Cloudsmith - Repositories - Kurrent (eventstore) - kurrent-latest (kurrent-latest) - kurrentdb-operator

Package Search Help

You can use boolean logic (e.g. AND/OR/NOT) for complex search queries. For more help and examples, see the search documentation.

Search by package name:
my-package _(implicit)
name:my-package _(explicit)

Search by package filename:
filename:my-package.ext

Search by package tag:
tag:latest

Search by package version:
version:1.0.0 prerelease:true _{(prereleases)}
prerelease:false _{(no prereleases)}

Search by package architecture:
architecture:x86_64

Search by package distribution:
distribution:el

Search by package license:
license:MIT

Search by package format:
format:deb

Search by package status:
status:in_progress

Search by package file checksum:
checksum:5afba

Search by package security status:
severity:critical

Search by package vulnerabilities:
vulnerabilities:>1
vulnerabilities:<1000

Search by # of package downloads:
downloads:>8
downloads:<100

Search by package type:
type:binary
type:source

Search by package size (bytes):
size:>50000
size:<10000

Search by dependency name/version:
dependency:log4j
dependency:log4j=1.0.0
dependency:log4j>1.0.0

Search by uploaded date:
uploaded:>"1 day ago"
uploaded:<"August 14, 2022 EST"

Search by entitlement token (identifier):
entitlement:3lKPVJPosCsY

Search by policy violation:
policy_violated:true
deny_policy_violated:true
license_policy_violated:true
vulnerability_policy_violated:true

Search by repository:
repository:repo-name

Search by last download date:
last_downloaded:<"30 days ago"
last_downloaded:>"August 14, 2022 EST"

Search queries for all Debian-specific (and related) package types

Search by component:
deb_component:unstable

Search queries for all Maven-specific (and related) package types

Search by group ID:
maven_group_id:org.apache

Search queries for all Docker-specific (and related) package types

Search by image digest:
docker_image_digest:sha256:7c5..6d4
(full hashref only)

Search by layer digest:
docker_layer_digest:sha256:4c4..ae4
(full hashref only)

Search queries for all Generic-specific package types

Search by file path:
generic_filepath:path/to/file.txt

Search by directory:
generic_directory:path/to

Field type modifiers (depending on the type, you can influence behaviour)

For all queries, you can use:
~foo for negation

For string queries, you can use:
^foo to anchor to start of term
foo$ to anchor to end of term
foo*bar for fuzzy matching

For number/date or version queries, you can use:
>foo for values greater than
>=foo for values greater / equal
<foo for values less than
<=foo for values less / equal

Need a secure and centralised artifact repository to deliver Alpine, Cargo, CocoaPods, Composer, Conan, Conda, CRAN, Dart, Debian, Docker, Generic, Go, Helm, Hex, HuggingFace, LuaRocks, Maven, MCP, npm, NuGet, P2, Python, RedHat, Ruby, Swift, Terraform, Vagrant, VSX, Raw & More packages?

Cloudsmith is the new standard in Package / Artifact Management and Software Distribution.

With support for all major package formats, you can trust us to manage your software supply chain.

Start My Free Trial

Set Me Up

Public — eventstore (Kurrent) / kurrent-latest

A certifiably-awesome public package repository curated by Kurrent, hosted by Cloudsmith.

kurrentdb-operator c11cd2575c17f79e007d34375f9…

Download

One-liner (summary)

A certifiably-awesome package curated by ryan-b, hosted by Cloudsmith.

Description

A certifiably-awesome package curated by ryan-b, hosted by Cloudsmith.

