CVE Daily – Alpine Linux

[Critical] CVE-2022-22704 – The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows priv...

Thu, 06 Jan 2022 05:15:09 +0000

Critical CVE-2022-22704

The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration.

CVSS: 9.8 · CWE: CWE-909

View on NVD

[Medium] CVE-2021-36158 – In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions ar...

Mon, 05 Jul 2021 23:15:07 +0000

Medium CVE-2021-36158

In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used.

CVSS: 5.9 · CWE: CWE-312

View on NVD

[High] CVE-2021-30139 – In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a buffer over...

Wed, 21 Apr 2021 16:15:08 +0000

High CVE-2021-30139

In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a buffer overflow and crash.

CVSS: 7.5 · CWE: CWE-125

View on NVD

[Medium] CVE-2021-29133 – Lack of verification in haserl, a component of Alpine Linux Configuration Framew...

Wed, 24 Mar 2021 07:15:13 +0000

Medium CVE-2021-29133

Lack of verification in haserl, a component of Alpine Linux Configuration Framework, before 0.9.36 allows local users to read the contents of any file on the filesystem.

CVSS: 5.5 · CWE: N/A

View on NVD

[Medium] CVE-2019-12875 – Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild gr...

Tue, 18 Jun 2019 19:15:11 +0000

Medium CVE-2019-12875

Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key.

CVSS: 6.5 · CWE: CWE-668

View on NVD

[Critical] CVE-2019-5021 – Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL ...

Wed, 08 May 2019 17:29:01 +0000

Critical CVE-2019-5021

Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container which utilize Linux PAM, or some other mechanism which uses the system shadow file as an auth…

CVSS: 9.8 · CWE: CWE-258

View on NVD

[High] CVE-2018-1000849 – Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Othe...

Thu, 20 Dec 2018 15:29:02 +0000

High CVE-2018-1000849

Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux' package manager) that can result in Remote Code Execution. This attack appear to be exploitable via A specially crafted APK-file can cause apk to write arbitrary data to an attacker-specified file, due to bugs in handling long link target name and the way a regular f…

CVSS: 8.8 · CWE: CWE-20

View on NVD

[High] CVE-2017-9671 – A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker...

Mon, 17 Jul 2017 21:29:00 +0000

High CVE-2017-9671

A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution, by crafting a malicious APKINDEX.tar.gz file with a bad pax header block.

CVSS: 7.8 · CWE: CWE-119

View on NVD

[High] CVE-2017-9669 – A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker...

Mon, 17 Jul 2017 21:29:00 +0000

High CVE-2017-9669

A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file.

CVSS: 7.8 · CWE: CWE-119

View on NVD