You can use boolean logic (e.g. AND/OR/NOT) for complex search queries. For more help and examples, see the search documentation.
Search by package name:
my-package (implicit)
name:my-package (explicit)
Search by package filename:
filename:my-package.ext
Search by package tag:
tag:latest
Search by package version:
version:1.0.0
prerelease:true (prereleases)
prerelease:false (no prereleases)
Search by package architecture:
architecture:x86_64
Search by package distribution:
distribution:el
Search by package license:
license:MIT
Search by package format:
format:deb
Search by package status:
status:in_progress
Search by package file checksum:
checksum:5afba
Search by package security status:
severity:critical
Search by package vulnerabilities:
vulnerabilities:>1
vulnerabilities:<1000
Search by # of package downloads:
downloads:>8
downloads:<100
Search by package type:
type:binary
type:source
Search by package size (bytes):
size:>50000
size:<10000
Search by dependency name/version:
dependency:log4j
dependency:log4j=1.0.0
dependency:log4j>1.0.0
Search by uploaded date:
uploaded:>"1 day ago"
uploaded:<"August 14, 2022 EST"
Search by entitlement token (identifier):
entitlement:3lKPVJPosCsY
Search by policy violation:
policy_violated:true
deny_policy_violated:true
license_policy_violated:true
vulnerability_policy_violated:true
Search by repository:
repository:repo-name
Search by last download date:
last_downloaded:<"30 days ago"
last_downloaded:>"August 14, 2022 EST"
Search queries for all Debian-specific (and related) package types
Search by component:
deb_component:unstable
Search queries for all Maven-specific (and related) package types
Search by group ID:
maven_group_id:org.apache
Search queries for all Docker-specific (and related) package types
Search by image digest:
docker_image_digest:sha256:7c5..6d4
(full hashref only)
Search by layer digest:
docker_layer_digest:sha256:4c4..ae4
(full hashref only)
Search queries for all Generic-specific package types
Search by file path:
generic_filepath:path/to/file.txt
Search by directory:
generic_directory:path/to
Field type modifiers (depending on the type, you can influence behaviour)
For all queries, you can use:
~foo for negation
For string queries, you can use:
^foo to anchor to start of term
foo$ to anchor to end of term
foo*bar for fuzzy matching
For number/date or version queries, you can use:
>foo for values greater than
>=foo for values greater / equal
<foo for values less than
<=foo for values less / equal
Need a secure and centralised artifact repository to deliver Alpine,
Cargo,
CocoaPods,
Composer,
Conan,
Conda,
CRAN,
Dart,
Debian,
Docker,
Generic,
Go,
Helm,
Hex,
HuggingFace,
LuaRocks,
Maven,
MCP,
npm,
NuGet,
P2,
Python,
RedHat,
Ruby,
Swift,
Terraform,
Vagrant,
VSX,
Raw & More packages?
Cloudsmith is the new standard in Package / Artifact Management and Software Distribution.
With support for all major package formats, you can trust us to manage your software supply chain.
Alpine
Cargo
Composer
Dart
Debian
Go
Helm
Maven
npm
NuGet
Python
RedHat
Ruby
Swift
Terraform
Raw
demo-docs
/
awesome-repo
library/ubuntu
86a5209139e9282d3c20076f5a4…
One-liner (summary)
Description
| Status | Completed |
|---|---|
| Checksum (MD5) | 7fe7544192c747de531977fc4be30882 |
| Checksum (SHA-1) | 466c12b0244230faed10ac712975cbf024d167c3 |
| Checksum (SHA-256) | 86a5209139e9282d3c20076f5a4f6c6e15f2172a6412af6337d1ff206006dd8e |
| Checksum (SHA-512) | 029a53dee9acf770dc2a9313cdf273706a6953560ff2d0a155c8e58edf6d608029… |
| GPG Signature | |
| GPG Fingerprint | 6811684bac0b8895434e97bdd4391b8fb999e537 |
| Storage Region | Dublin, Ireland |
| Type | Binary (contains binaries and binary artifacts) |
| Uploaded At | 9 months, 3 weeks ago |
| Uploaded By |
|
| Slug Id | libraryubuntu-g3es |
| Unique Id | LIQnR3UO4b1L |
| Version (Raw) | 86a5209139e9282d3c20076f5a4f6c6e15f2172a6412af6337d1ff206006dd8e |
| Version (Parsed) |
|
| docker-specific metadata | |
| Image Digest | sha256:86a5209139e9282d3c20076f5a4f6c6e15f2172a6412af6337d1ff206006dd8e |
| Config Digest | sha256:66efa71479834df510135f9d3757c00eaf2b546189ff8e983b81e5c61a12f927 |
| V1 OCI Index Digest | sha256:48f9ef51b9501469dc9f7def030672dc55372dafa5fb20ac3d92286b55b527d2 |
