Package Search Help
You can use boolean logic (e.g. AND/OR/NOT) for complex search queries. For more help and examples, see the search documentation.
Search by package name:
my-package (implicit)
name:my-package (explicit)
Search by package filename:
filename:my-package.ext
Search by package tag:
tag:latest
Search by package version:
version:1.0.0
prerelease:true (prereleases)
prerelease:false (no prereleases)
Search by package architecture:
architecture:x86_64
Search by package distribution:
distribution:el
Search by package license:
license:MIT
Search by package format:
format:deb
Search by package status:
status:in_progress
Search by package file checksum:
checksum:5afba
Search by package security status:
severity:critical
Search by package vulnerabilities:
vulnerabilities:>1
vulnerabilities:<1000
Search by # of package downloads:
downloads:>8
downloads:<100
Search by package type:
type:binary
type:source
Search by package size (bytes):
size:>50000
size:<10000
Search by dependency name/version:
dependency:log4j
dependency:log4j=1.0.0
dependency:log4j>1.0.0
Search by uploaded date:
uploaded:>"1 day ago"
uploaded:<"August 14, 2022 EST"
Search by entitlement token (identifier):
entitlement:3lKPVJPosCsY
Search by policy violation:
policy_violated:true
deny_policy_violated:true
license_policy_violated:true
vulnerability_policy_violated:true
Search by repository:
repository:repo-name
Search by last download date:
last_downloaded:<"30 days ago"
last_downloaded:>"August 14, 2022 EST"
Search queries for all Debian-specific (and related) package types
Search by component:
deb_component:unstable
Search queries for all Maven-specific (and related) package types
Search by group ID:
maven_group_id:org.apache
Search queries for all Docker-specific (and related) package types
Search by image digest:
docker_image_digest:sha256:7c5..6d4
(full hashref only)
Search by layer digest:
docker_layer_digest:sha256:4c4..ae4
(full hashref only)
Search queries for all Generic-specific package types
Search by file path:
generic_filepath:path/to/file.txt
Search by directory:
generic_directory:path/to
Field type modifiers (depending on the type, you can influence behaviour)
For all queries, you can use:
~foo for negation
For string queries, you can use:
^foo to anchor to start of term
foo$ to anchor to end of term
foo*bar for fuzzy matching
For number/date or version queries, you can use:
>foo for values greater than
>=foo for values greater / equal
<foo for values less than
<=foo for values less / equal
Need a secure and centralised artifact repository to deliver Alpine,
Cargo,
CocoaPods,
Composer,
Conan,
Conda,
CRAN,
Dart,
Debian,
Docker,
Generic,
Go,
Helm,
Hex,
HuggingFace,
LuaRocks,
Maven,
MCP,
npm,
NuGet,
P2,
Python,
RedHat,
Ruby,
Swift,
Terraform,
Vagrant,
VSX,
Raw & More packages?
Cloudsmith is the new standard in Package / Artifact Management and Software Distribution.
With support for all major package formats, you can trust us to manage your software supply chain.
eventstore
(Kurrent)
/
eventstore-utils
A certifiably-awesome public package repository curated by Kurrent, hosted by Cloudsmith.
testdata
22.10.4-focal
One-liner (summary)
A certifiably-awesome package curated by Hayley Campbell, hosted by Cloudsmith.
Description
A certifiably-awesome package curated by Hayley Campbell, hosted by Cloudsmith.
| Status | Completed |
|---|---|
| GPG Signature | |
| Storage Region | Dublin, Ireland |
| Type | Binary (contains binaries and binary artifacts) |
| Uploaded At | 2 years, 4 months ago |
| Uploaded By |
|
| Slug Id | testdata-00q |
| Unique Id | ZgVBvTWwnPr5 |
| Version (Raw) | 22.10.4-focal |
| Version (Parsed) |
|
| Orig Version (Raw) | a86a75c60be32dbd34974ae16bdaa40d68db3bd2ec6af01d543f38ba8848806f |
| Orig Version (Parsed) |
|
| docker-specific metadata | |
| Image Digest | sha256:a86a75c60be32dbd34974ae16bdaa40d68db3bd2ec6af01d543f38ba8848806f |
| Config Digest | sha256:1555f927dba72cfff1d3f93af460ace5e5fc977ce24f7b81fac2e72b014d9a96 |
| V1 OCI Index Digest | sha256:16587fb739882e81d52204e8b9f6f15f0829837d9adf060352903771414096b0 |
| V1 Distribution (Signed) Digest | sha256:2f9aad8bf0e02c4a0d01359c5d276b1480a38876c66f8865476837eedaed7741 |
| V1 OCI Digest | sha256:ba77ae2b72dddd75c41784131a75876d812468161989a572878cc143bd8fa2a1 |
| V2 Distribution List Digest | sha256:0437175c25198bf30db96b56659b2263959bbedaa285080545a51d95ced1fe7e |
| V1 Distribution Digest | sha256:dd6937b65c8740ab518f03a384d78d7145cd781751b9ec8c7d220b24f4210187 |
| V2 Distribution Digest | sha256:a86a75c60be32dbd34974ae16bdaa40d68db3bd2ec6af01d543f38ba8848806f |
| extended metadata | |
| Manifest Type | V2 Distribution |
| Architecture | amd64 |
| Config | |
| Created | 2023-11-07 18:11:31 UTC |
| Os | linux |
This package was uploaded with the following V2 Distribution manifest:
{
"schemaVersion": 2,
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"config": {
"mediaType": "application/vnd.docker.container.image.v1+json",
"size": 6794,
"digest": "sha256:85338c61888da792d2c97f7ebed962d6c2a927abad1012fefa27045e28b0dc13"
},
"layers": [
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 28580681,
"digest": "sha256:7a2c559011895d255fce249c00396abff5ae7e0c0a92931d0ed493e71de78e3a"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 18302199,
"digest": "sha256:dc72d0a0d78475313d04628a06210b0d9463e7af0af71b4a24ccfb41c569ea18"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 3405965,
