899 matches found
Alpine Linux's package manager buffer overflow vulnerability
Alpine Linux's package manager apk is a package management tool for Linux. The tool is used to install, upgrade or remove software on a running system. A heap buffer overflow vulnerability exists in Alpine Linux's package manager. A remote attacker can exploit this vulnerability by creating a...
Alpine Linux's package manager buffer error vulnerability
Alpine Linux's package manager apk is a package management tool for Linux. The tool is used to install, upgrade or remove software on a running system. A heap buffer overflow vulnerability exists in Alpine Linux's package manager. A remote attacker can exploit this vulnerability by creating a...
Alpine Linux: from vulnerability discovery to code execution a-vulnerability warning-the black bar safety net
One, Foreword Recently I was in the Alpine Linux package Manager found two serious vulnerabilities, exploits, numbered CVE-2017-9669 and CVE-2017-9671。 If you are using Alpine, an attacker may use these two holes in your host to execute malicious code. Alpine Linux is a lightweight Linux...
Alpine Linux: From vulnerability discovery to code execution
I’ve recently uncovered two critical vulnerabilities in Alpine Linux’s package manager, assigned CVE-2017-9669 and CVE-2017-9671. These vulnerabilities could potentially lead to an attacker executing malicious code on your machines, if you are using Alpine knowingly or implicitly. Alpine Linux is...
ALPINE-CVE-2017-9023
The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service infinite loop via a crafted certificate...
ALPINE-CVE-2017-1000368
Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation embedded newlines in the getprocessttyname function resulting in information disclosure and command execution...
ALPINE-CVE-2017-8386
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with...
ALPINE-CVE-2016-9840
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic...
ALPINE-CVE-2016-9841
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic...
ALPINE-CVE-2016-7971
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...
WordPress Alpine PhotoTile For Instagram 1.2.7.7 XSS
------------------------------------------------------------------------ Cross-Site Scripting in Alpine PhotoTile for Instagram WordPress Plugin ------------------------------------------------------------------------ Antonis Manaras, July 2016...
Alpine PhotoTile - Authenticated Reflected Cross-Site Scripting (XSS)
The alpine-photo-tile-for-instagram WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting XSS security vulnerability...
ALPINE-CVE-2016-7986
The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow in print-geonet.c, multiple functions...
calgaryalpine.com XSS vulnerability
Vulnerable URL: http://www.calgaryalpine.com/?s=vdfvd%3C!%27/!%22/!%27/%22/--!%3E%3CInput/Autofocus/%0D/Onfocus=confirm%60OPENBUGBOUNTY%60//%3E%3CSvg%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly...
ALPINE-CVE-2016-7946
X.org libXi before 1.7.7 allows remote X servers to cause a denial of service infinite loop via vectors involving length fields...
ALPINE-CVE-2016-7167
Multiple integer overflows in the 1 curlescape, 2 curleasyescape, 3 curlunescape, and 4 curleasyunescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow...
ffmpeg and Libav cross-domain information disclosure vulnerability
Overview ffmpeg is a "cross-platform solution to record, convert and stream audio and video". ffmpeg is vulnerable to local file disclosure due to improper enforcement of domain restrictions when processing playlist files. Description CWE-201: Information Exposure Through Sent Data- CVE-2016-1897...
alpine-space.org vulnerability
Vulnerable URL: http://www.alpine-space.org/2000-2006/external.html?link=https://www.xssposed.org/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability status:| Publicly disclosed Alexa Rank| 18194204 Google Pagerank| 6 VIP website status:| No Check...
Alpine PhotoTile for Instagram <= 1.2.7.5 - Authenticated Cross-Site Scripting (XSS)
The alpine-photo-tile-for-instagram WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability...
WordPress Alpine PhotoTile for Instagram Plugin <= 1.2.7.5 - Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...