Lucene search
+L
AlpinelinuxRecent

13084 matches found

AlpineLinux
AlpineLinux
added 2025/04/07 12:0 a.m.45 views

CVE-2025-29480

Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. NOTE: the Supplier indicates that the report is invalid and could not be reproduced...

5.5CVSS4.5AI score0.00214EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/04/05 11:15 p.m.4 views

CVE-2025-32366

In ConnMan through 1.44, parserr in dnsproxy.c has a memcpy length that depends on an RR RDLENGTH value, i.e., rdlen=ntohsrr-rdlen and memcpyresponse+offset,end,rdlen without a check for whether the sum of end and rdlen exceeds max. Consequently, rdlen may be larger than the amount of remaining...

4.8CVSS7.3AI score0.00376EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2025/04/05 12:0 a.m.6 views

CVE-2025-32364

A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INTMIN...

5.5CVSS7.2AI score0.00232EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2025/04/05 12:0 a.m.15 views

CVE-2025-32365

Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check...

7.1CVSS7.2AI score0.00234EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2025/04/04 5:51 p.m.25 views

CVE-2024-11235

In PHP versions 8.3. before 8.3.19 and 8.4. before 8.4.5, a code sequence involving set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the...

9.2CVSS7.3AI score0.01407EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/04/04 7:15 a.m.6 views

CVE-2025-32111

The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for actions/checkout...

8.7CVSS7.3AI score0.00381EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/04/04 2:15 a.m.4 views

CVE-2025-3196

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD2Importer::InternReadFile in the library code/AssetLib/MD2/MD2Loader.cpp of the component Malformed File Handler. The manipulation of the argument Name leads ...

5.5CVSS7.4AI score0.00284EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2025/04/04 1:31 a.m.72 views

CVE-2025-3198

A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function displayinfo of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has...

5.5CVSS7.2AI score0.00261EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/04/03 7:36 p.m.8 views

CVE-2025-31489

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on...

8.7CVSS6.9AI score0.02402EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/04/03 4:57 p.m.22 views

CVE-2025-31115

XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on t...

8.7CVSS7.4AI score0.00647EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/04/03 3:15 p.m.6 views

CVE-2025-3160

A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This vulnerability affects the function Assimp::SceneCombiner::AddNodeHashes of the file code/Common/SceneCombiner.cpp of the component File Handler. The manipulation leads to out-of-bounds rea...

4.8CVSS7.2AI score0.00245EPSS
Exploits1References7
AlpineLinux
AlpineLinux
added 2025/04/03 3:11 p.m.65 views

CVE-2024-4877

OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges...

8.8CVSS9.6AI score0.00423EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/04/03 2:15 p.m.4 views

CVE-2025-3159

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASE::Parser::ParseLV4MeshBonesVertices of the file code/AssetLib/ASE/ASEParser.cpp of the component ASE File Handler. The manipulation leads to heap-based buff...

7.8CVSS7.4AI score0.00301EPSS
Exploits1References7
AlpineLinux
AlpineLinux
added 2025/04/03 2:15 p.m.7 views

CVE-2025-3158

A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. Affected by this issue is the function Assimp::LWO::AnimResolver::UpdateAnimRangeSetup of the file code/AssetLib/LWO/LWOAnimation.cpp of the component LWO File Handler. The manipulation...

7.8CVSS7.2AI score0.00301EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2025/04/03 1:34 p.m.11 views

CVE-2025-3155

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment...

7.4CVSS7.3AI score0.12592EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/04/03 8:59 a.m.17 views

CVE-2024-53868

Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.9, from 10.0.0 through 10.0.4. Users are recommended to upgrade to version 9.2.10 or 10.0.5, which fixes the issue...

7.5CVSS7AI score0.00626EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/04/03 1:40 a.m.2 views

CVE-2025-2784

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skipinsightwhitespace function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server...

7CVSS7.2AI score0.00786EPSS
Exploits1References16
AlpineLinux
AlpineLinux
added 2025/04/02 10:18 p.m.7 views

CVE-2025-3154

Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid VerticesPerRow value in a PDF shading dictionary...

2.1CVSS7.3AI score0.00155EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/04/02 9:10 p.m.6 views

CVE-2025-3130

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Obfuscate allows Stored XSS.This issue affects Obfuscate: from 0.0.0 before 2.0.1...

5.4CVSS7.1AI score0.00217EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/04/02 9:0 p.m.11 views

CVE-2025-2704

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase...

7.5CVSS7.4AI score0.00815EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/04/02 3:15 p.m.4 views

CVE-2025-31721

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration...

4.3CVSS7.7AI score0.00375EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/04/02 3:15 p.m.5 views

CVE-2025-31720

A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Extended Read permission to copy an agent, gaining access to its configuration...

4.3CVSS7.7AI score0.0039EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/04/02 2:59 p.m.5 views

CVE-2025-31724

Jenkins Cadence vManager Plugin 4.0.0-282.v5096ac2db275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system...

4.3CVSS7.1AI score0.00302EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/04/02 7:15 a.m.5 views

CVE-2024-45699

The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the abo...