"digest": "sha256:d060d8b75ebf8260d5c9d61bdfadc0693596ab706d56bcf18f165d7d0db48422"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 116,
"digest": "sha256:76b14768c9adffc0a8d12d192ad363ca9ecf30817fa8a187615a12df19b1c4eb"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 1800,
"digest": "sha256:ea239d39dfbefbfc6038bbba4cc6735f1da998a755585ba91848f6434231dace"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 56394191,
"digest": "sha256:97567660f3ae941ae4510341f9f465cfa2a8a1bbc28dd2fb82911d5658c93f66"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 193,
"digest": "sha256:24cde44131f6f03520c8b1a625274502d7eb7fd8565eec3ad497c22ad7c5b1dd"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 178,
"digest": "sha256:eb0e3b36224a8a40e595fb9d432a5cae65cc8568bc83fb260975c74fd607a881"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 96,
"digest": "sha256:8297d6dac4f297987c21bab220049adc374a336f94432a3026dea1645a4048dd"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 150,
"digest": "sha256:40708d9650b7b60185560263e14f686c033936ea413fbafb26a59e3f7ff826bd"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 6388392,
"digest": "sha256:cb4fe9430b9e83fa9b2ae9812db83a2a71c5c791160fdf677822e7c410185f3f"
}
]
}|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) ARG RELEASE |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) ARG LAUNCHPAD_BUILD_ARCH |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) LABEL org.opencontainers.image.ref.name=ubuntu |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) LABEL org.opencontainers.image.version=20.04 |
32 bytes | ||
|
Digest:
sha256:7a2c559011895d255fce249c00396abff5ae7e0c0a92931d0ed493e71de78e3a
Command: /bin/sh -c #(nop) ADD file:4809da414c2d478b4d991cbdaa2df457f2b3d07d0ff6cf673f09a66f90833e81 in / |
27.3 MB | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) CMD ["/bin/bash"] |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: ENV ASPNETCORE_URLS=http://+:80 DOTNET_RUNNING_IN_CONTAINER=true |
32 bytes | ||
|
Digest:
sha256:dc72d0a0d78475313d04628a06210b0d9463e7af0af71b4a24ccfb41c569ea18
Command: RUN /bin/sh -c apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends ca-certificates libc6 libgcc1 libgssapi-krb5-2 libicu66 libssl1.1 libstdc++6 zlib1g && rm -rf /var/lib/apt/lists/* # buildkit |
17.5 MB | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: ARG RUNTIME=linux-x64 |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: ARG UID=1000 |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: ARG GID=1000 |
32 bytes | ||
|
Digest:
sha256:d060d8b75ebf8260d5c9d61bdfadc0693596ab706d56bcf18f165d7d0db48422
Command: RUN |3 RUNTIME=linux-x64 UID=1000 GID=1000 /bin/sh -c if [[ "${RUNTIME}" = "alpine-x64" ]]; then apk update && apk add --no-cache curl; else apt update && apt install -y curl && rm -rf /var/lib/apt/lists/*; fi # buildkit |
3.2 MB | ||
|
Digest:
sha256:76b14768c9adffc0a8d12d192ad363ca9ecf30817fa8a187615a12df19b1c4eb
Command: WORKDIR /opt/eventstore |
116 bytes | ||
|
Digest:
sha256:ea239d39dfbefbfc6038bbba4cc6735f1da998a755585ba91848f6434231dace
Command: RUN |3 RUNTIME=linux-x64 UID=1000 GID=1000 /bin/sh -c addgroup --gid ${GID} "eventstore" && adduser --disabled-password --gecos "" --ingroup "eventstore" --no-create-home --uid ${UID} "eventstore" # buildkit |
1.8 KB | ||
|
Digest:
sha256:97567660f3ae941ae4510341f9f465cfa2a8a1bbc28dd2fb82911d5658c93f66
Command: COPY /publish ./ # buildkit |
53.8 MB | ||
|
Digest:
sha256:24cde44131f6f03520c8b1a625274502d7eb7fd8565eec3ad497c22ad7c5b1dd
Command: RUN |3 RUNTIME=linux-x64 UID=1000 GID=1000 /bin/sh -c mkdir -p /var/lib/eventstore && mkdir -p /var/log/eventstore && mkdir -p /etc/eventstore && chown -R eventstore:eventstore /var/lib/eventstore /var/log/eventstore /etc/eventstore # buildkit |
193 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: USER eventstore |
32 bytes | ||
|
Digest:
sha256:eb0e3b36224a8a40e595fb9d432a5cae65cc8568bc83fb260975c74fd607a881
Command: RUN |3 RUNTIME=linux-x64 UID=1000 GID=1000 /bin/sh -c printf "ExtIp: 0.0.0.0\nIntIp: 0.0.0.0" >> /etc/eventstore/eventstore.conf # buildkit |
178 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: VOLUME [/var/lib/eventstore /var/log/eventstore] |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: EXPOSE map[1112/tcp:{} 1113/tcp:{} 2112/tcp:{} 2113/tcp:{}] |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: HEALTHCHECK &{["CMD-SHELL" "curl --fail --insecure https://localhost:2113/health/live || curl --fail http://localhost:2113/health/live || exit 1"] "5s" "5s" "0s" "0s" '\x18'} |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: ENTRYPOINT ["/opt/eventstore/EventStore.ClusterNode"] |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: USER root |
32 bytes | ||
|
Digest:
sha256:8297d6dac4f297987c21bab220049adc374a336f94432a3026dea1645a4048dd
Command: RUN /bin/sh -c mkdir /data && chown eventstore:eventstore /data # buildkit |
96 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: USER eventstore |
32 bytes | ||
|
Digest:
sha256:40708d9650b7b60185560263e14f686c033936ea413fbafb26a59e3f7ff826bd
Command: RUN /bin/sh -c ln -s /var/lib/eventstore /data/integration-tests # buildkit |
150 bytes | ||
|
Digest:
sha256:cb4fe9430b9e83fa9b2ae9812db83a2a71c5c791160fdf677822e7c410185f3f
Command: COPY dataset20MB/* /var/lib/eventstore/ # buildkit |
6.1 MB |
Last scanned
