ALPINE-CVE-2020-6581

Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nastymetachars interprets \n as the character \ and the character n not as the \n newline sequence. This can cause command injection...

ALPINE-CVE-2020-0034

In vp8decodeframe of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product...

ALPINE-CVE-2015-2104

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

ALPINE-CVE-2019-15606

Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons...

ALPINE-CVE-2019-15605

HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed...

Re2Pcap - Create PCAP file from raw HTTP request or response in seconds

Re2Pcap is abbreviation for Request2Pcap and Response2Pcap. Community users can quickly create PCAP file using Re2Pcap and test them against Snort rules. Re2Pcap allow you to quickly create PCAP file for raw HTTP request shown below POST /admin/tools/iplogging.cgi HTTP/1.1 Host: 192.168.13.31:80...

ALPINE-CVE-2020-8597

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eaprequest and eapresponse functions...

OpenSMTPD vulnerable to local privilege escalation and remote code execution

Overview Qualys Research Labs found that the smtpmailaddr function in OpenSMTPD version 6.6 does not properly sanitize user input, which could allow a local attacker to escalate their privileges, and allow either a local or remote attacker to execute arbitrary code as root. Description OpenSMTPD ...

ALPINE-CVE-2019-20421

In Jp2Image::readMetadata in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file...

ALPINE-CVE-2019-1350

A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387...

ALPINE-CVE-2019-20372

NGINX before 1.17.7, with certain errorpage configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer...

Dokuwiki 2018-04-22b Username Enumeration

Exploit Title: Dokuwiki 2018-04-22b - Username Enumeration Date: 2019-12-01 Exploit Author: Talha ŞEN Vendor Homepage: https://www.dokuwiki.org/dokuwiki Software Link: https://download.dokuwiki.org/ Version: 2018-04-22b "Greebo" Tested on: Alpine Linux 3.5 docker image PHP 5.6.30 Apache/2.4.25 Un...

Dokuwiki 2018-04-22b - Username Enumeration

Dokuwiki 2018-04-22b - Username Enumeration Exploit Title: Dokuwiki 2018-04-22b - Username Enumeration Date: 2019-12-01 Exploit Author: Talha ŞEN Vendor Homepage: https://www.dokuwiki.org/dokuwiki Software Link: https://download.dokuwiki.org/ Version: 2018-04-22b "Greebo" Tested on: Alpine Linux...

ALPINE-CVE-2019-19242

SQLite 3.30.1 mishandles pExpr-y.pTab, as demonstrated by the TKCOLUMN case in sqlite3ExprCodeTarget in expr.c...

ALPINE-CVE-2019-14856

ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None...

ALPINE-CVE-2019-10206

ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them...

ALPINE-CVE-2019-3466

The pgctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation...

alpine-space.org Open Redirect vulnerability

Open Bug Bounty ID: OBB-1015269 Security Researcher 41PH4 Helped patch 18 vulnerabilities Received 1 Coordinated Disclosure badges , a holder of 1 badges for responsible and coordinated disclosure, found a security vulnerability affecting alpine-space.org website and its users. Following...

ALPINE-CVE-2019-13508

FreeTDS through 1.1.11 has a Buffer Overflow...

ALPINE-CVE-2019-18521

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none...