Lucene search
+L
AlpinelinuxRecent

13084 matches found

AlpineLinux
AlpineLinux
•added 2025/03/28 6:1 p.m.•4 views

CVE-2025-31164

heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via createlinewithspline...

6.6CVSS7.6AI score0.00197EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2025/03/28 5:0 p.m.•4 views

CVE-2025-2915

A vulnerability classified as problematic was found in HDF5 up to 1.14.6. This vulnerability affects the function H5Faccumfree of the file src/H5Faccum.c. The manipulation of the argument overlapsize leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been...

5.5CVSS7.3AI score0.00269EPSS
Exploits1References4
AlpineLinux
AlpineLinux
•added 2025/03/28 4:31 p.m.•6 views

CVE-2025-2914

A vulnerability classified as problematic has been found in HDF5 up to 1.14.6. This affects the function H5FSsinfoSrializeSctcb of the file src/H5FScache.c. The manipulation of the argument sect leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has...

4.8CVSS7.4AI score0.00255EPSS
Exploits1References4
AlpineLinux
AlpineLinux
•added 2025/03/28 4:31 p.m.•6 views

CVE-2025-2913

A vulnerability was found in HDF5 up to 1.14.6. It has been rated as critical. Affected by this issue is the function H5FLblkgclist of the file src/H5FL.c. The manipulation of the argument H5FLblkheadt leads to use after free. An attack has to be approached locally. The exploit has been disclosed...

5.3CVSS4.4AI score0.00229EPSS
Exploits1References4
AlpineLinux
AlpineLinux
•added 2025/03/28 4:0 p.m.•5 views

CVE-2025-2912

A vulnerability was found in HDF5 up to 1.14.6. It has been declared as problematic. Affected by this vulnerability is the function H5Omsgflush of the file src/H5Omessage.c. The manipulation of the argument oh leads to heap-based buffer overflow. The attack needs to be approached locally. The...

5.3CVSS7.4AI score0.00255EPSS
Exploits1References4
AlpineLinux
AlpineLinux
•added 2025/03/27 2:15 p.m.•55 views

CVE-2025-2857

Following the recent Chrome sandbox escape CVE-2025-2783, various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was...

10CVSS9AI score0.08404EPSS
Exploits6References4
AlpineLinux
AlpineLinux
•added 2025/03/27 12:59 a.m.•9 views

CVE-2025-30355

Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known...

7.5CVSS6.9AI score0.01157EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/03/27 12:0 a.m.•34 views

CVE-2025-30232

A use-after-free in Exim 4.96 through 4.98.1 could allow users with command-line access to escalate privileges...

8.1CVSS8.2AI score0.00509EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2025/03/26 5:15 p.m.•7 views

CVE-2025-30164

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 vulnerability allows an attacker to craft a URL that, once visited by an authenticated user or one that is able to authenticate, allows to...

6.1CVSS6.8AI score0.00249EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2025/03/26 5:15 p.m.•12 views

CVE-2025-27609

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a request that, once transmitted to a victim's Icinga Web, allows to embed arbitrary Javascript into it and to act on...

5.4CVSS7.2AI score0.00228EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2025/03/26 4:15 p.m.•6 views

CVE-2025-27405

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a URL that, once visited by any user, allows to embed arbitrary Javascript into Icinga Web and to act on behalf of tha...

7.6CVSS7.2AI score0.00306EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2025/03/26 4:7 p.m.•64 views

CVE-2025-2783

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. Chromium security severity: High...

8.3CVSS6.8AI score0.08404EPSS
Exploits6
AlpineLinux
AlpineLinux
•added 2025/03/26 3:16 p.m.•5 views

CVE-2025-27404

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a URL that, once visited by any user, allows to embed arbitrary Javascript into Icinga Web and to act on behalf of tha...

7.6CVSS7.2AI score0.00561EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2025/03/26 2:15 p.m.•9 views

CVE-2025-23203

Icinga Director is an Icinga config deployment tool. A Security vulnerability has been found starting in version 1.0.0 and prior to 1.10.3 and 1.11.3 on several director endpoints of REST API. To reproduce this vulnerability an authenticated user with permission to access the Director is required...

5.5CVSS6.6AI score0.0037EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2025/03/26 12:0 a.m.•20 views

CVE-2025-31160

atop through 2.11.0 allows local users to cause a denial of service e.g., assertion failure and application exit or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop...

