You can use boolean logic (e.g. AND/OR/NOT) for complex search queries. For more help and examples, see the search documentation.
Search by package name:
my-package (implicit)
name:my-package (explicit)
Search by package filename:
filename:my-package.ext
Search by package tag:
tag:latest
Search by package version:
version:1.0.0
prerelease:true (prereleases)
prerelease:false (no prereleases)
Search by package architecture:
architecture:x86_64
Search by package distribution:
distribution:el
Search by package license:
license:MIT
Search by package format:
format:deb
Search by package status:
status:in_progress
Search by package file checksum:
checksum:5afba
Search by package security status:
severity:critical
Search by package vulnerabilities:
vulnerabilities:>1
vulnerabilities:<1000
Search by # of package downloads:
downloads:>8
downloads:<100
Search by package type:
type:binary
type:source
Search by package size (bytes):
size:>50000
size:<10000
Search by dependency name/version:
dependency:log4j
dependency:log4j=1.0.0
dependency:log4j>1.0.0
Search by uploaded date:
uploaded:>"1 day ago"
uploaded:<"August 14, 2022 EST"
Search by entitlement token (identifier):
entitlement:3lKPVJPosCsY
Search by policy violation:
policy_violated:true
deny_policy_violated:true
license_policy_violated:true
vulnerability_policy_violated:true
Search by repository:
repository:repo-name
Search by last download date:
last_downloaded:<"30 days ago"
last_downloaded:>"August 14, 2022 EST"
Search queries for all Debian-specific (and related) package types
Search by component:
deb_component:unstable
Search queries for all Maven-specific (and related) package types
Search by group ID:
maven_group_id:org.apache
Search queries for all Docker-specific (and related) package types
Search by image digest:
docker_image_digest:sha256:7c5..6d4
(full hashref only)
Search by layer digest:
docker_layer_digest:sha256:4c4..ae4
(full hashref only)
Search queries for all Generic-specific package types
Search by file path:
generic_filepath:path/to/file.txt
Search by directory:
generic_directory:path/to
Field type modifiers (depending on the type, you can influence behaviour)
For all queries, you can use:
~foo for negation
For string queries, you can use:
^foo to anchor to start of term
foo$ to anchor to end of term
foo*bar for fuzzy matching
For number/date or version queries, you can use:
>foo for values greater than
>=foo for values greater / equal
<foo for values less than
<=foo for values less / equal
Need a secure and centralised artifact repository to deliver Alpine,
Cargo,
CocoaPods,
Composer,
Conan,
Conda,
CRAN,
Dart,
Debian,
Docker,
Generic,
Go,
Helm,
Hex,
HuggingFace,
LuaRocks,
Maven,
MCP,
npm,
NuGet,
P2,
Python,
RedHat,
Ruby,
Swift,
Terraform,
Vagrant,
VSX,
Raw & More packages?
Cloudsmith is the new standard in Package / Artifact Management and Software Distribution.
With support for all major package formats, you can trust us to manage your software supply chain.
eventstoredb-ee
24.10.14
One-liner (summary)
Description
Size
299.5 MB
Downloads
933
Tags
image amd64 linux 24.10.14-x64-8.0-ja… 221e0ad0-09aa-413b-… 24.10 latest 1 more
| Status | Completed |
|---|---|
| Checksum (MD5) | a867e92d25044cee2b0420864170352e |
| Checksum (SHA-1) | b40576dc0d26f46f843d52182d37b8d16add2d62 |
| Checksum (SHA-256) | efbac11686e58704b2c0175f7bb7f1e9b3246e3cb9d4d6ef1a617de30c9524b8 |
| Checksum (SHA-512) | 8dd7d37a84414aef41e0a1170bc2f9d32e4c1bc4bcf6361bb5e18d7c07556b2b26… |
| GPG Signature | |
| GPG Fingerprint | 94087ebb6192d6033b449d20d008fda5e151e345 |
| Storage Region | Dublin, Ireland |
| Type | Binary (contains binaries and binary artifacts) |
| Uploaded At | 1 month, 4 weeks ago |
| Uploaded By |
|
| Slug Id | eventstoredb-ee-fyyq |
| Unique Id | 0W2XSGRY83wj |
| Version (Raw) | 24.10.14 |
| Version (Parsed) |
|
| Orig Version (Raw) | efbac11686e58704b2c0175f7bb7f1e9b3246e3cb9d4d6ef1a617de30c9524b8 |
| Orig Version (Parsed) |
|
| docker-specific metadata | |
| Image Digest | sha256:efbac11686e58704b2c0175f7bb7f1e9b3246e3cb9d4d6ef1a617de30c9524b8 |
| Config Digest | sha256:a405f5792ed6813575687230fd57ce5cb158abc92d8313cbc21864923a0d3e6a |
| V1 OCI Index Digest | sha256:a5eee1668081fada64f61fb567f3e3cbdf3217232e155a6fd1e443f10d20c875 |
| V1 Distribution (Signed) Digest | sha256:126693caedbebe93e4a98be83a1f27cf9551e5f9ca4e9c1178ddd6574f879801 |
| V1 OCI Digest | sha256:eb0e033a83294376dd02c9833def210c975eef9008982c52399fd06b9cb2a556 |
| V2 Distribution List Digest | sha256:c370404062f84215b274fe22ec2c9c642e9723a4888166679c3ee92ed9f03f56 |
| V1 Distribution Digest | sha256:3902e4c8620866156263da75e65144d5961c1a33d348fb9afa0c2cf7e70f749a |
| V2 Distribution Digest | sha256:efbac11686e58704b2c0175f7bb7f1e9b3246e3cb9d4d6ef1a617de30c9524b8 |
| extended metadata | |
| Manifest Type | V2 Distribution |
| Architecture | amd64 |
| Config | |