License

Unknown

Size

26.3 MB

Downloads

Tags

image amd64 linux

Status	Completed
Checksum (MD5)	7a913d94a49a6c120962b1980459a80b
Checksum (SHA-1)	a9ec41264737867d519f9c8a2c33fbe23ad01668
Checksum (SHA-256)	c11cd2575c17f79e007d34375f985eb610aafedf5ac93474404f368389bb4333
Checksum (SHA-512)	74536f76b57b0b3bcbb5e83f32a0ca49e2bbb93f7510dd2e855768ae08387b3e50…
GPG Signature	Download
GPG Fingerprint	02a89004460aa252035d6b7d094442d90ad50bcd
Storage Region	Dublin, Ireland
Type	Binary (contains binaries and binary artifacts)
Uploaded At	1 week, 1 day ago
Uploaded By
Slug Id	kurrentdb-operator-8ynp
Unique Id	GIRrYDbv3yJy
Version (Raw)	c11cd2575c17f79e007d34375f985eb610aafedf5ac93474404f368389bb4333
Version (Parsed)	Type: Unknown
	docker-specific metadata
Image Digest	sha256:c11cd2575c17f79e007d34375f985eb610aafedf5ac93474404f368389bb4333
Config Digest	sha256:e5ddcf839a432cfb65184262e54a00568a47e8fb5c9e66727e9698e1563b34c9
V1 OCI Index Digest	sha256:e5e06de01fdfe68d62041c8a37b19bc3b17b5a517cd4526093f43a3ba1408bb7
V1 Distribution (Signed) Digest	sha256:55cc4749dcc997bacab8636963ee2739bdd15632a606c2cd95a8c7515f0662c4
V2 Distribution List Digest	sha256:2bc268f261bf2ac2f9e7b729ab2d0c59700ce2b354ac28a2a892ff445e04f7d2
V2 Distribution Digest	sha256:88cf70b53a473639acc5ac0e522ff89374a1b48079e41f74ffb63a6eee61e4bc
V1 Distribution Digest	sha256:fecff7c3eff6fdeb05a98b715b5881d4e5694c520c9777c2ca6095e6660b055a
V1 OCI Digest	sha256:c11cd2575c17f79e007d34375f985eb610aafedf5ac93474404f368389bb4333
	extended metadata
Manifest Type	V1 OCI
Architecture	amd64
Config	Entrypoint /kurrentdb-operator Env PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin Labels 'version' '1.6.0' Labels 'vcs-type' 'git' Labels 'vendor' 'Kurrent, Inc' Labels 'architecture' 'x86_64' Labels 'build-date' '2026-05-27T05:18:16Z' Labels 'com.redhat.component' 'ubi8-micro-container' Labels 'com.redhat.license_terms' 'https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI' Labels 'cpe' 'cpe:/a:redhat:enterprise_linux:8::appstream' Labels 'description' 'Deploys and manages KurrentDB within Kubernetes.' Labels 'distribution-scope' 'public' Labels 'io.buildah.version' '1.43.1' Labels 'io.k8s.description' 'Very small image which doesn't install the package manager.' Labels 'io.k8s.display-name' 'Red Hat Universal Base Image 8 Micro' Labels 'maintainer' 'Kurrent, Inc' Labels 'name' 'kurrentdb-operator' Labels 'org.opencontainers.image.created' '2026-05-27T05:18:16Z' Labels 'org.opencontainers.image.revision' '068c05e269b913edf886cd5332d22c7278c3193a' Labels 'release' '566ef03e' Labels 'summary' 'The KurrentDB Operator.' Labels 'url' 'https://catalog.redhat.com/en/search?searchType=containers' Labels 'vcs-ref' '068c05e269b913edf886cd5332d22c7278c3193a' User 65532:65532 Working Dir /
Created	2026-06-08 21:08:39 UTC
Os	linux

This package was uploaded with the following V1 OCI manifest:

{"schemaVersion":2,"mediaType":"application/vnd.oci.image.manifest.v1+json","config":{"mediaType":"application/vnd.oci.image.config.v1+json","digest":"sha256:c8786759870a285e5c89865ec0a08183dbe799069c16ddd39d95e6bcec97a46b","size":7170},"layers":[{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:867768880db9450e81b6817613fe7b05fc0059bc8147c15efeff3da72621ace6","size":11291925},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:32972dd6a4afc83a0513024039100da50b42e1aa9d82775d2933b1ad8a2453d5","size":130210},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:782f9988be95908cee093336661c88a9c32b4e5112b0aad782ed8eb679f42618","size":1822},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:cac490397cd761571d927c1cc69d598fb888bd8770f3e11eb7ddd54f7f731a93","size":16201685}],"annotations":{"org.opencontainers.image.base.digest":"sha256:e04f1d991a7f4cbb2575346429b0d0f98caa91296ef92b9238869d41b3856733","org.opencontainers.image.base.name":"registry.access.redhat.com/ubi8/ubi-micro:latest","org.opencontainers.image.created":"2026-06-08T21:08:39.123253898Z"}}