2 years, 4 months ago
Scan result
Vulnerable
Vulnerability count
59
Max. severity
High| Target: | . (ubuntu 20.04) | |
| MEDIUM |
CVE-2023-46218: curl: information disclosure by exploiting a mixed case flawThis flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.Package Name: curl Installed Version: 7.68.0-1ubuntu2.20 Fixed Version: 7.68.0-1ubuntu2.21 References: access.redhat.com curl.se cve.mitre.org hackerone.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org www.debian.org |
|
| MEDIUM |
CVE-2023-46218: curl: information disclosure by exploiting a mixed case flawThis flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.Package Name: libcurl4 Installed Version: 7.68.0-1ubuntu2.20 Fixed Version: 7.68.0-1ubuntu2.21 References: access.redhat.com curl.se cve.mitre.org hackerone.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org www.debian.org |
|
| MEDIUM |
CVE-2023-5981: gnutls: timing side-channel in the RSA-PSK authenticationA vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.Package Name: libgnutls30 Installed Version: 3.6.13-2ubuntu1.8 Fixed Version: 3.6.13-2ubuntu1.9 References: www.openwall.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org gnutls.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.gnupg.org nvd.nist.gov ubuntu.com ubuntu.com www.cve.org |
|
| MEDIUM |
CVE-2024-0553: gnutls: incomplete fix for CVE-2023-5981A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.Package Name: libgnutls30 Installed Version: 3.6.13-2ubuntu1.8 Fixed Version: 3.6.13-2ubuntu1.10 References: www.openwall.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org gitlab.com gnutls.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.gnupg.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org |
|
| MEDIUM |
CVE-2023-36054: krb5: Denial of service through freeing uninitialized pointerlib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.Package Name: libgssapi-krb5-2 Installed Version: 1.17-6ubuntu4.3 Fixed Version: 1.17-6ubuntu4.4 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org github.com github.com github.com linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com web.mit.edu www.cve.org |
|
| MEDIUM |
CVE-2023-36054: krb5: Denial of service through freeing uninitialized pointerlib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.Package Name: libk5crypto3 Installed Version: 1.17-6ubuntu4.3 Fixed Version: 1.17-6ubuntu4.4 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org github.com github.com github.com linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com web.mit.edu www.cve.org |
|
| MEDIUM |
CVE-2023-36054: krb5: Denial of service through freeing uninitialized pointerlib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.Package Name: libkrb5-3 Installed Version: 1.17-6ubuntu4.3 Fixed Version: 1.17-6ubuntu4.4 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org github.com github.com github.com linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com web.mit.edu www.cve.org |
|
| MEDIUM |
CVE-2023-36054: krb5: Denial of service through freeing uninitialized pointerlib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.Package Name: libkrb5support0 Installed Version: 1.17-6ubuntu4.3 Fixed Version: 1.17-6ubuntu4.4 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org github.com github.com github.com linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com web.mit.edu www.cve.org |
|
| MEDIUM |
CVE-2020-22916: Denial of service via decompression of crafted fileAn issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase.Package Name: liblzma5 Installed Version: 5.2.4-1ubuntu1.1 Fixed Version: References: web.archive.org access.redhat.com bugzilla.redhat.com bugzilla.suse.com cve.mitre.org github.com github.com nvd.nist.gov security-tracker.debian.org tukaani.org www.cve.org |
|
| MEDIUM |
CVE-2023-44487: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.Package Name: libnghttp2-14 Installed Version: 1.40.0-1ubuntu0.1 Fixed Version: 1.40.0-1ubuntu0.2 References: www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.openwall.com www.openwall.com access.redhat.com access.redhat.com access.redhat.com arstechnica.com aws.amazon.com blog.cloudflare.com blog.cloudflare.com blog.litespeedtech.com blog.qualys.com blog.vespa.ai bugzilla.proxmox.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.suse.com cgit.freebsd.org chaos.social cloud.google.com cloud.google.com community.traefik.io cve.mitre.org devblogs.microsoft.com discuss.hashicorp.com edg.io errata.almalinux.org errata.rockylinux.org forums.swift.org gist.github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com go.dev go.dev go.dev groups.google.com groups.google.com istio.io linkerd.io linux.oracle.com linux.oracle.com lists.apache.org lists.debian.org lists.debian.org lists.debian.org lists.debian.org lists.debian.org lists.debian.org lists.debian.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.w3.org mailman.nginx.org martinthomson.github.io msrc.microsoft.com msrc.microsoft.com my.f5.com netty.io news.ycombinator.com news.ycombinator.com news.ycombinator.com news.ycombinator.com nodejs.org nvd.nist.gov openssf.org pkg.go.dev seanmonstar.com security.gentoo.org security.netapp.com security.paloaltonetworks.com tomcat.apache.org tomcat.apache.org tomcat.apache.org tomcat.apache.org ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com www.bleepingcomputer.com www.cisa.gov www.cve.org www.darkreading.com www.debian.org www.debian.org www.debian.org www.debian.org www.debian.org www.debian.org www.haproxy.com www.mail-archive.com www.netlify.com www.nginx.com www.openwall.com www.phoronix.com www.theregister.com |