| Created | 2026-05-15 10:13:28 UTC |
| Os | linux |
This package was uploaded with the following V2 Distribution manifest:
{
"schemaVersion": 2,
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"config": {
"mediaType": "application/vnd.docker.container.image.v1+json",
"size": 7020,
"digest": "sha256:acfc69d2e61c193ea93081924a31065d0a030d2ba0b03d91d03232ad680362a0"
},
"layers": [
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 30649271,
"digest": "sha256:97e1ee089ace823bfcc55ca9c81fa3be34d7aaf8fed7ba91c29464bdfddb9973"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 16705087,
"digest": "sha256:17326277abf7cd7c58448c7e04375c7bd1b85e5a37c8298c2d3309d79236e3e4"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 3549,
"digest": "sha256:0a027cf796c18453379be4901471c7dceae81feeb89f96bc783b421d6771e018"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 51598825,
"digest": "sha256:905ff85b519efd73b8a53d58c838932fe7800509c2dc42215a1d6a56b2f895d8"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 106609845,
"digest": "sha256:c6cea4d2facddde670fcfd75e3fb469b2240a60b2e9483b38c23695a93fc8227"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 1828369,
"digest": "sha256:eb7ceebf0223b57dc864a50ecf8d225ba509df1beefa696c4909b3d4bf5debf3"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 32,
"digest": "sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 1849,
"digest": "sha256:7dab7eca86ca8e95198436f3e74f0def0c5a2d780a31fcb20f9e10f13269636b"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 106618640,
"digest": "sha256:7373bea623a6746ba60d889e3f790d9c85bff4cfb61db937f57294352516e92d"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 192,
"digest": "sha256:b3716e432c722ab00b7d64c93641ee19fee66ab4390d172ee3fe8cf512c28c31"
}
]
}
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) ARG RELEASE |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) ARG LAUNCHPAD_BUILD_ARCH |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) LABEL org.opencontainers.image.version=22.04 |
32 bytes | ||
|
Digest:
sha256:97e1ee089ace823bfcc55ca9c81fa3be34d7aaf8fed7ba91c29464bdfddb9973
Command: /bin/sh -c #(nop) ADD file:14c8897ef5107db11b35f5a0c05bdcb883c0a6daa83d07d4439865541f08514c in / |
29.2 MB | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) CMD ["/bin/bash"] |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: ENV APP_UID=1654 ASPNETCORE_HTTP_PORTS=8080 DOTNET_RUNNING_IN_CONTAINER=true |
32 bytes | ||
|
Digest:
sha256:17326277abf7cd7c58448c7e04375c7bd1b85e5a37c8298c2d3309d79236e3e4
Command: RUN /bin/sh -c apt-get update && apt-get install -y --no-install-recommends ca-certificates libc6 libgcc-s1 libicu70 libssl3 libstdc++6 tzdata zlib1g && rm -rf /var/lib/apt/lists/* # buildkit |
15.9 MB | ||
|
Digest:
sha256:0a027cf796c18453379be4901471c7dceae81feeb89f96bc783b421d6771e018
Command: RUN /bin/sh -c groupadd --gid=$APP_UID app && useradd --no-log-init --uid=$APP_UID --gid=$APP_UID --create-home app # buildkit |
3.5 KB | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: ARG DATABASE_ARCHIVE_DIR=eventstoredb-24.10.14-ee-linux-x64.tar.gz |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: ARG UID=1000 |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: ARG GID=1000 |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: ENV LANGUAGE=en_US:en DEBIAN_FRONTEND=noninteractive ACCEPT_EULA=Y |
32 bytes | ||
|
Digest:
sha256:905ff85b519efd73b8a53d58c838932fe7800509c2dc42215a1d6a56b2f895d8
Command: RUN |3 DATABASE_ARCHIVE_DIR=eventstoredb-24.10.14-ee-linux-x64.tar.gz UID=1000 GID=1000 /bin/sh -c apt-get update && apt-get upgrade -y && apt-get clean # buildkit |
49.2 MB | ||
|
Digest:
sha256:c6cea4d2facddde670fcfd75e3fb469b2240a60b2e9483b38c23695a93fc8227
Command: COPY eventstoredb-24.10.14-ee-linux-x64.tar.gz /opt/eventstore/ # buildkit |
101.7 MB | ||
|
Digest:
sha256:eb7ceebf0223b57dc864a50ecf8d225ba509df1beefa696c4909b3d4bf5debf3
Command: RUN |3 DATABASE_ARCHIVE_DIR=eventstoredb-24.10.14-ee-linux-x64.tar.gz UID=1000 GID=1000 /bin/sh -c apt update && apt install -y curl && rm -rf /var/lib/apt/lists/* # buildkit |
1.7 MB | ||
|
Digest:
sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1
Command: WORKDIR /opt/eventstore |
32 bytes | ||
|
Digest:
sha256:7dab7eca86ca8e95198436f3e74f0def0c5a2d780a31fcb20f9e10f13269636b
Command: RUN |3 DATABASE_ARCHIVE_DIR=eventstoredb-24.10.14-ee-linux-x64.tar.gz UID=1000 GID=1000 /bin/sh -c addgroup --gid ${GID} "eventstore" && adduser --disabled-password --gecos "" --ingroup "eventstore" --no-create-home --uid ${UID} "eventstore" # buildkit |
1.8 KB | ||
|
Digest:
sha256:7373bea623a6746ba60d889e3f790d9c85bff4cfb61db937f57294352516e92d
Command: RUN |3 DATABASE_ARCHIVE_DIR=eventstoredb-24.10.14-ee-linux-x64.tar.gz UID=1000 GID=1000 /bin/sh -c mkdir -p /var/lib/eventstore && mkdir -p /var/log/eventstore && mkdir -p /etc/eventstore && chown -R eventstore:eventstore /opt/eventstore /var/lib/eventstore /var/log/eventstore /etc/eventstore # buildkit |
