Lucene search
+L
AlpinelinuxRecent

13068 matches found

AlpineLinux
AlpineLinux
•added 2025/04/29 2:15 p.m.•12 views

CVE-2025-4085

An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability affects Firefox 138 and Thunderbird 138...

7.1CVSS6.2AI score0.00252EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2025/04/29 2:15 p.m.•4 views

CVE-2025-4086

A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected. This vulnerability affects Firefox 138 and...

6.5CVSS6.5AI score0.00244EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2025/04/29 2:15 p.m.•4 views

CVE-2025-4084

Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This bug only affects Firefox for Windows. Other versions of Firefox are unaffected. This...

5.7CVSS7.1AI score0.00344EPSS
Exploits0References5
AlpineLinux
AlpineLinux
•added 2025/04/29 2:15 p.m.•5 views

CVE-2025-4082

Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected. This vulnerability affects Firefox...

5.9CVSS6.7AI score0.00377EPSS
Exploits0References7
AlpineLinux
AlpineLinux
•added 2025/04/29 2:15 p.m.•3 views

CVE-2025-2817

Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations...

8.8CVSS6.5AI score0.00534EPSS
Exploits0References7
AlpineLinux
AlpineLinux
•added 2025/04/29 11:25 a.m.•15 views

CVE-2025-30194

When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access double-free and crash of DNSdist, causing a denial of service. The remedy is: upgrade to the patched 1.9.9 version. A...

7.5CVSS7AI score0.02068EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/04/28 4:2 p.m.•5 views

CVE-2025-43857

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is connected, a maliciou...

6.5CVSS6.7AI score0.00412EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/04/27 7:15 p.m.•42 views

CVE-2025-2866

Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation. In the affected versions of LibreOffice a flaw in the verification code for adbe.pkcs7.sha1 signatures could cause invalid signatures to be accepted as valid This...

5.5CVSS7.2AI score0.00102EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2025/04/27 12:0 a.m.•5 views

CVE-2025-46688

quickjs-ng through 0.9.0 has an incorrect size calculation in JSReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected...

8.4CVSS7.5AI score0.00287EPSS
Exploits1References6
AlpineLinux
AlpineLinux
•added 2025/04/27 12:0 a.m.•5 views

CVE-2025-46687

quickjs-ng through 0.9.0 has a missing length check in JSReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected...

7.8CVSS7.5AI score0.00262EPSS
Exploits1References6
AlpineLinux
AlpineLinux
•added 2025/04/26 12:0 a.m.•38 views

CVE-2025-46646

In Artifex Ghostscript before 10.05.0, decodeutf8 in base/gputf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954...

4.5CVSS7.8AI score0.00166EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/04/25 5:15 a.m.•5 views

CVE-2025-46599

CNCF K3s 1.32 before 1.32.4-rc1+k3s1 has a Kubernetes kubelet configuration change with the unintended consequence that, in some situations, ReadOnlyPort is set to 10255. For example, the default behavior of a K3s online installation might allow unauthenticated access to this port, exposing...

6.8CVSS7.3AI score0.00402EPSS
Exploits0References5
AlpineLinux
AlpineLinux
•added 2025/04/23 8:55 p.m.•9 views

CVE-2025-46400

In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via readarcobject function...

5.5CVSS6.6AI score0.00211EPSS
Exploits1References4
AlpineLinux
AlpineLinux
•added 2025/04/23 8:55 p.m.•9 views

CVE-2025-46399

A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via gengeitpspline function...

5.5CVSS6.3AI score0.00211EPSS
Exploits1References4
AlpineLinux
AlpineLinux
•added 2025/04/23 8:55 p.m.•7 views

CVE-2025-46398

In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via readobjects function...

5.5CVSS6.8AI score0.00236EPSS
Exploits1References4
AlpineLinux
AlpineLinux
•added 2025/04/23 8:55 p.m.•5 views

CVE-2025-46397

A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezierspline function...