	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL maintainer="Red Hat, Inc."	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL vendor="Red Hat, Inc."	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL url="https://catalog.redhat.com/en/search?searchType=containers"	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL com.redhat.component="ubi8-micro-container"	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL name="ubi8/ubi-micro"	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL version="8.10"	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL cpe="cpe:/a:redhat:enterprise_linux:8::appstream"	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL distribution-scope="public"	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI"	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL summary="ubi8 micro image"	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL description="Very small image which doesn't install the package manager."	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL io.k8s.description="Very small image which doesn't install the package manager."	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL io.k8s.display-name="Red Hat Universal Base Image 8 Micro"	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL io.openshift.expose-services=""	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) COPY dir:94e86794df5ce895feebe41509f2ec603658df167b7c8de3c825e08c51098dd7 in /	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) COPY file:67f65df33ff6c09984969b192c50b78072a88c5655e380e734315d0229c75aa1 in /etc/yum.repos.d/	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) CMD /bin/sh	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) COPY file:518c885a82749a6265363266bee66395b7dce67072656837d42700d947fc7945 in /usr/share/buildinfo/content-sets.json	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) COPY file:518c885a82749a6265363266bee66395b7dce67072656837d42700d947fc7945 in /root/buildinfo/content_manifests/content-sets.json	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) COPY file:40d1d995420b855b3d402962284733963f0e997b20c57e6fd6eccf224039242f in /usr/share/buildinfo/labels.json	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) COPY file:40d1d995420b855b3d402962284733963f0e997b20c57e6fd6eccf224039242f in /root/buildinfo/labels.json	32 bytes
	Digest: sha256:867768880db9450e81b6817613fe7b05fc0059bc8147c15efeff3da72621ace6 Command: /bin/sh -c #(nop) LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="068c05e269b913edf886cd5332d22c7278c3193a" "org.opencontainers.image.revision"="068c05e269b913edf886cd5332d22c7278c3193a" "build-date"="2026-05-27T05:18:16Z" "org.opencontainers.image.created"="2026-05-27T05:18:16Z" "release"="1779859061"org.opencontainers.image.revision=068c05e269b913edf886cd5332d22c7278c3193a,org.opencontainers.image.created=2026-05-27T05:18:16Z	10.8 MB
	Digest: sha256:32972dd6a4afc83a0513024039100da50b42e1aa9d82775d2933b1ad8a2453d5 Command: /bin/sh -c #(nop) COPY file:2a9b5096747a1f9b8ffcbb32a1d3f214fd1c45fa1ab9590aabe89592c8bf36c8 in /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem	127.2 KB
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) ARG TARGETOS	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) ARG TARGETARCH TARGETOS	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) WORKDIR /	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) USER 65532:65532	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) ENTRYPOINT ["/kurrentdb-operator"]	32 bytes
	Digest: sha256:782f9988be95908cee093336661c88a9c32b4e5112b0aad782ed8eb679f42618 Command: /bin/sh -c #(nop) COPY dir:05ab044aa020e1c6d8062ef11ab8b8aa542ca205af43568ba9cf16464d3a4877 in /licenses	1.8 KB
	Digest: sha256:cac490397cd761571d927c1cc69d598fb888bd8770f3e11eb7ddd54f7f731a93 Command: /bin/sh -c #(nop) COPY file:1f121a7de685e33af93076cff40183de0a74917b28fc1ba5e4252740fe730b2f in /kurrentdb-operator	15.5 MB
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL "release"="566ef03e" "name"="kurrentdb-operator" "maintainer"="Kurrent, Inc" "vendor"="Kurrent, Inc" "summary"="The KurrentDB Operator." "description"="Deploys and manages KurrentDB within Kubernetes." "version"="1.6.0"	32 bytes

