SUSE CVE-2021-29133

Lack of verification in haserl, a component of Alpine Linux Configuration Framework, before 0.9.36 allows local users to read the contents of any file on the filesystem...

SUSE CVE-2021-38370

In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS...

ALPINE-CVE-2022-42330

Guests can cause Xenstore crash via soft reset When a guest issues a "Soft Reset" e.g. for performing a kexec the libxl based Xen toolstack will normally perform a XSRELEASE Xenstore operation. Due to a bug in xenstored this can result in a crash of xenstored. Any other use of XSRELEASE will have...

ALPINE-CVE-2022-23816

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none...

results.alpinecalendar.ca Cross Site Scripting vulnerability OBB-3150728

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

GLSA-202301-07 : Alpine: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202301-07 Alpine: Multiple Vulnerabilities - In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS. CVE-2021-38370 - Alpine before 2.25 allows remote attackers to cause a denial of service...

Alpine: Multiple Vulnerabilities

Background Alpine is an easy to use text-based based mail and news client. Description Multiple vulnerabilities have been discovered in Alpine. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...

ALPINE-CVE-2022-47952

lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates...

alpine-residences.fr Cross Site Scripting vulnerability OBB-3123606

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2022-23553

Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows URL access filter bypass. This issue has been fixed in version 1.10.4. There are no known workarounds...

CVE-2022-23554

Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows Authentication Filter bypass. The AuthenticationFilter relies on the request URI to evaluate if the user is accessing the swagger endpoint. By accessing a URL with a path such as /api/foo;%2fapi%2fswagger the contains...

Design/Logic Flaw

Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows URL access filter bypass. This issue has been fixed in version 1.10.4. There are no known workarounds...

Race condition

Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows Authentication Filter bypass. The AuthenticationFilter relies on the request URI to evaluate if the user is accessing the swagger endpoint. By accessing a URL with a path such as /api/foo;%2fapi%2fswagger the contains...

CVE-2022-23554 Authentication bypass in Alpine

Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows Authentication Filter bypass. The AuthenticationFilter relies on the request URI to evaluate if the user is accessing the swagger endpoint. By accessing a URL with a path such as /api/foo;%2fapi%2fswagger the contains...

CVE-2022-23554 Authentication bypass in Alpine

Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows Authentication Filter bypass. The AuthenticationFilter relies on the request URI to evaluate if the user is accessing the swagger endpoint. By accessing a URL with a path such as /api/foo;%2fapi%2fswagger the contains...

CVE-2022-23554 Authentication bypass in Alpine

Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows Authentication Filter bypass. The AuthenticationFilter relies on the request URI to evaluate if the user is accessing the swagger endpoint. By accessing a URL with a path such as /api/foo;%2fapi%2fswagger the contains...

CVE-2022-23554

CVE-2022-23554 affects Alpine (Java scaffolding library). Multiple sources confirm: versions prior to 1.10.4 allow an Authentication Filter bypass by relying on the request URI to decide swagger endpoint access. For example, a crafted URL such as /api/foo;%2fapi%2fswagger causes the filter to ret...

CVE-2022-23553 URL access filters bypass in Alpine

Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows URL access filter bypass. This issue has been fixed in version 1.10.4. There are no known workarounds...

CVE-2022-23553 URL access filters bypass in Alpine

Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows URL access filter bypass. This issue has been fixed in version 1.10.4. There are no known workarounds...

CVE-2022-23553

Alpine is a Java scaffolding library. CVE-2022-23553 describes a URL access filter bypass in Alpine versions prior to 1.10.4. The issue is fixed in version 1.10.4; there are no publicly documented workarounds in the provided sources. Affected component is the URL filtering logic within Alpine’s f...