|
| MEDIUM |
CVE-2024-22365: pam: allowing unpriledged user to block another user namespacelinux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.Package Name: libpam-modules Installed Version: 1.3.1-5ubuntu4.6 Fixed Version: 1.3.1-5ubuntu4.7 References: www.openwall.com access.redhat.com cve.mitre.org github.com github.com github.com nvd.nist.gov ubuntu.com www.cve.org www.openwall.com |
|
| MEDIUM |
CVE-2024-22365: pam: allowing unpriledged user to block another user namespacelinux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.Package Name: libpam-modules-bin Installed Version: 1.3.1-5ubuntu4.6 Fixed Version: 1.3.1-5ubuntu4.7 References: www.openwall.com access.redhat.com cve.mitre.org github.com github.com github.com nvd.nist.gov ubuntu.com www.cve.org www.openwall.com |
|
| MEDIUM |
CVE-2024-22365: pam: allowing unpriledged user to block another user namespacelinux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.Package Name: libpam-runtime Installed Version: 1.3.1-5ubuntu4.6 Fixed Version: 1.3.1-5ubuntu4.7 References: www.openwall.com access.redhat.com cve.mitre.org github.com github.com github.com nvd.nist.gov ubuntu.com www.cve.org www.openwall.com |
|
| MEDIUM |
CVE-2024-22365: pam: allowing unpriledged user to block another user namespacelinux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.Package Name: libpam0g Installed Version: 1.3.1-5ubuntu4.6 Fixed Version: 1.3.1-5ubuntu4.7 References: www.openwall.com access.redhat.com cve.mitre.org github.com github.com github.com nvd.nist.gov ubuntu.com www.cve.org www.openwall.com |
|
| MEDIUM |
CVE-2023-7104: sqlite: heap-buffer-overflow at sessionfuzzA vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.Package Name: libsqlite3-0 Installed Version: 3.31.1-4ubuntu0.5 Fixed Version: 3.31.1-4ubuntu0.6 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com sqlite.org sqlite.org ubuntu.com vuldb.com vuldb.com www.cve.org |
|
| MEDIUM |
CVE-2023-48795: ssh: Prefix truncation attack on Binary Packet Protocol (BPP)The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.Package Name: libssh-4 Installed Version: 0.9.3-2ubuntu2.3 Fixed Version: 0.9.3-2ubuntu2.4 References: packetstormsecurity.com www.openwall.com www.openwall.com www.openwall.com access.redhat.com access.redhat.com access.redhat.com arstechnica.com arstechnica.com bugs.gentoo.org bugzilla.redhat.com bugzilla.redhat.com bugzilla.suse.com crates.io cve.mitre.org errata.almalinux.org errata.rockylinux.org filezilla-project.org forum.netgate.com git.libssh.org github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com github.com gitlab.com go.dev go.dev groups.google.com groups.google.com help.panic.com help.panic.com jadaptive.com jadaptive.com linux.oracle.com linux.oracle.com lists.debian.org lists.debian.org lists.debian.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org matt.ucc.asn.au nest.pijul.com news.ycombinator.com news.ycombinator.com news.ycombinator.com nova.app nvd.nist.gov oryx-embedded.com psirt.global.sonicwall.com roumenpetrov.info security-tracker.debian.org security-tracker.debian.org security-tracker.debian.org security-tracker.debian.org security.gentoo.org security.gentoo.org security.netapp.com security.netapp.com terrapin-attack.com thorntech.com thorntech.com twitter.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com winscp.net www.bitvise.com www.bitvise.com www.chiark.greenend.org.uk www.crushftp.com www.cve.org www.debian.org www.debian.org www.freebsd.org www.lancom-systems.de www.netsarang.com www.netsarang.com www.openssh.com www.openssh.com www.openwall.com www.openwall.com www.openwall.com www.paramiko.org www.reddit.com www.reddit.com www.suse.com www.suse.com www.terrapin-attack.com www.theregister.com www.vandyke.com |
|
| MEDIUM |
CVE-2023-6004: libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostnameA flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.Package Name: libssh-4 Installed Version: 0.9.3-2ubuntu2.3 Fixed Version: 0.9.3-2ubuntu2.5 References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com vin01.github.io www.cve.org www.libssh.org |
|
| MEDIUM |
CVE-2023-6918: libssh: Missing checks for return values for digestsA flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.Package Name: libssh-4 Installed Version: 0.9.3-2ubuntu2.3 Fixed Version: 0.9.3-2ubuntu2.5 References: access.redhat.com bugzilla.redhat.com cve.mitre.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.libssh.org www.libssh.org |
|
| MEDIUM |
CVE-2023-47038: perl: Write past buffer end via illegal user-defined Unicode propertyA vulnerability was found in perl. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.Package Name: perl-base Installed Version: 5.30.0-9ubuntu0.4 Fixed Version: 5.30.0-9ubuntu0.5 References: access.redhat.com bugs.debian.org bugzilla.redhat.com cve.mitre.org lists.fedoraproject.org nvd.nist.gov ubuntu.com www.cve.org |
|
| MEDIUM |
CVE-2023-39804: tar: Incorrectly handled extension attributes in PAX archives can lead to a crashA flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.Package Name: tar Installed Version: 1.30+dfsg-7ubuntu0.20.04.3 Fixed Version: 1.30+dfsg-7ubuntu0.20.04.4 References: access.redhat.com cve.mitre.org git.savannah.gnu.org nvd.nist.gov ubuntu.com www.cve.org |