kurrentdb-operator c72d943c1a4089fc986c9f7e7d5f6b27947490b…	image arm64 linux 19.5 MB — 5 months, 3 weeks ago	120
kurrentdb-operator e3875986fbd68231c3ff4d1caaa4b80751a00bb…	image arm64 linux 10.4 MB — 5 months, 3 weeks ago	263
kurrentdb-operator cf5a93ed29447065b973afe1828a7c036b92915…	image amd64 linux 11.7 MB — 7 months, 2 weeks ago	156
kurrentdb-operator d6feb0cc639a21611f6ab97c76f6ac0f19571a4…	image amd64 linux 14.8 MB — 8 months, 1 week ago	114
kurrentdb-operator dd2e09f3d95f8c00e1b17e6d79dffd1ed0f3932…	image arm64 linux 13.4 MB — 8 months, 3 weeks ago	15
kurrentdb-operator ebb80ec88390bc0f2c50ac9f93a7e6821154584…	image amd64 linux 14.7 MB — 8 months, 3 weeks ago	77
kurrentdb-operator c3e2ba5b00981c5554feec81112f7f6598369d1…	image amd64 linux 29.2 MB — 9 months, 3 weeks ago	90
kurrentdb-operator c8451fd817bfa1edafde57df5f20f51269a9d0f…	image amd64 linux 30.0 MB — 1 year, 1 month ago	98
kurrentdb-operator d0542e69938787ca732ab3a98e282c71a109f60…	image amd64 linux 30.0 MB — 1 year, 2 months ago	189
kurrentdb-operator ec53bff87d61db8a11cbec706bc338443813c16…	image arm64 linux 28.2 MB — 1 year, 2 months ago	79
kurrentdb-operator c11cd2575c17f79e007d34375f985eb610aafed…	image amd64 linux 26.3 MB — 1 week, 1 day ago	1
kurrentdb-operator 77e0337622d8097af8a6a8df01ccd5f8b900c1e…	image arm64 linux 23.6 MB — 1 week, 1 day ago	1
kurrentdb-operator 723964f07e997ca353241e555336fbd1d06318e…	image amd64 linux 16.3 MB — 1 week, 4 days ago	1
kurrentdb-operator 3ae2d1e1d7e621d9c4ca9c44ac9e8e7f5907f83…	image amd64 linux 21.7 MB — 5 months, 3 weeks ago	114
kurrentdb-operator 29ee03923ac4fd8df9d04159c30a4babf004d13…	image amd64 linux 11.7 MB — 5 months, 3 weeks ago	403
kurrentdb-operator 803d09ed95c7cd3a02ce886a98cd1a141276198…	image arm64 linux 19.5 MB — 7 months ago	58
kurrentdb-operator 5d766239ca36070230e3ece884d3a9a914d8a12…	image amd64 linux 21.8 MB — 7 months ago	57
kurrentdb-operator 1fef404277f581b9c3cdaf8ab55ee8c1eb16d11…	image arm64 linux 10.4 MB — 7 months, 2 weeks ago	23
kurrentdb-operator 396c0083981a777393a9f40cbe24c00238623a3…	image arm64 linux 19.5 MB — 7 months, 2 weeks ago	13
kurrentdb-operator 40fcec2a5ab7230879faa9db3ca225151b24392…	image amd64 linux 21.8 MB — 7 months, 2 weeks ago	13

Only packages within the same repository are displayed. The current package you're viewing is highlighted.

