A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file.
7.8CVSS
7.9AI Score
0.024EPSS
A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution, by crafting a malicious APKINDEX.tar.gz file with a bad pax header block.
7.8CVSS
7.7AI Score
0.024EPSS
Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux' package manager) that can result in Remote Code Execution. This attack appear to be exploitable via A specially crafted APK-file can cause apk to write arbitrary data ...
8.8CVSS
9AI Score
0.026EPSS
Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key.
6.5CVSS
6.3AI Score
0.001EPSS
In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a buffer overflow and crash.
7.5CVSS
7.7AI Score
0.001EPSS
In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used.
5.9CVSS
5.6AI Score
0.001EPSS