888 matches found
ALPINE-CVE-2021-29133
Lack of verification in haserl, a component of Alpine Linux Configuration Framework, before 0.9.36 allows local users to read the contents of any file on the filesystem...
CVE-2021-29133
Lack of verification in haserl, a component of Alpine Linux Configuration Framework, before 0.9.36 allows local users to read the contents of any file on the filesystem...
Design/Logic Flaw
Lack of verification in haserl, a component of Alpine Linux Configuration Framework, before 0.9.36 allows local users to read the contents of any file on the filesystem...
CVE-2021-29133
CVE-2021-29133 affects haserl, a component of the Alpine Linux Configuration Framework. Before 0.9.36, it fails to verify context, enabling local users to read arbitrary files on the filesystem. Affected: haserl prior to 0.9.36 (Alpine Linux Configuration Framework). Known remediation: upgrade to...
CVE-2021-29133
Lack of verification in haserl, a component of Alpine Linux Configuration Framework, before 0.9.36 allows local users to read the contents of any file on the filesystem...
CVE-2021-29133
Lack of verification in haserl, a component of Alpine Linux Configuration Framework, before 0.9.36 allows local users to read the contents of any file on the filesystem...
Alpine Linux 安全漏洞
Alpine Linux is a lightweight Linux distribution for security applications. A security vulnerability exists in Alpine Linux Configuration Framework before 0.9.36, which stems from a lack of authentication in haserl and allows a local user to read the contents of any file on the file system...
ALPINE-CVE-2021-27290
ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option...
ALPINE-CVE-2021-20205
Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image...
ALPINE-CVE-2021-24032
Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to...
ALPINE-CVE-2021-27921
Pillow before 8.1.2 allows attackers to cause a denial of service memory consumption because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large...
ALPINE-CVE-2021-27097
The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT...
ALPINE-CVE-2021-27138
The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT...
ALPINE-CVE-2018-10340
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none...
MGASA-2021-0014 Updated alpine and c-client packages fix security vulnerability
Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do CVE-2020-14929...
Updated alpine and c-client packages fix security vulnerability
Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do CVE-2020-14929...
CVE-2020-35191
The official drupal docker images before 8.5.10-fpm-alpine Alpine specific contain a blank password for a root user. System using the drupal docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password...
CVE-2020-35196
The official rabbitmq docker images before 3.7.13-beta.1-management-alpine Alpine specific contain a blank password for a root user. System using the rabbitmq docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank passwor...
CVE-2020-35195
The official haproxy docker images before 1.8.18-alpine Alpine specific contain a blank password for a root user. System using the haproxy docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password...
CVE-2020-35197
The official memcached docker images before 1.5.11-alpine Alpine specific contain a blank password for a root user. System using the memcached docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password...