Lucene search
K
AlpinelinuxRecent

12982 matches found

AlpineLinux
AlpineLinux
added 2026/06/10 9:59 p.m.11 views

CVE-2026-49218

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check in the DCM decoder could result in an image with invalid dimensions and that could cause crashes in other operation. This issue has been patched...

7.5CVSS5.4AI score0.00346EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2026/06/10 9:58 p.m.10 views

CVE-2026-48994

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check of a return value could lead to a heap buffer over-write in the MAT decoder on 32-bit systems. This issue has been patched in versions 6.9.13-48...

5.9CVSS5.6AI score0.00227EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/10 9:55 p.m.10 views

CVE-2026-48734

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, a crafted MVG file could result in a stack overflow due to a missing depth or visited-set check. This issue has been patched in versions 6.9.13-49 and 7.1.2-24...

5.5CVSS5.4AI score0.00107EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/10 9:53 p.m.9 views

CVE-2026-48733

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, an infinite loop in the subimage-search operation can happen when using a crafted image. This issue has been patched in versions 6.9.13-49 and 7.1.2-24...

4.7CVSS5.4AI score0.00092EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/10 9:52 p.m.10 views

CVE-2026-48724

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-24, when using an image with mask the Floyd-Steinberg dithering method it will cause a negative heap buffer over-write. This issue has been patched in version 7.1.2-24...

5.5CVSS5.6AI score0.00103EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/10 9:51 p.m.10 views

CVE-2026-47166

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-read in the server process. This issue has been patched in versio...

5.7CVSS5.6AI score0.00093EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/10 9:50 p.m.8 views

CVE-2026-47165

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, the distributed pixel cache was originally designed to operate without a challenge–response authentication model. This has been changed in versions 6.9.13-48 an...

4.1CVSS5.4AI score0.00109EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/10 9:47 p.m.9 views

CVE-2026-46693

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race condition is met. This issue ha...

4.1CVSS5.3AI score0.00077EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/10 9:46 p.m.9 views

CVE-2026-46692

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-write in the server process. This issue has been patched in...

4.1CVSS5.5AI score0.00092EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/10 9:45 p.m.10 views

CVE-2026-46559

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an incorrect check in the JP2 will result in an heap buffer over-write of a single byte when specifying certain options. This issue has been patched in versions...

4CVSS5.5AI score0.00116EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/10 9:44 p.m.12 views

CVE-2026-46557

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-23, due to a missing depth check a stack overflow can occur in the fx operation by passing a crafted argument. This issue has been patched in version 7.1.2-23...

6.2CVSS5.3AI score0.0012EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/10 9:40 p.m.12 views

CVE-2026-46521

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check. This issue has been patched in versions 6.9.13-48 and...

5.5CVSS5.3AI score0.00111EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/10 9:31 p.m.9 views

CVE-2026-46520

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when reading multiple images with different dimensions an out of bounds heap write can occur. This issue has been patched in versions 6.9.13-48 and 7.1.2-23...

7.5CVSS5.3AI score0.00441EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/10 9:30 p.m.11 views

CVE-2026-45664

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, because of a missing check in the MNG coder it would be possible to read more images than the list limit policy would allow resulting in excessive resource use...

7.5CVSS5.3AI score0.00441EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/10 9:30 p.m.10 views

CVE-2026-46522

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, due to a missing check in the MIFF decoder, a crafted file could cause an infinite loop resulting in CPU exhaustion. Versions 7.1.2.23 and 6.9.13-48 fix the iss...

7.5CVSS5.4AI score0.01849EPSS
Exploits4
AlpineLinux
AlpineLinux
added 2026/06/10 9:29 p.m.11 views

CVE-2026-45624

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when performing a polynomial distortion an out of bounds over-read of 24 bytes can occur when specifying specific arguments. This issue has been patched in...

5.1CVSS5.3AI score0.0012EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/10 9:26 p.m.9 views

CVE-2026-45359

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-22, an invalid connected-components:keep-top value could result in a heap buffer over-read when performing the connected components operation. This issue has been...

7.1CVSS5.5AI score0.00122EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/10 9:26 p.m.10 views

CVE-2026-45358

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, an off by one in the meta encoder could result in an out of bounds read of a single byte in the meta encoder. This issue has been patched in versions 6.9.13-47...

5.3CVSS5.3AI score0.0024EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/10 9:25 p.m.15 views

CVE-2026-42326

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when writing an IPTC output file a malicious input file could cause an out of bounds read of a single byte. This issue has been patched in versions 6.9.13-47 an...

5.1CVSS5.3AI score0.0012EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/10 9:25 p.m.10 views

CVE-2026-45031

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, due to a missing check in the PSD decoder it would be possible to bypass the list-length resource policy when decoding a PSD image. Other security limits would...

7.5CVSS5.3AI score0.00495EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/10 9:22 p.m.11 views

CVE-2026-46523

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2.23 and 6.9.13-48, a crafted MSL image can trigger a heap-use-after-free. Versions 7.1.2.23 and 6.9.13-48 fix the issue...

7.5CVSS5.4AI score0.00301EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/10 7:46 p.m.13 views

CVE-2026-46529

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...

8.4CVSS6.5AI score0.00529EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/10 7:39 p.m.4 views

CVE-2026-1220

Race in V8 in Google Chrome prior to 144.0.7559.99 allowed a remote attacker to potentially exploit type confusion via a crafted HTML page. Chromium security severity: High...

7.5CVSS5.8AI score0.00297EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2026/06/10 1:6 p.m.7 views

CVE-2026-53442

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission, or access to t...

5.3CVSS5.5AI score0.0019EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/10 1:6 p.m.6 views

CVE-2026-53441

Jenkins 2.483 through 2.567 both inclusive, LTS 2.492.1 through 2.555.2 both inclusive does not escape the user-provided description of a generic offline cause that could be set through the POST config.xml API, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers...

5.4CVSS4.9AI score0.00261EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/10 1:6 p.m.9 views

CVE-2026-53439

Missing permission checks in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allow attackers with Overall/Read permission to determine other users' configured timezone and to enumerate view names of other users' "My Views"...

4.3CVSS5.5AI score0.00234EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/10 1:6 p.m.8 views

CVE-2026-53440

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe to redirect to after login, allowing attackers to perform phishing attacks by redirecting users to an attacker-controlled domain...

4.3CVSS5.5AI score0.00239EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/10 1:5 p.m.9 views

CVE-2026-53438

A missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Cancel permission, but lacking Item/Read permission, to cancel queue items they do not have permission to view...

4.3CVSS5.5AI score0.00213EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/10 1:5 p.m.9 views

CVE-2026-53437

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains tab or newline characters between //, allowing attackers to perform phishing attacks...

7.4CVSS5.5AI score0.00364EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/06/10 1:5 p.m.7 views

CVE-2026-53436

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains relative path segments ./ or ../, allowing attackers to perform phishing attacks...

4.3CVSS5.5AI score0.00282EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/10 1:5 p.m.10 views

CVE-2026-53435

In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrary types defined in Jenkins core or plugins from an attacker-controlled config.xml submission in a way that allows them to handle HTTP requests afterwards. This can be used to...

8.8CVSS5.6AI score0.14907EPSS
Exploits2References4
AlpineLinux
AlpineLinux
added 2026/06/10 6:37 a.m.7 views

CVE-2026-10846

NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as stub resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of t...

8.2CVSS5.8AI score0.00147EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/09 10:49 p.m.10 views

CVE-2026-46433

lldpd is an implementation of IEEE 802.1ab LLDP. Prior to version 1.0.22, lldpddecode in src/daemon/lldpd.c strips 802.1Q VLAN tags from received Ethernet frames by calling memmove to shift the frame payload 4 bytes left. The third argument byte count is s - 2 ETHERADDRLEN but should be s - 2...

6.5CVSS5.5AI score0.00225EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/09 7:21 p.m.13 views

CVE-2026-11824

SQLite before 3.53.2 contains a heap-based buffer overflow vulnerability in the FTS5 full-text search extension that allows attackers to cause a crash or execute arbitrary code by supplying a crafted database with malicious continuation page metadata specifying a szLeaf value smaller than 4...

8.5CVSS6.2AI score0.00175EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/06/09 7:8 p.m.6 views

CVE-2026-11822

SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution by supplying a crafted database with malformed FTS5 page data. Attackers can trigger an out-of-bound...

8.5CVSS6.5AI score0.00175EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/06/09 5:5 p.m.10 views

CVE-2026-45591

Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network...

7.5CVSS5.4AI score0.0243EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/09 5:4 p.m.8 views

CVE-2026-45491

Improper link resolution before file access 'link following' in .NET allows an unauthorized attacker to perform tampering locally...

6.2CVSS5.4AI score0.00388EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/09 5:4 p.m.8 views

CVE-2026-45490

Improper authorization in .NET allows an authorized attacker to elevate privileges locally...

7.8CVSS5.4AI score0.00384EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/09 4:5 p.m.9 views

CVE-2026-49848

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's checkauth userauth branch wrote request-supplied userVariables into the...

4.3CVSS5.4AI score0.00172EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/09 4:5 p.m.9 views

CVE-2026-49847

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, a single unauthenticated WebSocket frame containing a deeply nested JSON document crashes...

7.5CVSS5.4AI score0.00414EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/09 4:4 p.m.10 views

CVE-2026-49843

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's JSON-RPC handler bound the connection to the client-supplied sessid on the fir...

5.3CVSS5.4AI score0.00284EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/09 4:3 p.m.9 views

CVE-2026-45446

Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's...

4.8CVSS5.7AI score0.0021EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/09 4:3 p.m.7 views

CVE-2026-45447

Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS7 or S/MIME signed...

8.8CVSS5.9AI score0.02719EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/09 4:3 p.m.54 views

CVE-2026-45445

Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied initialisation vector IV is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV...

7.5CVSS5.8AI score0.0032EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/09 4:3 p.m.7 views

CVE-2026-42770

Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r a small prime factor of the cofacto...

3.7CVSS5.4AI score0.00259EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/09 4:3 p.m.9 views

CVE-2026-42769

Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol CMP message response rendered the certificate validation ineffectual, which could lead to escalation of credentials from the Registration Authority RA level to t...

5.3CVSS5.7AI score0.00262EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/09 4:3 p.m.9 views

CVE-2026-42768

Issue summary: The CMSdecrypt and PKCS7decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME messages and observe the error code and/or decryption output. Impact summary: The Bleichenbacher-style attack allows an attacker to use the...

3.7CVSS5.5AI score0.0035EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/09 4:3 p.m.9 views

CVE-2026-42767

Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...

5.9CVSS5.5AI score0.00349EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/09 4:3 p.m.9 views

CVE-2026-42766

Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption. Impact summary: This NULL pointer dereference leads to an application crash and a Denial of Service. The CMS PasswordRecipientInfo.keyDerivationAlgorithm field is define...

5.9CVSS5.4AI score0.00595EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/09 4:3 p.m.10 views

CVE-2026-42764

Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...

7.5CVSS5.5AI score0.00684EPSS
Exploits0
Total number of security vulnerabilities12982