Alpine Linux Small linux distribution popular as a base image for docker containers due to its size.
Products by Alpine Linux Sorted by Most Security Vulnerabilities since 2018
Alpine Linux2 vulnerabilities
A linux distribution popular for use in docker containers due to its small size.
By the Year
In 2024 there have been 0 vulnerabilities in Alpine Linux . Alpine Linux did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 1 | 9.80 |
2021 | 2 | 6.70 |
2020 | 0 | 0.00 |
2019 | 1 | 6.50 |
2018 | 1 | 8.80 |
It may take a day or so for new Alpine Linux vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Alpine Linux Security Vulnerabilities
The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected
CVE-2022-22704
9.8 - Critical
- January 06, 2022
The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration.
Missing Initialization of Resource
In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks
CVE-2021-36158
5.9 - Medium
- July 05, 2021
In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used.
Cleartext Storage of Sensitive Information
In Alpine Linux apk-tools before 2.12.5, the tarball parser
CVE-2021-30139
7.5 - High
- April 21, 2021
In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a buffer overflow and crash.
Out-of-bounds Read
Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option
CVE-2019-12875
6.5 - Medium
- June 18, 2019
Alpine Linux abuild through 3.4.0 allows an unprivileged member of the abuild group to add an untrusted package via a --keys-dir option that causes acceptance of an untrusted signing key.
AuthZ
Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux' package manager)
CVE-2018-1000849
8.8 - High
- December 20, 2018
Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux' package manager) that can result in Remote Code Execution. This attack appear to be exploitable via A specially crafted APK-file can cause apk to write arbitrary data to an attacker-specified file, due to bugs in handling long link target name and the way a regular file is extracted.. This vulnerability appears to have been fixed in 2.6.10, 2.7.6, and 2.10.1.
Improper Input Validation