7.8CVSS4.9AI score0.00267EPSS
Exploits1References8
AlpineLinux
AlpineLinux
•added 2025/04/23 5:16 p.m.•4 views

CVE-2025-2761

GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open ...

7.8CVSS7.9AI score0.01584EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2025/04/23 5:16 p.m.•3 views

CVE-2025-2760

GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

7.8CVSS8.1AI score0.07298EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2025/04/23 4:15 p.m.•6 views

CVE-2024-47829

pnpm is a package manager. Prior to version 10.0.0, the path shortening function uses the md5 function as a path shortening compression function, and if a collision occurs, it will result in the same storage path for two different libraries. Although the real names are under the package name...

6.5CVSS7.1AI score0.00204EPSS
Exploits1References1
AlpineLinux
AlpineLinux
•added 2025/04/23 3:38 p.m.•3 views

CVE-2025-21605

Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, the Redis configuration does not limit the outpu...

7.5CVSS7.6AI score0.00843EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/04/23 3:16 p.m.•4 views

CVE-2025-46393

In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packetsize is mishandled related to the rendering of all channels in an arbitrary order...

2.9CVSS7.3AI score0.00366EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2025/04/23 3:16 p.m.•4 views

CVE-2025-43965

In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used...

2.9CVSS7.2AI score0.0051EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2025/04/23 11:36 a.m.•27 views

CVE-2025-2703

The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript...

6.8CVSS6.8AI score0.13697EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/04/23 12:0 a.m.•25 views

CVE-2025-46394

In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences...

3.3CVSS7AI score0.00158EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/04/23 12:0 a.m.•21 views

CVE-2024-58251

In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv0 containing an ANSI terminal escape sequence, leading to a denial of service terminal locked up when netstat is used by a victim...

2.5CVSS6.8AI score0.00252EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/04/22 3:42 p.m.•5 views

CVE-2025-23251

NVIDIA NeMo Framework contains a vulnerability where a user could cause an improper control of generation of code by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering...

9.8CVSS8.4AI score0.00657EPSS
Exploits0References1
AlpineLinux
AlpineLinux
•added 2025/04/22 3:35 p.m.•4 views

CVE-2025-23250

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause an improper limitation of a pathname to a restricted directory by an arbitrary file write. A successful exploit of this vulnerability might lead to code execution and data tampering...

9.8CVSS7.6AI score0.00597EPSS
Exploits0References1
AlpineLinux
AlpineLinux
•added 2025/04/22 3:30 p.m.•4 views

CVE-2025-23249

NVIDIA NeMo Framework contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering...

9.8CVSS8.4AI score0.00651EPSS
Exploits0References1
AlpineLinux
AlpineLinux
•added 2025/04/22 12:0 a.m.•22 views

CVE-2024-58250

The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges...

9.3CVSS7.1AI score0.00208EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2025/04/21 4:15 p.m.•5 views

CVE-2025-32431

Traefik pronounced traffic is an HTTP reverse proxy and load balancer. In versions prior to 2.11.24, 3.3.6, and 3.4.0-rc2. There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backe...

9.3CVSS7.2AI score0.00829EPSS
Exploits0References5
AlpineLinux
AlpineLinux
•added 2025/04/21 12:15 a.m.•3 views

CVE-2025-43966

libheif before 1.19.6 has a NULL pointer dereference in ImageItemiden in image-items/iden.cc...

7.5CVSS7.3AI score0.00279EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2025/04/21 12:15 a.m.•2 views

CVE-2025-43962

In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations...

9.1CVSS7.3AI score0.0039EPSS
Exploits0References4
AlpineLinux
AlpineLinux
•added 2025/04/21 12:15 a.m.•5 views

CVE-2025-43967

libheif before 1.19.6 has a NULL pointer dereference in ImageItemGrid::getdecoder in image-items/grid.cc because a grid image can reference a nonexistent image item...

7.5CVSS7.3AI score0.00384EPSS
Exploits1References3
AlpineLinux
AlpineLinux
•added 2025/04/21 12:15 a.m.•3 views

CVE-2025-43963

In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp allows out-of-buffer access because splitcol and splitrow values are not checked in 0x041f tag processing...