7.5CVSS6.4AI score0.0034EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/04/02 7:15 a.m.4 views

CVE-2024-42325

Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc...

3.5CVSS7.3AI score0.00328EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/04/02 7:15 a.m.6 views

CVE-2024-45700

Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled resource exhaustion. An attacker can send specially crafted requests to the server, which will cause the server to allocate an excessive amount of memory and perform CPU-intensive decompression operations, ultimately leading t...

6.5CVSS7.2AI score0.00348EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/04/02 7:15 a.m.5 views

CVE-2024-36469

Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one...

3.1CVSS7.4AI score0.00328EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/04/02 6:15 a.m.3 views

CVE-2024-36465

A low privilege regular Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter...

8.8CVSS8.9AI score0.2926EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/04/02 12:42 a.m.57 views

CVE-2025-3071

Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

5.4CVSS6AI score0.00234EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/04/01 1:15 p.m.3 views

CVE-2025-3031

An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability affects Firefox 137 and Thunderbird 137...

6.5CVSS5.8AI score0.00282EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/04/01 1:15 p.m.1 views

CVE-2025-3030

Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 13...

8.1CVSS7.1AI score0.0047EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2025/04/01 1:15 p.m.4 views

CVE-2025-3028

JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability affects Firefox 137, Firefox ESR 115.22, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9...

6.5CVSS5.9AI score0.00824EPSS
Exploits1References7
AlpineLinux
AlpineLinux
added 2025/04/01 1:15 p.m.7 views

CVE-2025-3034

Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 137 and Thunderbird 137...

8.1CVSS7.2AI score0.00445EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/04/01 1:15 p.m.4 views

CVE-2025-3033

After selecting a malicious Windows .url shortcut from the local filesystem, an unexpected file could be uploaded. This bug only affects Firefox on Windows. Other operating systems are unaffected. This vulnerability affects Firefox 137 and Thunderbird 137...

7.7CVSS5.8AI score0.0017EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/04/01 1:15 p.m.5 views

CVE-2025-3032

Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability affects Firefox 137 and Thunderbird 137...

7.4CVSS6.2AI score0.00375EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/04/01 1:15 p.m.44 views

CVE-2025-3035

By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability affects Firefox 137...

5.3CVSS6.1AI score0.00276EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/04/01 1:15 p.m.5 views

CVE-2025-3029

A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox 137, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9...

7.3CVSS5.8AI score0.00325EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2025/03/31 9:15 p.m.5 views

CVE-2025-3016

A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::MDLImporter::ParseTextureColorData of the file code/AssetLib/MDL/MDLMaterialLoader.cpp of the component MDL File Handler. The manipulation of the argument...

6.5CVSS7.3AI score0.00581EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2025/03/31 9:15 p.m.5 views

CVE-2025-3015

A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASEImporter::BuildUniqueRepresentation of the file code/AssetLib/ASE/ASELoader.cpp of the component ASE File Handler. The manipulation of the argument mIndices leads ...

8.8CVSS7.3AI score0.0047EPSS
Exploits1References7
AlpineLinux
AlpineLinux
added 2025/03/30 5:57 a.m.20 views

CVE-2025-1861

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC911...

9.8CVSS6.3AI score0.00821EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/03/30 5:49 a.m.13 views

CVE-2025-1736

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted...

7.3CVSS6.3AI score0.00531EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/03/30 5:43 a.m.20 views

CVE-2025-1734

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when receiving headers from HTTP server, the headers missing a colon : are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers...

6.3CVSS6.3AI score0.00481EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/03/30 5:33 a.m.23 views

CVE-2025-1219

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...

6.3CVSS6.3AI score0.00718EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/03/29 5:19 a.m.17 views

CVE-2025-1217

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME...

6.3CVSS6.3AI score0.00547EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/03/28 8:0 p.m.6 views

CVE-2025-2926

A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5Ocachechkserialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public a...

5.5CVSS7.2AI score0.00233EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 2025/03/28 8:0 p.m.5 views

CVE-2025-2925

A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerability affects the function H5MMrealloc of the file src/H5MM.c. The manipulation of the argument mem leads to double free. The attack needs to be approached locally. The exploit has been disclosed to th...

5.5CVSS7.2AI score0.00242EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 2025/03/28 7:31 p.m.4 views

CVE-2025-2924

A vulnerability, which was classified as problematic, was found in HDF5 up to 1.14.6. This affects the function H5HLfldeserialize of the file src/H5HLcache.c. The manipulation of the argument freeblock leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The...

5.5CVSS7.2AI score0.00269EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 2025/03/28 7:0 p.m.5 views

CVE-2025-2923

A vulnerability, which was classified as problematic, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5Faddrencodelen of the file src/H5Fint.c. The manipulation of the argument pp leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has...

4.8CVSS7.3AI score0.00255EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 2025/03/28 6:1 p.m.5 views

CVE-2025-31162

Floating point exception in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via getslope function...

6.6CVSS7.4AI score0.00178EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/03/28 6:1 p.m.4 views

CVE-2025-31163

Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via putpatternarc function...

6.6CVSS7.4AI score0.00178EPSS
Exploits1
Total number of security vulnerabilities13084