Last scanned

1 week, 1 day ago

Scan result

Vulnerable

Vulnerability count

Max. severity

Medium

Target:	GIRrYDbv3yJy.sbom-cyclonedx.json (redhat 8.10)
MEDIUM	CVE-2025-5278: coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data. Package Name: coreutils-single Installed Version: 8.30-17.el8_10 Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com access.redhat.com bugzilla.redhat.com cgit.git.savannah.gnu.org cgit.git.savannah.gnu.org debbugs.gnu.org nvd.nist.gov security-tracker.debian.org www.cve.org
MEDIUM	CVE-2026-4437: glibc: glibc: Incorrect DNS response parsing via crafted DNS server response Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer. Package Name: glibc Installed Version: 2.28-251.el8_10.37 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org nvd.nist.gov sourceware.org www.cve.org www.openwall.com
MEDIUM	CVE-2026-5435: glibc: glibc: Out-of-bounds write via TSIG record processing The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records. Package Name: glibc Installed Version: 2.28-251.el8_10.37 Fixed Version: References: access.redhat.com inbox.sourceware.org inbox.sourceware.org nvd.nist.gov sourceware.org sourceware.org www.cve.org
MEDIUM	CVE-2026-5450: glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow. Package Name: glibc Installed Version: 2.28-251.el8_10.37 Fixed Version: References: access.redhat.com inbox.sourceware.org nvd.nist.gov nvd.nist.gov sourceware.org www.cve.org
MEDIUM	CVE-2026-5928: glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash. A bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp->_IO_read_ptr) instead of the actual wide-stream read pointer (fp->_wide_data->_IO_read_ptr). The program crash may happen in cases where fp->_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets. Package Name: glibc Installed Version: 2.28-251.el8_10.37 Fixed Version: References: access.redhat.com nvd.nist.gov sourceware.org www.cve.org
MEDIUM	CVE-2026-4437: glibc: glibc: Incorrect DNS response parsing via crafted DNS server response Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer. Package Name: glibc-common Installed Version: 2.28-251.el8_10.37 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org nvd.nist.gov sourceware.org www.cve.org www.openwall.com
MEDIUM	CVE-2026-5435: glibc: glibc: Out-of-bounds write via TSIG record processing The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records. Package Name: glibc-common Installed Version: 2.28-251.el8_10.37 Fixed Version: References: access.redhat.com inbox.sourceware.org inbox.sourceware.org nvd.nist.gov sourceware.org sourceware.org www.cve.org
MEDIUM	CVE-2026-5450: glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow. Package Name: glibc-common Installed Version: 2.28-251.el8_10.37 Fixed Version: References: access.redhat.com inbox.sourceware.org nvd.nist.gov nvd.nist.gov sourceware.org www.cve.org
MEDIUM	CVE-2026-5928: glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash. A bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp->_IO_read_ptr) instead of the actual wide-stream read pointer (fp->_wide_data->_IO_read_ptr). The program crash may happen in cases where fp->_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets. Package Name: glibc-common Installed Version: 2.28-251.el8_10.37 Fixed Version: References: access.redhat.com nvd.nist.gov sourceware.org www.cve.org
MEDIUM	CVE-2026-4437: glibc: glibc: Incorrect DNS response parsing via crafted DNS server response Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer. Package Name: glibc-minimal-langpack Installed Version: 2.28-251.el8_10.37 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org nvd.nist.gov sourceware.org www.cve.org www.openwall.com
MEDIUM	CVE-2026-5435: glibc: glibc: Out-of-bounds write via TSIG record processing The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records. Package Name: glibc-minimal-langpack Installed Version: 2.28-251.el8_10.37 Fixed Version: References: access.redhat.com inbox.sourceware.org inbox.sourceware.org nvd.nist.gov sourceware.org sourceware.org www.cve.org
MEDIUM	CVE-2026-5450: glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow. Package Name: glibc-minimal-langpack Installed Version: 2.28-251.el8_10.37 Fixed Version: References: access.redhat.com inbox.sourceware.org nvd.nist.gov nvd.nist.gov sourceware.org www.cve.org
MEDIUM	CVE-2026-5928: glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash. A bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp->_IO_read_ptr) instead of the actual wide-stream read pointer (fp->_wide_data->_IO_read_ptr). The program crash may happen in cases where fp->_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets. Package Name: glibc-minimal-langpack Installed Version: 2.28-251.el8_10.37 Fixed Version: References: access.redhat.com nvd.nist.gov sourceware.org www.cve.org
LOW	CVE-2026-4438: glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification. Package Name: glibc Installed Version: 2.28-251.el8_10.37 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org nvd.nist.gov sourceware.org www.cve.org www.openwall.com
LOW	CVE-2026-4438: glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification. Package Name: glibc-common Installed Version: 2.28-251.el8_10.37 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org nvd.nist.gov sourceware.org www.cve.org www.openwall.com
LOW	CVE-2026-4438: glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification. Package Name: glibc-minimal-langpack Installed Version: 2.28-251.el8_10.37 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org nvd.nist.gov sourceware.org www.cve.org www.openwall.com
LOW	CVE-2018-20657: libiberty: Memory leak in demangle_template function resulting in a denial of service The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698. Package Name: libgcc Installed Version: 8.5.0-28.el8_10 Fixed Version: References: www.securityfocus.com access.redhat.com access.redhat.com gcc.gnu.org linux.oracle.com linux.oracle.com nvd.nist.gov support.f5.com www.cve.org
LOW	CVE-2019-14250: binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow. Package Name: libgcc Installed Version: 8.5.0-28.el8_10 Fixed Version: References: lists.opensuse.org lists.opensuse.org lists.opensuse.org lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com gcc.gnu.org gcc.gnu.org nvd.nist.gov security.gentoo.org security.netapp.com ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com www.cve.org
LOW	CVE-2022-27943: binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. Package Name: libgcc Installed Version: 8.5.0-28.el8_10 Fixed Version: References: access.redhat.com gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org lists.fedoraproject.org nvd.nist.gov sourceware.org www.cve.org
LOW	CVE-2018-19211: ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `' in name or alias field" detection. Package Name:* ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov ubuntu.com www.cve.org
LOW	CVE-2020-19185: ncurses: Heap buffer overflow in one_one_mapping function in progs/dump_entry.c:1373 Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. Package Name: ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org
LOW	CVE-2020-19186: ncurses: Buffer overflow in _nc_find_entry function in tinfo/comp_hash.c:66 Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. Package Name: ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org
LOW	CVE-2020-19187: ncurses: Heap buffer overflow in fmt_entry function in progs/dump_entry.c:1100 Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. Package Name: ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org
LOW	CVE-2020-19188: ncurses: Stack buffer overflow in fmt_entry function in progs/dump_entry.c:1116 Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. Package Name: ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org
LOW	CVE-2020-19189: ncurses: Heap buffer overflow in postprocess_terminfo function in tinfo/parse_entry.c:997 Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. Package Name: ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com lists.debian.org nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com ubuntu.com www.cve.org
LOW	CVE-2020-19190: ncurses: Heap buffer overflow in _nc_find_entry in tinfo/comp_hash.c:70 Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. Package Name: ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org
LOW	CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow. Package Name: ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: cvsweb.netbsd.org seclists.org seclists.org seclists.org seclists.org access.redhat.com lists.debian.org lists.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com ubuntu.com ubuntu.com www.cve.org
LOW	CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry() NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). Package Name: ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: access.redhat.com lists.fedoraproject.org lists.fedoraproject.org lists.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
LOW	CVE-2018-19211: ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `' in name or alias field" detection. Package Name:* ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov ubuntu.com www.cve.org
LOW	CVE-2020-19185: ncurses: Heap buffer overflow in one_one_mapping function in progs/dump_entry.c:1373 Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. Package Name: ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org
LOW	CVE-2020-19186: ncurses: Buffer overflow in _nc_find_entry function in tinfo/comp_hash.c:66 Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. Package Name: ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org
LOW	CVE-2020-19187: ncurses: Heap buffer overflow in fmt_entry function in progs/dump_entry.c:1100 Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. Package Name: ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org
LOW	CVE-2020-19188: ncurses: Stack buffer overflow in fmt_entry function in progs/dump_entry.c:1116 Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. Package Name: ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org
LOW	CVE-2020-19189: ncurses: Heap buffer overflow in postprocess_terminfo function in tinfo/parse_entry.c:997 Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. Package Name: ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com lists.debian.org nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com ubuntu.com www.cve.org
LOW	CVE-2020-19190: ncurses: Heap buffer overflow in _nc_find_entry in tinfo/comp_hash.c:70 Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. Package Name: ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org
LOW	CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow. Package Name: ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: cvsweb.netbsd.org seclists.org seclists.org seclists.org seclists.org access.redhat.com lists.debian.org lists.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com ubuntu.com ubuntu.com www.cve.org
LOW	CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry() NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). Package Name: ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: access.redhat.com lists.fedoraproject.org lists.fedoraproject.org lists.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
LOW	CVE-2022-41409: pcre2: negative repeat value in a pcre2test subject line leads to inifinite loop Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input. Package Name: pcre2 Installed Version: 10.32-3.el8_6 Fixed Version: References: access.redhat.com github.com github.com github.com nvd.nist.gov www.cve.org
Target:	kurrentdb-operator
MEDIUM	CVE-2025-47914: golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. Package Name: golang.org/x/crypto Installed Version: v0.42.0 Fixed Version: 0.45.0 References: access.redhat.com go.dev go.dev go.googlesource.com groups.google.com nvd.nist.gov pkg.go.dev www.cve.org
MEDIUM	CVE-2025-58181: golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption. Package Name: golang.org/x/crypto Installed Version: v0.42.0 Fixed Version: 0.45.0 References: access.redhat.com github.com github.com go.dev go.dev groups.google.com groups.google.com nvd.nist.gov pkg.go.dev ubuntu.com www.cve.org