2.9CVSS7.8AI score0.00192EPSS
Exploits0References11
AlpineLinux
AlpineLinux
•added 2025/03/25 6:8 p.m.•14 views

CVE-2025-2312

A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache...

5.9CVSS6.9AI score0.00149EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2025/03/25 10:15 a.m.•3 views

CVE-2025-2757

A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function AIMD5PARSESTRINGINQUOTATION of the file code/AssetLib/MD5/MD5Parser.cpp of the component MD5 File Handler. The manipulation of the argument data leads to heap-based...

8.8CVSS7.5AI score0.00478EPSS
Exploits1References5
AlpineLinux
AlpineLinux
•added 2025/03/25 10:15 a.m.•7 views

CVE-2025-2756

A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3D File Handler. The manipulation of the argument tmp leads to...

8.8CVSS7.5AI score0.00482EPSS
Exploits1References5
AlpineLinux
AlpineLinux
•added 2025/03/25 9:15 a.m.•4 views

CVE-2025-2753

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as critical. Affected is the function SceneCombiner::MergeScenes of the file code/AssetLib/LWS/LWSLoader.cpp of the component LWS File Handler. The manipulation leads to out-of-bounds read. It is possible ...

8.8CVSS7.3AI score0.00462EPSS
Exploits1References5
AlpineLinux
AlpineLinux
•added 2025/03/25 9:15 a.m.•3 views

CVE-2025-2754

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been declared as critical. Affected by this vulnerability is the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3D File Handler. The manipulation of the...

8.8CVSS7.4AI score0.00508EPSS
Exploits1References5
AlpineLinux
AlpineLinux
•added 2025/03/25 9:15 a.m.•5 views

CVE-2025-2755

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been rated as critical. Affected by this issue is the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3D File Handler. The manipulation of the argument...

8.8CVSS7.2AI score0.00431EPSS
Exploits1References5
AlpineLinux
AlpineLinux
•added 2025/03/25 8:15 a.m.•2 views

CVE-2025-2751

A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This vulnerability affects the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. The manipulation of the argument na...

8.8CVSS7.3AI score0.00618EPSS
Exploits1References5
AlpineLinux
AlpineLinux
•added 2025/03/25 8:15 a.m.•7 views

CVE-2025-2752

A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function fastatorealmove in the library include/assimp/fastatof.h of the component CSM File Handler. The manipulation leads to out-of-bounds read. The attack may be initiated...

8.8CVSS7.3AI score0.00618EPSS
Exploits1References5
AlpineLinux
AlpineLinux
•added 2025/03/25 8:15 a.m.•7 views

CVE-2025-2750

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. The manipulation leads to out-of-bounds write. It is...

8.8CVSS7.2AI score0.00431EPSS
Exploits1References5
AlpineLinux
AlpineLinux
•added 2025/03/25 12:0 a.m.•6 views

CVE-2025-27810

Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays...

5.4CVSS7.5AI score0.00274EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/03/25 12:0 a.m.•8 views

CVE-2025-27830

An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/writet1.c and psi/zfapi.c...

7.8CVSS7.8AI score0.00281EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/03/25 12:0 a.m.•13 views

CVE-2025-27832

An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c...

9.8CVSS7.8AI score0.00806EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/03/25 12:0 a.m.•6 views

CVE-2025-27834

An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs via an oversized Type 4 function in a PDF document to pdf/pdffunc.c...

7.8CVSS7.7AI score0.00255EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/03/25 12:0 a.m.•8 views

CVE-2025-27836

An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c...

9.8CVSS7.8AI score0.00579EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/03/25 12:0 a.m.•50 views

CVE-2025-27809

Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtlssslsethostname...

5.4CVSS7.5AI score0.00184EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/03/25 12:0 a.m.•11 views

CVE-2025-27831

An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to devices/vector/doccommon.c...

9.8CVSS7.7AI score0.00579EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/03/25 12:0 a.m.•4 views

CVE-2025-27833

An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs for a long TTF font name to pdf/pdffmap.c...

7.8CVSS7.7AI score0.0022EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/03/25 12:0 a.m.•7 views

CVE-2025-27835

An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c...