101.7 MB | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: USER eventstore |
32 bytes | ||
|
Digest:
sha256:b3716e432c722ab00b7d64c93641ee19fee66ab4390d172ee3fe8cf512c28c31
Command: RUN |3 DATABASE_ARCHIVE_DIR=eventstoredb-24.10.14-ee-linux-x64.tar.gz UID=1000 GID=1000 /bin/sh -c echo "NodeIp: 0.0.0.0\nReplicationIp: 0.0.0.0" >> /etc/eventstore/eventstore.conf # buildkit |
192 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: VOLUME [/var/lib/eventstore] |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: VOLUME [/var/log/eventstore] |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: EXPOSE map[1112/tcp:{}] |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: EXPOSE map[1113/tcp:{}] |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: EXPOSE map[2113/tcp:{}] |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: HEALTHCHECK &{["CMD-SHELL" "curl --fail --insecure https://localhost:2113/health/live || curl --fail http://localhost:2113/health/live || exit 1"] "5s" "5s" "0s" "0s" '\x18'} |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: ENTRYPOINT ["/opt/eventstore/eventstored"] |
32 bytes |
|
|
eventstoredb-ee |
933 |
|
|||
| Older |
|
eventstoredb-ee |
5 |
|
||
| Older |
|
eventstoredb-ee |
6180 |
|
||
| Older |
|
eventstoredb-ee |
11 |
|
||
| Older |
|
eventstoredb-ee |
1032 |
|
||
| Older |
|
eventstoredb-ee |
11 |
|
||
| Older |
|
eventstoredb-ee |
405 |
|
||
| Older |
|
eventstoredb-ee |
9 |
|
||
| Older |
|
eventstoredb-ee |
852 |
|
||
| Older |
|
eventstoredb-ee |
11 |
|
||
| Older |
|
eventstoredb-ee |
465 |
|
||
| Older |
|
eventstoredb-ee |
11 |
|
||
| Older |
|
eventstoredb-ee |
450 |
|
||
| Older |
|
eventstoredb-ee |
11 |
|
||
| Older |
|
eventstoredb-ee |
5022 |
|
||
| Older |
|
eventstoredb-ee |
7 |
|
||
| Older |
|
eventstoredb-ee |
6405 |
|
||
| Older |
|
eventstoredb-ee |
671 |
|
||
| Older |
|
eventstoredb-ee |
1867 |
|
||
| Older |
|
eventstoredb-ee |
75 |
|
Last scanned
1 month, 4 weeks ago
Scan result
Vulnerable
Vulnerability count
18
Max. severity
Medium| Target: | 0W2XSGRY83wj.sbom-cyclonedx.json (ubuntu 22.04) | |
| MEDIUM |
CVE-2026-27456: util-linux: TOCTOU in the mount program when setting up loop devicesutil-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.Package Name: bsdutils Installed Version: 1:2.37.2-4ubuntu3.5 Fixed Version: References: access.redhat.com github.com github.com github.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2026-27456: util-linux: TOCTOU in the mount program when setting up loop devicesutil-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.Package Name: libblkid1 Installed Version: 2.37.2-4ubuntu3.5 Fixed Version: References: access.redhat.com github.com github.com github.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2026-4046: glibc: glibc: Denial of Service via iconv() function with specific character setsThe iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them.Package Name: libc-bin Installed Version: 2.35-0ubuntu3.13 Fixed Version: References: access.redhat.com inbox.sourceware.org nvd.nist.gov packages.fedoraproject.org sourceware.org sourceware.org sourceware.org www.cve.org |
|
| MEDIUM |
CVE-2026-4437: glibc: glibc: Incorrect DNS response parsing via crafted DNS server responseCalling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.Package Name: libc-bin Installed Version: 2.35-0ubuntu3.13 Fixed Version: References: access.redhat.com nvd.nist.gov sourceware.org www.cve.org www.openwall.com |
|
| MEDIUM |
CVE-2026-4438: glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functionsCalling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.Package Name: libc-bin Installed Version: 2.35-0ubuntu3.13 Fixed Version: References: access.redhat.com nvd.nist.gov sourceware.org www.cve.org www.openwall.com |
|
| MEDIUM |
CVE-2026-4046: glibc: glibc: Denial of Service via iconv() function with specific character setsThe iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them.Package Name: libc6 Installed Version: 2.35-0ubuntu3.13 Fixed Version: References: access.redhat.com inbox.sourceware.org nvd.nist.gov packages.fedoraproject.org sourceware.org sourceware.org sourceware.org www.cve.org |
|
| MEDIUM |
CVE-2026-4437: glibc: glibc: Incorrect DNS response parsing via crafted DNS server responseCalling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.Package Name: libc6 Installed Version: 2.35-0ubuntu3.13 Fixed Version: References: access.redhat.com nvd.nist.gov sourceware.org www.cve.org www.openwall.com |
|
| MEDIUM |
CVE-2026-4438: glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functionsCalling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.Package Name: libc6 Installed Version: 2.35-0ubuntu3.13 Fixed Version: References: access.redhat.com nvd.nist.gov sourceware.org www.cve.org www.openwall.com |
|
| MEDIUM |
CVE-2026-27456: util-linux: TOCTOU in the mount program when setting up loop devicesutil-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.Package Name: libmount1 Installed Version: 2.37.2-4ubuntu3.5 Fixed Version: References: access.redhat.com github.com github.com github.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2026-27456: util-linux: TOCTOU in the mount program when setting up loop devicesutil-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.Package Name: libsmartcols1 Installed Version: 2.37.2-4ubuntu3.5 Fixed Version: References: access.redhat.com github.com github.com github.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2026-27456: util-linux: TOCTOU in the mount program when setting up loop devicesutil-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.Package Name: libuuid1 Installed Version: 2.37.2-4ubuntu3.5 Fixed Version: References: access.redhat.com github.com github.com github.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2026-27456: util-linux: TOCTOU in the mount program when setting up loop devicesutil-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.Package Name: mount Installed Version: 2.37.2-4ubuntu3.5 Fixed Version: References: access.redhat.com github.com github.com github.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2025-45582: tar: Tar path traversalGNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file's name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of "Member name contains '..'" that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain "x -> ../../../../../home/victim/.ssh" and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which "tar xf" is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages). NOTE: the official GNU Tar manual has an otherwise-empty directory for each "tar xf" in its Security Rules of Thumb; however, third-party advice leads users to run "tar xf" more than once into the same directory.Package Name: tar Installed Version: 1.34+dfsg-1ubuntu0.1.22.04.2 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com linux.oracle.com linux.oracle.com lists.gnu.org nvd.nist.gov www.cve.org www.gnu.org www.gnu.org www.gnu.org www.gnu.org |
|
| MEDIUM |
CVE-2026-5704: tar: tar: Hidden file injection via crafted archivesA flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.Package Name: tar Installed Version: 1.34+dfsg-1ubuntu0.1.22.04.2 Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com access.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2026-27456: util-linux: TOCTOU in the mount program when setting up loop devicesutil-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.Package Name: util-linux Installed Version: 2.37.2-4ubuntu3.5 Fixed Version: References: access.redhat.com github.com github.com github.com nvd.nist.gov www.cve.org |
|
| LOW |
CVE-2022-27943: binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_constlibiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.Package Name: gcc-12-base Installed Version: 12.3.0-1ubuntu1~22.04.3 Fixed Version: References: access.redhat.com gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org lists.fedoraproject.org nvd.nist.gov sourceware.org www.cve.org |
|
| LOW |
CVE-2022-27943: binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_constlibiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.Package Name: libgcc-s1 Installed Version: 12.3.0-1ubuntu1~22.04.3 Fixed Version: References: access.redhat.com gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org lists.fedoraproject.org nvd.nist.gov sourceware.org www.cve.org |
|
| LOW |
CVE-2024-2236: libgcrypt: vulnerable to Marvin AttackA timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.Package Name: libgcrypt20 Installed Version: 1.9.4-3ubuntu3 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org dev.gnupg.org errata.almalinux.org errata.rockylinux.org github.com gitlab.com linux.oracle.com linux.oracle.com lists.gnupg.org nvd.nist.gov www.cve.org |
|
| LOW |
CVE-2025-5222: icu: Stack buffer overflow in the SRBRoot::addTag functionA stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.Package Name: libicu70 Installed Version: 70.1-2 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov unicode-org.atlassian.net www.cve.org |
|
| LOW |
CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry()NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().Package Name: libncurses6 Installed Version: 6.3-2ubuntu0.1 Fixed Version: References: access.redhat.com lists.fedoraproject.org lists.fedoraproject.org lists.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry()NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().Package Name: libncursesw6 Installed Version: 6.3-2ubuntu0.1 Fixed Version: References: access.redhat.com lists.fedoraproject.org lists.fedoraproject.org lists.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2022-41409: pcre2: negative repeat value in a pcre2test subject line leads to inifinite loopInteger overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.Package Name: libpcre2-8-0 Installed Version: 10.39-3ubuntu0.1 Fixed Version: References: access.redhat.com github.com github.com github.com nvd.nist.gov www.cve.org |
|
| LOW |
CVE-2017-11164: pcre: OP_KETRMAX feature in the match function in pcre_exec.cIn PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.Package Name: libpcre3 Installed Version: 2:8.39-13ubuntu0.22.04.1 Fixed Version: References: openwall.com www.openwall.com www.openwall.com www.securityfocus.com access.redhat.com lists.apache.org nvd.nist.gov www.cve.org |
|
| LOW |
CVE-2022-27943: binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_constlibiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.Package Name: libstdc++6 Installed Version: 12.3.0-1ubuntu1~22.04.3 Fixed Version: References: access.redhat.com gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org lists.fedoraproject.org nvd.nist.gov sourceware.org www.cve.org |
|
| LOW |
CVE-2023-7008: systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yesA vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.Package Name: libsystemd0 Installed Version: 249.11-0ubuntu3.20 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com www.cve.org |
|
| LOW |
CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry()NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().Package Name: libtinfo6 Installed Version: 6.3-2ubuntu0.1 Fixed Version: References: access.redhat.com lists.fedoraproject.org lists.fedoraproject.org lists.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2023-7008: systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yesA vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.Package Name: libudev1 Installed Version: 249.11-0ubuntu3.20 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com www.cve.org |
|
| LOW |
CVE-2022-4899: zstd: mysql: buffer overrun in util.cA vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.Package Name: libzstd1 Installed Version: 1.4.8+dfsg-3build1 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com security.netapp.com www.cve.org |
|
| LOW |
CVE-2023-29383: shadow: Improper input validation in shadow-utils package utility chfnIn Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.Package Name: login Installed Version: 1:4.8.1-2ubuntu2.2 Fixed Version: References: access.redhat.com github.com github.com lists.debian.org nvd.nist.gov www.cve.org www.trustwave.com www.trustwave.com |
|
| LOW |
CVE-2024-56433: shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromiseshadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.Package Name: login Installed Version: 1:4.8.1-2ubuntu2.2 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org |
|
| LOW |
CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry()NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().Package Name: ncurses-base Installed Version: 6.3-2ubuntu0.1 Fixed Version: References: access.redhat.com lists.fedoraproject.org lists.fedoraproject.org lists.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry()NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().Package Name: ncurses-bin Installed Version: 6.3-2ubuntu0.1 Fixed Version: References: access.redhat.com lists.fedoraproject.org lists.fedoraproject.org lists.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2023-29383: shadow: Improper input validation in shadow-utils package utility chfnIn Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.Package Name: passwd Installed Version: 1:4.8.1-2ubuntu2.2 Fixed Version: References: access.redhat.com github.com github.com lists.debian.org nvd.nist.gov www.cve.org www.trustwave.com www.trustwave.com |
|
| LOW |
CVE-2024-56433: shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromiseshadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.Package Name: passwd Installed Version: 1:4.8.1-2ubuntu2.2 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org |
|
| Target: | opt/eventstore/EventStore.ClusterNode.deps.json | |
| MEDIUM |
CVE-2026-40894: OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headersOpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry.Api 0.5.0-beta.2 to 1.15.2 and OpenTelemetry.Extensions.Propagators 1.3.1 to 1.15.2, The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators NuGet packages can allocate excessive memory when parsing which could create a potential denial of service (DoS) in the consuming application. This vulnerability is fixed in 1.15.3.Package Name: OpenTelemetry.Api Installed Version: 1.4.0-rc.1 Fixed Version: 1.15.3 References: github.com github.com github.com github.com github.com github.com github.com github.com github.com nvd.nist.gov |