|
| LOW |
CVE-2016-2781: coreutils: Non-privileged session can escape to the parent session in chrootchroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.Package Name: coreutils Installed Version: 8.30-3ubuntu2 Fixed Version: References: seclists.org www.openwall.com www.openwall.com access.redhat.com cve.mitre.org lists.apache.org lore.kernel.org nvd.nist.gov www.cve.org |
|
| LOW |
CVE-2022-3219: denial of service issue (resource consumption) using compressed packetsGnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.Package Name: gpgv Installed Version: 2.2.19-3ubuntu2.2 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org dev.gnupg.org dev.gnupg.org marc.info nvd.nist.gov security.netapp.com www.cve.org |
|
| LOW |
CVE-2016-20013sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.Package Name: libc-bin Installed Version: 2.31-0ubuntu9.12 Fixed Version: References: akkadia.org cve.mitre.org pthree.org twitter.com |
|
| LOW |
CVE-2023-4806: glibc: potential use-after-free in getaddrinfo()A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.Package Name: libc-bin Installed Version: 2.31-0ubuntu9.12 Fixed Version: 2.31-0ubuntu9.14 References: www.openwall.com www.openwall.com www.openwall.com www.openwall.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.gentoo.org security.netapp.com ubuntu.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2023-4813: glibc: potential use-after-free in gaih_inet()A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.Package Name: libc-bin Installed Version: 2.31-0ubuntu9.12 Fixed Version: 2.31-0ubuntu9.14 References: www.openwall.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2016-20013sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.Package Name: libc6 Installed Version: 2.31-0ubuntu9.12 Fixed Version: References: akkadia.org cve.mitre.org pthree.org twitter.com |
|
| LOW |
CVE-2023-4806: glibc: potential use-after-free in getaddrinfo()A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.Package Name: libc6 Installed Version: 2.31-0ubuntu9.12 Fixed Version: 2.31-0ubuntu9.14 References: www.openwall.com www.openwall.com www.openwall.com www.openwall.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.gentoo.org security.netapp.com ubuntu.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2023-4813: glibc: potential use-after-free in gaih_inet()A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.Package Name: libc6 Installed Version: 2.31-0ubuntu9.12 Fixed Version: 2.31-0ubuntu9.14 References: www.openwall.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2023-2953: null pointer dereference in ber_memalloc_x functionA vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.Package Name: libldap-2.4-2 Installed Version: 2.4.49+dfsg-2ubuntu1.9 Fixed Version: 2.4.49+dfsg-2ubuntu1.10 References: seclists.org seclists.org seclists.org access.redhat.com bugs.openldap.org cve.mitre.org nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com ubuntu.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2023-2953: null pointer dereference in ber_memalloc_x functionA vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.Package Name: libldap-common Installed Version: 2.4.49+dfsg-2ubuntu1.9 Fixed Version: 2.4.49+dfsg-2ubuntu1.10 References: seclists.org seclists.org seclists.org access.redhat.com bugs.openldap.org cve.mitre.org nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com ubuntu.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry()NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().Package Name: libncurses6 Installed Version: 6.2-0ubuntu2.1 Fixed Version: References: access.redhat.com cve.mitre.org lists.fedoraproject.org lists.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com www.cve.org |
|
| LOW |
CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry()NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().Package Name: libncursesw6 Installed Version: 6.2-0ubuntu2.1 Fixed Version: References: access.redhat.com cve.mitre.org lists.fedoraproject.org lists.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com www.cve.org |
|
| LOW |
CVE-2017-11164: OP_KETRMAX feature in the match function in pcre_exec.cIn PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.Package Name: libpcre3 Installed Version: 2:8.39-12ubuntu0.1 Fixed Version: References: openwall.com www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com cve.mitre.org lists.apache.org nvd.nist.gov www.cve.org |
|
| LOW |
CVE-2023-4016: procps: ps buffer overflowUnder some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.Package Name: libprocps8 Installed Version: 2:3.3.16-1ubuntu2.3 Fixed Version: 2:3.3.16-1ubuntu2.4 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org gitlab.com gitlab.com gitlab.com linux.oracle.com linux.oracle.com lists.fedoraproject.org nvd.nist.gov ubuntu.com www.cve.org www.freelists.org |
|
| LOW |
CVE-2023-3446: openssl: Excessive time spent checking DH keys and parametersIssue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.Package Name: libssl1.1 Installed Version: 1.1.1f-1ubuntu2.19 Fixed Version: 1.1.1f-1ubuntu2.20 References: www.openwall.com www.openwall.com www.openwall.com www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org git.openssl.org git.openssl.org git.openssl.org git.openssl.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov security.gentoo.org security.netapp.com ubuntu.com ubuntu.com ubuntu.com www.cve.org www.openssl.org |
|
| LOW |
CVE-2023-3817: OpenSSL: Excessive time spent checking DH q parameter valueIssue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.Package Name: libssl1.1 Installed Version: 1.1.1f-1ubuntu2.19 Fixed Version: 1.1.1f-1ubuntu2.20 References: seclists.org www.openwall.com www.openwall.com www.openwall.com www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org git.openssl.org git.openssl.org git.openssl.org git.openssl.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov security.gentoo.org security.netapp.com security.netapp.com ubuntu.com ubuntu.com ubuntu.com www.cve.org www.openssl.org |
|
| LOW |
CVE-2023-5678: openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slowIssue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn't make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn't check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the "-pubcheck" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.Package Name: libssl1.1 Installed Version: 1.1.1f-1ubuntu2.19 Fixed Version: 1.1.1f-1ubuntu2.21 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org git.openssl.org git.openssl.org git.openssl.org git.openssl.org linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com www.cve.org www.openssl.org |
|
| LOW |
CVE-2024-0727: openssl: denial of service via null dereferenceIssue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.Package Name: libssl1.1 Installed Version: 1.1.1f-1ubuntu2.19 Fixed Version: 1.1.1f-1ubuntu2.21 References: access.redhat.com cve.mitre.org github.com github.com github.com github.com github.openssl.org github.openssl.org nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com www.cve.org www.openssl.org |
|
| LOW |
CVE-2023-26604: systemd: privilege escalation via the less pagersystemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.Package Name: libsystemd0 Installed Version: 245.4-4ubuntu3.22 Fixed Version: References: packetstormsecurity.com access.redhat.com access.redhat.com blog.compass-security.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com linux.oracle.com linux.oracle.com lists.debian.org medium.com medium.com nvd.nist.gov security.netapp.com www.cve.org |
|
| LOW |
CVE-2023-7008: systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yesA vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.Package Name: libsystemd0 Installed Version: 245.4-4ubuntu3.22 Fixed Version: References: access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov www.cve.org |
|
| LOW |
CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry()NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().Package Name: libtinfo6 Installed Version: 6.2-0ubuntu2.1 Fixed Version: References: access.redhat.com cve.mitre.org lists.fedoraproject.org lists.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com www.cve.org |
|
| LOW |
CVE-2023-26604: systemd: privilege escalation via the less pagersystemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.Package Name: libudev1 Installed Version: 245.4-4ubuntu3.22 Fixed Version: References: packetstormsecurity.com access.redhat.com access.redhat.com blog.compass-security.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com linux.oracle.com linux.oracle.com lists.debian.org medium.com medium.com nvd.nist.gov security.netapp.com www.cve.org |
|
| LOW |
CVE-2023-7008: systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yesA vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.Package Name: libudev1 Installed Version: 245.4-4ubuntu3.22 Fixed Version: References: access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org github.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov www.cve.org |
|
| LOW |
CVE-2013-4235: shadow-utils: TOCTOU race conditions by copying and removing directory treesshadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory treesPackage Name: login Installed Version: 1:4.8.1-1ubuntu5.20.04.4 Fixed Version: References: access.redhat.com access.redhat.com bugs.launchpad.net bugzilla.redhat.com cve.mitre.org github.com github.com lists.apache.org nvd.nist.gov security-tracker.debian.org security.gentoo.org ubuntu.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2023-29383: Improper input validation in shadow-utils package utility chfnIn Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.Package Name: login Installed Version: 1:4.8.1-1ubuntu5.20.04.4 Fixed Version: References: access.redhat.com cve.mitre.org github.com github.com nvd.nist.gov www.cve.org www.trustwave.com www.trustwave.com |
|
| LOW |
CVE-2023-4641: shadow-utils: possible password leak during passwd(1) changeA flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.Package Name: login Installed Version: 1:4.8.1-1ubuntu5.20.04.4 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org |
|
| LOW |
CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry()NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().Package Name: ncurses-base Installed Version: 6.2-0ubuntu2.1 Fixed Version: References: access.redhat.com cve.mitre.org lists.fedoraproject.org lists.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com www.cve.org |
|
| LOW |
CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry()NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().Package Name: ncurses-bin Installed Version: 6.2-0ubuntu2.1 Fixed Version: References: access.redhat.com cve.mitre.org lists.fedoraproject.org lists.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com www.cve.org |
|
| LOW |
CVE-2023-3446: openssl: Excessive time spent checking DH keys and parametersIssue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.Package Name: openssl Installed Version: 1.1.1f-1ubuntu2.19 Fixed Version: 1.1.1f-1ubuntu2.20 References: www.openwall.com www.openwall.com www.openwall.com www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org git.openssl.org git.openssl.org git.openssl.org git.openssl.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov security.gentoo.org security.netapp.com ubuntu.com ubuntu.com ubuntu.com www.cve.org www.openssl.org |
|
| LOW |
CVE-2023-3817: OpenSSL: Excessive time spent checking DH q parameter valueIssue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.Package Name: openssl Installed Version: 1.1.1f-1ubuntu2.19 Fixed Version: 1.1.1f-1ubuntu2.20 References: seclists.org www.openwall.com www.openwall.com www.openwall.com www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org git.openssl.org git.openssl.org git.openssl.org git.openssl.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov security.gentoo.org security.netapp.com security.netapp.com ubuntu.com ubuntu.com ubuntu.com www.cve.org www.openssl.org |
|
| LOW |
CVE-2023-5678: openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slowIssue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn't make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn't check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the "-pubcheck" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.Package Name: openssl Installed Version: 1.1.1f-1ubuntu2.19 Fixed Version: 1.1.1f-1ubuntu2.21 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org git.openssl.org git.openssl.org git.openssl.org git.openssl.org linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com www.cve.org www.openssl.org |
|
| LOW |
CVE-2024-0727: openssl: denial of service via null dereferenceIssue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.Package Name: openssl Installed Version: 1.1.1f-1ubuntu2.19 Fixed Version: 1.1.1f-1ubuntu2.21 References: access.redhat.com cve.mitre.org github.com github.com github.com github.com github.openssl.org github.openssl.org nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com www.cve.org www.openssl.org |
|
| LOW |
CVE-2013-4235: shadow-utils: TOCTOU race conditions by copying and removing directory treesshadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory treesPackage Name: passwd Installed Version: 1:4.8.1-1ubuntu5.20.04.4 Fixed Version: References: access.redhat.com access.redhat.com bugs.launchpad.net bugzilla.redhat.com cve.mitre.org github.com github.com lists.apache.org nvd.nist.gov security-tracker.debian.org security.gentoo.org ubuntu.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2023-29383: Improper input validation in shadow-utils package utility chfnIn Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.Package Name: passwd Installed Version: 1:4.8.1-1ubuntu5.20.04.4 Fixed Version: References: access.redhat.com cve.mitre.org github.com github.com nvd.nist.gov www.cve.org www.trustwave.com www.trustwave.com |
|
| LOW |
CVE-2023-4641: shadow-utils: possible password leak during passwd(1) changeA flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.Package Name: passwd Installed Version: 1:4.8.1-1ubuntu5.20.04.4 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org |
|
| LOW |
CVE-2023-4016: procps: ps buffer overflowUnder some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.Package Name: procps Installed Version: 2:3.3.16-1ubuntu2.3 Fixed Version: 2:3.3.16-1ubuntu2.4 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org gitlab.com gitlab.com gitlab.com linux.oracle.com linux.oracle.com lists.fedoraproject.org nvd.nist.gov ubuntu.com www.cve.org www.freelists.org |
|
| Target: | opt/eventstore/EventStore.ClusterNode.deps.json | |
| HIGH |
CVE-2019-0980: dotnet: infinite loop in Uri.TryCreate leading to ASP.Net Core Denial of ServiceA denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981.Package Name: System.Private.Uri Installed Version: 4.3.0 Fixed Version: 4.3.2 References: access.redhat.com access.redhat.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov portal.msrc.microsoft.com portal.msrc.microsoft.com www.cve.org |
|
| HIGH |
CVE-2019-0981: dotnet: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of ServiceA denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980.Package Name: System.Private.Uri Installed Version: 4.3.0 Fixed Version: 4.3.2 References: access.redhat.com access.redhat.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov portal.msrc.microsoft.com www.cve.org |
|
| MEDIUM |
CVE-2019-0657: dotnet: Domain-spoofing attack in System.UriA vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'.Package Name: System.Private.Uri Installed Version: 4.3.0 Fixed Version: 4.3.2 References: www.securityfocus.com access.redhat.com access.redhat.com github.com github.com nvd.nist.gov portal.msrc.microsoft.com www.cve.org |
|
Package statistics are no longer available on cloudsmith.io. Please visit our new web app to access this feature.
You can embed a badge in another website that shows this or the latest version of this package.
To embed the badge for this specific package version, use the following:
[](https://cloudsmith.io/~eventstore/repos/eventstore-utils/packages/detail/docker/testdata/a86a75c60be32dbd34974ae16bdaa40d68db3bd2ec6af01d543f38ba8848806f/a=amd64;xpo=linux/)|This version of 'testdata' @ Cloudsmith|
.. |This version of 'testdata' @ Cloudsmith| image:: https://api.cloudsmith.com/v1/badges/version/eventstore/eventstore-utils/docker/testdata/22.10.4-focal/a=amd64;xpo=linux/?render=true
:target: https://cloudsmith.io/~eventstore/repos/eventstore-utils/packages/detail/docker/testdata/a86a75c60be32dbd34974ae16bdaa40d68db3bd2ec6af01d543f38ba8848806f/a=amd64;xpo=linux/image::https://api.cloudsmith.com/v1/badges/version/eventstore/eventstore-utils/docker/testdata/22.10.4-focal/a=amd64;xpo=linux/?render=true[link="https://cloudsmith.io/~eventstore/repos/eventstore-utils/packages/detail/docker/testdata/a86a75c60be32dbd34974ae16bdaa40d68db3bd2ec6af01d543f38ba8848806f/a=amd64;xpo=linux/",title="This version of 'testdata' @ Cloudsmith"]<a href="https://cloudsmith.io/~eventstore/repos/eventstore-utils/packages/detail/docker/testdata/a86a75c60be32dbd34974ae16bdaa40d68db3bd2ec6af01d543f38ba8848806f/a=amd64;xpo=linux/"><img src="https://api.cloudsmith.com/v1/badges/version/eventstore/eventstore-utils/docker/testdata/22.10.4-focal/a=amd64;xpo=linux/?render=true" alt="This version of 'testdata' @ Cloudsmith" /></a>rendered as:
To embed the badge for the latest package version, use the following:
[](https://cloudsmith.io/~eventstore/repos/eventstore-utils/packages/detail/docker/testdata/latest/a=amd64;xpo=linux/)|Latest version of 'testdata' @ Cloudsmith|
.. |Latest version of 'testdata' @ Cloudsmith| image:: https://api.cloudsmith.com/v1/badges/version/eventstore/eventstore-utils/docker/testdata/latest/a=amd64;xpo=linux/?render=true&show_latest=true
:target: https://cloudsmith.io/~eventstore/repos/eventstore-utils/packages/detail/docker/testdata/latest/a=amd64;xpo=linux/image::https://api.cloudsmith.com/v1/badges/version/eventstore/eventstore-utils/docker/testdata/latest/a=amd64;xpo=linux/?render=true&show_latest=true[link="https://cloudsmith.io/~eventstore/repos/eventstore-utils/packages/detail/docker/testdata/latest/a=amd64;xpo=linux/",title="Latest version of 'testdata' @ Cloudsmith"]<a href="https://cloudsmith.io/~eventstore/repos/eventstore-utils/packages/detail/docker/testdata/latest/a=amd64;xpo=linux/"><img src="https://api.cloudsmith.com/v1/badges/version/eventstore/eventstore-utils/docker/testdata/latest/a=amd64;xpo=linux/?render=true&show_latest=true" alt="Latest version of 'testdata' @ Cloudsmith" /></a>rendered as:
These instructions assume you have setup the repository first (or read it).
To pull testdata @ reference/tag previous-lts:
docker pull docker.eventstore.com/eventstore-utils/testdata:previous-ltsYou can also pull the latest version of this image (if it exists):
docker pull docker.eventstore.com/eventstore-utils/testdata:latestTo refer to this image after pulling in a Dockerfile, specify the following:
FROM docker.eventstore.com/eventstore-utils/testdata:previous-ltsNote: You should replace previous-lts with an alternative reference to pull, such as: 22.10.4-focal.
