ALPINE-CVE-2019-18408

archivereadformatrarreaddata in archivereadsupportformatrar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVEFAILED situation, related to Ppmd7DecodeSymbol...

ALPINE-CVE-2019-18218

cdfreadpropertyinfo in cdf.c in file through 5.37 does not restrict the number of CDFVECTOR elements, which allows a heap-based buffer overflow 4-byte out-of-bounds write...

ALPINE-CVE-2019-17543

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4write32 related to LZ4compressdestSize, affecting applications that call LZ4compressfast with a large input. This issue can also lead to data corruption. NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."...

WordPress alpine-photo-tile-for-instagram plugin cross-site request forgery vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL. alpine-photo-tile-for-instagram is a plugin used in it to retrieve photos or hashtags of specific Instagram users. A...

ALPINE-CVE-2019-15166

lmpprintdatalinksubobjs in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks...

CVE-2015-9432

The alpine-photo-tile-for-instagram plugin before 1.2.7.6 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=alpine-photo-tile-for-instagram-settings tab parameter...

Cross site request forgery (csrf)

The alpine-photo-tile-for-instagram plugin before 1.2.7.6 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=alpine-photo-tile-for-instagram-settings tab parameter...

CVE-2015-9432

The alpine-photo-tile-for-instagram plugin before 1.2.7.6 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=alpine-photo-tile-for-instagram-settings tab parameter...

CVE-2015-9432

The vulnerability CVE-2015-9432 affects the WordPress plugin alpine-photo-tile-for-instagram, specifically versions prior to 1.2.7.6. It enables a cross-site scripting (XSS) condition that can result from a CSRF flaw via the plugin’s settings page (wp-admin/options-general.php?page=alpine-photo-t...

ALPINE-CVE-2019-16707

Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx...

ALPINE-CVE-2019-5482

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3...

ALPINE-CVE-2019-9514

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RSTSTREAM frames from the peer. Depending on how the peer queues the...

ALPINE-CVE-2019-9516

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory fo...

ALPINE-CVE-2019-14697

musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code...

ALPINE-CVE-2018-4700

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-4300. Reason: This candidate is a duplicate of CVE-2018-4300. Notes: All CVE users should reference CVE-2018-4300 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

Dockernymous - A Script Used To Create A Whonix Like Gateway/Workstation Environment With Docker Containers

Dockernymous is a start script for Docker that runs and configures two individual Linux containers in order act as a anonymisation workstation-gateway set up. It's aimed towards experienced Linux/Docker users, security professionals and penetration testers! The gateway container acts as a...

ALPINE-CVE-2019-13636

In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c...

ALPINE-CVE-2019-13310

ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c...

ALPINE-CVE-2019-13308

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCore/fourier.c in ComplexImage...

ALPINE-CVE-2019-13311

ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error...