|
| Target: | opt/eventstore/EventStore.TestClient.deps.json | |
| MEDIUM |
CVE-2026-40894: OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headersOpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry.Api 0.5.0-beta.2 to 1.15.2 and OpenTelemetry.Extensions.Propagators 1.3.1 to 1.15.2, The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators NuGet packages can allocate excessive memory when parsing which could create a potential denial of service (DoS) in the consuming application. This vulnerability is fixed in 1.15.3.Package Name: OpenTelemetry.Api Installed Version: 1.4.0-rc.1 Fixed Version: 1.15.3 References: github.com github.com github.com github.com github.com github.com github.com github.com github.com nvd.nist.gov |
|
| Target: | opt/eventstore/plugins/EventStore.Auth.StreamPolicyPlugin/EventStore.Auth.StreamPolicyPlugin.deps.json | |
| MEDIUM |
CVE-2026-40894: OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headersOpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry.Api 0.5.0-beta.2 to 1.15.2 and OpenTelemetry.Extensions.Propagators 1.3.1 to 1.15.2, The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators NuGet packages can allocate excessive memory when parsing which could create a potential denial of service (DoS) in the consuming application. This vulnerability is fixed in 1.15.3.Package Name: OpenTelemetry.Api Installed Version: 1.4.0-rc.1 Fixed Version: 1.15.3 References: github.com github.com github.com github.com github.com github.com github.com github.com github.com nvd.nist.gov |
|
| Target: | opt/eventstore/plugins/EventStore.AutoScavengePlugin/EventStore.AutoScavenge.deps.json | |
| MEDIUM |
CVE-2026-40894: OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headersOpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry.Api 0.5.0-beta.2 to 1.15.2 and OpenTelemetry.Extensions.Propagators 1.3.1 to 1.15.2, The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators NuGet packages can allocate excessive memory when parsing which could create a potential denial of service (DoS) in the consuming application. This vulnerability is fixed in 1.15.3.Package Name: OpenTelemetry.Api Installed Version: 1.4.0-rc.1 Fixed Version: 1.15.3 References: github.com github.com github.com github.com github.com github.com github.com github.com github.com nvd.nist.gov |
|
| Target: | opt/eventstore/plugins/EventStore.ConnectedSubsystemsPlugin/EventStore.POC.ConnectedSubsystemsPlugin.deps.json | |
| MEDIUM |
CVE-2026-40894: OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headersOpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry.Api 0.5.0-beta.2 to 1.15.2 and OpenTelemetry.Extensions.Propagators 1.3.1 to 1.15.2, The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators NuGet packages can allocate excessive memory when parsing which could create a potential denial of service (DoS) in the consuming application. This vulnerability is fixed in 1.15.3.Package Name: OpenTelemetry.Api Installed Version: 1.4.0-rc.1 Fixed Version: 1.15.3 References: github.com github.com github.com github.com github.com github.com github.com github.com github.com nvd.nist.gov |
|
| Target: | opt/eventstore/plugins/EventStore.ConnectorsPlugin/EventStore.Plugins.Connectors.deps.json | |
| MEDIUM |
CVE-2026-44788: SharpCompress has directory traversal via directory entries in WriteToDirectory (zip slip variant)### Summary A path traversal vulnerability in `IArchive.WriteToDirectory()` allows a malicious archive to create directories outside the intended extraction root. For TAR archives, this can be escalated to arbitrary file writes by chaining with a symlink entry, giving a full write primitive on the target filesystem subject to the permissions of the running process. ### Details The vulnerable code is in the directory-entry branch of `WriteToDirectoryInternal` (sync, `IArchiveExtensions.cs:48–61`) and `WriteToDirectoryAsyncInternal` (async, `IAsyncArchiveExtensions.cs:70–84`): ```csharp var dirPath = Path.Combine(destinationDirectory, entry.Key); Directory.CreateDirectory(Path.GetDirectoryName(dirPath + "/")); ``` No `Path.GetFullPath()` normalisation and no bounds check are applied before the `Directory.CreateDirectory` call. Two .NET `Path.Combine` behaviours make this exploitable: - **Relative traversal**: `Path.Combine("/safe/extract", "../../evil")` → the OS resolves `..` segments on the raw path, placing the directory outside the extraction root. - **Absolute path override**: `Path.Combine("/safe/extract", "/tmp/evil")` → returns `"/tmp/evil"` — the base is discarded entirely for rooted paths. File entries are **not** directly affected — they route through `ExtractionMethods.WriteEntryToDirectory` which applies the correct guard (`GetFullPath` + `StartsWith`, see `ExtractionMethods.cs:54–65`). The directory-entry branch is a separate fast-path that was added without that guard. Affected archive formats: ZIP and TAR (non-solid). Solid archives and 7-Zip use the reader path which calls the secure method. #### Escalation to arbitrary file writes (TAR only) `Path.GetFullPath` on .NET does not resolve symlinks — it only normalises `.