Vulnerabilities (CVE)

Filtered by vendor Alpinelinux Subscribe
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-22704 2 Alpinelinux, Zabbix 2 Alpine Linux, Zabbix-agent2 2024-11-21 10.0 HIGH 9.8 CRITICAL
The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration.
CVE-2021-36158 1 Alpinelinux 1 Aports 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used.
CVE-2021-30139 1 Alpinelinux 1 Apk-tools 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a buffer overflow and crash.
CVE-2019-5021 4 Alpinelinux, F5, Gliderlabs and 1 more 4 Alpine Linux, Big-ip Controller, Docker-alpine and 1 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container which utilize Linux PAM, or some other mechanism which uses the system shadow file as an authentication database, may accept a NULL password for the `root` user.
CVE-2019-12875 1 Alpinelinux 1 Abuild 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key.
CVE-2018-1000849 1 Alpinelinux 1 Alpine Linux 2024-11-21 6.8 MEDIUM 8.8 HIGH
Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux' package manager) that can result in Remote Code Execution. This attack appear to be exploitable via A specially crafted APK-file can cause apk to write arbitrary data to an attacker-specified file, due to bugs in handling long link target name and the way a regular file is extracted.. This vulnerability appears to have been fixed in 2.6.10, 2.7.6, and 2.10.1.
CVE-2017-9671 1 Alpinelinux 1 Alpine Linux 2024-11-21 6.8 MEDIUM 7.8 HIGH
A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution, by crafting a malicious APKINDEX.tar.gz file with a bad pax header block.
CVE-2017-9669 1 Alpinelinux 1 Alpine Linux 2024-11-21 6.8 MEDIUM 7.8 HIGH
A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file.