CVE-2021-38370

In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS...

CVE-2021-27971

Alps Alpine Touchpad Driver 10.3201.101.215 is vulnerable to DLL Injection...

CVE-2021-36158

In the xrdp package in branches through 3.14 for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used...

CVE-2021-30139

In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a buffer overflow and crash...

CVE-2020-35196

The official rabbitmq docker images before 3.7.13-beta.1-management-alpine Alpine specific contain a blank password for a root user. System using the rabbitmq docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank passwor...

CVE-2017-20087

A vulnerability, which was classified as problematic, has been found in Alpine PhotoTile for Instagram Plugin 1.2.7.7. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely...

ALPINE-CVE-2025-47268

ping in iputils before 20250602 allows a denial of service application error or incorrect data collection via a crafted ICMP Echo Reply packet, because of a signed 64-bit integer overflow in timestamp multiplication...

Android Spyware Disguised as Alpine Quest App Targets Russian Military Devices

Cybersecurity researchers have revealed that Russian military personnel are the target of a new malicious campaign that distributes Android spyware under the guise of the Alpine Quest mapping software. "The attackers hide this trojan inside modified Alpine Quest mapping software and distribute it...

Fake Alpine Quest Mapping App Spotted Spying on Russian Military

Fake Alpine Quest app laced with spyware was used to target Russian military Android devices, stealing location data,…...

ALPINE-CVE-2025-31160

atop through 2.11.0 allows local users to cause a denial of service e.g., assertion failure and application exit or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop...

Ubuntu: Security Advisory (USN-7360-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7360-1: Alpine vulnerabilities

It was discovered that Alpine did not use a secure connection under certain circumstances. A remote attacker could possibly use this issue to leak sensitive information. CVE-2020-14929 It was discovered that Alpine could allow untagged responses from an IMAP server before upgrading to a TLS...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Alpine vulnerabilities (USN-7360-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7360-1 advisory. It was discovered that Alpine did not use a secure connection under certain circumstances. A remote attacker could possibly use...

SUSE-SU-2025:0857-1 Security update for build

This update for build fixes the following issues: - CVE-2024-22038: Fixed DoS attacks, information leaks with crafted Git repositories bnc1230469 Other fixes: - Fixed behaviour when using '--shell' aka 'osc shell' option in a VM build. Startup is faster and permissions stay intact now. - fixes fo...

ALPINE-CVE-2024-12133

A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate,...

CVE-2022-23553

Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows URL access filter bypass. This issue has been fixed in version 1.10.4. There are no known workarounds...

ALPINE-CVE-2025-0725

When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPTACCEPTENCODING option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow...

CVE-2024-23963

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists...

CVE-2024-23962

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DLT interface, which listens on TCP port 3490 by default. The issue...

Alpine Halo9 安全漏洞

Alpine Halo9 is a multimedia player from Alpine. A security vulnerability exists in Alpine Halo9 that stems from a lack of authentication before allowing access to features. An attacker exploiting the vulnerability could execute arbitrary code...