Alpine iLX-507 信任管理问题漏洞

The Alpine iLX-507 is a multimedia receiver from Alpine USA. The Alpine iLX-507 suffers from an input validation error vulnerability, which stems from improper validation of the TIDAL music streaming application credentials, that can be exploited by an attacker to execute arbitrary code in the ro...

Alpine iLX-507 路径遍历漏洞

The Alpine iLX-507 is a multimedia receiver from Alpine USA. The Alpine iLX-507 suffers from a command injection vulnerability that can be exploited by an attacker to execute code in the context of the device...

Alpine iLX-507 操作系统命令注入漏洞

The Alpine iLX-507 is a multimedia receiver from Alpine USA. The Alpine iLX-507 UPDMwstpCBCUpdStart function suffers from an operating system command injection vulnerability that stems from the failure of the UPDMwstpCBCUpdStart function to correctly filter constructed command special characters,...

(0Day) (Pwn2Own) Alpine iLX-507 UPDM_wstpCBCUpdStart Command Injection Vulnerability

This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPDMwstpCBCUpdStart function. The issue results from the lack of...

Alpine iLX-507 安全漏洞

The Alpine iLX-507 is a multimedia receiver from Alpine USA. The Alpine iLX-507 suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to execute code in a root context...

Alpine iLX-507 安全漏洞

The Alpine iLX-507 is a multimedia receiver from Alpine USA. The Alpine iLX-507 suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the root context...

(0Day) (Pwn2Own) Alpine iLX-507 Command Injection Remote Code Execution

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Tidal music streaming application. The issue results from the lack ...

(0Day) (Pwn2Own) Alpine iLX-507 TIDAL Improper Certificate Validation Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TIDAL music streaming application. The issue results from improper...

(0Day) (Pwn2Own) Alpine iLX-507 CarPlay Stack-based Buffer Overflow Code Execution Vulnerability

This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the Apple CarPlay protocol. The issue results...

Alpine iLX-507 安全漏洞

The Alpine iLX-507 is a multimedia receiver from Alpine USA. The Alpine iLX-507 suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to execute code in a root context...

(0Day) (Pwn2Own) Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the parsi...

Alpine iLX-507 安全漏洞

The Alpine iLX-507 is a multimedia receiver from Alpine USA. The Alpine iLX-507 suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to execute code in a root context...

(0Day) (Pwn2Own) Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Alpine iLX-507 devices. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the parsing of vCard data...

SUSE CVE-2025-53945

apko allows users to build and publish OCI container images built from apk packages. Starting in version 0.27.0 and prior to version 0.29.5, critical files were inadvertently set to 0666, which could likely be abused for root escalation. Version 0.29.5 contains a fix for the issue...

ALPINE-CVE-2025-6170

A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare...

ALPINE-CVE-2025-46802

For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session...

CVE-2024-23962

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DLT interface, which listens on TCP port 3490 by default. The issue...

CVE-2024-23963

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists...

CVE-2022-22704

The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would in effect determine part of the configuration...

CVE-2021-29133

Lack of verification in haserl, a component of Alpine Linux Configuration Framework, before 0.9.36 allows local users to read the contents of any file on the filesystem...