Lucene search
+L
AlpinelinuxRecent

13068 matches found

AlpineLinux
AlpineLinux
•added 2025/05/16 3:45 p.m.•1 views

CVE-2025-32245

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup Apollo allows SQL Injection. This issue affects Apollo: from n/a through 3.6.3...

8.5CVSS8AI score0.00107EPSS
Exploits0References1
AlpineLinux
AlpineLinux
•added 2025/05/16 3:15 p.m.•4 views

CVE-2025-4478

A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference...

7.1CVSS6.5AI score0.00433EPSS
Exploits0References4
AlpineLinux
AlpineLinux
•added 2025/05/16 1:3 p.m.•4 views

CVE-2025-40907

FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 aka fcgi library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow and resultant heap-based buffer overflow via crafted nameLen or valueLen values in data to the IPC...

9.3CVSS7.6AI score0.00566EPSS
Exploits1References6
AlpineLinux
AlpineLinux
•added 2025/05/16 12:0 a.m.•42 views

CVE-2025-48174

In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream-offset+size...

9.1CVSS7.9AI score0.00311EPSS
Exploits0References5
AlpineLinux
AlpineLinux
•added 2025/05/16 12:0 a.m.•49 views

CVE-2025-48175

In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes...

6.5CVSS7.3AI score0.0028EPSS
Exploits1References4
AlpineLinux
AlpineLinux
•added 2025/05/15 1:29 p.m.•16 views

CVE-2025-4516

There is an issue in CPython when using bytes.decode"unicodeescape", error="ignore|replace". If you are not using the "unicodeescape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode call in ...

5.9CVSS6.9AI score0.00177EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/05/14 10:59 p.m.•8 views

CVE-2025-46836

net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities like ifconfig from the net-tools package do not properly validate the structure of /proc files when...

6.6CVSS8.1AI score0.00165EPSS
Exploits0References5
AlpineLinux
AlpineLinux
•added 2025/05/14 8:35 p.m.•5 views

CVE-2025-47887

Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password...

4.3CVSS7AI score0.00292EPSS
Exploits0References1
AlpineLinux
AlpineLinux
•added 2025/05/14 8:35 p.m.•4 views

CVE-2025-47886

A cross-site request forgery CSRF vulnerability in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a740ba48 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password...

4.3CVSS7.2AI score0.00224EPSS
Exploits0References1
AlpineLinux
AlpineLinux
•added 2025/05/14 8:35 p.m.•6 views

CVE-2025-47885

Jenkins Health Advisor by CloudBees Plugin 374.v194bd4f0c8c8 and earlier does not escape responses from the Jenkins Health Advisor server, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control Jenkins Health Advisor server responses...

8.8CVSS5.8AI score0.00495EPSS
Exploits0References1
AlpineLinux
AlpineLinux
•added 2025/05/14 8:35 p.m.•4 views

CVE-2025-47884

In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden values of environment variables, in conjunction with certain other plugins allowing attackers able to configure jobs to craft a build ID Token that impersonates a...

9.1CVSS7.1AI score0.00609EPSS
Exploits0References1
AlpineLinux
AlpineLinux
•added 2025/05/14 5:41 p.m.•13 views

CVE-2025-4664

Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

4.3CVSS6.4AI score0.05438EPSS
Exploits2
AlpineLinux
AlpineLinux
•added 2025/05/14 5:15 p.m.•8 views

CVE-2025-3909

Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened,...

6.5CVSS7.1AI score0.00378EPSS
Exploits0References4
AlpineLinux
AlpineLinux
•added 2025/05/14 5:15 p.m.•2 views

CVE-2025-3875

Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an invalid value "Spoofed Name ", Thunderbird treats [email protected] as the actual address. This vulnerability affects...

7.5CVSS6.8AI score0.00333EPSS
Exploits0References4
AlpineLinux
AlpineLinux
•added 2025/05/14 5:15 p.m.•3 views

CVE-2025-3932

It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web...