| V1 Distribution (Signed) Digest | sha256:ab6f05d93c4eb148704877112818eef14646008cb653561f2b055e0965587a04 |
| V2 Distribution List Digest | sha256:5bdb9ca1297a97fa388000fcf23a72e9ee4934eead39af2ab2aaf77cc5f5fe46 |
| V2 Distribution Digest | sha256:3c69946dc20ffbc345cdcf6e08e4befaf1744e2de27a311b87c41c29e44a49f9 |
| V1 Distribution Digest | sha256:01f8ab8981fe285ac9265b8adaf7c8a83d8fabce4b5970c2524d8a791df700ec |
| V1 OCI Digest | sha256:86a5209139e9282d3c20076f5a4f6c6e15f2172a6412af6337d1ff206006dd8e |
| extended metadata | |
| Manifest Type | V1 OCI |
| Architecture | arm |
| Config | |
| Container | 7349a1905fc979c82006d936ab08273f7b770d51932fef31c746a7b2c78aef9b |
| Container Config | |
| Created | 2025-05-29 04:29:48 UTC |
| Docker Version | 24.0.7 |
| Os | linux |
This package was uploaded with the following V1 OCI manifest:
{"schemaVersion": 2, "mediaType": "application/vnd.oci.image.manifest.v1+json", "config": {"mediaType": "application/vnd.oci.image.config.v1+json", "size": 2311, "digest": "sha256:3830b4780b36a5b093b347c197659a0026c171f1c0853e8bbcb43d5ccb7b68b4"}, "layers": [{"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", "size": 26842221, "digest": "sha256:76393e3f1626a318c4984c6e6d91f17fe6888451b277b6cc175eab3a1032ebf5"}]}|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) ARG RELEASE |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) ARG LAUNCHPAD_BUILD_ARCH |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) LABEL org.opencontainers.image.ref.name=ubuntu |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) LABEL org.opencontainers.image.version=24.04 |
32 bytes | ||
|
Digest:
sha256:76393e3f1626a318c4984c6e6d91f17fe6888451b277b6cc175eab3a1032ebf5
Command: /bin/sh -c #(nop) ADD file:f5b71e3353c1f92a265c88e163d98b6fc00235db4d001763328933c4838f3576 in / |
25.6 MB | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) CMD ["/bin/bash"] |
32 bytes |
Last scanned
9 months, 3 weeks ago
Scan result
Vulnerable
Vulnerability count
18
Max. severity
Medium| Target: | LIQnR3UO4b1L.sbom-cyclonedx.json (ubuntu 24.04) | |
| MEDIUM |
CVE-2024-10041: pam: libpam: Libpam vulnerable to read hashed passwordA vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.Package Name: libpam-modules Installed Version: 1.5.3-5ubuntu5.1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2024-10963: pam: Improper Hostname Interpretation in pam_access Leads to Access Control BypassA flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.Package Name: libpam-modules Installed Version: 1.5.3-5ubuntu5.1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2024-10041: pam: libpam: Libpam vulnerable to read hashed passwordA vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.Package Name: libpam-modules-bin Installed Version: 1.5.3-5ubuntu5.1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2024-10963: pam: Improper Hostname Interpretation in pam_access Leads to Access Control BypassA flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.Package Name: libpam-modules-bin Installed Version: 1.5.3-5ubuntu5.1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2024-10041: pam: libpam: Libpam vulnerable to read hashed passwordA vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.Package Name: libpam-runtime Installed Version: 1.5.3-5ubuntu5.1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2024-10963: pam: Improper Hostname Interpretation in pam_access Leads to Access Control BypassA flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.Package Name: libpam-runtime Installed Version: 1.5.3-5ubuntu5.1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2024-10041: pam: libpam: Libpam vulnerable to read hashed passwordA vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.Package Name: libpam0g Installed Version: 1.5.3-5ubuntu5.1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2024-10963: pam: Improper Hostname Interpretation in pam_access Leads to Access Control BypassA flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.Package Name: libpam0g Installed Version: 1.5.3-5ubuntu5.1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2025-4598: systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dumpA vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.Package Name: libsystemd0 Installed Version: 255.4-1ubuntu8.6 Fixed Version: 255.4-1ubuntu8.8 References: www.openwall.com www.openwall.com access.redhat.com bugzilla.redhat.com git.kernel.org github.com github.com github.com github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov ubuntu.com www.cve.org www.openwall.com www.qualys.com |