9.1CVSS7.3AI score0.0039EPSS
Exploits0References4
AlpineLinux
AlpineLinux
•added 2025/04/21 12:15 a.m.•5 views

CVE-2025-43964

In LibRaw before 0.21.4, tag 0x412 processing in phaseonecorrect in decoders/loadmfbacks.cpp does not enforce minimum w0 and w1 values...

9.8CVSS7.3AI score0.00368EPSS
Exploits0References4
AlpineLinux
AlpineLinux
•added 2025/04/21 12:15 a.m.•2 views

CVE-2025-43961

In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser...

9.1CVSS7.2AI score0.0039EPSS
Exploits0References4
AlpineLinux
AlpineLinux
•added 2025/04/20 3:15 a.m.•3 views

CVE-2025-43929

openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...

7.8CVSS9.6AI score0.00178EPSS
Exploits1References5
AlpineLinux
AlpineLinux
•added 2025/04/18 12:0 a.m.•25 views

CVE-2025-43903

NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries...

4.3CVSS7AI score0.00097EPSS
Exploits0References1
AlpineLinux
AlpineLinux
•added 2025/04/17 12:0 a.m.•49 views

CVE-2025-32415

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used...

7.5CVSS7.2AI score0.00559EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2025/04/16 9:34 p.m.•10 views

CVE-2025-32433

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in SSH protocol message handling, a malicious actor...

10CVSS8.4AI score0.98594EPSS
Exploits36
AlpineLinux
AlpineLinux
•added 2025/04/16 8:57 p.m.•38 views

CVE-2025-3619

Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS7.2AI score0.00367EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/04/16 6:16 p.m.•5 views

CVE-2025-2291

Password can be used past expiry in PgBouncer due to authquery not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password...

9.8CVSS7.3AI score0.00347EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2025/04/16 4:15 p.m.•4 views

CVE-2024-58249

In wxWidgets before 3.2.7, a crash can be triggered in wxWidgets apps when connections are refused in wxWebRequestCURL...

3.7CVSS7.3AI score0.00499EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2025/04/15 11:25 p.m.•5 views

CVE-2025-30215

NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11.1, the management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially expose...

9.6CVSS6.8AI score0.00583EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/04/15 10:19 p.m.•6 views

CVE-2025-32435

Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially access secrets that are accessible by the hydra user/group. This should not affect the signing keys, that are owned by the hydra-queue-runner and hydra-www users...

2.6CVSS7.1AI score0.00292EPSS
Exploits0References4
AlpineLinux
AlpineLinux
•added 2025/04/15 9:16 p.m.•7 views

CVE-2025-31499

Jellyfin is an open source self hosted media server. Versions before 10.10.7 are vulnerable to argument injection in FFmpeg. This can be leveraged to possibly achieve remote code execution by anyone with credentials to a low-privileged user. This vulnerability was previously reported in...

8.8CVSS8.7AI score0.01251EPSS
Exploits1References2
AlpineLinux
AlpineLinux
•added 2025/04/15 8:31 p.m.•8 views

CVE-2025-30698

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK: 17.0.14, 21.0.6, 24; Oracle...

5.6CVSS6.4AI score0.0059EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/04/15 8:31 p.m.•6 views

CVE-2025-30691

Vulnerability in Oracle Java SE component: Compiler. Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java...

4.8CVSS6AI score0.00561EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/04/15 8:30 p.m.•6 views

CVE-2025-21587

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE:8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK:17.0.14, 21.0.6, 24; Oracle...

7.4CVSS7AI score0.00784EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/04/15 8:15 p.m.•8 views

CVE-2025-32012

Jellyfin is an open source self hosted media server. In versions 10.9.0 to before 10.10.7, the /System/Restart endpoint provides administrators the ability to restart their Jellyfin server. This endpoint is intended to be admins-only, but it also authorizes requests from any device in the same...

8.2CVSS8AI score0.007EPSS
Exploits0References2
Total number of security vulnerabilities13068