` and `..` segments. This means the file-entry guard in `ExtractionMethods.WriteEntryToDirectory` can be bypassed via symlink chaining in TAR archives when the caller supplies a `SymbolicLinkHandler`: ```csharp archive.WriteToDirectory("/safe/extract", new ExtractionOptions { ExtractFullPath = true, SymbolicLinkHandler = (linkPath, linkTarget) => File.CreateSymbolicLink(linkPath, linkTarget) // naive — no validation of linkTarget }); ``` Attack sequence in a single TAR archive: 1. **Symlink entry** — `link` → `../evil_outside/` The `SymbolicLinkHandler` creates `/safe/extract/link` pointing outside the extraction root. 2. **File entry** — `link/secret.txt` `ExtractionMethods.WriteEntryToDirectory` computes: - `destdir = Path.GetFullPath("/safe/extract/link")` → `"/safe/extract/link"` — textually inside root, check passes ✓ - `File.Open("/safe/extract/link/secret.txt")` — OS follows symlink, file is written to `/evil_outside/secret.txt` The library does not validate `linkTarget` before passing it to the caller's handler, and the XML docs do not warn that it may be a traversal path. The idiomatic handler implementation above is therefore silently exploitable. ZIP does not support symlinks in SharpCompress (`ZipEntry.LinkTarget` always returns `null`), so this escalation is TAR-only. | Attack | ZIP | TAR | |--------|-----|-----| | Directory traversal (escape extraction root) | Yes | Yes | | Escalate to arbitrary file writes via symlink chain | No | Yes (if caller provides `SymbolicLinkHandler`) | **Recommended fix** — apply the same pattern from `ExtractionMethods.WriteEntryToDirectory` to both affected files: ```csharp var fullDestDir = Path.GetFullPath(destinationDirectory); if (!fullDestDir.EndsWith(Path.DirectorySeparatorChar)) fullDestDir += Path.DirectorySeparatorChar; var dirPath = Path.GetFullPath(Path.Combine(fullDestDir, entry.Key)); if (!dirPath.StartsWith(fullDestDir, PathComparison)) throw new ExtractionException( "Entry is trying to create a directory outside of the destination directory."); Directory.CreateDirectory(dirPath); ``` Additionally, the library should validate `LinkTarget` before invoking the caller's `SymbolicLinkHandler`, or document clearly that callers must validate it themselves. ### PoC A self-contained .NET console app is available at: `https://github.com/svenclaesson/poc-sharpcompress-traversal` ``` git clone https://github.com/svenclaesson/poc-sharpcompress-traversal cd poc-sharpcompress-traversal dotnet run ``` The PoC crafts a ZIP with three directory entries (`../../escaped_relative/`, `/tmp/escaped_absolute/`, `safe_subdir/`) using `System.IO.Compression` (stdlib), then extracts with SharpCompress. Output shows `[ESCAPED]` for the two malicious entries and `[ok]` for the legitimate one, on both sync and async APIs. Tested against SharpCompress 0.47.4 (latest NuGet). ### Impact This is a path traversal / zip slip vulnerability (CWE-22). Any application that calls `archive.WriteToDirectory()` on an untrusted archive is affected — which covers the primary documented extraction API. For ZIP archives the impact is limited to arbitrary directory creation, which can be used to stage privilege escalation (e.g. cron drop-ins, XDG config paths, service spool directories) or shadow expected paths to alter application behaviour. For TAR archives, callers that implement a `SymbolicLinkHandler` — which is the only way to faithfully restore a TAR — are exposed to a full arbitrary file write primitive via the symlink chaining described above.Package Name: SharpCompress Installed Version: 0.30.1 Fixed Version: References: github.com github.com |
|
| Target: | opt/eventstore/plugins/EventStore.TcpPlugin/EventStore.TcpPlugin.deps.json | |
| MEDIUM |
CVE-2026-40894: OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headersOpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry.Api 0.5.0-beta.2 to 1.15.2 and OpenTelemetry.Extensions.Propagators 1.3.1 to 1.15.2, The implementation details of the baggage, B3 and Jaeger processing code in the OpenTelemetry.Api and OpenTelemetry.Extensions.Propagators NuGet packages can allocate excessive memory when parsing which could create a potential denial of service (DoS) in the consuming application. This vulnerability is fixed in 1.15.3.Package Name: OpenTelemetry.Api Installed Version: 1.4.0-rc.1 Fixed Version: 1.15.3 References: github.com github.com github.com github.com github.com github.com github.com github.com github.com nvd.nist.gov |
|
Package statistics are no longer available on cloudsmith.io. Please visit our new web app to access this feature.