|
| MEDIUM |
CVE-2025-4598: systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dumpA vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.Package Name: libudev1 Installed Version: 255.4-1ubuntu8.6 Fixed Version: 255.4-1ubuntu8.8 References: www.openwall.com www.openwall.com access.redhat.com bugzilla.redhat.com git.kernel.org github.com github.com github.com github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov ubuntu.com www.cve.org www.openwall.com www.qualys.com |
|
| LOW |
CVE-2016-2781: coreutils: Non-privileged session can escape to the parent session in chrootchroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.Package Name: coreutils Installed Version: 9.4-3ubuntu6 Fixed Version: References: seclists.org www.openwall.com www.openwall.com access.redhat.com lists.apache.org lore.kernel.org mirrors.edge.kernel.org nvd.nist.gov www.cve.org |
|
| LOW |
CVE-2022-3219: gnupg: denial of service issue (resource consumption) using compressed packetsGnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.Package Name: gpgv Installed Version: 2.4.4-2ubuntu17.2 Fixed Version: References: access.redhat.com bugzilla.redhat.com dev.gnupg.org dev.gnupg.org marc.info nvd.nist.gov security.netapp.com www.cve.org |
|
| LOW |
CVE-2016-20013sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.Package Name: libc-bin Installed Version: 2.39-0ubuntu8.4 Fixed Version: References: akkadia.org pthree.org twitter.com www.cve.org |
|
| LOW |
CVE-2016-20013sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.Package Name: libc6 Installed Version: 2.39-0ubuntu8.4 Fixed Version: References: akkadia.org pthree.org twitter.com www.cve.org |
|
| LOW |
CVE-2024-2236: libgcrypt: vulnerable to Marvin AttackA timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.Package Name: libgcrypt20 Installed Version: 1.10.3-2build1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com dev.gnupg.org errata.almalinux.org github.com gitlab.com linux.oracle.com linux.oracle.com lists.gnupg.org nvd.nist.gov www.cve.org |
|
| LOW |
CVE-2024-41996: openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculationsValidating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.Package Name: libssl3t64 Installed Version: 3.0.13-0ubuntu3.5 Fixed Version: References: access.redhat.com dheatattack.gitlab.io dheatattack.gitlab.io gist.github.com github.com github.com nvd.nist.gov openssl-library.org www.cve.org |
|
| LOW |
CVE-2024-56433: shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromiseshadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.Package Name: login Installed Version: 1:4.13+dfsg1-4ubuntu3.2 Fixed Version: References: access.redhat.com github.com github.com github.com nvd.nist.gov www.cve.org |
|
| LOW |
CVE-2024-56433: shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromiseshadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.Package Name: passwd Installed Version: 1:4.13+dfsg1-4ubuntu3.2 Fixed Version: References: access.redhat.com github.com github.com github.com nvd.nist.gov www.cve.org |
|
Package statistics are no longer available on cloudsmith.io. Please visit our new web app to access this feature.
These instructions assume you have setup the repository first (or read it).
To pull library/ubuntu @ reference/tag sha256:86a5209139e9282d3c20076f5a4f6c6e15f2172a6412af6337d1ff206006dd8e:
docker pull docker.cloudsmith.io/demo-docs/awesome-repo/library/ubuntu@sha256:86a5209139e9282d3c20076f5a4f6c6e15f2172a6412af6337d1ff206006dd8eYou can also pull the latest version of this image (if it exists):
docker pull docker.cloudsmith.io/demo-docs/awesome-repo/library/ubuntu:latestTo refer to this image after pulling in a Dockerfile, specify the following:
FROM docker.cloudsmith.io/demo-docs/awesome-repo/library/ubuntu@sha256:86a5209139e9282d3c20076f5a4f6c6e15f2172a6412af6337d1ff206006dd8e