6.5CVSS7AI score0.00327EPSS
Exploits0References4
AlpineLinux
AlpineLinux
•added 2025/05/14 1:11 p.m.•7 views

CVE-2025-47436

Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory...

9.8CVSS7.4AI score0.00476EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2025/05/13 9:39 p.m.•13 views

CVE-2025-26646

External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network...

8CVSS7.3AI score0.011EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/05/13 9:3 p.m.•12 views

CVE-2024-45332

Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...

5.7CVSS6.2AI score0.00253EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/05/13 9:3 p.m.•5 views

CVE-2024-43420

Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel AtomR processors may allow an authenticated user to potentially enable information disclosure via local access...

5.7CVSS6.2AI score0.00147EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/05/13 9:2 p.m.•4 views

CVE-2024-28956

Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...

5.7CVSS6.4AI score0.00371EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/05/13 9:2 p.m.•7 views

CVE-2025-24495

Incorrect initialization of resource in the branch prediction unit for some IntelR Coreâ„¢ Ultra Processors may allow an authenticated user to potentially enable information disclosure via local access...

6.8CVSS6.3AI score0.00169EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/05/13 9:2 p.m.•6 views

CVE-2025-20623

Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some IntelR Coreâ„¢ processors 10th Generation may allow an authenticated user to potentially enable information disclosure via local access...

5.7CVSS6.2AI score0.00147EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/05/13 9:2 p.m.•5 views

CVE-2025-20103

Insufficient resource pool in the core management mechanism for some IntelR Processors may allow an authenticated user to potentially enable denial of service via local access...

6.5CVSS6.5AI score0.00142EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/05/13 9:1 p.m.•5 views

CVE-2025-20054

Uncaught exception in the core management mechanism for some IntelR Processors may allow an authenticated user to potentially enable denial of service via local access...

6.8CVSS6.5AI score0.00142EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/05/13 9:1 p.m.•6 views

CVE-2025-20012

Incorrect behavior order for some IntelR Coreâ„¢ Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access...

4.9CVSS6.5AI score0.00203EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/05/13 6:15 p.m.•8 views

CVE-2025-43547

Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS7.7AI score0.00235EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/05/13 6:15 p.m.•9 views

CVE-2025-43546

Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Integer Underflow Wrap or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS7.8AI score0.00273EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/05/13 6:15 p.m.•10 views

CVE-2025-43545

Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS7.6AI score0.00273EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/05/12 3:8 a.m.•9 views

CVE-2025-4558

The GPM from WormHole Tech has an Unverified Password Change vulnerability, allowing unauthenticated remote attackers to change any user's password and use the modified password to log into the system...

9.8CVSS9.8AI score0.00446EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2025/05/08 7:26 p.m.•10 views

CVE-2025-46712

Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 for OTP-27, OTP-26.2.5.12 for OTP-26, and OTP-25.3.2.21 for OTP-25, Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This...

3.7CVSS6.8AI score0.0046EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/05/08 2:22 p.m.•5 views

CVE-2025-4207

Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13,...

5.9CVSS7.2AI score0.00637EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/05/08 12:0 a.m.•9 views

CVE-2025-32873

An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.striptags function is vulnerable to a potential denial-of-service slow performance when processing inputs containing large sequences of incomplete HTML tags. The template filter...

5.3CVSS7.1AI score0.14243EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/05/07 4:12 p.m.•4 views

CVE-2025-46551

JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. Starting in JRuby-OpenSSL version 0.12.1 and prior to version 0.15.4 corresponding to JRuby versions starting in 9.3.4.0 prior to 9.4.12.1 and 10.0.0.0 prior to 10.0.0.1, when verifying SSL certificates,...

7.1CVSS6.8AI score0.0016EPSS
Exploits1References2
AlpineLinux
AlpineLinux
•added 2025/05/07 3:12 p.m.•13 views

CVE-2024-47619

syslog-ng is an enhanced log daemo. Prior to version 4.8.2, tlswildcardmatch matches on certificates such as foo..bar although that is not allowed. It is also possible to pass partial wildcards such as foo.ac.bar which glib matches but should be avoided / invalidated. This issue could have an...

