8 results (0.013 seconds)

CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1

The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration. El paquete zabbix-agent2 versiones anteriores a 5.4.9-r1 para Alpine Linux, permite a veces la escalada de privilegios a root porque el diseño esperaba incorrectamente que systemd determinara (en efecto) parte de la configuración. • https://gitlab.alpinelinux.org/alpine/aports/-/issues/13368 • CWE-909: Missing Initialization of Resource •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used. En el paquete xrdp (en las ramas hasta 3.14) para Alpine Linux, las sesiones RDP son vulnerables a ataques de tipo man-in-the-middle porque se usan certificados RSA pregenerados y claves privadas • https://gitlab.alpinelinux.org/alpine/aports/-/issues/12811 • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a buffer overflow and crash. En Alpine Linux apk-tools versiones anteriores a 2.12.5, el analizador tarball permite un desbordamiento y bloqueo del búfer • https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10741 https://gitlab.alpinelinux.org/alpine/aports/-/issues/12606 • CWE-125: Out-of-bounds Read •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key. Alpine Linux abuild hasta 3.4.0 permite a un miembro sin privilegios del grupo abuild agregar un paquete no seguro a través de una opción --keys-dir que provoca la aceptación de una clave de firma no segura • https://code.foxkit.us/adelie/packages/commit/15b160780c6eeff7048063c099a7f8757e1d8391 https://github.com/sroracle/abuild/commit/4f90ce92778d0ee302e288def75591b96a397c8b https://security.netapp.com/advisory/ntap-20190625-0005 • CWE-668: Exposure of Resource to Wrong Sphere CWE-862: Missing Authorization •

CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 1

Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container which utilize Linux PAM, or some other mechanism which uses the system shadow file as an authentication database, may accept a NULL password for the `root` user. Algunas versiones de las imágenes de Official Alpine Linux Docker (desde v3.3) contienen una contraseña NULL para el usuario `root`. Esta vulnerabilidad parece ser el resultado de una regresión introducida en diciembre de 2015. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00004.html http://www.securityfocus.com/bid/108288 https://alpinelinux.org/posts/Docker-image-vulnerability-CVE-2019-5021.html https://security.netapp.com/advisory/ntap-20190510-0001 https://support.f5.com/csp/article/K25551452 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0782 • CWE-258: Empty Password in Configuration File •