CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2022-22704
https://notcve.org/view.php?id=CVE-2022-22704
06 Jan 2022 — The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration. El paquete zabbix-agent2 versiones anteriores a 5.4.9-r1 para Alpine Linux, permite a veces la escalada de privilegios a root porque el diseño esperaba incorrectamente que systemd determinara (en efecto) parte de la configuración. • https://gitlab.alpinelinux.org/alpine/aports/-/issues/13368 • CWE-909: Missing Initialization of Resource •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36158
https://notcve.org/view.php?id=CVE-2021-36158
05 Jul 2021 — In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used. En el paquete xrdp (en las ramas hasta 3.14) para Alpine Linux, las sesiones RDP son vulnerables a ataques de tipo man-in-the-middle porque se usan certificados RSA pregenerados y claves privadas • https://gitlab.alpinelinux.org/alpine/aports/-/issues/12811 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-30139
https://notcve.org/view.php?id=CVE-2021-30139
21 Apr 2021 — In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a buffer overflow and crash. En Alpine Linux apk-tools versiones anteriores a 2.12.5, el analizador tarball permite un desbordamiento y bloqueo del búfer • https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10741 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12875
https://notcve.org/view.php?id=CVE-2019-12875
18 Jun 2019 — Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key. Alpine Linux abuild hasta 3.4.0 permite a un miembro sin privilegios del grupo abuild agregar un paquete no seguro a través de una opción --keys-dir que provoca la aceptación de una clave de firma no segura • https://code.foxkit.us/adelie/packages/commit/15b160780c6eeff7048063c099a7f8757e1d8391 • CWE-668: Exposure of Resource to Wrong Sphere CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 1CVE-2019-5021
https://notcve.org/view.php?id=CVE-2019-5021
08 May 2019 — Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container which utilize Linux PAM, or some other mechanism which uses the system shadow file as an authentication database, may accept a NULL password for the `root` user. Algunas versiones de las imágenes de Officia... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00004.html • CWE-258: Empty Password in Configuration File •
CVSS: 8.8EPSS: 5%CPEs: 3EXPL: 1CVE-2018-1000849
https://notcve.org/view.php?id=CVE-2018-1000849
20 Dec 2018 — Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux' package manager) that can result in Remote Code Execution. This attack appear to be exploitable via A specially crafted APK-file can cause apk to write arbitrary data to an attacker-specified file, due to bugs in handling long link target name and the way a regular file is extracted.. This vulnerability appears to have been fixed in 2.6.10, 2.7.6, and 2.10.1. Alpine Linux, en v... • https://alpinelinux.org/posts/Alpine-3.8.1-released.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 2CVE-2017-9671
https://notcve.org/view.php?id=CVE-2017-9671
17 Jul 2017 — A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution, by crafting a malicious APKINDEX.tar.gz file with a bad pax header block. Un heap overflow en la apk (Paquete de gestión de Linux Alpine) permite a un atacante remoto causar una denegación de servicio, o conseguir la ejecución de código, mediante la manipulación del archivo malicioso APKINDEX.tar.gz con un mal bloque en cabecera pax. • http://www.openwall.com/lists/oss-security/2017/06/25/2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 2CVE-2017-9669
https://notcve.org/view.php?id=CVE-2017-9669
17 Jul 2017 — A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file. Un heap overflow en la apk (Paquete de gestión de Linux Alpine) permite a un atacante remoto causar una denegación de servicio, o conseguir la ejecución de código, mediante la manipulación del archivo malicioso APKINDEX.tar.gz • http://www.openwall.com/lists/oss-security/2017/06/25/2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •