ALPINE-CVE-2019-13310

ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c...

ALPINE-CVE-2019-13297

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled...

ALPINE-CVE-2019-13302

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCore/fourier.c in ComplexImages...

ALPINE-CVE-2019-13295

ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled...

The vulnerability of the Alpine Linux Docker distribution, related to the use of a empty password for the pre-installed account, allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Alpine Linux Docker distribution stems from the use of a empty password for the pre-installed root account. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

CVE-2019-12875

Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key...

CVE-2019-12875

Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key...

Design/Logic Flaw

Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key...

CVE-2019-12875

CVE-2019-12875 concerns Alpine Linux abuild up to version 3.4.0. The vulnerability arises because an unprivileged member of the abuild group can misuse a --keys-dir option to cause acceptance of an untrusted signing key, enabling the introduction of an untrusted package. The Red Hat advisory corr...

CVE-2019-12875

Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key...

Alpine Docker Image Vulnerability (CVE-2019-5021): How to Detect and Fix

A vulnerability affecting the official Alpine Docker images version =3.3 contains a null password for the root user. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container that utilize Linux PAM, or some other mechanism that uses the system shadow...

Ubuntu 18.04 lxd Privilege Escalation

!/usr/bin/env bash ---------------------------------- Authors: Marcelo Vazquez S4vitar Victor Lasa vowkin ---------------------------------- Step 1: Download build-alpine = wget https://raw.githubusercontent.com/saghul/lxd-alpine-builder/master/build-alpine Attacker Machine Step 2: Build alpine =...

Ubuntu 18.04 - lxd Privilege Escalation

Ubuntu 18.04 - lxd Privilege Escalation !/usr/bin/env bash ---------------------------------- Authors: Marcelo Vazquez S4vitar Victor Lasa vowkin ---------------------------------- Step 1: Download build-alpine = wget https://raw.githubusercontent.com/saghul/lxd-alpine-builder/master/build-alpine...

Ubuntu 18.04 - 'lxd' Privilege Escalation

!/usr/bin/env bash ---------------------------------- Authors: Marcelo Vazquez S4vitar Victor Lasa vowkin ---------------------------------- Step 1: Download build-alpine = wget https://raw.githubusercontent.com/saghul/lxd-alpine-builder/master/build-alpine Attacker Machine Step 2: Build alpine =...

ALPINE-CVE-2018-12130

Microarchitectural Fill Buffer Data Sampling MFBDS: Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here:...

ALPINE-CVE-2018-12126

Microarchitectural Store Buffer Data Sampling MSBDS: Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here:...

ALPINE-CVE-2019-5436

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1...

Alpine Linux Docker Images Shipped for 3 Years with Root Accounts Unlocked

For three years, some Alpine Linux Docker images have shipped with a root account and no password, opening the door for attackers to easily access vulnerable servers and workstations provisioned for the images. Affected versions of Alpine Linux Docker distros include 3.3, 3.4, 3.5, 3.6, 3.7, 3.8...

CVE-2019-5021

Versions of the Official Alpine Linux Docker images since v3.3 contain a NULL password for the root user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux...

CVE-2019-5021

Versions of the Official Alpine Linux Docker images since v3.3 contain a NULL password for the root user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux...