888 matches found
Alpine Halo9 安全漏洞
Alpine Halo9 is a multimedia player from Alpine. A security vulnerability exists in Alpine Halo9 that stems from a failure to properly validate the length of user-supplied data before copying it to a stack-based buffer. An attacker exploiting this vulnerability could execute code in a rooted...
CVE-2024-23963 Alpine Halo9 Stack-based Buffer Overflow
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists...
CVE-2024-23963
CVE-2024-23963 concerns Alpine Halo9 devices. The flaw is in the PBAP_DecodeVCARD function where insufficient validation of user-supplied data length before copying to a stack-based buffer allows a network-adjacent attacker who can pair a malicious Bluetooth device to execute code with root privi...
CVE-2024-23963 Alpine Halo9 Stack-based Buffer Overflow
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists...
CVE-2024-23962 Alpine Halo9 Missing Authentication
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DLT interface, which listens on TCP port 3490 by default. The issue...
CVE-2024-23962 Alpine Halo9 Missing Authentication
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DLT interface, which listens on TCP port 3490 by default. The issue...
CVE-2024-23962
CVE-2024-23962 (Alpine Halo9) : The flaw exists in the DLT interface, which listens on TCP port 3490. It permits remote attackers to disclose sensitive information due to a lack of authentication before accessing functionality. The impact is described as attackers potentially leveraging this in c...
PT-2025-31667 · Alpine · Alpine Ilx-507
Name of the Vulnerable Software and Affected Versions: Alpine iLX-507 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. User interaction is required, specifically, the target mus...
PT-2025-31670 · Alpine +1 · Alpine Ilx-507 +1
Name of the Vulnerable Software and Affected Versions: Alpine iLX-507 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices without authentication. The flaw resides within the Tidal...
PT-2025-31665 · Alpine · Alpine Ilx-507
Name of the Vulnerable Software and Affected Versions: Alpine iLX-507 affected versions not specified Description: This issue allows physically present attackers to execute arbitrary code on affected installations. Authentication is not required for exploitation. The flaw resides within the UPDM...
PT-2025-31669 · Alpine · Alpine Ilx-507
Name of the Vulnerable Software and Affected Versions: Alpine iLX-507 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected devices. User interaction is required, specifically the target must connect to a malicious Bluetoot...
PT-2025-31668 · Alpine +1 · Alpine Ilx-507 +1
Name of the Vulnerable Software and Affected Versions: Alpine iLX-507 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Authentication is not required for exploitation. The flaw resides within the TIDAL...
PT-2025-31664 · Alpine · Alpine Ilx-507
Name of the Vulnerable Software and Affected Versions: Alpine iLX-507 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. User interaction is required to exploit this, as the targe...
PT-2025-31666 · Alpine · Alpine Ilx-507
Name of the Vulnerable Software and Affected Versions: Alpine iLX-507 affected versions not specified Description: A stack-based buffer overflow vulnerability exists in the Apple CarPlay protocol implementation of the Alpine iLX-507. This flaw allows a physically present attacker to execute...
frood, an Alpine initramfs NAS
My NAS, frood, has a bit of a weird setup. It’s just one big initramfs containing a whole Alpine Linux system. It’s delightful and I am not sure why it’s not more common. As long as the bootloader can find the kernel and initramfs, the machine comes up cleanly. A/B deployments and rollbacks are...
ALPINE-CVE-2024-54661
readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file...
ALPINE-CVE-2024-50612
libsndfile through 1.2.2 has an oggvorbis.c vorbisanalysiswrote out-of-bounds read...
Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining
The infamous cryptojacking group known as TeamTNT appears to be readying for a new large-scale campaign targeting cloud-native environments for mining cryptocurrencies and renting out breached servers to third-parties. "The group is currently targeting exposed Docker daemons to deploy Sliver...
ALPINE-CVE-2024-49195
Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair...
CVE-2024-23961
Alpine Halo9 UPDMwemCmdUpdFSpeDecomp Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specifi...