Code injection

Alpine before 2.25 allows remote attackers to cause a denial of service application crash when LIST or LSUB is sent before STARTTLS...

UBUNTU-CVE-2021-46853

Alpine before 2.25 allows remote attackers to cause a denial of service application crash when LIST or LSUB is sent before STARTTLS...

Alpine 安全漏洞

Alpine is an email program. A security vulnerability exists in versions of Alpine prior to 2.25, which stems from the fact that it allows remote attackers to cause a denial of service when sending LIST or LSUB before STARTTLS...

CVE-2021-46853

Alpine before 2.25 allows remote attackers to cause a denial of service application crash when LIST or LSUB is sent before STARTTLS...

CVE-2021-46853

CVE-2021-46853 affects Alpine prior to 2.25. A remote attacker can cause an application crash (denial of service) by sending LIST or LSUB before STARTTLS. This issue arises from how the IMAP/mail handling processes pre-TLS commands, enabling a crash under network conditions. The connected documen...

CVE-2021-46853

Alpine before 2.25 allows remote attackers to cause a denial of service application crash when LIST or LSUB is sent before STARTTLS...

CVE-2021-46853

Alpine before 2.25 allows remote attackers to cause a denial of service application crash when LIST or LSUB is sent before STARTTLS...

CVE-2021-46853

Alpine before 2.25 allows remote attackers to cause a denial of service application crash when LIST or LSUB is sent before STARTTLS...

ALPINE-CVE-2022-43995

Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer...

ALPINE-CVE-2022-43680

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XMLExternalEntityParserCreate in out-of-memory situations...

ALPINE-CVE-2021-46848

GNU Libtasn1 before 4.19.0 has an ETYPEOK off-by-one array size check that affects asn1encodesimpleder...

ALPINE-CVE-2022-3638

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

ALPINE-CVE-2022-33746

P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable without intermediate preemption checks. Such checking for the need to preempt was so far missing...

ALPINE-CVE-2022-2906

An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service...

ALPINE-CVE-2022-3080

By sending specific queries to the resolver, an attacker can cause named to crash...

ALPINE-CVE-2022-2795

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service...

ALPINE-CVE-2022-3235

Use After Free in GitHub repository vim/vim prior to 9.0.0490...

Scanvus – my open source Vulnerability Scanner for Linux hosts and Docker images

Hello everyone! This video was recorded for the VMconf 22 Vulnerability Management conference, vmconf.pw. I will be talking about my open source project Scanvus. This project is already a year old and I use it almost every day. Alternative video link for Russia: Scanvus Simple Credentialed...

ALPINE-CVE-2022-38126

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

ALPINE-CVE-2022-2953

LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8...