7.8CVSS7.7AI score0.00288EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/03/25 12:0 a.m.•10 views

CVE-2025-27837

An issue was discovered in Artifex Ghostscript before 10.05.0. Access to arbitrary files can occur through a truncated path with invalid UTF-8 characters, for base/gpmswin.c and base/winrtsup.cpp...

9.8CVSS7.4AI score0.00586EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/03/21 9:42 p.m.•1 views

CVE-2025-30204

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

7.5CVSS7AI score0.00693EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/03/21 2:52 p.m.•56 views

CVE-2021-25635

An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature algorithm to an invalid or unknown to LibreOffice algorithm and LibreOffice would incorrectly present...

5.5CVSS7.4AI score0.00135EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/03/21 2:15 p.m.•5 views

CVE-2025-2592

A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp. The manipulation leads to heap-based buffer overflow. The attack may be initiated...

8.8CVSS7.4AI score0.00678EPSS
Exploits1References7
AlpineLinux
AlpineLinux
•added 2025/03/21 2:15 p.m.•5 views

CVE-2025-2591

A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function MDLImporter::InternReadFileQuake1 of the file code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the argument skinwidth/skinheight leads to divide by zero. The...

5.5CVSS7.2AI score0.006EPSS
Exploits1References7
AlpineLinux
AlpineLinux
•added 2025/03/21 12:0 p.m.•5 views

CVE-2025-2588

A vulnerability has been found in Hercules Augeas 1.14.1 and classified as problematic. This vulnerability affects the function recaseexpand of the file src/fa.c. The manipulation of the argument re leads to null pointer dereference. Attacking locally is a requirement. The exploit has been...

4.8CVSS4.8AI score0.00241EPSS
Exploits1References5
AlpineLinux
AlpineLinux
•added 2025/03/20 9:7 p.m.•5 views

CVE-2025-2574

Out-of-bounds array write in Xpdf 4.05 and earlier, due to incorrect integer overflow checking in the PostScript function interpreter code...

2.1CVSS7.5AI score0.00151EPSS
Exploits0References1
AlpineLinux
AlpineLinux
•added 2025/03/19 12:0 a.m.•9 views

CVE-2025-30258

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."...

4.7CVSS7.2AI score0.00179EPSS
Exploits1References3
AlpineLinux
AlpineLinux
•added 2025/03/17 10:15 p.m.•4 views

CVE-2024-40635

containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as roo...

7.8CVSS6.7AI score0.00275EPSS
Exploits1References5
AlpineLinux
AlpineLinux
•added 2025/03/17 4:31 a.m.•13 views

CVE-2025-2361

A vulnerability was found in Mercurial SCM 4.5.3/71.19.145.211. It has been declared as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation of the argument cmd leads to cross site scripting. The attack can be initiated remotely. The exploit has be...

5.3CVSS6.5AI score0.00486EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/03/14 8:19 a.m.•102 views

CVE-2024-8176

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash...

7.5CVSS7.6AI score0.01569EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2025/03/14 12:0 a.m.•7 views

CVE-2024-55549

xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes...

7.8CVSS7.7AI score0.00332EPSS
Exploits3
AlpineLinux
AlpineLinux
•added 2025/03/14 12:0 a.m.•10 views

CVE-2025-24855

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...

7.8CVSS7.7AI score0.00332EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2025/03/13 5:4 p.m.•5 views

CVE-2025-29768

Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an archive with Vim and then press 'x' on such a strange filename. The issue has been fixed as of Vim...

4.4CVSS4.7AI score0.00342EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2025/03/12 6:27 p.m.•20 views

CVE-2025-22870

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.8AI score0.00393EPSS
Exploits2
AlpineLinux
AlpineLinux
•added 2025/03/12 4:43 a.m.•6 views

CVE-2025-24912

hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail...

3.7CVSS6.9AI score0.00716EPSS
Exploits0References4
AlpineLinux
AlpineLinux
•added 2025/03/11 7:44 p.m.•6 views

CVE-2025-23360

NVIDIA Nemo Framework contains a vulnerability where a user could cause a relative path traversal issue by arbitrary file write. A successful exploit of this vulnerability may lead to code execution and data tampering...

9.8CVSS7.6AI score0.00471EPSS
Exploits0References1
Total number of security vulnerabilities13084