897 matches found
ALPINE-CVE-2026-23556
When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are leaked. When the domain ID is eventually reused, the new domain can create fewer nodes before beeing deemed to be over quota...
GO-2026-5778 Rekor has an OOM Condition due to Unbounded gzip Decompression in Alpine APK Parsing Logic in github.com/sigstore/rekor
Rekor has an OOM Condition due to Unbounded gzip Decompression in Alpine APK Parsing Logic in github.com/sigstore/rekor...
OPENSUSE-SU-2026:21072-1 Security update for trivy
This update for trivy fixes the following issues Update to version 0.71.2: - CVE-2026-44740: github.com/go-git/go-billy/v5: improper input handling in many components can lead to DoS via infinite loops, panics or resource consumption bsc1267268. - CVE-2026-46680:...
GHSA-47Q9-M4WW-924M Rekor has an OOM Condition due to Unbounded gzip Decompression in Alpine APK Parsing Logic
Description The Package.Unmarshal function in pkg/types/alpine/apk.go decompresses the signature and control gzip members of an APK file into in-memory buffers without bounding the total decompressed size. The existing maxapkmetadatasize check default 1MB is only applied to individual tar entry...
CVE-2026-49319
Remote Keyless Entry System RKES, using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authentication. An attacker within RF range who records two consecutive lock or unlock transmissions from a...
ALPINE-CVE-2026-56409
xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used...
ALPINE-CVE-2026-56410
xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId...
ALPINE-CVE-2026-56403
libexpat before 2.8.2 has an integer overflow in storeAtts...
ROOT-OS-ALPINE-324-CVE-2026-7383 CVE-2026-7383 in rootio-openssl - Patched by Root
Root has patched CVE-2026-7383 in the rootio-openssl package for Root:Alpine:3.24. Multiple fixed versions available...
Dirty-cow-exploit
System Documentation Architecture - Frontend: React 19...
ROOT-OS-ALPINE-323-CVE-2026-49975 CVE-2026-49975 in rootio-apache2 - Patched by Root
Root has patched CVE-2026-49975 in the rootio-apache2 package for Root:Alpine:3.23. Multiple fixed versions available...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: irqchip/alpine-msi: The refcount leak in alpinemsixinitdomains has been fixed. The function ofirqfindparent returns a node pointer with the refcount incremented. We should use ofnodeput on it when it is no longer needed. Add...
CVE-2026-42575
apko allows users to build and publish OCI container images built from apk packages. Prior to version 1.2.7, apko verifies the signature on APKINDEX.tar.gz but never compares individually downloaded .apk packages against the checksum recorded in the signed index. The checksum is parsed and...
ALPINE-CVE-2026-4873
A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text via IMAP, SMTP, or POP3, a subsequent request to that same host bypasses the TLS requirement and instead transm...
CVE-2026-42574 apko dirFS has a symlink-following path traversal that allows multiple entry points to escape the build root
apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before version 1.2.5, a crafted .apk could install a TypeSymlink tar entry whose target pointed outside the build root, and a subsequent directory-creation or file-write entry in the same o...
apko 路径遍历漏洞
Apko is an open-source OCI image builder based on APK. In versions 0.14.8 to 1.2.5 of Apko, there was a path traversal vulnerability. This vulnerability occurred because specially crafted APK packages could install entries that pointed to directories other than the build root directory. This...
Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain
Cybersecurity researchers have warned of malicious images pushed to the official "checkmarx/kics" Docker Hub repository. In an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to have overwritten existing tags, including v2.1.20 and...
ALPINE-CVE-2026-25835
Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator PRNG...
ALPINE-CVE-2026-25834
Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade...
ROOT-OS-ALPINE-319-CVE-2023-5568 CVE-2023-5568 in rootio-samba - Patched by Root
Root has patched CVE-2023-5568 in the rootio-samba package for Root:Alpine:3.19. Multiple fixed versions available...