Lucene search
+L
AlpinelinuxRecent

13068 matches found

AlpineLinux
AlpineLinux
added 2025/04/15 5:15 p.m.5 views

CVE-2025-32776

OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. By writing specially crafted data to the matrixcustomframe file, an attacker can cause the custom kernel driver to read more bytes than provided by user space. This data will...

5.5CVSS7AI score0.00176EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2025/04/15 3:16 p.m.4 views

CVE-2025-3522

Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user clicks the attachment. Because the URL is not validate...

6.3CVSS7.1AI score0.00258EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/04/15 3:16 p.m.4 views

CVE-2025-3523

When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the misleading hover text could trick users into downloading content from...

6.4CVSS7AI score0.00301EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/04/15 3:16 p.m.5 views

CVE-2025-2830

By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the...

6.3CVSS6.5AI score0.00337EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/04/15 1:15 p.m.5 views

CVE-2025-3608

A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability affects Firefox 137.0.2...

6.5CVSS6.8AI score0.00304EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/04/14 4:50 p.m.7 views

CVE-2025-3277

An integer overflow can be triggered in SQLite’s concatws function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size 4GB can be...

9.8CVSS8.2AI score0.00771EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/04/14 7:49 a.m.13 views

CVE-2025-31344

Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux. This vulnerability is associated with program files gif2rgb.C. This issue affects giflib: through 5.2.2...

7.3CVSS7.1AI score0.00249EPSS
Exploits0References10
AlpineLinux
AlpineLinux
added 2025/04/14 3:15 a.m.5 views

CVE-2025-3548

A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp up to 5.4.3. This issue affects the function aiString::Set in the library include/assimp/types.h of the component File Handler. The manipulation leads to heap-based buffer overflow. It is possibl...

5.3CVSS7.2AI score0.00261EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2025/04/14 3:15 a.m.8 views

CVE-2025-3549

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD3Importer::ValidateSurfaceHeaderOffsets of the file code/AssetLib/MD3/MD3Loader.cpp of the component File Handler. The manipulation leads to heap-based buffer...

5.3CVSS7.4AI score0.00262EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2025/04/13 1:16 p.m.86 views

CVE-2024-56406

A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the tr operator, Sdotransinvmap can overflow the destination...

8.4CVSS7.5AI score0.00541EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2025/04/10 9:15 p.m.9 views

CVE-2025-29918

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A PCRE rule can be written that leads to an infinite loop when negated PCRE is used. Packet processing thread becomes stuck in infinite loop limiting visibility and availability i...

6.2CVSS7.1AI score0.00254EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2025/04/10 9:15 p.m.4 views

CVE-2025-29917

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The bytes setting in the decodebase64 keyword is not properly limited. Due to this, signatures using the keyword and setting can cause large memory allocations of up to 4 GiB per...

6.2CVSS7.1AI score0.00251EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/04/10 8:15 p.m.3 views

CVE-2025-29915

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The AFPACKET defrag option is enabled by default and allows AFPACKET to re-assemble fragmented packets before reaching Suricata. However the default packet size in Suricata is bas...

7.5CVSS7.2AI score0.00259EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/04/10 8:15 p.m.5 views

CVE-2025-29916

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Datasets declared in rules have an option to specify the hashsize to use. This size setting isn't properly limited, so the hash table allocation can be large. Untrusted rules can...

6.2CVSS7AI score0.00251EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/04/10 2:15 p.m.3 views

CVE-2025-32743

In ConnMan through 1.44, the lookup string in nsresolv in dnsproxy.c can be NULL or an empty string when the TC Truncated bit is set in a DNS response. This allows attackers to cause a denial of service application crash or possibly execute arbitrary code, because those lookup values lead to...

9CVSS8.2AI score0.00482EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/04/10 11:21 a.m.6 views

CVE-2025-32755

In jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH...

9.1CVSS7.2AI score0.00466EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/04/10 11:20 a.m.2 views

CVE-2025-32754

In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SS...

9.1CVSS7.2AI score0.00466EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/04/10 12:0 a.m.12 views

CVE-2025-29088

In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3dbconfig in the C-language API can cause a denial of service application crash. An sznBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect...

5.6CVSS6.8AI score0.00192EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/04/10 12:0 a.m.9 views

CVE-2025-32728

In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding...

4.3CVSS7AI score0.00178EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2025/04/09 11:15 p.m.8 views

CVE-2025-32387

Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. This issue has been resolved in Helm v3.17.3...

6.5CVSS7.8AI score0.00459EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/04/09 11:15 p.m.7 views

CVE-2025-32386

Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed e.g., 800x difference. When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issu...

6.5CVSS7.7AI score0.00427EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/04/09 12:0 a.m.8 views

CVE-2025-32464

HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sampleconvregsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one...

6.8CVSS7.5AI score0.0072EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/04/09 12:0 a.m.6 views

CVE-2025-32460

GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call...

9.1CVSS7.4AI score0.00339EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2025/04/08 8:4 p.m.17 views

CVE-2025-22871

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext...

9.1CVSS6.6AI score0.00778EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/04/08 6:15 p.m.17 views

CVE-2025-27193

Bridge versions 14.1.5, 15.0.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS7.7AI score0.00372EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/04/08 5:24 p.m.8 views

CVE-2025-26682

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network...

7.5CVSS6.8AI score0.0154EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/04/08 4:15 p.m.5 views

CVE-2025-32026

Element Web is a Matrix web client built using the Matrix React SDK. Element Web, starting from version 1.11.16 up to version 1.11.96, can be configured to load Element Call from an external URL. Under certain conditions, the external page is able to get access to the media encryption keys used f...

3.8CVSS6.5AI score0.00154EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/04/08 1:53 p.m.7 views

CVE-2025-31498

c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed...

8.3CVSS7.4AI score0.00577EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2025/04/08 12:0 a.m.21 views

CVE-2025-32414

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters...

7.5CVSS6.9AI score0.00355EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/04/07 8:15 p.m.7 views

CVE-2025-29482

Buffer Overflow vulnerability in libheif 1.19.7 allows a local attacker to execute arbitrary code via the SAO Sample Adaptive Offset processing of libde265...

6.2CVSS7AI score0.00231EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2025/04/07 1:24 p.m.10 views

CVE-2025-30195

An attacker can publish a zone containing specific Resource Record Sets. Processing and caching results for these sets can lead to an illegal memory accesses and crash of the Recursor, causing a denial of service. The remedy is: upgrade to the patched 5.2.1 version. We would like to thank Volodym...

7.5CVSS7.1AI score0.00731EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/04/07 10:16 a.m.3 views

CVE-2025-21441

Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver...

7.8CVSS5.6AI score0.001EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/04/07 12:0 a.m.41 views

CVE-2025-29480

Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. NOTE: the Supplier indicates that the report is invalid and could not be reproduced...

5.5CVSS4.5AI score0.00214EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/04/07 12:0 a.m.34 views

CVE-2025-29087

In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string e.g., 2MB or more, an integer overflow occurs in calculating the size of the...

7.5CVSS7.7AI score0.00487EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/04/07 12:0 a.m.67 views

CVE-2025-29481

Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpfobjectinitprog function of libbpf. This has been disputed by third parties who assert that "no one in their sane mind should be passing untrusted ELF files into libbpf while running under...

6.2CVSS8.1AI score0.00232EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2025/04/05 11:15 p.m.4 views

CVE-2025-32366

In ConnMan through 1.44, parserr in dnsproxy.c has a memcpy length that depends on an RR RDLENGTH value, i.e., rdlen=ntohsrr-rdlen and memcpyresponse+offset,end,rdlen without a check for whether the sum of end and rdlen exceeds max. Consequently, rdlen may be larger than the amount of remaining...

4.8CVSS7.3AI score0.00376EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2025/04/05 12:0 a.m.6 views

CVE-2025-32364

A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INTMIN...

5.5CVSS7.2AI score0.00232EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2025/04/05 12:0 a.m.15 views

CVE-2025-32365

Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check...

7.1CVSS7.2AI score0.00234EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2025/04/04 5:51 p.m.25 views

CVE-2024-11235

In PHP versions 8.3. before 8.3.19 and 8.4. before 8.4.5, a code sequence involving set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the...

9.2CVSS7.3AI score0.01407EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/04/04 7:15 a.m.6 views

CVE-2025-32111

The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for actions/checkout...

8.7CVSS7.3AI score0.00381EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/04/04 2:15 a.m.4 views

CVE-2025-3196

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD2Importer::InternReadFile in the library code/AssetLib/MD2/MD2Loader.cpp of the component Malformed File Handler. The manipulation of the argument Name leads ...

5.5CVSS7.4AI score0.00284EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2025/04/04 1:31 a.m.72 views

CVE-2025-3198

A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function displayinfo of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has...

5.5CVSS7.2AI score0.00261EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/04/03 7:36 p.m.8 views

CVE-2025-31489

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on...

8.7CVSS6.9AI score0.02402EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/04/03 4:57 p.m.22 views

CVE-2025-31115

XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on t...

8.7CVSS7.4AI score0.00647EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/04/03 3:15 p.m.6 views

CVE-2025-3160

A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This vulnerability affects the function Assimp::SceneCombiner::AddNodeHashes of the file code/Common/SceneCombiner.cpp of the component File Handler. The manipulation leads to out-of-bounds rea...

4.8CVSS7.2AI score0.00245EPSS
Exploits1References7
AlpineLinux
AlpineLinux
added 2025/04/03 3:11 p.m.59 views

CVE-2024-4877

OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges...

8.8CVSS9.6AI score0.00423EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/04/03 2:15 p.m.4 views

CVE-2025-3159

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASE::Parser::ParseLV4MeshBonesVertices of the file code/AssetLib/ASE/ASEParser.cpp of the component ASE File Handler. The manipulation leads to heap-based buff...

7.8CVSS7.4AI score0.00301EPSS
Exploits1References7
AlpineLinux
AlpineLinux
added 2025/04/03 2:15 p.m.7 views

CVE-2025-3158

A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. Affected by this issue is the function Assimp::LWO::AnimResolver::UpdateAnimRangeSetup of the file code/AssetLib/LWO/LWOAnimation.cpp of the component LWO File Handler. The manipulation...

7.8CVSS7.2AI score0.00301EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2025/04/03 1:34 p.m.11 views

CVE-2025-3155

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment...

7.4CVSS7.3AI score0.12592EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/04/03 8:59 a.m.16 views

CVE-2024-53868

Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.9, from 10.0.0 through 10.0.4. Users are recommended to upgrade to version 9.2.10 or 10.0.5, which fixes the issue...

7.5CVSS7AI score0.00626EPSS
Exploits0
Total number of security vulnerabilities13068