Package statistics are no longer available on cloudsmith.io. Please visit our new web app to access this feature.

These instructions assume you have setup the repository first (or read it).

To pull kurrentdb-operator @ reference/tag sha256:c11cd2575c17f79e007d34375f985eb610aafedf5ac93474404f368389bb4333:

docker pull docker.eventstore.com/kurrent-latest/kurrentdb-operator@sha256:c11cd2575c17f79e007d34375f985eb610aafedf5ac93474404f368389bb4333

You can also pull the latest version of this image (if it exists):

docker pull docker.eventstore.com/kurrent-latest/kurrentdb-operator:latest

To refer to this image after pulling in a Dockerfile, specify the following:

FROM docker.eventstore.com/kurrent-latest/kurrentdb-operator@sha256:c11cd2575c17f79e007d34375f985eb610aafedf5ac93474404f368389bb4333

Still stuck? Need help? Don't panic. Just contact us for help (even if you're not a customer).

Previous Version: 77e0337622d8097af8a…

Next Version: ec53bff87d61db8a11c…

kurrentdb-operator c11cd2575c17f79e007d34375f9…

One-liner (summary)

Description

License

Size

Downloads

Tags

Last scanned

Scan result

Vulnerability count

Max. severity

CVE-2025-5278: coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification

CVE-2026-4437: glibc: glibc: Incorrect DNS response parsing via crafted DNS server response

CVE-2026-5435: glibc: glibc: Out-of-bounds write via TSIG record processing

CVE-2026-5450: glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width

CVE-2026-5928: glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings

CVE-2026-4437: glibc: glibc: Incorrect DNS response parsing via crafted DNS server response

CVE-2026-5435: glibc: glibc: Out-of-bounds write via TSIG record processing

CVE-2026-5450: glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width

CVE-2026-5928: glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings

CVE-2026-4437: glibc: glibc: Incorrect DNS response parsing via crafted DNS server response

CVE-2026-5435: glibc: glibc: Out-of-bounds write via TSIG record processing

CVE-2026-5450: glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width

CVE-2026-5928: glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings

CVE-2026-4438: glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions

CVE-2026-4438: glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions

CVE-2026-4438: glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions

CVE-2018-20657: libiberty: Memory leak in demangle_template function resulting in a denial of service

CVE-2019-14250: binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow

CVE-2022-27943: binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const

CVE-2018-19211: ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c

CVE-2020-19185: ncurses: Heap buffer overflow in one_one_mapping function in progs/dump_entry.c:1373

CVE-2020-19186: ncurses: Buffer overflow in _nc_find_entry function in tinfo/comp_hash.c:66

CVE-2020-19187: ncurses: Heap buffer overflow in fmt_entry function in progs/dump_entry.c:1100

CVE-2020-19188: ncurses: Stack buffer overflow in fmt_entry function in progs/dump_entry.c:1116

CVE-2020-19189: ncurses: Heap buffer overflow in postprocess_terminfo function in tinfo/parse_entry.c:997

CVE-2020-19190: ncurses: Heap buffer overflow in _nc_find_entry in tinfo/comp_hash.c:70

CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c

CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry()

CVE-2018-19211: ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c

CVE-2020-19185: ncurses: Heap buffer overflow in one_one_mapping function in progs/dump_entry.c:1373

CVE-2020-19186: ncurses: Buffer overflow in _nc_find_entry function in tinfo/comp_hash.c:66

CVE-2020-19187: ncurses: Heap buffer overflow in fmt_entry function in progs/dump_entry.c:1100

CVE-2020-19188: ncurses: Stack buffer overflow in fmt_entry function in progs/dump_entry.c:1116

CVE-2020-19189: ncurses: Heap buffer overflow in postprocess_terminfo function in tinfo/parse_entry.c:997

CVE-2020-19190: ncurses: Heap buffer overflow in _nc_find_entry in tinfo/comp_hash.c:70

CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c

CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry()

CVE-2022-41409: pcre2: negative repeat value in a pcre2test subject line leads to inifinite loop

CVE-2025-47914: golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages

CVE-2025-58181: golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication