ALPINE-CVE-2024-50612

libsndfile through 1.2.2 has an oggvorbis.c vorbisanalysiswrote out-of-bounds read...

Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining

The infamous cryptojacking group known as TeamTNT appears to be readying for a new large-scale campaign targeting cloud-native environments for mining cryptocurrencies and renting out breached servers to third-parties. "The group is currently targeting exposed Docker daemons to deploy Sliver...

The vulnerability of the zabbix-agent2 package for the Alpine Linux operating system allows a hacker to elevate their privileges to the root level.

The vulnerability of the zabbix-agent2 package for the Alpine Linux operating system relates to the absence of resource initialization. Exploiting this vulnerability allows a malicious actor to gain privileges to the root level remotely...

Backdoored XZ Utils (CVE-2024-3094)

On Friday, March 29, after investigating anomalous behavior in his Debian sid environment, developer Andres Freund contacted an open-source security mailing list to share that he had discovered an upstream backdoor in widely used command line tool XZ Utils liblzma. The backdoor, added by an...

ALPINE-CVE-2024-28835

A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command...

ALPINE-CVE-2023-46840

Incorrect placement of a preprocessor directive in source code results in logic that doesn't operate as intended when support for HVM guests is compiled out of Xen...

ALPINE-CVE-2023-52426

libexpat through 2.5.0 allows recursive XML Entity Expansion if XMLDTD is undefined at compile time...

ALPINE-CVE-2023-50246

jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this issue...

ALPINE-CVE-2023-44487

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

ALPINE-CVE-2022-42331

x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work XSA-254, one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be attacked with a variet...

K25551452: Alpine Linux Docker image vulnerability CVE-2019-5021

Security Advisory Description Versions of the Official Alpine Linux Docker images since v3.3 contain a NULL password for the root user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected...

SUSE CVE-2019-5021

Versions of the Official Alpine Linux Docker images since v3.3 contain a NULL password for the root user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux...

SUSE CVE-2021-29133

Lack of verification in haserl, a component of Alpine Linux Configuration Framework, before 0.9.36 allows local users to read the contents of any file on the filesystem...

ALPINE-CVE-2022-35260

curl can be told to parse a .netrc file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause ...

ALPINE-CVE-2022-4292

Use After Free in GitHub repository vim/vim prior to 9.0.0882...

ALPINE-CVE-2022-23824

IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure...

ALPINE-CVE-2022-43995

Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer...

ALPINE-CVE-2022-3080

By sending specific queries to the resolver, an attacker can cause named to crash...

ALPINE-CVE-2022-2906

An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service...

ALPINE-CVE-2021-3995

A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of...