7.5CVSS7.3AI score0.0031EPSS
Exploits1References5
AlpineLinux
AlpineLinux
•added 2025/05/07 12:0 a.m.•3 views

CVE-2025-47203

dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used...

4.5CVSS7.7AI score0.00581EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/05/06 8:15 p.m.•3 views

CVE-2025-47256

Libxmp through 4.6.2 has a stack-based buffer overflow in depackpha in loaders/prowizard/pha.c via a malformed Pha format tracker module in a .mod file...

5.6CVSS7.8AI score0.00257EPSS
Exploits1References3
AlpineLinux
AlpineLinux
•added 2025/05/05 6:10 p.m.•69 views

CVE-2025-4052

Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...

9.8CVSS6.5AI score0.0058EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/05/05 6:10 p.m.•23 views

CVE-2025-4051

Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...

6.3CVSS6.5AI score0.00296EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/05/05 12:0 a.m.•23 views

CVE-2025-47268

ping in iputils before 20250602 allows a denial of service application error or incorrect data collection via a crafted ICMP Echo Reply packet, because of a signed 64-bit integer overflow in timestamp multiplication...

6.5CVSS6.5AI score0.01455EPSS
Exploits1References6
AlpineLinux
AlpineLinux
•added 2025/05/03 4:15 p.m.•5 views

CVE-2024-58134

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default. These predictable default secrets can be exploited by an attacker to forge session cookies. An attacker who knows or guesses the secret could compute...

8.1CVSS6.4AI score0.00459EPSS
Exploits1References11
AlpineLinux
AlpineLinux
•added 2025/05/03 11:15 a.m.•4 views

CVE-2024-58135

Mojolicious versions from 7.28 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand function, and...

5.3CVSS6.2AI score0.00473EPSS
Exploits1References10
AlpineLinux
AlpineLinux
•added 2025/05/02 2:57 p.m.•9 views

CVE-2025-4166

Vault Community and Vault Enterprise Key/Value kv Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vulnerability, identified as CVE-2025-4166, is...

6.5CVSS6.8AI score0.00335EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/04/29 2:15 p.m.•4 views

CVE-2025-4091

Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 13...

8.1CVSS7.7AI score0.00415EPSS
Exploits0References6
AlpineLinux
AlpineLinux
•added 2025/04/29 2:15 p.m.•3 views

CVE-2025-4088

A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability affects Firefox 1...

6.5CVSS6.7AI score0.00153EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2025/04/29 2:15 p.m.•2 views

CVE-2025-4093

Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR 128.10 and Thunderbird 128.10...

8.1CVSS7.4AI score0.00403EPSS
Exploits0References4
AlpineLinux
AlpineLinux
•added 2025/04/29 2:15 p.m.•5 views

CVE-2025-4083

A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability affects Firefox 138, Firefox ESR...

9.1CVSS6.8AI score0.00376EPSS
Exploits0References7
AlpineLinux
AlpineLinux
•added 2025/04/29 2:15 p.m.•17 views

CVE-2025-4090

A vulnerability existed in Thunderbird for Android where potentially sensitive library locations were logged via Logcat. This vulnerability affects Firefox 138 and Thunderbird 138...

5.3CVSS6.6AI score0.00274EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2025/04/29 2:15 p.m.•5 views

CVE-2025-4089

Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability affects Firefox 138 and Thunderbird 138...

5.1CVSS6.9AI score0.00155EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2025/04/29 2:15 p.m.•6 views

CVE-2025-4092

Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 138 and Thunderbird 138...

6.5CVSS7.7AI score0.00256EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2025/04/29 2:15 p.m.•7 views

CVE-2025-4087

A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability affects Firefox 138, Firefox ESR 128.10,...

4.8CVSS6.3AI score0.00264EPSS
Exploits0References6
Total number of security vulnerabilities13068