You can embed a badge in another website that shows this or the latest version of this package.
To embed the badge for this specific package version, use the following:
[](https://cloudsmith.io/~eventstore/repos/eventstore/packages/detail/docker/eventstoredb-ee/efbac11686e58704b2c0175f7bb7f1e9b3246e3cb9d4d6ef1a617de30c9524b8/a=amd64;xpo=linux/)
|This version of 'eventstoredb-ee' @ Cloudsmith|
.. |This version of 'eventstoredb-ee' @ Cloudsmith| image:: https://api.cloudsmith.com/v1/badges/version/eventstore/eventstore/docker/eventstoredb-ee/24.10.14/a=amd64;xpo=linux/?render=true
:target: https://cloudsmith.io/~eventstore/repos/eventstore/packages/detail/docker/eventstoredb-ee/efbac11686e58704b2c0175f7bb7f1e9b3246e3cb9d4d6ef1a617de30c9524b8/a=amd64;xpo=linux/
image::https://api.cloudsmith.com/v1/badges/version/eventstore/eventstore/docker/eventstoredb-ee/24.10.14/a=amd64;xpo=linux/?render=true[link="https://cloudsmith.io/~eventstore/repos/eventstore/packages/detail/docker/eventstoredb-ee/efbac11686e58704b2c0175f7bb7f1e9b3246e3cb9d4d6ef1a617de30c9524b8/a=amd64;xpo=linux/",title="This version of 'eventstoredb-ee' @ Cloudsmith"]
<a href="https://cloudsmith.io/~eventstore/repos/eventstore/packages/detail/docker/eventstoredb-ee/efbac11686e58704b2c0175f7bb7f1e9b3246e3cb9d4d6ef1a617de30c9524b8/a=amd64;xpo=linux/"><img src="https://api.cloudsmith.com/v1/badges/version/eventstore/eventstore/docker/eventstoredb-ee/24.10.14/a=amd64;xpo=linux/?render=true" alt="This version of 'eventstoredb-ee' @ Cloudsmith" /></a>
rendered as:
To embed the badge for the latest package version, use the following:
[](https://cloudsmith.io/~eventstore/repos/eventstore/packages/detail/docker/eventstoredb-ee/latest/a=amd64;xpo=linux/)
|Latest version of 'eventstoredb-ee' @ Cloudsmith|
.. |Latest version of 'eventstoredb-ee' @ Cloudsmith| image:: https://api.cloudsmith.com/v1/badges/version/eventstore/eventstore/docker/eventstoredb-ee/latest/a=amd64;xpo=linux/?render=true&show_latest=true
:target: https://cloudsmith.io/~eventstore/repos/eventstore/packages/detail/docker/eventstoredb-ee/latest/a=amd64;xpo=linux/
image::https://api.cloudsmith.com/v1/badges/version/eventstore/eventstore/docker/eventstoredb-ee/latest/a=amd64;xpo=linux/?render=true&show_latest=true[link="https://cloudsmith.io/~eventstore/repos/eventstore/packages/detail/docker/eventstoredb-ee/latest/a=amd64;xpo=linux/",title="Latest version of 'eventstoredb-ee' @ Cloudsmith"]
<a href="https://cloudsmith.io/~eventstore/repos/eventstore/packages/detail/docker/eventstoredb-ee/latest/a=amd64;xpo=linux/"><img src="https://api.cloudsmith.com/v1/badges/version/eventstore/eventstore/docker/eventstoredb-ee/latest/a=amd64;xpo=linux/?render=true&show_latest=true" alt="Latest version of 'eventstoredb-ee' @ Cloudsmith" /></a>
rendered as:
These instructions assume you have setup the repository first (or read it).
To pull eventstoredb-ee @ reference/tag latest:
docker pull docker.eventstore.com/eventstore/eventstoredb-ee:latest
To refer to this image after pulling in a Dockerfile, specify the following:
FROM docker.eventstore.com/eventstore/eventstoredb-ee:latest
Note: You should replace latest with an alternative reference to pull, such as: lts, 24.10, 24.10.14, 221e0ad0-09aa-413b-8aaf-d090a9ad9f60 and 24.10.14-x64-8.0-jammy.