/05/26 3:18 p.m.14 views

CVE-2025-23395

Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with root ownership, the invoking user's real group ownership and file mode 0644. All data written to the...

7.8CVSS6.6AI score0.00201EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/05/26 3:10 p.m.18 views

CVE-2025-46802

For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session...

6CVSS5.9AI score0.00188EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/05/26 3:6 p.m.16 views

CVE-2025-46803

The default mode of pseudo terminals PTYs allocated by Screen was changed from 0620 to 0622, thereby allowing anyone to write to any Screen PTYs in the system...

5.1CVSS5.1AI score0.00201EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/05/26 1:31 p.m.12 views

CVE-2025-46804

A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available. Affected are older Screen versions, as well as version 5.0.0...

3.3CVSS4AI score0.00213EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/05/26 1:16 p.m.11 views

CVE-2025-46805

Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root...

5.7CVSS5.4AI score0.00167EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/05/26 5:15 a.m.6 views

CVE-2025-5169

A vulnerability classified as problematic has been found in Open Asset Import Library Assimp 5.4.3. This affects the function MDLImporter::InternReadFile3DGSMDL345 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation leads to out-of-bounds read. Local access is required to approac...

5.5CVSS7.3AI score0.00208EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2025/05/26 4:15 a.m.3 views

CVE-2025-5168

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been rated as problematic. Affected by this issue is the function MDLImporter::ImportUVCoordinate3DGSMDL345 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the argument iIndex leads to out-of-bound...

5.5CVSS7.3AI score0.00208EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2025/05/26 4:15 a.m.5 views

CVE-2025-5167

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been declared as problematic. Affected by this vulnerability is the function LWOImporter::GetS0 in the library assimp/code/AssetLib/LWO/LWOLoader.h. The manipulation of the argument out leads to out-of-bounds read. The...

5.5CVSS7.3AI score0.00208EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2025/05/26 4:15 a.m.5 views

CVE-2025-5166

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as problematic. Affected is the function MDCImporter::InternReadFile of the file assimp/code/AssetLib/MDC/MDCLoader.cpp of the component MDC File Parser. The manipulation of the argument pcVerts leads to...

5.5CVSS7.2AI score0.00208EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2025/05/26 3:15 a.m.4 views

CVE-2025-5165

A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function MDCImporter::ValidateSurfaceHeader of the file assimp/code/AssetLib/MDC/MDCLoader.cpp. The manipulation of the argument pcSurface2 leads to out-of-bounds read...

5.5CVSS7.3AI score0.00208EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2025/05/23 4:15 p.m.8 views

CVE-2023-53154

parsestring in cJSON before 1.7.18 has a heap-based buffer over-read via "1":1, with no trailing newline if cJSONParseWithLength is called...

5.5CVSS6.5AI score0.00219EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2025/05/23 2:15 p.m.37 views

CVE-2025-3580

An access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server administrator account. This vulnerability exists in the DELETE /api/org/users/ endpoint. The vulnerability can be exploited when: 1. An Organization administrator...

5.5CVSS7.2AI score0.00378EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/05/23 1:15 p.m.4 views

CVE-2025-31049

Deserialization of Untrusted Data vulnerability in themeton Dash allows Object Injection. This issue affects Dash: from n/a through 1.3...

9.8CVSS9.6AI score0.00507EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/05/23 4:15 a.m.11 views

CVE-2025-48708

gslibctxstashsanitizedarg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the case. A created PDF document includes its password in cleartext...

4CVSS4.5AI score0.00276EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/05/22 4:56 p.m.11 views

CVE-2025-47780

Asterisk is an open-source private branch exchange PBX. Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface CLI by configuring...

7.8CVSS7.2AI score0.00226EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2025/05/22 4:54 p.m.22 views

CVE-2025-47779

Asterisk is an open-source private branch exchange PBX. Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE RFC 3428 authentication do not get proper alignment. An authenticated attacker...

7.7CVSS7.7AI score0.00438EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2025/05/22 2:16 p.m.8 views

CVE-2023-47466

TagLib before 2.0 allows a segmentation violation and application crash during tag writing via a crafted WAV file in which an id3 chunk is the only valid chunk...

7.1CVSS7.2AI score0.00257EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 2025/05/22 1:36 p.m.86 views

CVE-2025-4575

Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate. Impact summary: If a user intends to make a trusted certificate rejected for a particular use it will be instead marked as trusted for that use. A copy & paste...

6.5CVSS6.7AI score0.00306EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/05/22 10:15 a.m.15 views

CVE-2025-4280

MacOS version of Poedit bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the...

4.8CVSS7.4AI score0.00148EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2025/05/22 8:15 a.m.5 views

CVE-2025-4123

A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permission...

7.6CVSS5.8AI score0.97999EPSS
Exploits6References2
AlpineLinux
AlpineLinux
added 2025/05/22 12:57 a.m.5 views

CVE-2025-2759

GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of GStreamer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

7.8CVSS7.6AI score0.00117EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/05/22 12:47 a.m.6 views

CVE-2025-3887

GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may...

8.8CVSS8.1AI score0.00734EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/05/21 6:15 p.m.3 views

CVE-2025-5020

Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox iOS client This vulnerability affects Firefox for iOS 139...

4.3CVSS6.6AI score0.00198EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/05/21 6:15 p.m.19 views

CVE-2025-47291

containerd is an open-source container runtime. A bug was found in the containerd's CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn't put usernamespaced containers under the Kubernetes' cgroup hierarchy, therefore some Kubernetes limits are not...

7.5CVSS7.1AI score0.00242EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/05/21 5:32 p.m.8 views

CVE-2025-48060

jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function jvstringvfmt in the jqfuzzexecute harness from oss-fuzz. This crash happens on file jv.c, line 1456 void p = mallocsz;. As of time of publication, no patched versions are...

8.7CVSS6.6AI score0.00446EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2025/05/21 2:34 p.m.10 views

CVE-2024-23337

jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue...

6.5CVSS7.2AI score0.00354EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2025/05/21 12:35 p.m.23 views

CVE-2025-40775

When an incoming DNS protocol message includes a Transaction Signature TSIG, BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7...

7.5CVSS7.6AI score0.12301EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/05/20 6:25 p.m.10 views

CVE-2025-47290

containerd is a container runtime. A time-of-check to time-of-use TOCTOU vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. The only affected version of containerd is 2.1.0...

9.4CVSS6.8AI score0.00435EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/05/20 11:17 a.m.20 views

CVE-2025-30193

In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a TCP exchange that triggers an exhaustion of the stack and a crash of DNSdist, causing a denial of...

7.5CVSS7.6AI score0.00587EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/05/19 1:25 a.m.5 views

CVE-2025-23166

The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...

7.5CVSS6.8AI score0.00763EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/05/19 1:25 a.m.4 views

CVE-2025-23165

In Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uvfss.file: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory...

3.7CVSS6.9AI score0.0048EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/05/17 10:15 p.m.3 views

CVE-2025-4918

An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object. This vulnerability affects Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2...

9.8CVSS6.4AI score0.08947EPSS
Exploits1References10
AlpineLinux
AlpineLinux
added 2025/05/17 10:15 p.m.3 views

CVE-2025-4919

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2...

8.8CVSS6.4AI score0.06247EPSS
Exploits0References8
Total number of security vulnerabilities13068