PT-2024-20205 · Alpine · Alpine Halo9

Name of the Vulnerable Software and Affected Versions: Alpine Halo9 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ability to pair a malicious...

PT-2024-20203 · Alpine · Alpine Halo9

Name of the Vulnerable Software and Affected Versions: Alpine Halo9 affected versions not specified Description: This issue allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this issue. The...

PT-2024-20204 · Alpine · Alpine Halo9

Name of the Vulnerable Software and Affected Versions: Alpine Halo9 devices affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. Authentication is not required to exploit this issue. The specific flaw exists...

(Pwn2Own) Alpine Halo9 Improper Verification of Cryptographic Signature Vulnerability

This vulnerability allows physically present attackers to bypass signature validation mechanism on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware metadata signature validation mechanism. Th...

PT-2024-20181 · Alpine · Alpine Halo9

Name of the Vulnerable Software and Affected Versions: Alpine Halo9 affected versions not specified Description: This issue allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this issue. The...

(Pwn2Own) Alpine Halo9 Missing Authentication Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DLT interface, which listens on TCP port 3490 by default. The issue...

PT-2024-20188 · Alpine · Alpine Halo9

Name of the Vulnerable Software and Affected Versions: Alpine Halo9 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ability to pair a malicious...

(Pwn2Own) Alpine Halo9 UPDM_wemCmdCreatSHA256Hash Command Injection Remote Code Execution Vulnerability

This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPDMwemCmdCreatSHA256Hash function. The issue results from the lack...

OPENSUSE-SU-2024:10613-1 alpine-2.25-24.1 on GA media

These are all security issues fixed in the alpine-2.25-24.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12314-1 alpine-2.26-27.1 on GA media

These are all security issues fixed in the alpine-2.26-27.1 package on the GA media of openSUSE Tumbleweed...

ALPINE-CVE-2024-26256

Libarchive Remote Code Execution Vulnerability...

Backdoored XZ Utils (CVE-2024-3094)

On Friday, March 29, after investigating anomalous behavior in his Debian sid environment, developer Andres Freund contacted an open-source security mailing list to share that he had discovered an upstream backdoor in widely used command line tool XZ Utils liblzma. The backdoor, added by an...

Exploit for Embedded Malicious Code in Tukaani Xz

Vulnerability Overview XZ is a data compression format that e...

ALPINE-CVE-2024-28085

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked. There may be plausible...

ALPINE-CVE-2024-28835

A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command...

ALPINE-CVE-2023-46840

Incorrect placement of a preprocessor directive in source code results in logic that doesn't operate as intended when support for HVM guests is compiled out of Xen...

ALPINE-CVE-2023-52426

libexpat through 2.5.0 allows recursive XML Entity Expansion if XMLDTD is undefined at compile time...

Pwn2Own Automotive: Tesla, Sony, Alpine Players Breached on Day One

By Deeba Ahmed Bug Bounty Bonanza: Hackers Rake in Big Bucks as Connected Cars Show Security Cracks. This is a post from HackRead.com Read the original post: Pwn2Own Automotive: Tesla, Sony, Alpine Players Breached on Day One...

alpineaction.co.uk Cross Site Scripting vulnerability OBB-3829768

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

alpine-property.fr Improper Access Control vulnerability OBB-3821075

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...